Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

services.vert.enable

Whether to enable vert, The next-generation file converter. Open source, fully local* and free forever.

Type: boolean

Default:

false

Example:

true

Declared by:

services.vert.environmentFile

Path to a file containing environment variables

Type: null or absolute path

Default:

null

Example:

"/run/secrets/vert.env"

Declared by:

services.vert.group

Group vertd runs as.

Type: string

Default:

"vertd"

Declared by:

services.vert.hostName

The host name of the vert daemon, as accessible by the browser

Type: string

Example:

"vert.local"

Declared by:

services.vert.nginx

With this option, you can customize the nginx virtualHost settings.

Type: submodule

Default:

{ }

Example:

''
  {
    serverAliases = [
      "vert.''${config.networking.domain}"
    ];
    # To enable encryption and let let's encrypt take care of certificate
    forceSSL = true;
    enableACME = true;
  }
''

Declared by:

services.vert.nginx.enable

Whether to enable nginx integration for vertd.

Type: boolean

Default:

false

Example:

true

Declared by:

services.vert.nginx.enableACME

Whether to ask Let’s Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.acmeFallbackHost

Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.

With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.

Type: null or string

Default:

null

Declared by:

services.vert.nginx.acmeRoot

Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.

Type: null or string

Default:

"/var/lib/acme/acme-challenge"

Declared by:

services.vert.nginx.addSSL

Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).

Type: boolean

Default:

false

Declared by:

services.vert.nginx.basicAuth

Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.

Type: attribute set of string

Default:

{ }

Example:

{
  user = "password";
};

Declared by:

services.vert.nginx.basicAuthFile

Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.

Type: null or absolute path

Default:

null

Declared by:

services.vert.nginx.default

Makes this vhost the default.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.extraConfig

These lines go to the end of the vhost verbatim.

Type: strings concatenated with “\n”

Default:

""

Declared by:

services.vert.nginx.forceSSL

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.globalRedirect

If set, all requests for this host are redirected (defaults to 301, configurable with redirectCode) to the given hostname.

Type: null or string

Default:

null

Example:

"newserver.example.org"

Declared by:

services.vert.nginx.http2

Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.

Type: boolean

Default:

true

Declared by:

services.vert.nginx.http3

Whether to enable the HTTP/3 protocol. This requires activating the QUIC transport protocol services.nginx.virtualHosts.<name>.quic = true;. Note that HTTP/3 support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/ HTTP/3 availability must be manually advertised, preferably in each location block.

Type: boolean

Default:

true

Declared by:

services.vert.nginx.http3_hq

Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests. This requires activating the QUIC transport protocol services.nginx.virtualHosts.<name>.quic = true;. Note that special application protocol support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/

Type: boolean

Default:

false

Declared by:

services.vert.nginx.kTLS

Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.listen

Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.

If you only want to set the addresses manually and not the ports, take a look at listenAddresses.

Type: list of (submodule)

Default:

[ ]

Example:

[
  {
    addr = "195.154.1.1";
    port = 443;
    ssl = true;
  }
  {
    addr = "192.154.1.1";
    port = 80;
  }
  {
    addr = "unix:/var/run/nginx.sock";
  }
]

Declared by:

services.vert.nginx.listen.*.addr

Listen address.

Type: string

Declared by:

services.vert.nginx.listen.*.extraParameters

Extra parameters of this listen directive.

Type: list of string

Default:

[ ]

Example:

[
  "backlog=1024"
  "deferred"
]

Declared by:

services.vert.nginx.listen.*.port

Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.

Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default:

null

Declared by:

services.vert.nginx.listen.*.proxyProtocol

Enable PROXY protocol.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.listen.*.ssl

Enable SSL.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.listenAddresses

Listen addresses for this virtual host. Compared to listen this only sets the addresses and the ports are chosen automatically.

Note: This option overrides networking.enableIPv6

Type: list of string

Default:

[ ]

Example:

[
  "127.0.0.1"
  "[::1]"
]

Declared by:

services.vert.nginx.locations

Declarative location config

Type: attribute set of (submodule)

Default:

{ }

Example:

{
  "/" = {
    proxyPass = "http://localhost:3000";
  };
};

Declared by:

services.vert.nginx.locations.<name>.alias

Alias directory for requests.

Type: null or absolute path

Default:

null

Example:

"/your/alias/directory"

Declared by:

services.vert.nginx.locations.<name>.basicAuth

Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.

Type: attribute set of string

Default:

{ }

Example:

{
  user = "password";
};

Declared by:

services.vert.nginx.locations.<name>.basicAuthFile

Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.

Type: null or absolute path

Default:

null

Declared by:

services.vert.nginx.locations.<name>.extraConfig

These lines go to the end of the location verbatim.

Type: strings concatenated with “\n”

Default:

""

Declared by:

services.vert.nginx.locations.<name>.fastcgiParams

FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters.

Type: attribute set of (string or absolute path)

Default:

{ }

Declared by:

services.vert.nginx.locations.<name>.index

Adds index directive.

Type: null or string

Default:

null

Example:

"index.php index.html"

Declared by:

services.vert.nginx.locations.<name>.priority

Order of this location block in relation to the others in the vhost. The semantics are the same as with lib.mkOrder. Smaller values have a greater priority.

Type: signed integer

Default:

1000

Declared by:

services.vert.nginx.locations.<name>.proxyPass

Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.

Type: null or string

Default:

null

Example:

"http://www.example.org/"

Declared by:

services.vert.nginx.locations.<name>.proxyWebsockets

Whether to support proxying websocket connections with HTTP/1.1.

Type: boolean

Default:

false

Example:

true

Declared by:

services.vert.nginx.locations.<name>.recommendedProxySettings

Enable recommended proxy settings.

Type: boolean

Default:

config.services.nginx.recommendedProxySettings

Declared by:

services.vert.nginx.locations.<name>.recommendedUwsgiSettings

Enable recommended uwsgi settings.

Type: boolean

Default:

config.services.nginx.recommendedUwsgiSettings

Declared by:

services.vert.nginx.locations.<name>.return

Adds a return directive, for e.g. redirections.

Type: null or string or signed integer

Default:

null

Example:

"301 http://example.com$request_uri"

Declared by:

services.vert.nginx.locations.<name>.root

Root directory for requests.

Type: null or absolute path

Default:

null

Example:

"/your/root/directory"

Declared by:

services.vert.nginx.locations.<name>.tryFiles

Adds try_files directive.

Type: null or string

Default:

null

Example:

"$uri =404"

Declared by:

services.vert.nginx.locations.<name>.uwsgiPass

Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.

Type: null or string

Default:

null

Example:

"unix:/run/example/example.sock"

Declared by:

services.vert.nginx.onlySSL

Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.quic

Whether to enable the QUIC transport protocol. Note that QUIC support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/

Type: boolean

Default:

false

Declared by:

services.vert.nginx.redirectCode

HTTP status used by globalRedirect and forceSSL. Possible usecases include temporary (302, 307) redirects, keeping the request method and body (307, 308), or explicitly resetting the method to GET (303). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.

Type: integer between 300 and 399 (both inclusive)

Default:

301

Example:

308

Declared by:

services.vert.nginx.rejectSSL

Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.reuseport

Create an individual listening socket . It is required to specify only once on one of the hosts.

Type: boolean

Default:

false

Declared by:

services.vert.nginx.root

The path of the web root directory.

Type: null or absolute path

Default:

null

Example:

"/data/webserver/docs"

Declared by:

services.vert.nginx.serverAliases

Additional names of virtual hosts served by this virtual host configuration.

Type: list of string

Default:

[ ]

Example:

[
  "www.example.org"
  "example.org"
]

Declared by:

services.vert.nginx.serverName

Name of this virtual host. Defaults to attribute name in virtualHosts.

Type: null or string

Default:

null

Example:

"example.org"

Declared by:

services.vert.nginx.sslCertificate

Path to server SSL certificate.

Type: absolute path

Example:

"/var/host.cert"

Declared by:

services.vert.nginx.sslCertificateKey

Path to server SSL certificate key.

Type: absolute path

Example:

"/var/host.key"

Declared by:

services.vert.nginx.sslTrustedCertificate

Path to root SSL certificate for stapling and client certificates.

Type: null or absolute path

Default:

null

Example:

"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"

Declared by:

services.vert.nginx.useACMEHost

A host of an existing Let’s Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .

Type: null or string

Default:

null

Declared by:

services.vert.openFirewall

Whether to open the firewall for the vertd port

Type: boolean

Default:

false

Example:

true

Declared by:

services.vert.port

The port that vertd listens on.

Note: This is a read-only option that is read from services.vert.settings.port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)

Default:

config.services.vert.settings.port

Declared by:

services.vert.settings

Settings for vertd

Type: open submodule of (attribute set)

Default:

{ }

Declared by:

services.vert.settings.admin.password

admin password for kept videos

Warning: Never use this in production! Set services.vertd.environmentFile to a file containing the ADMIN_PASSWORD environment variable instead!

Type: null or string

Default:

null

Declared by:

services.vert.settings.force_gpu

If vertd can’t detect your GPU type or detects the wrong one, you can force vertd to use hardware acceleration for a specific vendor manually

Type: null or one of “nvidia”, “amd”, “intel”, “apple”, “cpu”

Default:

null

Example:

"nvidia"

Declared by:

services.vert.settings.port

Port of the vertd daemon

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default:

24153

Example:

7777

Declared by:

services.vert.settings.public_url

The (public) URL to vertd, used for keeping and sharing uploads

Type: null or string

Default:

null

Example:

"https://my.vert.example.com/daemon"

Declared by:

services.vert.settings.webhook.pings

webhook pings – these will be formatted into the main message

Type: null or string

Default:

null

Example:

"<@&role_id> <@user_id>"

Declared by:

services.vert.settings.webhook.url

if set, vertd will attempt to notify you via a discord webhook when a video fails to convert

Type: null or string

Default:

null

Declared by:

services.vert.suppressFirewallWarning

Whether to enable suppressing the warning that occurs when vertd is both proxied and opened in the firewall.

Type: boolean

Default:

false

Example:

true

Declared by:

services.vert.user

User vertd runs as.

Type: string

Default:

"vertd"

Declared by:

services.vert.vertdPackage

The vertd package

Type: package

Default:

<derivation vertd-1.0>

Declared by:

services.vert.webPackage

The built distribution of the vert web interface

Type: package

Default:

<derivation vert-0-unstable-2026-07-01>

Declared by:

services.vert.webSettings

Settings for the web interface, has defaults for proxied nginx if enabled using services.vertd.nginx.enable

Type: open submodule of (attribute set)

Default:

{ }

Declared by:

services.vert.webSettings.hostname

Host name of this web interface

Type: string

Example:

"vert.local"

Declared by:

services.vert.webSettings.vertd.url

URL to vertd

Type: string

Example:

"https://vertd.vert.sh"

Declared by: