services.vert.enable
Whether to enable vert, The next-generation file converter. Open source, fully local* and free forever.
Type: boolean
Default:
false
Example:
true
Declared by:
services.vert.environmentFile
Path to a file containing environment variables
Type: null or absolute path
Default:
null
Example:
"/run/secrets/vert.env"
Declared by:
services.vert.group
Group vertd runs as.
Type: string
Default:
"vertd"
Declared by:
services.vert.hostName
The host name of the vert daemon, as accessible by the browser
Type: string
Example:
"vert.local"
Declared by:
services.vert.nginx
With this option, you can customize the nginx virtualHost settings.
Type: submodule
Default:
{ }
Example:
''
{
serverAliases = [
"vert.''${config.networking.domain}"
];
# To enable encryption and let let's encrypt take care of certificate
forceSSL = true;
enableACME = true;
}
''
Declared by:
services.vert.nginx.enable
Whether to enable nginx integration for vertd.
Type: boolean
Default:
false
Example:
true
Declared by:
services.vert.nginx.enableACME
Whether to ask Let’s Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default:
null
Declared by:
services.vert.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
services.vert.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
services.vert.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
services.vert.nginx.basicAuthFile
Basic Auth password file for a vhost.
Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
services.vert.nginx.default
Makes this vhost the default.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
services.vert.nginx.forceSSL
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS. This will set defaults for listen to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.globalRedirect
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
Type: null or string
Default:
null
Example:
"newserver.example.org"
Declared by:
services.vert.nginx.http2
Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default:
true
Declared by:
services.vert.nginx.http3
Whether to enable the HTTP/3 protocol.
This requires activating the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default:
true
Declared by:
services.vert.nginx.http3_hq
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires activating the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
services.vert.nginx.kTLS
Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
{
addr = "unix:/var/run/nginx.sock";
}
]
Declared by:
services.vert.nginx.listen.*.addr
Listen address.
Type: string
Declared by:
services.vert.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of string
Default:
[ ]
Example:
[
"backlog=1024"
"deferred"
]
Declared by:
services.vert.nginx.listen.*.port
Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
services.vert.nginx.listen.*.proxyProtocol
Enable PROXY protocol.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.listenAddresses
Listen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides networking.enableIPv6
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"[::1]"
]
Declared by:
services.vert.nginx.locations
Declarative location config
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
services.vert.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/alias/directory"
Declared by:
services.vert.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
services.vert.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost.
Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
services.vert.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
services.vert.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters.
Type: attribute set of (string or absolute path)
Default:
{ }
Declared by:
services.vert.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default:
null
Example:
"index.php index.html"
Declared by:
services.vert.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default:
1000
Declared by:
services.vert.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default:
null
Example:
"http://www.example.org/"
Declared by:
services.vert.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default:
false
Example:
true
Declared by:
services.vert.nginx.locations.<name>.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default:
config.services.nginx.recommendedProxySettings
Declared by:
services.vert.nginx.locations.<name>.recommendedUwsgiSettings
Enable recommended uwsgi settings.
Type: boolean
Default:
config.services.nginx.recommendedUwsgiSettings
Declared by:
services.vert.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default:
null
Example:
"301 http://example.com$request_uri"
Declared by:
services.vert.nginx.locations.<name>.root
Root directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/root/directory"
Declared by:
services.vert.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default:
null
Example:
"$uri =404"
Declared by:
services.vert.nginx.locations.<name>.uwsgiPass
Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.
Type: null or string
Default:
null
Example:
"unix:/run/example/example.sock"
Declared by:
services.vert.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.quic
Whether to enable the QUIC transport protocol. Note that QUIC support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
services.vert.nginx.redirectCode
HTTP status used by globalRedirect and forceSSL. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default:
301
Example:
308
Declared by:
services.vert.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.reuseport
Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default:
false
Declared by:
services.vert.nginx.root
The path of the web root directory.
Type: null or absolute path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
services.vert.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default:
[ ]
Example:
[
"www.example.org"
"example.org"
]
Declared by:
services.vert.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default:
null
Example:
"example.org"
Declared by:
services.vert.nginx.sslCertificate
Path to server SSL certificate.
Type: absolute path
Example:
"/var/host.cert"
Declared by:
services.vert.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: absolute path
Example:
"/var/host.key"
Declared by:
services.vert.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or absolute path
Default:
null
Example:
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
services.vert.nginx.useACMEHost
A host of an existing Let’s Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .
Type: null or string
Default:
null
Declared by:
services.vert.openFirewall
Whether to open the firewall for the vertd port
Type: boolean
Default:
false
Example:
true
Declared by:
services.vert.port
The port that vertd listens on.
Note: This is a read-only option that is read from services.vert.settings.port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)
Default:
config.services.vert.settings.port
Declared by:
services.vert.settings
Settings for vertd
Type: open submodule of (attribute set)
Default:
{ }
Declared by:
services.vert.settings.admin.password
admin password for kept videos
Warning: Never use this in production! Set services.vertd.environmentFile to a file containing the ADMIN_PASSWORD environment variable instead!
Type: null or string
Default:
null
Declared by:
services.vert.settings.force_gpu
If vertd can’t detect your GPU type or detects the wrong one, you can force vertd to use hardware acceleration for a specific vendor manually
Type: null or one of “nvidia”, “amd”, “intel”, “apple”, “cpu”
Default:
null
Example:
"nvidia"
Declared by:
services.vert.settings.port
Port of the vertd daemon
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
24153
Example:
7777
Declared by:
services.vert.settings.public_url
The (public) URL to vertd, used for keeping and sharing uploads
Type: null or string
Default:
null
Example:
"https://my.vert.example.com/daemon"
Declared by:
services.vert.settings.webhook.pings
webhook pings – these will be formatted into the main message
Type: null or string
Default:
null
Example:
"<@&role_id> <@user_id>"
Declared by:
services.vert.settings.webhook.url
if set, vertd will attempt to notify you via a discord webhook when a video fails to convert
Type: null or string
Default:
null
Declared by:
services.vert.suppressFirewallWarning
Whether to enable suppressing the warning that occurs when vertd is both proxied and opened in the firewall.
Type: boolean
Default:
false
Example:
true
Declared by:
services.vert.user
User vertd runs as.
Type: string
Default:
"vertd"
Declared by:
services.vert.vertdPackage
The vertd package
Type: package
Default:
<derivation vertd-1.0>
Declared by:
services.vert.webPackage
The built distribution of the vert web interface
Type: package
Default:
<derivation vert-0-unstable-2026-07-01>
Declared by:
services.vert.webSettings
Settings for the web interface, has defaults for proxied nginx if enabled using services.vertd.nginx.enable
Type: open submodule of (attribute set)
Default:
{ }
Declared by:
services.vert.webSettings.hostname
Host name of this web interface
Type: string
Example:
"vert.local"
Declared by:
services.vert.webSettings.vertd.url
URL to vertd
Type: string
Example:
"https://vertd.vert.sh"
Declared by: