| options/nixos/services.ghostunnel.servers.<name>.allowURI | Allow client if URI subject alternative name appears in the list.
|
| options/nixos/services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| options/nixos/services.frp.instances.<name>.role | The frp consists of client and server
|
| options/nixos/services.bacula-sd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| options/nixos/security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| options/nixos/services.bacula-fd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| options/nixos/services.rss2email.feeds.<name>.to | Email address to which to send feed items
|
| options/nixos/services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| options/nixos/services.fedimintd.<name>.package | The fedimint package to use.
|
| options/nixos/services.rspamd.overrides.<name>.text | Text of the file.
|
| options/nixos/services.tinc.networks.<name>.hostSettings.<name>.subnets.*.prefixLength | The prefix length of the subnet
|
| options/nixos/services.wordpress.sites.<name>.extraConfig | Any additional text to be appended to the wp-config.php
configuration file
|
| options/nixos/services.bacula-fd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| options/nixos/services.bacula-sd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| options/nixos/services.jupyter.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| options/nixos/services.jupyter.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| options/nixos/services.nsd.zones.<name>.dnssecPolicy.keyttl | TTL for dnssec records
|
| options/nixos/services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| options/nixos/services.rke2.manifests.<name>.source | Path of the source .yaml file.
|
| options/nixos/services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| options/nixos/services.firewalld.services.<name>.ports | Ports of the service.
|
| options/nixos/users.users.<name>.group | The user's primary group.
|
| options/nixos/services.restic.backups.<name>.paths | Which paths to backup, in addition to ones specified via
dynamicFilesFrom
|
| options/nixos/services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| options/nixos/services.i2pd.inTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| options/nixos/services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| options/home-manager/services.podman.machines.<name>.diskSize | Disk size in GB for the machine
|
| options/nixos/services.cjdns.UDPInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| options/nixos/services.cjdns.ETHInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| options/nixos/systemd.user.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| options/nixos/services.mpd.settings | Configuration for MPD
|
| options/nixos/security.pam.services.<name>.usshAuth | If set, users with an SSH certificate containing an authorized principal
in their SSH agent are able to log in
|
| options/nixos/services.buildkite-agents.<name>.dataDir | The workdir for the agent
|
| options/darwin/services.buildkite-agents.<name>.dataDir | The workdir for the agent
|
| options/nixos/services.sanoid.datasets.<name>.yearly | Number of yearly snapshots.
|
| options/nixos/services.sympa.settingsFile.<name>.source | Path of the source file.
|
| options/nixos/services.nebula.networks.<name>.enable | Enable or disable this network.
|
| options/nixos/services.sanoid.datasets.<name>.hourly | Number of hourly snapshots.
|
| options/home-manager/services.podman.networks.<name>.driver | The network driver to use.
|
| options/home-manager/services.podman.networks.<name>.labels | The labels to apply to the network.
|
| options/home-manager/services.podman.networks.<name>.subnet | The subnet to use for the network.
|
| options/nixos/services.firewalld.services.<name>.short | Short description for the service.
|
| options/nixos/services.firewalld.zones.<name>.services | Services to allow in the zone.
|
| options/nixos/security.pam.services.<name>.failDelay.delay | The delay time (in microseconds) on failure.
|
| options/nixos/services.drupal.sites.<name>.privateFilesDir | The location of the Drupal private files directory.
|
| options/nixos/services.openvpn.servers.<name>.autoStart | Whether this OpenVPN instance should be started automatically.
|
| options/home-manager/programs.librewolf.profiles.<name>.containers.<name>.name | Container name, e.g., shopping.
|
| options/nixos/services.wordpress.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| options/nixos/services.znapzend.zetup.<name>.destinations.<name>.plan | The znapzend backup plan to use for the source
|
| options/nixos/services.keepalived.vrrpScripts.<name>.group | Name of group to run the script under
|
| options/nixos/services.h2o.hosts.<name>.tls.extraSettings | Additional TLS/SSL-related configuration options
|
| options/nixos/services.public-inbox.inboxes.<name>.watch | Paths for public-inbox-watch(1) to monitor for new mail.
|
| options/nixos/boot.zfs.pools.<name>.devNodes | Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d option
|
| options/nixos/services.udp-over-tcp.tcp2udp.<name>.threads | Sets the number of worker threads to use
|
| options/nixos/services.tahoe.introducers.<name>.nickname | The nickname of this Tahoe introducer.
|
| options/nixos/systemd.services.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| options/nixos/services.anubis.instances.<name>.settings.BIND | The address that Anubis listens to
|
| options/nixos/services.quicktun.<name>.localAddress | IP address or hostname of the local end.
|
| options/nixos/services.prosody.virtualHosts.<name>.ssl.key | Path to the key file.
|
| options/home-manager/services.pizauth.accounts.<name>.authUri | The OAuth2 server's authentication URI.
|
| options/nixos/services.xserver.xkb.extraLayouts.<name>.compatFile | The path to the xkb compat file
|
| options/nixos/services.honk.servername | The server name.
|
| options/nixos/services.i2pd.outTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| options/nixos/services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile | Path to the SSH host public key.
|
| options/nixos/services.tinc.networks.<name>.hostSettings.<name>.addresses.*.address | The external IP address or hostname where the host can be reached.
|
| options/nixos/services.znapzend.zetup.<name>.sendDelay | Specify delay (in seconds) before sending snaps to the destination
|
| options/nixos/services.nginx.virtualHosts.<name>.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.i2pd.inTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| options/home-manager/home.file.<name>.target | Path to target file relative to HOME.
|
| options/nixos/services.dokuwiki.sites.<name>.package | The dokuwiki package to use.
|
| options/nixos/services.drupal.sites.<name>.database.user | Database user.
|
| options/home-manager/services.restic.backups.<name>.ssh-package | The openssh package to use.
|
| options/nixos/services.znapzend.zetup.<name>.dataset | The dataset to use for this source.
|
| options/home-manager/services.restic.backups.<name>.paths | Paths to back up, alongside those defined by the dynamicFilesFrom
option
|
| options/home-manager/services.podman.machines.<name>.autoStart | Whether to automatically start this machine on login.
|
| options/nixos/services.homebridge.settings.platforms.*.name | Name of the platform
|
| options/nixos/programs.regreet.iconTheme.name | Name of the icon theme to use for regreet.
|
| options/nixos/services.httpd.virtualHosts.<name>.listen.*.ssl | Whether to enable SSL (https) support.
|
| options/nixos/services.restic.backups.<name>.exclude | Patterns to exclude when backing up
|
| options/nixos/services.nsd.zones.<name>.allowAXFRFallback | If NSD as secondary server should be allowed to AXFR if the primary
server does not allow IXFR.
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.valuesByGroup | Maps kanidm groups to values for the claim.
|
| options/nixos/services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| options/nixos/services.firezone.server.provision.accounts.<name>.actors.<name>.type | The account type
|
| options/nixos/services.httpd.virtualHosts.<name>.listen.*.port | Port to listen on
|
| options/nixos/services.drupal.sites.<name>.database.host | Database host address.
|
| options/nixos/services.borgbackup.jobs.<name>.repo | Remote or local repository to back up to.
|
| options/nixos/services.iodine.clients.<name>.extraConfig | Additional command line parameters
|
| options/nixos/services.drupal.sites.<name>.database.port | Database host port.
|
| options/nixos/services.nginx.virtualHosts.<name>.listen.*.addr | Listen address.
|
| options/nixos/services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.metricbeat.modules.<name>.module | The name of the module
|
| options/nixos/services.i2pd.outTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| options/nixos/services.kubernetes.kubelet.taints.<name>.key | Key of taint.
|
| options/nixos/security.pam.services.<name>.setLoginUid | Set the login uid of the process
(/proc/self/loginuid) for auditing
purposes
|
| options/nixos/services.geth.<name>.websocket.enable | Whether to enable Go Ethereum WebSocket API.
|
| options/nixos/services.udp-over-tcp.tcp2udp.<name>.recvTimeout | An application timeout on receiving data from the TCP socket.
|
| options/nixos/services.nebula.networks.<name>.relays | List of IPs of relays that this node should allow traffic from.
|
| options/nixos/services.udp-over-tcp.udp2tcp.<name>.recvTimeout | An application timeout on receiving data from the TCP socket.
|
| options/home-manager/services.podman.builds.<name>.extraPodmanArgs | Extra arguments to pass to the podman build command.
|
| options/nixos/systemd.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|