| options/nixos/services.nsd.zones.<name>.dnssecPolicy.zsk | Key policy for zone signing keys
|
| options/nixos/services.nsd.zones.<name>.dnssecPolicy.ksk | Key policy for key signing keys
|
| options/nixos/services.ndppd.proxies.<name>.router | Turns on or off the router flag for Neighbor Advertisement Messages.
|
| options/home-manager/services.podman.volumes.<name>.group | The group ID owning the volume inside the container.
|
| options/nixos/containers.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| options/nixos/security.pam.services.<name>.unixAuth | Whether users can log in with passwords defined in
/etc/shadow.
|
| options/nixos/services.redis.servers.<name>.logLevel | Specify the server verbosity level, options: debug, verbose, notice, warning.
|
| options/nixos/security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| options/home-manager/programs.firefoxpwa.profiles.<name>.sites.<name>.desktopEntry.enable | Whether to enable the desktop entry for this site.
|
| options/nixos/services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| options/nixos/services.bitcoind.<name>.package | The bitcoind package to use.
|
| options/nixos/services.sympa.settingsFile.<name>.text | Text of the file.
|
| options/home-manager/programs.floorp.profiles.<name>.path | Profile path.
|
| options/home-manager/programs.fish.functions.<name>.body | The function body.
|
| options/nixos/networking.bonds.<name>.mode | DEPRECATED, use driverOptions
|
| options/nixos/services.neo4j.ssl.policies.<name>.privateKey | The name of private PKCS #8 key file for this policy to be found
in the baseDirectory, or the absolute path to
the key file
|
| options/nixos/services.i2pd.outTunnels.<name>.inbound.quantity | Number of simultaneous ‹name› tunnels.
|
| options/nixos/services.netbird.tunnels.<name>.interface | Name of the network interface managed by this client.
|
| options/nixos/services.netbird.clients.<name>.interface | Name of the network interface managed by this client.
|
| options/nixos/boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| options/nixos/services.drupal.sites.<name>.configSyncDir | The location of the Drupal config sync directory.
|
| options/nixos/services.nsd.zones.<name>.provideXFR | Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
|
| options/home-manager/xdg.dataFile.<name>.recursive | If the file source is a directory, then this option
determines whether the directory should be recursively
linked to the target location
|
| options/nixos/fileSystems.<name>.overlay.workdir | The path to the workdir
|
| options/nixos/systemd.nspawn.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of this unit
|
| options/nixos/systemd.user.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| options/nixos/systemd.user.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| options/nixos/systemd.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| options/nixos/networking.supplicant.<name>.bridge | Name of the bridge interface that wpa_supplicant should listen at.
|
| options/nixos/services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/systemd.user.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| options/nixos/systemd.user.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| options/nixos/services.bacula-sd.director.<name>.tls | TLS Options for the Director in this Configuration.
|
| options/nixos/services.bacula-fd.director.<name>.tls | TLS Options for the Director in this Configuration.
|
| options/nixos/services.jupyter.kernels.<name>.argv | Command and arguments to start the kernel.
|
| options/nixos/services.bepasty.servers.<name>.bind | Bind address to be used for this server.
|
| options/nixos/services.bitcoind.<name>.configFile | The configuration file path to supply bitcoind.
|
| options/nixos/services.netbird.clients.<name>.port | Port the NetBird client listens on.
|
| options/nixos/services.netbird.tunnels.<name>.port | Port the NetBird client listens on.
|
| options/nixos/services.redis.servers.<name>.slaveOf.port | port of the Redis master
|
| options/home-manager/accounts.email.accounts.<name>.smtp.tls | Configuration for secure connections.
|
| options/home-manager/accounts.email.accounts.<name>.imap.tls | Configuration for secure connections.
|
| options/home-manager/i18n.inputMethod.fcitx5.themes.<name>.panelImage | Path to the SVG of the panel.
|
| options/nixos/services.mpd.settings | Configuration for MPD
|
| options/nixos/systemd.user.units.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| options/nixos/systemd.user.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| options/nixos/services.iodine.clients.<name>.relay | DNS server to use as an intermediate relay to the iodined server
|
| options/home-manager/services.podman.volumes.<name>.image | Specifies the image the volume is based on when Driver is set to the image.
|
| options/home-manager/programs.floorp.profiles.<name>.id | Profile ID
|
| options/nixos/systemd.user.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| options/nixos/services.dovecot2.imapsieve.mailbox.*.name | This setting configures the name of a mailbox for which administrator scripts are configured
|
| options/nixos/services.ghostunnel.servers.<name>.allowCN | Allow client if common name appears in the list.
|
| options/nixos/services.geth.<name>.websocket.apis | APIs to enable over WebSocket
|
| options/nixos/services.nebula.networks.<name>.cert | Path to the host certificate.
|
| options/nixos/services.homebridge.settings.platforms.*.name | Name of the platform
|
| options/nixos/services.keyd.keyboards.<name>.ids | Device identifiers, as shown by keyd(1).
|
| options/nixos/services.udp-over-tcp.tcp2udp.<name>.fwmark | If given, sets the SO_MARK option on the TCP socket.
|
| options/nixos/services.udp-over-tcp.udp2tcp.<name>.fwmark | If given, sets the SO_MARK option on the TCP socket.
|
| options/home-manager/services.podman.images.<name>.tlsVerify | Require HTTPS and verification of certificates when contacting registries.
|
| options/home-manager/services.podman.builds.<name>.tlsVerify | Require HTTPS and verification of certificates when contacting registries.
|
| options/nixos/services.beesd.filesystems.<name>.workDir | Name (relative to the root of the filesystem) of the subvolume where
the hash table will be stored.
|
| options/nixos/security.pam.services.<name>.pamMount | Enable PAM mount (pam_mount) system to mount filesystems on user login.
|
| options/home-manager/programs.fish.shellAbbrs.<name>.setCursor | The marker indicates the position of the cursor when the abbreviation
is expanded
|
| options/nixos/openstack.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| options/nixos/services.cjdns.ETHInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| options/nixos/services.cjdns.UDPInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| options/nixos/services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| options/nixos/services.i2pd.inTunnels.<name>.accessList | I2P nodes that are allowed to connect to this service.
|
| options/nixos/services.drupal.sites.<name>.modulesDir | The location for users to install Drupal modules.
|
| options/nixos/security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| options/nixos/services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| options/nixos/services.public-inbox.inboxes.<name>.url | URL where this inbox can be accessed over HTTP.
|
| options/nixos/systemd.network.networks.<name>.DHCP | Whether to enable DHCP on the interfaces matched.
|
| options/nixos/services.httpd.virtualHosts.<name>.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| options/nixos/networking.fooOverUDP.<name>.local.address | Local address to bind to
|
| options/home-manager/accounts.email.accounts.<name>.gpg.key | The key to use as listed in gpg --list-keys.
|
| options/nixos/services.ghostunnel.servers.<name>.allowOU | Allow client if organizational unit name appears in the list.
|
| options/nixos/boot.initrd.luks.devices.<name>.yubikey | The options to use for this LUKS device in YubiKey-PBA
|
| options/nixos/systemd.services.<name>.scriptArgs | Arguments passed to the main process script
|
| options/nixos/systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| options/nixos/systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| options/darwin/services.github-runners.<name>.user | User under which to run the service
|
| options/nixos/systemd.user.services.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/nixos/services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| options/nixos/services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| options/home-manager/programs.gnome-terminal.profile.<name>.visibleName | The profile name.
|
| options/nixos/services.fedimintd.<name>.nginx.config.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| options/nixos/services.bitcoind.<name>.testnet | Whether to use the testnet instead of mainnet.
|
| options/home-manager/programs.ssh.matchBlocks.<name>.match | Match block conditions used by this block
|
| options/nixos/services.wordpress.sites.<name>.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/nixos/services.fedimintd.<name>.p2p.port | Port to bind on for p2p connections from peers (both TCP and UDP)
|
| options/nixos/services.fedimintd.<name>.p2p.bind | Address to bind on for p2p connections from peers (both TCP and UDP)
|
| options/nixos/services.nylon.<name>.deniedIPRanges | Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:
[ "0.0.0.0/0" ]
To block all other access than the allowed.
|
| options/nixos/services.sympa.domains.<name>.webHost | Domain part of the web interface URL (no web interface for this domain if null)
|
| options/nixos/services.rspamd.locals.<name>.enable | Whether this file locals should be generated
|
| options/home-manager/xdg.desktopEntries.<name>.settings | Extra key-value pairs to add to the [Desktop Entry] section
|
| options/nixos/systemd.slices.<name>.requisite | Similar to requires
|
| options/nixos/systemd.timers.<name>.requisite | Similar to requires
|
| options/nixos/security.auditd.plugins.<name>.args | This allows you to pass arguments to the child program
|
| options/nixos/boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|