| options/nixos/services.prometheus.exporters.script.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.script.openFirewall is true.
|
| options/nixos/services.prometheus.exporters.rspamd.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.rspamd.openFirewall is true.
|
| options/darwin/environment.userLaunchAgents.<name>.target | Name of symlink
|
| options/nixos/users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| options/nixos/boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| options/nixos/services.snapper.configs.<name>.ALLOW_USERS | List of users allowed to operate with the config. "root" is always
implicitly included
|
| options/nixos/services.logcheck.ignoreCron.<name>.timeArgs | "min hr dom mon dow" crontab time args, to auto-create a cronjob too
|
| options/home-manager/services.colima.profiles.<name>.isActive | Whether to set this profile as:
- active docker context
- active kubernetes context
- active incus remote
Exactly one or zero profiles should have this option set.
|
| options/home-manager/services.restic.backups.<name>.timerConfig | When to run the backup
|
| options/nixos/environment.etc.<name>.user | User name of file owner
|
| options/nixos/services.drupal.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| options/nixos/systemd.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| options/nixos/services.davis.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| options/nixos/services.davis.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| options/nixos/services.slskd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| options/nixos/services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| options/nixos/services.movim.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| options/nixos/services.slskd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the bss segment was generated and may dynamically
append bss options to the generated configuration file
|
| options/nixos/services.bacula-sd.device.<name>.extraDeviceConfig | Extra configuration to be passed in Device directive.
|
| options/nixos/services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| options/nixos/programs.ssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| options/nixos/services.sabnzbd.settings.servers.<name>.host | Hostname of the server
|
| options/nixos/services.sabnzbd.settings.servers.<name>.port | Port of the server
|
| options/nixos/users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| options/nixos/services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| options/nixos/services.bepasty.servers.<name>.extraConfig | Extra configuration for bepasty server to be appended on the
configuration.
see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
for all options.
|
| options/nixos/services.hostapd.radios.<name>.wifi5.require | Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.
|
| options/nixos/services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| options/nixos/systemd.user.services.<name>.requisite | Similar to requires
|
| options/nixos/services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| options/nixos/services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| options/nixos/systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| options/nixos/systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| options/nixos/services.wordpress.sites.<name>.themes | Path(s) to respective theme(s) which are copied from the 'theme' directory.
These themes need to be packaged before use, see example.
|
| options/nixos/services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.znc.confOptions.networks.<name>.extraConf | Extra config for the network
|
| options/nixos/services.borgbackup.jobs.<name>.doInit | Run borg init if the
specified repo does not exist
|
| options/nixos/services.nginx.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| options/home-manager/programs.rclone.remotes.<name>.mounts.<name>.options | An attribute set of option values passed to rclone mount
|
| options/nixos/services.postfix.settings.master.<name>.args | Arguments to pass to the command
|
| options/nixos/users.users.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| options/home-manager/programs.autorandr.profiles.<name>.config.<name>.enable | Whether to enable the output.
|
| options/home-manager/programs.autorandr.profiles.<name>.config.<name>.rotate | Output rotate configuration.
|
| options/nixos/services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| options/nixos/services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| options/home-manager/services.restic.backups.<name>.passwordFile | A file containing the repository password.
|
| options/home-manager/services.podman.containers.<name>.userNS | Use a user namespace for the container.
|
| options/home-manager/programs.fish.binds.<name>.enable | Whether to enable enable the bind
|
| options/nixos/services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| options/home-manager/programs.ssh.matchBlocks.<name>.port | Specifies port number to connect on remote host.
|
| options/home-manager/programs.bat.syntaxes.<name>.src | Path to the syntax folder.
|
| options/darwin/environment.launchDaemons.<name>.target | Name of symlink
|
| options/home-manager/programs.floorp.profiles.<name>.containers.<name>.icon | Container icon.
|
| options/nixos/services.nipap.settings.nipapd.db_name | Name of database to use on PostgreSQL server.
|
| options/nixos/services.inadyn.settings.provider.<name>.ssl | Whether to use HTTPS for this DDNS provider.
|
| options/nixos/systemd.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| options/nixos/networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| options/nixos/users.extraUsers.<name>.subUidRanges.*.count | Count of subordinate user ids
|
| options/nixos/users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| options/darwin/launchd.daemons.<name>.script | Shell commands executed as the service's main process.
|
| options/darwin/launchd.daemons.<name>.serviceConfig.Sockets.<name>.SockPathMode | This optional key specifies the mode of the socket
|
| options/nixos/services.geoclue2.appConfig.<name>.isSystem | Whether the application is a system component or not.
|
| options/nixos/services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| options/nixos/services.snipe-it.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| options/nixos/services.geoclue2.appConfig.<name>.users | List of UIDs of all users for which this application is allowed location
info access, Defaults to an empty string to allow it for all users.
|
| options/nixos/services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| options/nixos/services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.borgbackup.jobs.<name>.prune.keep | Prune a repository by deleting all archives not matching any of the
specified retention options
|
| options/nixos/services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| options/nixos/systemd.user.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/nixos/systemd.user.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/nixos/services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| options/nixos/services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| options/darwin/launchd.daemons.<name>.serviceConfig.Sockets.<name>.SockFamily | This optional key can be used to specifically request that "IPv4" or "IPv6" socket(s) be created.
|
| options/nixos/services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| options/nixos/services.tinc.networks.<name>.listenAddress | The ip address to listen on for incoming connections.
|
| options/nixos/services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| options/nixos/services.borgbackup.jobs.<name>.appendFailedSuffix | Append a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
|
| options/darwin/launchd.user.agents.<name>.command | Command executed as the service's main process.
|
| options/nixos/services.fedimintd.<name>.nginx.path_ws | Path to host the API on and forward to the daemon's api port
|
| options/nixos/power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| options/home-manager/services.restic.backups.<name>.extraOptions | Extra extended options to be passed to the restic -o flag
|
| options/nixos/systemd.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| options/nixos/systemd.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| options/nixos/services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| options/nixos/services.syncoid.commands.<name>.target | Target ZFS dataset
|
| options/home-manager/services.podman.machines.<name>.volumes | Volumes to mount in the machine, specified as source:target pairs
|
| options/nixos/services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.nsd.zones.<name>.dnssecPolicy.coverage | The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
| options/home-manager/services.podman.containers.<name>.image | The container image.
|
| options/nixos/services.prometheus.exporters.nvidia-gpu.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nvidia-gpu.openFirewall is true.
|
| options/nixos/services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| options/nixos/services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| options/home-manager/services.unison.pairs.<name>.stateDirectory | Unison state directory to use.
|
| options/home-manager/programs.autorandr.profiles.<name>.config.<name>.filter | Interpolation method to be used for scaling the output.
|
| options/nixos/power.ups.ups.<name>.directives | List of configuration directives for this UPS.
|
| options/nixos/services.vdirsyncer.jobs.<name>.config.pairs | vdirsyncer pair configurations
|