| options/nixos/services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| options/nixos/services.printing.cups-pdf.instances.<name>.enable | Whether to enable this cups-pdf instance.
|
| options/nixos/services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| options/nixos/services.fcgiwrap.instances.<name>.socket.mode | Mode to be set on the UNIX socket
|
| options/nixos/networking.wg-quick.interfaces.<name>.postUp | Commands called after the interface setup.
|
| options/home-manager/accounts.email.accounts.<name>.mujmap.settings | Settings which are applied to mujmap.toml
for the account
|
| options/nixos/services.wordpress.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| options/nixos/services.pgbackrest.stanzas.<name>.instances | An attribute set of database instances as described in:
https://pgbackrest.org/configuration.html#section-stanza
Each instance defaults to set pg-host to the attribute's name
|
| options/nixos/services.httpd.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| options/darwin/environment.launchAgents.<name>.enable | Whether this file should be generated
|
| options/nixos/services.wyoming.piper.servers.<name>.zeroconf.enable | Whether to enable zeroconf discovery.
|
| options/nixos/services.borgbackup.jobs.<name>.dumpCommand | Backup the stdout of this program instead of filesystem paths
|
| options/nixos/systemd.network.networks.<name>.addresses | A list of address sections to be added to the unit
|
| options/nixos/services.firezone.server.provision.accounts.<name>.policies | All policies to provision
|
| options/nixos/containers.<name>.path | As an alternative to specifying
config, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
|
| options/nixos/services.snipe-it.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| options/home-manager/services.git-sync.repositories.<name>.path | The path at which to sync the repository
|
| options/nixos/services.radicle.ci.broker.settings.adapters.<name>.env | Environment variables to add when running the adapter.
|
| options/nixos/services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| options/nixos/services.blockbook-frontend.<name>.cssDir | Location of the dir with main.css CSS file
|
| options/darwin/launchd.daemons.<name>.serviceConfig.Program | This key maps to the first argument of execvp(3)
|
| options/nixos/security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| options/nixos/services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups | Authorization group memberships to require
|
| options/nixos/services.ghostunnel.servers.<name>.listen | Address and port to listen on (can be HOST:PORT, unix:PATH).
|
| options/nixos/networking.wg-quick.interfaces.<name>.type | The type of the interface
|
| options/nixos/services.ghostunnel.servers.<name>.target | Address to forward connections to (can be HOST:PORT or unix:PATH).
|
| options/nixos/boot.binfmt.registrations.<name>.mask | A mask to be ANDed with the byte sequence of the file before matching
|
| options/home-manager/programs.radio-active.aliases | Key/value pairs where the key is name of radio station and value is URL.
|
| options/nixos/services.zabbixWeb.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| options/nixos/services.anuko-time-tracker.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.anuko-time-tracker.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| options/nixos/services.drupal.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| options/nixos/services.firewalld.services.<name>.helpers | Helpers for the service.
|
| options/nixos/services.firewalld.services.<name>.version | Version of the service.
|
| options/nixos/services.wyoming.piper.servers.<name>.streaming | Whether to enable audio streaming on sentence boundaries.
|
| options/nixos/services.wordpress.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| options/home-manager/launchd.agents.<name>.config.HardResourceLimits.Stack | The maximum size (in bytes) of the stack segment for a process; this defines how far a program's
stack segment may be extended
|
| options/home-manager/launchd.agents.<name>.config.SoftResourceLimits.Stack | The maximum size (in bytes) of the stack segment for a process; this defines how far a program's
stack segment may be extended
|
| options/nixos/services.tarsnap.archives.<name>.includes | Include only files and directories matching these
patterns (the empty list includes everything)
|
| options/nixos/services.mautrix-meta.instances.<name>.enable | Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.
|
| options/home-manager/programs.vicinae.extensions | List of Vicinae extensions to install
|
| options/home-manager/programs.claude-code.rules | Modular rule files for Claude Code
|
| options/nixos/services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| options/nixos/services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| options/nixos/security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| options/nixos/services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| options/darwin/launchd.daemons.<name>.serviceConfig.LaunchOnlyOnce | This optional key specifies whether the job can only be run once and only once
|
| options/nixos/services.gitea-actions-runner.instances.<name>.url | Base URL of your Gitea/Forgejo instance.
|
| options/darwin/networking.wg-quick.interfaces.<name>.postUp | List of commands to run after interface setup.
|
| options/home-manager/services.podman.images.<name>.decryptionKeyFile | Path to key used for decryption of images.
|
| options/home-manager/services.xsuspender.rules.<name>.onlyOnBattery | Whether to enable process suspend only on battery.
|
| options/home-manager/accounts.email.accounts.<name>.mujmap.settings.tags | Tag configuration
|
| options/nixos/services.kubernetes.kubelet.taints.<name>.value | Value of taint.
|
| options/home-manager/accounts.email.accounts.<name>.notmuch.neomutt.enable | Whether to enable Notmuch support in NeoMutt.
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| options/nixos/services.kanboard.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| options/nixos/services.librenms.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| options/nixos/services.agorakit.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| options/nixos/services.fcgiwrap.instances.<name>.socket.group | Group to be set as owner of the UNIX socket.
|
| options/nixos/services.dolibarr.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| options/nixos/services.invoiceplane.sites.<name>.cron.key | Cron key taken from the administration page.
|
| options/nixos/services.fediwall.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| options/nixos/services.pixelfed.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| options/nixos/services.mainsail.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| options/nixos/programs.regreet.theme.package | The package that provides the theme given in the name option.
|
| options/nixos/services.traefik.dynamic.files.<name>.settings | Dynamic configuration for Traefik, written in Nix.
This will be serialized to JSON (which is considered valid YAML) at build, and passed as part of the static file.
|
| options/nixos/networking.wg-quick.interfaces.<name>.preDown | Command called before the interface is taken down.
|
| options/darwin/services.gitlab-runner.services.<name>.preCloneScript | Runner-specific command script executed before code is pulled.
|
| options/home-manager/services.xsuspender.rules.<name>.execSuspend | Before suspending, execute this shell script
|
| options/home-manager/services.restic.backups.<name>.initialize | Create the repository if it does not already exist
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saeAddToMacAllow | If set, all sae password entries that have a non-wildcard MAC associated to
them will additionally be used to populate the MAC allow list
|
| options/nixos/services.blockbook-frontend.<name>.debug | Debug mode, return more verbose errors, reload templates on each request.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id | Identity in CA certificate to accept for authentication
|
| options/nixos/networking.wlanInterfaces.<name>.meshID | MeshID of interface with type mesh.
|
| options/home-manager/programs.gnome-shell.theme.package | Package providing a GNOME Shell theme in
$out/share/themes/${name}/gnome-shell.
|
| options/nixos/services.anubis.instances.<name>.policy.extraBots | Additional bot rules appended to the policy
|
| options/home-manager/accounts.email.accounts.<name>.aerc.extraAccounts | Extra config added to the configuration section for this account in
$HOME/.config/aerc/accounts.conf
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| options/nixos/services.authelia.instances.<name>.package | The authelia package to use.
|
| options/nixos/services.mosquitto.bridges.<name>.settings | Additional settings for this bridge.
|
| options/darwin/launchd.agents.<name>.serviceConfig.WaitForDebugger | This optional key specifies that launchd should instruct the kernel to have the job wait for a debugger
to attach before any code in the job is executed.
|
| options/nixos/services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| options/home-manager/services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the
same environment variables set as the systemd service
|
| options/nixos/services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| options/nixos/boot.initrd.systemd.contents.<name>.dlopen.usePriority | Priority of dlopen ELF notes to include. "required" is
minimal, "recommended" includes "required", and
"suggested" includes "recommended"
|
| options/home-manager/services.restic.backups.<name>.inhibitsSleep | Prevents the system from sleeping while backing up
|
| options/nixos/services.wstunnel.clients.<name>.customHeaders | Custom HTTP headers to send during the upgrade request.
|
| options/nixos/systemd.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| options/nixos/services.radicle.httpd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| options/nixos/services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| options/nixos/services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqid | Fixed reqid to use for this CHILD_SA
|
| options/darwin/environment.launchDaemons.<name>.source | Path of the source file.
|
| options/nixos/services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| options/nixos/services.woodpecker-agents.agents.<name>.path | Additional packages that should be added to the agent's PATH
|
| options/nixos/services.wordpress.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| options/home-manager/services.podman.builds.<name>.description | The description of the build.
|
| options/home-manager/services.podman.images.<name>.description | The description of the image.
|