| options/nixos/services.gitlab.host | GitLab host name
|
| options/nixos/services.consul-template.instances.<name>.settings.template | Template section of consul-template
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| options/nixos/services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| options/nixos/virtualisation.oci-containers.containers.<name>.serviceName | Systemd service name that manages the container
|
| options/nixos/services.postgresqlWalReceiver.receivers.<name>.extraArgs | A list of extra arguments to pass to the pg_receivewal command.
|
| options/nixos/services.radicle.ci.adapters.native.instances.<name>.runtimePackages | Packages added to the adapter's PATH.
|
| options/darwin/launchd.agents.<name>.serviceConfig.LowPriorityBackgroundIO | This optional key specifies whether the kernel should consider this daemon to be low priority when
doing file system I/O when the process is throttled with the Darwin-background classification.
|
| options/nixos/services.armagetronad.servers.<name>.settings | Armagetron Advanced server rules configuration
|
| options/nixos/services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| options/nixos/services.system76-scheduler.assignments.<name>.class | CPU scheduler class.
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.removeOrphanedClaimMaps | Whether claim maps not specified here but present in kanidm should be removed from kanidm.
|
| options/nixos/services.datadog-agent.hostname | The hostname to show in the Datadog dashboard (optional)
|
| options/nixos/services.anuko-time-tracker.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| options/home-manager/accounts.email.accounts.<name>.thunderbird.messageFilters | List of message filters to add to this Thunderbird account
configuration.
|
| options/nixos/services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| options/nixos/services.ytdl-sub.instances.<name>.subscriptions | Subscriptions for ytdl-sub
|
| options/home-manager/accounts.email.accounts.<name>.notmuch.neomutt.virtualMailboxes.*.type | Reads all matching messages or whole-threads
|
| options/home-manager/accounts.calendar.accounts.<name>.pimsync.extraPairDirectives | Extra directives that should be added under this accounts pair directive
|
| options/nixos/programs.pay-respects.runtimeRules | List of rules to be added to /etc/xdg/pay-respects/rules.
pay-respects will read the contents of these generated rules to recommend command corrections
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| options/nixos/services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| options/home-manager/launchd.agents.<name>.config.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| options/nixos/services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| options/nixos/networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| options/nixos/services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| options/nixos/services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| options/home-manager/services.muchsync.remotes.<name>.local.checkForModifiedFiles | Check for locally modified files
|
| options/nixos/virtualisation.fileSystems.<name>.label | Label of the device
|
| options/nixos/containers.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| options/darwin/launchd.daemons.<name>.serviceConfig.ThrottleInterval | This key lets one override the default throttling policy imposed on jobs by launchd
|
| options/nixos/services.system76-scheduler.assignments.<name>.ioClass | IO scheduler class.
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| options/darwin/launchd.daemons.<name>.serviceConfig.Sockets | This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job
|
| options/nixos/services.cntlm.domain | Proxy account domain/workgroup name.
|
| options/nixos/services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitID | See torrc manual.
|
| options/nixos/services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|
| options/home-manager/services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|
| options/nixos/services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| options/home-manager/accounts.email.accounts.<name>.notmuch.neomutt.virtualMailboxes.*.limit | Restricts number of messages/threads in the result.
|
| options/nixos/services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| options/nixos/virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| options/nixos/services.hostapd.radios.<name>.wifi4.capabilities | HT (High Throughput) capabilities given as a list of flags
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|
| options/nixos/services.fcron.allow | Users allowed to use fcrontab and fcrondyn (one name per
line, all for everyone).
|
| options/nixos/boot.loader.systemd-boot.extraEntries | Any additional entries you want added to the systemd-boot menu
|
| options/home-manager/accounts.email.accounts.<name>.imap.authentication | The authentication mechanism.
|
| options/home-manager/accounts.email.accounts.<name>.smtp.authentication | The authentication mechanism.
|
| options/home-manager/accounts.email.accounts.<name>.mujmap.settings.session_url | Session URL to connect to
|
| options/nixos/users.ldap.bind.distinguishedName | The distinguished name to bind to the LDAP server with
|
| options/nixos/networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.httpHostHeader | Sets the HTTP Host header on requests sent to the local service.
|
| options/nixos/networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| options/nixos/services.archisteamfarm.bots.<name>.settings | Additional settings that are documented here.
|
| options/nixos/services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| options/nixos/services.keepalived.vrrpInstances.<name>.virtualRouterId | Arbitrary unique number 1..255
|
| options/nixos/services.matrix-tuwunel.settings.global.server_name | The server_name is the name of this server
|
| options/nixos/services.matrix-conduit.settings.global.server_name | The server_name is the name of this server
|
| options/nixos/networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| options/home-manager/accounts.email.accounts.<name>.thunderbird.messageFilters.*.type | Type for this filter.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret | Value of the NTLM secret, which is the NT Hash of the actual secret,
that is, MD4(UTF-16LE(secret))
|
| options/nixos/services.strongswan-swanctl.swanctl.pools.<name>.addrs | Addresses allocated in pool
|
| options/home-manager/services.podman.containers.<name>.addCapabilities | The capabilities to add to the container.
|
| options/nixos/services.bookstack.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| options/nixos/networking.sits.<name>.encapsulation.sourcePort | Source port when using UDP encapsulation
|
| options/nixos/services.jibri.xmppEnvironments.<name>.control.login.passwordFile | File containing the password for the user.
|
| options/nixos/virtualisation.oci-containers.containers.<name>.dependsOn | Define which other containers this one depends on
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/home-manager/wayland.windowManager.sway.config.bindswitches.<name>.locked | Unless the flag --locked is set, the command
will not be run when a screen locking program
is active
|
| options/nixos/services.easytier.instances.<name>.settings.listeners | Listener addresses to accept connections from other peers
|
| options/nixos/containers.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| options/nixos/virtualisation.interfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| options/nixos/services.pretix.settings.pretix.instance_name | The name of this installation.
|
| options/nixos/services.pantalaimon-headless.instances.<name>.logLevel | Set the log level of the daemon.
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.tlsTimeout | Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
|
| options/nixos/services.hostapd.radios.<name>.wifi6.operatingChannelWidth | Determines the operating channel width for HE.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| options/nixos/networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_out | Netfilter mark applied to packets after the outbound IPsec SA processed
them
|
| options/nixos/virtualisation.fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| options/nixos/services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPorts | See torrc manual.
|
| options/darwin/networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | Optional, path to file containing the pre-shared key for this peer.
|
| options/nixos/services.pantalaimon-headless.instances.<name>.dataPath | The directory where pantalaimon should store its state such as the database file.
|
| options/nixos/services.prometheus.exporters.py-air-control.user | User name under which the py-air-control exporter shall be run.
|
| options/nixos/services.invoiceplane.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| options/nixos/services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.clientIdCommand | A command that prints the OAuth credentials to standard
output
|
| options/nixos/services.hostapd.radios.<name>.wifi5.operatingChannelWidth | Determines the operating channel width for VHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| options/nixos/services.hostapd.radios.<name>.wifi7.operatingChannelWidth | Determines the operating channel width for EHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| options/nixos/services.invoiceplane.sites.<name>.database.createLocally | Create the database and database user locally.
|
| options/nixos/networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| options/nixos/networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.proxyPort | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| options/nixos/services.factorio.loadLatestSave | Load the latest savegame on startup
|
| options/home-manager/services.activitywatch.watchers.<name>.package | The activitywatch package to use
|
| options/nixos/services.fedimintd.<name>.nginx.config.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| options/nixos/services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable | See torrc manual.
|
| options/nixos/services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| options/home-manager/services.podman.containers.<name>.dropCapabilities | The capabilities to drop from the container.
|