| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting | name of the setting section for which secrets are requested
|
| options/nixos/services.pds.settings.PDS_HOSTNAME | Instance hostname (base domain name)
|
| options/nixos/services.gammu-smsd.backend.sql.database | Database name to store sms data
|
| options/nixos/services.firezone.server.provision.accounts.<name>.features.flow_activities | Whether to enable the flow_activities feature for this account.
|
| options/nixos/services.firezone.server.provision.accounts.<name>.features.traffic_filters | Whether to enable the traffic_filters feature for this account.
|
| options/nixos/services.stargazer.routes.*.route | Route section name
|
| options/nixos/services.prometheus.exporters.mqtt.mqttUsername | Username which should be used to authenticate against the MQTT broker.
|
| options/nixos/virtualisation.oci-containers.containers.<name>.podman.sdnotify | Determines how podman should notify systemd that the unit is ready
|
| options/nixos/services.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| options/nixos/services.resolved.llmnr | Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host
|
| options/nixos/virtualisation.oci-containers.containers.<name>.environment | Environment variables to set for this container.
|
| options/nixos/services.restic.server.privateRepos | Enable private repos
|
| options/nixos/swapDevices.*.encrypted.label | Label of the unlocked encrypted device
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.unique | Connection uniqueness policy to enforce
|
| options/nixos/image.repart.verityStore.partitionIds.store | Specify the attribute name of the store partition.
|
| options/home-manager/programs.zsh.prezto.tmux.defaultSessionName | Set the default session name.
|
| options/home-manager/programs.zsh.siteFunctions | Functions that are added to the Zsh environment and are subject to
autoloading
|
| options/nixos/services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| options/nixos/containers.<name>.networkNamespace | Takes the path to a file representing a kernel network namespace that the container
shall run in
|
| options/nixos/users.mysql.pam.statusColumn | The name of the column or an SQL expression that indicates the status of
the user
|
| options/nixos/services.mastodon.user | User under which mastodon runs
|
| options/nixos/services.tailscale.derper.domain | Domain name under which the derper server is reachable.
|
| options/nixos/services.mqtt2influxdb.mqtt.username | Username used to connect to the MQTT server.
|
| options/nixos/services.suwayomi-server.settings.server.basicAuthUsername | The username value that you have to provide when authenticating.
|
| options/nixos/services.athens.storage.mongo.defaultDBName | Name of the mongo database.
|
| options/nixos/nixpkgs.flake.source | The path to the nixpkgs sources used to build the system
|
| options/nixos/services.nvme-rs.settings.email.smtp_username | SMTP username
|
| options/nixos/services.portunus.ldap.searchUserName | The login name of the search user
|
| options/nixos/programs.regreet.cursorTheme.package | The package that provides the cursor theme given in the name option.
|
| options/nixos/services.writefreely.host | The public host name to serve.
|
| options/nixos/services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| options/nixos/users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| options/nixos/services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| options/nixos/services.minetest-server.world | Name of the world to use
|
| options/nixos/services.acme-dns.settings.general.domain | Domain name to serve the requests off of.
|
| options/nixos/services.unpoller.unifi.defaults.user | Unifi service user name.
|
| options/darwin/nixpkgs.flake.source | The path to the nixpkgs sources used to build the system
|
| options/nixos/services.gancio.settings.db.database | Name of the PostgreSQL database
|
| options/nixos/virtualisation.oci-containers.containers.<name>.environmentFiles | Environment files for this container.
|
| options/nixos/services.multipath.devices.*.prio | The name of the path priority routine
|
| options/nixos/services.jibri.xmppEnvironments.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| options/nixos/services.spacecookie.settings.hostname | The hostname the service is reachable via
|
| options/nixos/services.cadvisor.storageDriverDb | Cadvisord storage driver database name.
|
| options/nixos/services.slurm.controlMachine | The short hostname of the machine where SLURM control functions are
executed (i.e. the name returned by the command "hostname -s", use "tux001"
rather than "tux001.my.com").
|
| options/nixos/virtualisation.oci-containers.containers.<name>.imageStream | Path to a script that streams the desired image on standard output
|
| options/nixos/services.gitlab.registry.serviceName | GitLab container registry service name.
|
| options/nixos/services.samba.winbindd.enable | Whether to enable Samba's winbindd, which provides a number of services
to the Name Service Switch capability found in most modern C libraries,
to arbitrary applications via PAM and ntlm_auth and to Samba itself.
|
| options/nixos/services.sanoid.datasets.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| options/home-manager/programs.radicle.uri.web-rad.browser | Name of the XDG Desktop Entry for your browser
|
| options/nixos/services.knot-resolver.enable | Whether to enable knot-resolver (version 6) domain name server
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local_addrs | Local address(es) to use for IKE communication
|
| options/nixos/services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| options/nixos/services.multipath.pathGroups.*.alias | The name of the multipath device
|
| options/nixos/services.xserver.xrandrHeads.*.output | The output name of the monitor, as shown by
xrandr(1) invoked without arguments.
|
| options/nixos/services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| options/nixos/services.vault-agent.instances | Attribute set of vault-agent instances
|
| options/nixos/services.rustus.storage.s3_region | S3 region name.
|
| options/nixos/services.slurm.dbdserver.storageUser | Database user name.
|
| options/nixos/services.hickory-dns.settings.zones.*.zone | Zone name, like "example.com", "localhost", or "0.0.127.in-addr.arpa".
|
| options/nixos/services.tailscale.authKeyFile | A file containing the auth key
|
| options/nixos/services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| options/nixos/services.nominatim.enable | Whether to enable nominatim
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.reauth_time | Time to schedule IKE reauthentication
|
| options/nixos/services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| options/nixos/services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base | Defines the base URI for the Hash and URL feature supported by
IKEv2
|
| options/nixos/services.httpd.customLogFormat | Defines a custom Apache HTTPD access log format string
|
| options/nixos/services.roundcube.enable | Whether to enable roundcube
|
| options/nixos/virtualisation.sharedDirectories.<name>.securityModel | The security model to use for this share:
passthrough: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)mapped-xattr: some of the file attributes like uid, gid, mode bits and link target are stored as file attributesmapped-file: the attributes are stored in the hidden .virtfs_metadata directory
|
| options/nixos/services.headscale.settings.dns.nameservers.global | List of nameservers to pass to Tailscale clients.
|
| options/nixos/security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| options/nixos/hardware.firmware | List of packages containing firmware files
|
| options/nixos/services.openvscode-server.host | The host name or IP address the server should listen to.
|
| options/nixos/services.dependency-track.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| options/home-manager/programs.claude-code.commands | Custom commands for Claude Code
|
| options/nixos/services.sanoid.templates.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| options/nixos/services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| options/nixos/services.heisenbridge.namespaces | Configure the 'namespaces' section of the registration.yml for the bridge and the server
|
| options/nixos/services.samba.usershares.group | Name of the group members of which will be allowed to create usershares
|
| options/nixos/services.forgejo.settings.server.DOMAIN | Domain name of your server.
|
| options/nixos/services.davis.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.slskd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.movim.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.postfix.networksStyle | Name of standard way of trusted network specification to use,
leave blank if you specify it explicitly or if you want to use
default (localhost-only).
|
| options/darwin/system.defaults.finder._FXSortFoldersFirst | Keep folders on top when sorting by name
|
| options/nixos/services.radicle.httpd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| options/darwin/services.postgresql.identMap | Defines the mapping from system users to database users
|
| options/nixos/services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| options/nixos/containers.<name>.additionalCapabilities | Grant additional capabilities to the container
|
| options/nixos/services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.childless | Use childless IKE_SA initiation (allow, prefer, force or never)
|
| options/nixos/services.nextcloud.autoUpdateApps.startAt | When to run the update
|
| options/nixos/services.influxdb2.provision.initialSetup.username | Primary username
|
| options/nixos/virtualisation.oci-containers.containers.<name>.ports | Network ports to publish from the container to the outer host
|
| options/home-manager/accounts.email.accounts.<name>.mujmap.settings.tags.directory_separator | Directory separator for mapping notmuch tags to maildirs.
|
| options/home-manager/programs.wezterm.colorSchemes | Attribute set of additional color schemes to be written to
$XDG_CONFIG_HOME/wezterm/colors, where each key is
taken as the name of the corresponding color scheme
|
| options/nixos/services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| options/nixos/services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| options/nixos/services.snipe-it.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|