| options/nixos/services.firezone.server.provision.accounts.<name>.features.policy_conditions | Whether to enable the policy_conditions feature for this account.
|
| options/nixos/services.firezone.server.provision.accounts.<name>.features.internet_resource | Whether to enable the internet_resource feature for this account.
|
| options/nixos/services.multipath.pathGroups.*.alias | The name of the multipath device
|
| options/home-manager/accounts.email.accounts.<name>.lieer.settings.local_trash_tag | Local tag to which the remote Gmail 'TRASH' label is translated.
|
| options/nixos/services.thinkfan.fans.*.query | The query string used to match one or more fans: can be
a fullpath to the temperature file (single fan) or a fullpath
to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
|
| options/nixos/services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| options/nixos/services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| options/nixos/services.bitwarden-directory-connector-cli.ldap.username | The user to authenticate as.
|
| options/nixos/security.tpm2.fapi.profileName | Name of the default cryptographic profile chosen from the profile_dir directory.
|
| options/nixos/services.prometheus.remoteWrite.*.basic_auth.username | HTTP username
|
| options/nixos/services.gancio.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.akkoma.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.fluidd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.matomo.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.monica.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| options/nixos/services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| options/nixos/virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| options/nixos/services.nextcloud.autoUpdateApps.startAt | When to run the update
|
| options/nixos/virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| options/home-manager/programs.vicinae.extensions | List of Vicinae extensions to install
|
| options/nixos/virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| options/nixos/services.ntopng.redis.createInstance | Local Redis instance name
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.conflictResolution | What to do in case of a conflict between the storages
|
| options/nixos/services.davis.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/services.movim.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/services.slskd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/services.portunus.dex.oidcClients | List of OIDC clients
|
| options/nixos/services.athens.index.postgres.database | Database name for the Postgres database.
|
| options/nixos/services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| options/darwin/services.postgresql.identMap | Defines the mapping from system users to database users
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer | Identity under which the peer is registered at the mediation server, that
is, the IKE identity the other end of this connection uses as its local
identity on its connection to the mediation server
|
| options/nixos/virtualisation.oci-containers.containers.<name>.pull | Image pull policy for the container
|
| options/home-manager/programs.yazi.plugins | Lua plugins
|
| options/nixos/users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| options/nixos/services.matrix-synapse.settings.listeners.*.resources.*.names | List of resources to host on this listener.
|
| options/nixos/services.matrix-synapse.workers.<name>.worker_listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| options/nixos/services.authelia.instances.<name>.settings.default_2fa_method | Default 2FA method for new users and fallback for preferred but disabled methods.
|
| options/nixos/services.vikunja.database.database | Database name.
|
| options/nixos/services.btrbk.extraPackages | Extra packages for btrbk, like compression utilities for stream_compress.
Note: This option will get deprecated in future releases
|
| options/nixos/networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| options/nixos/services.oncall.settings.db.conn.kwargs.database | Database name.
|
| options/nixos/boot.kernelPatches | A list of additional patches to apply to the kernel
|
| options/nixos/services.snipe-it.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| options/nixos/virtualisation.credentials.<name>.mechanism | The mechanism used to pass the credential to the VM.
|
| options/nixos/hardware.nvidia-container-toolkit.enable-hooks | List of hooks to enable when generating the CDI specification
|
| options/home-manager/programs.yazi.flavors | Pre-made themes
|
| options/nixos/boot.initrd.secrets | Secrets to append to the initrd
|
| options/nixos/services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| options/nixos/virtualisation.oci-containers.containers.<name>.labels | Labels to attach to the container at runtime.
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| options/nixos/services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| options/nixos/services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| options/nixos/services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| options/nixos/services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| options/nixos/services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| options/home-manager/programs.claude-code.hooks | Custom hooks for Claude Code
|
| options/nixos/services.zfs.autoSnapshot.flags | Flags to pass to the zfs-auto-snapshot command
|
| options/nixos/services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| options/nixos/services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| options/nixos/services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| options/nixos/services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| options/nixos/services.sanoid.datasets.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| options/nixos/services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| options/nixos/services.nextcloud.settings.mail_smtpname | This depends on mail_smtpauth
|
| options/nixos/services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| options/nixos/services.canaille.settings.SERVER_NAME | The domain name on which canaille will be served.
|
| options/nixos/networking.bonds.<name>.xmit_hash_policy | DEPRECATED, use driverOptions
|
| options/nixos/services.zabbixWeb.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| options/nixos/services.lavalink.plugins.*.configName | The name of the plugin to use as the key for the plugin configuration.
|
| options/home-manager/programs.librewolf.profiles.<name>.extensions.exactPermissions | When enabled,
programs.librewolf.profiles.<profile>.extensions.settings.<extensionID>.permissions
must specify the exact set of permissions that the
extension will request
|
| options/nixos/services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| options/nixos/services.cassandra.clusterName | The name of the cluster
|
| options/nixos/services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| options/nixos/services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| options/nixos/services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.fragmentation | Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation)
|
| options/nixos/virtualisation.oci-containers.containers.<name>.podman | Podman-specific settings in OCI containers
|
| options/nixos/services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| options/nixos/services.bookstack.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| options/nixos/hardware.display.edid.linuxhw | Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID
Attribute names will be mapped to EDID filenames <NAME>.bin
|
| options/nixos/services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/services.fluidd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/services.matomo.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/virtualisation.oci-containers.containers.<name>.devices | List of devices to attach to this container.
|
| options/nixos/services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| options/nixos/services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| options/nixos/services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| options/nixos/services.znc.useLegacyConfig | Whether to propagate the legacy options under
services.znc.confOptions.* to the znc config
|
| options/nixos/services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| options/nixos/services.libeufin.nexus.settings.nexus-ebics.HOST_ID | Name of the EBICS host.
|
| options/nixos/services.stargazer.routes | Routes that Stargazer should server
|
| options/nixos/virtualisation.oci-containers.containers.<name>.workdir | Override the default working directory for the container.
|
| options/nixos/networking.wireguard.interfaces.<name>.interfaceNamespace | The pre-existing network namespace the WireGuard
interface is moved to
|
| options/nixos/services.prometheus.scrapeConfigs.*.basic_auth.username | HTTP username
|
| options/nixos/programs.regreet.font.package | The package that provides the font given in the name option.
|