| services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| services.public-inbox.inboxes.<name>.url | URL where this inbox can be accessed over HTTP.
|
| systemd.network.networks.<name>.DHCP | Whether to enable DHCP on the interfaces matched.
|
| systemd.user.services.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.ghostunnel.servers.<name>.allowCN | Allow client if common name appears in the list.
|
| services.dovecot2.imapsieve.mailbox.*.name | This setting configures the name of a mailbox for which administrator scripts are configured
|
| services.beesd.filesystems.<name>.workDir | Name (relative to the root of the filesystem) of the subvolume where
the hash table will be stored.
|
| services.nylon.<name>.deniedIPRanges | Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:
[ "0.0.0.0/0" ]
To block all other access than the allowed.
|
| services.sympa.domains.<name>.webHost | Domain part of the web interface URL (no web interface for this domain if null)
|
| services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| networking.fooOverUDP.<name>.local.address | Local address to bind to
|
| services.httpd.virtualHosts.<name>.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| security.auditd.plugins.<name>.args | This allows you to pass arguments to the child program
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.fedimintd.<name>.nginx.config.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.bitcoind.<name>.testnet | Whether to use the testnet instead of mainnet.
|
| services.rspamd.locals.<name>.enable | Whether this file locals should be generated
|
| systemd.slices.<name>.requisite | Similar to requires
|
| systemd.timers.<name>.requisite | Similar to requires
|
| services.fedimintd.<name>.p2p.port | Port to bind on for p2p connections from peers (both TCP and UDP)
|
| services.fedimintd.<name>.p2p.bind | Address to bind on for p2p connections from peers (both TCP and UDP)
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.cjdns.ETHInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.cjdns.UDPInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| services.homebridge.settings.platforms.*.name | Name of the platform
|
| services.ghostunnel.servers.<name>.allowOU | Allow client if organizational unit name appears in the list.
|
| systemd.user.timers.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.slices.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.httpd.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| programs.neovim.runtime.<name>.source | Path of the source file.
|
| services.asusd.auraConfigs.<name>.source | Path of the source file.
|
| services.caddy.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.redis.servers.<name>.unixSocket | The path to the socket to bind to.
|
| services.rss2email.feeds.<name>.url | The URL at which to fetch the feed.
|
| services.tahoe.introducers.<name>.nickname | The nickname of this Tahoe introducer.
|
| systemd.network.links.<name>.linkConfig | Each attribute in this set specifies an option in the
[Link] section of the unit
|
| services.drupal.sites.<name>.phpOptions | Options for PHP's php.ini file for this Drupal site.
|
| services.geth.<name>.metrics.address | Listen address of Go Ethereum metrics service.
|
| services.nginx.proxyCachePath.<name>.enable | Whether to enable this proxy cache path entry.
|
| services.firezone.server.provision.accounts.<name>.actors.<name>.email | The email address used to authenticate as this account
|
| services.bird-lg.frontend.nameFilter | Protocol names to hide in summary tables (RE2 syntax),
|
| services.fedimintd.<name>.enable | Whether to enable fedimintd.
|
| services.xserver.xkb.extraLayouts.<name>.typesFile | The path to the xkb types file
|
| boot.loader.systemd-boot.windows.<name>.title | The title of the boot menu entry.
|
| services.openafsClient.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| services.nginx.proxyCachePath.<name>.keysZoneSize | Set size to shared memory zone.
|
| services.openafsServer.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.fedimintd.<name>.api.url | Public URL of the API address of the reverse proxy/tls terminator
|
| services.drupal.sites.<name>.poolConfig | Options for the Drupal PHP pool
|
| containers.<name>.specialArgs | A set of special arguments to be passed to NixOS modules
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter | The auth adapter type
|
| security.pam.services.<name>.p11Auth | If set, keys listed in
~/.ssh/authorized_keys and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
|
| services.ndppd.proxies.<name>.rules | This is a rule that the target address is to match against
|
| security.acme.certs.<name>.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| services.hostapd.radios.<name>.noScan | Disables scan for overlapping BSSs in HT40+/- mode
|
| services.hans.clients.<name>.extraConfig | Additional command line parameters
|
| services.iodine.clients.<name>.server | Hostname of server running iodined
|
| services.dokuwiki.sites.<name>.stateDir | Location of the DokuWiki state directory.
|
| services.rspamd.workers.<name>.enable | Whether to run the rspamd worker.
|
| services.restic.backups.<name>.checkOpts | A list of options for 'restic check'.
|
| services.kimai.sites.<name>.settings | Structural Kimai's local.yaml configuration
|
| services.geth.<name>.authrpc.address | Listen address of Go Ethereum Auth RPC API.
|
| services.phpfpm.pools.<name>.phpPackage | The PHP package to use for running this PHP-FPM pool.
|
| services.restic.backups.<name>.runCheck | Whether to run the check command with the provided checkOpts options.
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.h2o.hosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host
configuration.
|
| security.acme.certs.<name>.extraDomainNames | A list of extra domain names, which are included in the one certificate to be issued.
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| services.h2o.hosts.<name>.settings | Attrset to be transformed into YAML for host config
|
| hardware.alsa.controls.<name>.maxVolume | The maximum volume in dB.
|
| services.rsync.jobs.<name>.settings | Settings that should be passed to rsync via long options
|
| services.geth.<name>.websocket.port | Port number of Go Ethereum WebSocket API.
|
| services.fedimintd.<name>.api.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.fedimintd.<name>.api.port | Port to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.ghostunnel.servers.<name>.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| services.ghostunnel.servers.<name>.allowURI | Allow client if URI subject alternative name appears in the list.
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| services.dokuwiki.sites.<name>.acl.*.actor | User or group to restrict
|
| services.bepasty.servers.<name>.dataDir | Path to the directory where the pastes will be saved to
|
| security.auditd.plugins.<name>.active | Whether to enable Whether to enable this plugin.
|
| systemd.user.paths.<name>.requisite | Similar to requires
|
| systemd.user.services.<name>.upholds | Keeps the specified running while this unit is running
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.cjdns.UDPInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| services.cjdns.ETHInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| security.pam.services.<name>.limits.*.type | Type of this limit
|
| services.bitcoind.<name>.extraConfig | Additional configurations to be appended to bitcoin.conf.
|
| security.pam.services.<name>.mysqlAuth | If set, the pam_mysql module will be used to
authenticate users against a MySQL/MariaDB database.
|
| services.mpd.settings | Configuration for MPD
|
| systemd.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.k3s.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.logcheck.ignore.<name>.level | Set the logcheck level.
|
| services.sanoid.datasets.<name>.daily | Number of daily snapshots.
|
| services.znapzend.zetup.<name>.enable | Whether to enable this source.
|
| services.anubis.instances.<name>.settings.BIND | The address that Anubis listens to
|