| systemd.slices.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.nspawn.<name>.execConfig | Each attribute in this set specifies an option in the
[Exec] section of this unit
|
| services.i2pd.inTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| containers.<name>.extraVeths.<name>.forwardPorts | List of forwarded ports from host to container
|
| security.pam.services.<name>.limits.*.value | Value of this limit
|
| services.k3s.manifests.<name>.source | Path of the source .yaml file.
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.dokuwiki.sites.<name>.acl.*.level | Permission level to restrict the actor(s) to
|
| services.bepasty.servers.<name>.workDir | Path to the working directory (used for config and pidfile)
|
| services.spiped.config.<name>.encrypt | Take unencrypted connections from the
source socket and send encrypted
connections to the target socket.
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| services.fedimintd.<name>.nginx.path | Path to host the API on and forward to the daemon's api port
|
| services.pppd.peers.<name>.autostart | Whether the PPP session is automatically started at boot time.
|
| users.extraUsers.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| services.rke2.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| users.users.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| users.extraUsers.<name>.packages | The set of packages that should be made available to the user
|
| services.xserver.xkb.extraLayouts.<name>.symbolsFile | The path to the xkb symbols file
|
| services.nylon.<name>.bindInterface | Tell nylon which interface to use as an uplink, default is "enp3s0f0".
|
| services.bacula-sd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.bacula-fd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| systemd.user.services.<name>.scriptArgs | Arguments passed to the main process script
|
| security.pam.services.<name>.failDelay.delay | The delay time (in microseconds) on failure.
|
| services.firewalld.zones.<name>.short | Short description for the zone.
|
| services.firewalld.zones.<name>.ports | Ports to allow in the zone.
|
| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.restic.backups.<name>.package | The restic package to use.
|
| services.xserver.displayManager.lightdm.greeters.slick.font.name | Name of the font to use.
|
| services.redis.servers.<name>.extraParams | Extra parameters to append to redis-server invocation
|
| services.ndppd.proxies.<name>.timeout | Controls how long to wait for a Neighbor Advertisement Message before
invalidating the entry, in milliseconds.
|
| systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| virtualisation.qemu.drives.*.name | A name for the drive
|
| power.ups.ups.<name>.directives | List of configuration directives for this UPS.
|
| services.xserver.displayManager.lightdm.greeters.gtk.theme.name | Name of the theme to use for the lightdm-gtk-greeter.
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| containers.<name>.extraVeths.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| services.quicktun.<name>.timeWindow | Allowed time window for first received packet in seconds (positive number allows packets from history)
|
| services.prosody.virtualHosts.<name>.ssl.key | Path to the key file.
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.httpd.virtualHosts.<name>.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.nginx.virtualHosts.<name>.acmeRoot | Directory for the ACME challenge, which is public
|
| services.fedimintd.<name>.nginx.fqdn | Public domain of the API address of the reverse proxy/tls terminator.
|
| systemd.user.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| fileSystems.<name>.label | Label of the device
|
| services.redis.servers.<name>.group | Group account under which this instance of redis-server runs.
If left as the default value this group will automatically be
created on system activation, otherwise you are responsible for
ensuring the group exists before the redis service starts.
|
| services.quicktun.<name>.protocol | Which protocol to use.
|
| services.rke2.autoDeployCharts.<name>.hash | The hash of the packaged Helm chart
|
| services.ax25.axports.<name>.callsign | The callsign of the physical interface to bind to.
|
| services.uhub.<name>.plugins.*.settings | Settings specific to this plugin.
|
| services.drupal.sites.<name>.database.user | Database user.
|
| services.h2o.hosts.<name>.tls.extraSettings | Additional TLS/SSL-related configuration options
|
| systemd.services.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.i2pd.outTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile | Path to the SSH host public key.
|
| services.github-runners.<name>.user | User under which to run the service
|
| services.drupal.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| users.users.<name>.isSystemUser | Indicates if the user is a system user or not
|
| services.jupyter.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyter.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| services.honk.servername | The server name.
|
| systemd.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.members | The members of this group
|
| services.nsd.zones.<name>.multiMasterCheck | If enabled, checks all masters for the last zone version
|
| services.github-runners.<name>.package | The github-runner package to use.
|
| services.httpd.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.nginx.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| containers.<name>.extraVeths.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| services.sanoid.datasets.<name>.yearly | Number of yearly snapshots.
|
| services.sympa.settingsFile.<name>.source | Path of the source file.
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| services.sanoid.datasets.<name>.hourly | Number of hourly snapshots.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.spiped.config.<name>.timeout | Timeout, in seconds, after which an attempt to connect to
the target or a protocol handshake will be aborted (and the
connection dropped) if not completed
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| systemd.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.drupal.sites.<name>.database.host | Database host address.
|
| services.drupal.sites.<name>.database.port | Database host port.
|
| services.gitwatch.<name>.message | Optional text to use in as commit message; all occurrences of %d will be replaced by formatted date/time
|
| programs.dms-shell.plugins.<name>.src | Source of the plugin package or path
|
| services.drupal.sites.<name>.privateFilesDir | The location of the Drupal private files directory.
|
| services.openvpn.servers.<name>.autoStart | Whether this OpenVPN instance should be started automatically.
|
| security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| services.kanidm.provision.systems.oauth2.<name>.preferShortUsername | Use 'name' instead of 'spn' in the preferred_username claim
|
| systemd.user.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.xserver.displayManager.lightdm.greeters.enso.theme.name | Name of the theme to use for the lightdm-enso-os-greeter
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|
| services.cjdns.ETHInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|