| services.bacula-fd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-sd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.dokuwiki.sites.<name>.acl.*.actor | User or group to restrict
|
| services.bepasty.servers.<name>.dataDir | Path to the directory where the pastes will be saved to
|
| security.pam.services.<name>.makeHomeDir | Whether to try to create home directories for users
with $HOMEs pointing to nonexistent
locations on session login.
|
| services.xserver.displayManager.lightdm.greeters.gtk.theme.name | Name of the theme to use for the lightdm-gtk-greeter.
|
| programs.tsmClient.servers.<name>.nodename | Target node name on the IBM TSM server.
|
| services.pretix.settings.pretix.instance_name | The name of this installation.
|
| services.borgbackup.jobs.<name>.dateFormat | Arguments passed to date
to create a timestamp suffix for the archive name.
|
| services.xserver.displayManager.lightdm.greeters.slick.font.name | Name of the font to use.
|
| services.prosody.virtualHosts.<name>.ssl.key | Path to the key file.
|
| services.i2pd.outTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile | Path to the SSH host public key.
|
| systemd.user.paths.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| security.pam.services.<name>.limits.*.type | Type of this limit
|
| services.nginx.virtualHosts.<name>.quic | Whether to enable the QUIC transport protocol
|
| systemd.user.services.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.services.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.services.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.services.<name>.upholds | Keeps the specified running while this unit is running
|
| services.znapzend.zetup.<name>.plan | The znapzend backup plan to use for the source
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses | The external address where the host can be reached
|
| services.cjdns.UDPInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| services.cjdns.ETHInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| services.anubis.instances.<name>.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.yandex-disk.username | Your yandex.com login name.
|
| services.httpd.virtualHosts.<name>.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.prometheus.exporters.rtl_433.ids.*.name | Name to match.
|
| services.drupal.sites.<name>.database.user | Database user.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.valuesByGroup | Maps kanidm groups to values for the claim.
|
| services.logcheck.ignore.<name>.level | Set the logcheck level.
|
| services.sanoid.datasets.<name>.daily | Number of daily snapshots.
|
| services.znapzend.zetup.<name>.enable | Whether to enable this source.
|
| services.netbird.tunnels.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| services.netbird.clients.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| security.acme.certs.<name>.csr | Path to a certificate signing request to apply when fetching the certificate.
|
| security.pam.services.<name>.limits.*.item | Item this limit applies to
|
| services.firezone.server.provision.accounts.<name>.actors.<name>.type | The account type
|
| services.redis.servers.<name>.group | Group account under which this instance of redis-server runs.
If left as the default value this group will automatically be
created on system activation, otherwise you are responsible for
ensuring the group exists before the redis service starts.
|
| services.drupal.sites.<name>.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.
|
| services.drupal.sites.<name>.extraConfig | Extra configuration values that you want to insert into settings.php
|
| services.phpfpm.pools.<name>.phpOptions | "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
|
| services.borgbackup.jobs.<name>.wrapper | Name of the wrapper that is installed into PATH
|
| services.xserver.xkb.extraLayouts.<name>.compatFile | The path to the xkb compat file
|
| services.borgbackup.jobs.<name>.postCreate | Shell commands to run after borg create
|
| services.archisteamfarm.bots.<name>.username | Name of the user to log in
|
| services.authelia.instances.<name>.settings.log.keep_stdout | Whether to also log to stdout when a file_path is defined.
|
| services.drupal.sites.<name>.database.host | Database host address.
|
| services.drupal.sites.<name>.database.port | Database host port.
|
| security.pam.services.<name>.gnupg.storeOnly | Don't send the password immediately after login, but store for PAM
session.
|
| services.tahoe.nodes.<name>.sftpd.accounts.file | Path to the accounts file.
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses.*.port | The port where the host can be reached
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| systemd.timers.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.slices.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| services.ax25.axports.<name>.kissParams | Kissattach parameters for this interface.
|
| services.udp-over-tcp.udp2tcp.<name>.forward | The IP and port to forward all traffic to.
|
| services.udp-over-tcp.tcp2udp.<name>.forward | The IP and port to forward all traffic to.
|
| services.udp-over-tcp.tcp2udp.<name>.nodelay | Enables TCP_NODELAY on the TCP socket.
|
| services.nsd.zones.<name>.rrlWhitelist | Whitelists the given rrl-types.
|
| services.udp-over-tcp.udp2tcp.<name>.nodelay | Enables TCP_NODELAY on the TCP socket.
|
| systemd.slices.<name>.wants | Start the specified units when this unit is started.
|
| systemd.timers.<name>.wants | Start the specified units when this unit is started.
|
| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| security.pam.services.<name>.updateWtmp | Whether to update /var/log/wtmp.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.phpfpm.pools.<name>.extraConfig | Extra lines that go into the pool configuration
|
| services.xserver.displayManager.lightdm.greeters.enso.theme.name | Name of the theme to use for the lightdm-enso-os-greeter
|
| services.filebeat.inputs.<name>.type | The input type
|
| services.tahoe.nodes.<name>.tub.location | The external location that the node should listen on
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| systemd.services.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.services.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.hddfancontrol.settings.<drive-bay-name>.extraArgs | Extra commandline arguments for hddfancontrol
|
| services.i2pd.inTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| systemd.services.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.keepalived.vrrpScripts.<name>.user | Name of user to run the script under.
|
| services.prosody.virtualHosts.<name>.ssl | Paths to SSL files
|
| services.nebula.networks.<name>.isRelay | Whether this node is a relay.
|
| services.logcheck.ignoreCron.<name>.user | User that runs the cronjob.
|
| services.hddfancontrol.settings.<drive-bay-name>.disks | Drive(s) to get temperature from
Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| systemd.user.services.<name>.scriptArgs | Arguments passed to the main process script
|
| security.pam.services.<name>.enableUMask | If enabled, the pam_umask module will be loaded.
|
| services.acpid.handlers.<name>.action | Shell commands to execute when the event is triggered.
|
| services.logcheck.ignore.<name>.regex | Regex specifying which log lines to ignore.
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| boot.initrd.systemd.users.<name>.uid | ID of the user in initrd.
|
| services.quicktun.<name>.upScript | Run specified command or script after the tunnel device has been opened.
|
| services.tahoe.nodes.<name>.client.shares.needed | The number of shares required to reconstitute a file.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod | How frequently to change keys
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod | How frequently to change keys
|
| services.prosody.virtualHosts.<name>.ssl.cert | Path to the certificate file.
|