| systemd.slices.<name>.requisite | Similar to requires
|
| systemd.timers.<name>.requisite | Similar to requires
|
| services.kanidm.provision.systems.oauth2.<name>.preferShortUsername | Use 'name' instead of 'spn' in the preferred_username claim
|
| services.postfix.masterConfig.<name>.type | The type of the service
|
| security.pam.services.<name>.updateWtmp | Whether to update /var/log/wtmp.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.members | The members of this group
|
| services.tahoe.nodes.<name>.storage.enable | Whether to enable storage service.
|
| services.wyoming.piper.servers.<name>.uri | URI to bind the wyoming server to.
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.honk.servername | The server name.
|
| virtualisation.emptyDiskImages.*.driveConfig.name | A name for the drive
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| security.pam.services.<name>.enableUMask | If enabled, the pam_umask module will be loaded.
|
| services.acpid.handlers.<name>.action | Shell commands to execute when the event is triggered.
|
| services.logcheck.ignore.<name>.regex | Regex specifying which log lines to ignore.
|
| services.xserver.displayManager.lightdm.greeters.enso.iconTheme.name | Name of the icon theme to use for the lightdm-enso-os-greeter
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| services.h2o.hosts.<name>.tls.identity.*.key-file | Path to key file
|
| services.nylon.<name>.deniedIPRanges | Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:
[ "0.0.0.0/0" ]
To block all other access than the allowed.
|
| boot.initrd.systemd.contents.<name>.source | Path of the source file.
|
| services.nsd.zones.<name>.dnssecPolicy.keyttl | TTL for dnssec records
|
| services.opensearch.settings."cluster.name" | The name of the cluster.
|
| systemd.user.timers.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.k3s.autoDeployCharts.<name>.hash | The hash of the packaged Helm chart
|
| systemd.user.slices.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.services.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.netbird.tunnels.<name>.logLevel | Log level of the NetBird daemon.
|
| services.netbird.clients.<name>.logLevel | Log level of the NetBird daemon.
|
| systemd.user.services.<name>.startAt | Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7)
|
| services.drupal.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| hardware.display.outputs.<name>.edid | An EDID filename to be used for configured display, as in edid/<filename>
|
| services.drupal.sites.<name>.extraConfig | Extra configuration values that you want to insert into settings.php
|
| services.phpfpm.pools.<name>.phpOptions | "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
|
| systemd.user.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.frp.instances.<name>.enable | Whether to enable frp.
|
| services.akkoma.frontends.<name>.ref | Akkoma frontend reference.
|
| services.redis.servers.<name>.unixSocketPerm | Change permissions for the socket
|
| services.tinc.networks.<name>.package | The tinc_pre package to use.
|
| services.hostapd.radios.<name>.band | Specifies the frequency band to use, possible values are 2g for 2.4 GHz,
5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz.
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| services.i2pd.inTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| services.h2o.hosts.<name>.acme.useHost | An existing Let’s Encrypt certificate to use for this virtual
host
|
| services.redis.servers.<name>.user | User account under which this instance of redis-server runs.
If left as the default value this user will automatically be
created on system activation, otherwise you are responsible for
ensuring the user exists before the redis service starts.
|
| services.nginx.virtualHosts.<name>.quic | Whether to enable the QUIC transport protocol
|
| services.filebeat.inputs.<name>.type | The input type
|
| security.pam.services.<name>.nodelay | Whether the delay after typing a wrong password should be disabled.
|
| services.nginx.virtualHosts.<name>.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| security.pam.services.<name>.failDelay.delay | The delay time (in microseconds) on failure.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| security.acme.certs.<name>.dnsProvider | DNS Challenge provider
|
| services.prometheus.exporters.rtl_433.channels.*.name | Name to match.
|
| services.httpd.virtualHosts.<name>.adminAddr | E-mail address of the server administrator.
|
| services.prosody.virtualHosts.<name>.ssl.key | Path to the key file.
|
| services.homebridge.settings.accessories.*.name | Name of the accessory
|
| services.bitcoind.<name>.extraConfig | Additional configurations to be appended to bitcoin.conf.
|
| services.xserver.displayManager.lightdm.greeters.slick.iconTheme.name | Name of the icon theme to use for the lightdm-slick-greeter.
|
| services.bacula-sd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.bacula-fd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| security.auditd.plugins.<name>.type | This tells the dispatcher how the plugin wants to be run
|
| services.nsd.zones.<name>.maxRefreshSecs | Limit refresh time for secondary zones
|
| services.phpfpm.pools.<name>.extraConfig | Extra lines that go into the pool configuration
|
| systemd.network.networks.<name>.bond | A list of bond interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.vlan | A list of vlan interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.xfrm | A list of xfrm interfaces to be added to the network section of the
unit
|
| systemd.user.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| security.pam.services.<name>.limits.*.value | Value of this limit
|
| services.k3s.manifests.<name>.source | Path of the source .yaml file.
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| security.pam.services.<name>.fprintAuth | If set, fingerprint reader will be used (if exists and
your fingerprints are enrolled).
|
| hardware.sane.brscan4.netDevices.<name>.ip | The ip address of the device
|
| hardware.sane.brscan5.netDevices.<name>.ip | The ip address of the device
|
| services.drupal.sites.<name>.database.user | Database user.
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.znapzend.zetup.<name>.plan | The znapzend backup plan to use for the source
|
| services.jupyterhub.kernels.<name>.displayName | Name that will be shown to the user.
|
| services.firewalld.zones.<name>.short | Short description for the zone.
|
| services.firewalld.zones.<name>.ports | Ports to allow in the zone.
|
| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.restic.backups.<name>.package | The restic package to use.
|
| services.fedimintd.<name>.nginx.path | Path to host the API on and forward to the daemon's api port
|
| services.pppd.peers.<name>.autostart | Whether the PPP session is automatically started at boot time.
|
| services.i2pd.outTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile | Path to the SSH host public key.
|
| systemd.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.h2o.hosts.<name>.tls.extraSettings | Additional TLS/SSL-related configuration options
|
| programs.neovim.runtime.<name>.enable | Whether this runtime directory should be generated
|
| services.dokuwiki.sites.<name>.acl.*.level | Permission level to restrict the actor(s) to
|
| services.bepasty.servers.<name>.workDir | Path to the working directory (used for config and pidfile)
|
| services.spiped.config.<name>.encrypt | Take unencrypted connections from the
source socket and send encrypted
connections to the target socket.
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| boot.initrd.clevis.devices.<name>.secretFile | Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).
|
| services.redis.servers.<name>.extraParams | Extra parameters to append to redis-server invocation
|
| services.cjdns.ETHInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.cjdns.UDPInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|