| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| users.extraUsers.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| services.drupal.sites.<name>.package | The drupal package to use.
|
| systemd.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.openvpn.servers.<name>.authUserPass.username | The username to store inside the credentials file.
|
| systemd.user.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.neo4j.ssl.policies.<name>.privateKey | The name of private PKCS #8 key file for this policy to be found
in the baseDirectory, or the absolute path to
the key file
|
| services.redis.servers.<name>.slaveOf.port | port of the Redis master
|
| systemd.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| power.ups.ups.<name>.description | Description of the UPS.
|
| services.i2pd.outTunnels.<name>.inbound.quantity | Number of simultaneous ‹name› tunnels.
|
| security.acme.certs.<name>.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| services.openvpn.servers.<name>.up | Shell commands executed when the instance is starting.
|
| systemd.units.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| security.wrappers.<name>.enable | Whether to enable the wrapper.
|
| services.quicktun.<name>.localPort | Local UDP port.
|
| systemd.nspawn.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.rsync.jobs.<name>.inhibit | Run the rsync process with an inhibition lock taken;
see systemd-inhibit(1) for a list of possible operations.
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| systemd.user.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.sockets.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.sockets.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.targets.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.targets.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.kimai.sites.<name>.poolConfig | Options for the Kimai PHP pool
|
| users.extraUsers.<name>.isSystemUser | Indicates if the user is a system user or not
|
| services.ax25.axports.<name>.paclen | Default maximum packet size for this interface.
|
| services.ax25.axports.<name>.enable | Whether to enable Enables the axport interface.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nix-store-gcs-proxy.<name>.address | The address of the proxy.
|
| services.autorandr.profiles.<name>.config.<name>.transform | Refer to
xrandr(1)
for the documentation of the transform matrix.
|
| services.fedimintd.<name>.ui.bind | Address to bind on for UI connections
|
| services.jupyter.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.nginx.virtualHosts.<name>.root | The path of the web root directory.
|
| services.rspamd.workers.<name>.count | Number of worker instances to run
|
| services.redis.servers.<name>.syslog | Enable logging to the system logger.
|
| services.redis.servers.<name>.enable | Whether to enable Redis server.
|
| services.nebula.networks.<name>.ca | Path to the certificate authority certificate.
|
| services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.znapzend.zetup.<name>.destinations.<name>.host | Host to use for the destination dataset
|
| boot.initrd.luks.devices.<name>.yubikey | The options to use for this LUKS device in YubiKey-PBA
|
| services.borgbackup.jobs.<name>.dateFormat | Arguments passed to date
to create a timestamp suffix for the archive name.
|
| services.nsd.keys.<name>.algorithm | Authentication algorithm for this key.
|
| systemd.services.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.redis.servers.<name>.slowLogMaxLen | Maximum number of items to keep in slow log.
|
| services.hostapd.radios.<name>.networks.<name>.settings | Extra configuration options to put at the end of this BSS's defintion in the
hostapd.conf for the associated interface
|
| systemd.user.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| services.phpfpm.pools.<name>.socket | Path to the unix socket file on which to accept FastCGI requests.
This option is read-only and managed by NixOS.
|
| systemd.user.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.sockets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.gitwatch.<name>.enable | Whether to enable watching for repo.
|
| security.wrappers.<name>.source | The absolute path to the program to be wrapped.
|
| services.bitcoind.<name>.enable | Whether to enable Bitcoin daemon.
|
| services.gitwatch.<name>.branch | Optional branch in remote repository
|
| services.gitwatch.<name>.remote | Optional url of remote repository
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.tarsnap.archives.<name>.printStats | Print global archive statistics upon completion
|
| services.cjdns.ETHInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.cjdns.UDPInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.acpid.handlers.<name>.event | Event type.
|
| systemd.user.services.<name>.aliases | Aliases of that unit.
|
| services.homebridge.settings.platforms.*.name | Name of the platform
|
| services.netbird.tunnels.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| services.netbird.clients.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| security.acme.certs.<name>.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| services.fedimintd.<name>.ui.port | TCP Port to bind on for UI connections
|
| security.pam.services.<name>.otpwAuth | If set, the OTPW system will be used (if
~/.otpw exists).
|
| services.blockbook-frontend.<name>.dataDir | Location of blockbook-frontend-‹name› data directory.
|
| services.firezone.server.provision.accounts.<name>.actors.<name>.type | The account type
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.valuesByGroup | Maps kanidm groups to values for the claim.
|
| services.blockbook-frontend.<name>.group | The group as which to run blockbook-frontend-‹name›.
|
| services.borgbackup.jobs.<name>.wrapper | Name of the wrapper that is installed into PATH
|
| security.pam.services.<name>.enable | Whether to enable this PAM service.
|
| services.nebula.networks.<name>.key | Path or reference to the host key.
|
| systemd.network.links.<name>.extraConfig | Extra configuration append to unit
|
| services.fedimintd.<name>.p2p.url | Public address for p2p connections from peers (if TCP is used)
|
| services.xserver.xkb.extraLayouts.<name>.typesFile | The path to the xkb types file
|
| services.rspamd.workers.<name>.type | The type of this worker
|
| systemd.slices.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.timers.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.bacula-sd.device.<name>.mediaType | The specified name-string names the type of media supported by this
device, for example, DLT7000
|
| boot.loader.systemd-boot.windows.<name>.title | The title of the boot menu entry.
|
| services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| services.keepalived.vrrpScripts.<name>.user | Name of user to run the script under.
|
| services.awstats.configs.<name>.type | The type of log being collected.
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| services.borgbackup.jobs.<name>.postCreate | Shell commands to run after borg create
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.ndppd.proxies.<name>.router | Turns on or off the router flag for Neighbor Advertisement Messages.
|
| security.pam.services.<name>.unixAuth | Whether users can log in with passwords defined in
/etc/shadow.
|
| services.redis.servers.<name>.logLevel | Specify the server verbosity level, options: debug, verbose, notice, warning.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| services.openssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| services.sympa.settingsFile.<name>.text | Text of the file.
|
| services.nsd.zones.<name>.provideXFR | Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
|