| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.restic.backups.<name>.package | The restic package to use.
|
| services.xserver.displayManager.lightdm.greeters.enso.theme.name | Name of the theme to use for the lightdm-enso-os-greeter
|
| fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| users.users.<name>.packages | The set of packages that should be made available to the user
|
| services.drupal.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.httpd.virtualHosts.<name>.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.nginx.virtualHosts.<name>.acmeRoot | Directory for the ACME challenge, which is public
|
| services.fedimintd.<name>.nginx.fqdn | Public domain of the API address of the reverse proxy/tls terminator.
|
| services.tahoe.nodes.<name>.client.shares.total | The number of shares required to store a file.
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.drupal.sites.<name>.database.host | Database host address.
|
| services.drupal.sites.<name>.database.port | Database host port.
|
| services.nginx.virtualHosts.<name>.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.nsd.zones.<name>.multiMasterCheck | If enabled, checks all masters for the last zone version
|
| systemd.network.networks.<name>.networkEmulatorConfig | Each attribute in this set specifies an option in the
[NetworkEmulator] section of the unit
|
| services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| services.jupyter.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyter.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| services.httpd.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.nginx.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| services.rke2.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| services.spiped.config.<name>.timeout | Timeout, in seconds, after which an attempt to connect to
the target or a protocol handshake will be aborted (and the
connection dropped) if not completed
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| security.pam.services.<name>.gnupg.storeOnly | Don't send the password immediately after login, but store for PAM
session.
|
| services.tahoe.nodes.<name>.sftpd.accounts.url | URL of the accounts server.
|
| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.sanoid.datasets.<name>.yearly | Number of yearly snapshots.
|
| services.sympa.settingsFile.<name>.source | Path of the source file.
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| services.sanoid.datasets.<name>.hourly | Number of hourly snapshots.
|
| services.nylon.<name>.bindInterface | Tell nylon which interface to use as an uplink, default is "enp3s0f0".
|
| systemd.generators | Definition of systemd generators; see systemd.generator(5)
|
| services.akkoma.initDb.username | Name of the database user to initialise the database with
|
| services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.name | Name of the icon theme to use for the lightdm-gtk-greeter.
|
| security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| programs.tsmClient.servers.<name>.servername | Local name of the IBM TSM server,
must not contain space or more than 64 chars.
|
| services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| containers.<name>.extraVeths.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| services.quicktun.<name>.timeWindow | Allowed time window for first received packet in seconds (positive number allows packets from history)
|
| services.prosody.virtualHosts.<name>.ssl.cert | Path to the certificate file.
|
| services.drupal.sites.<name>.privateFilesDir | The location of the Drupal private files directory.
|
| services.openvpn.servers.<name>.autoStart | Whether this OpenVPN instance should be started automatically.
|
| services.xserver.displayManager.lightdm.greeters.slick.theme.name | Name of the theme to use for the lightdm-slick-greeter.
|
| services.rke2.autoDeployCharts.<name>.hash | The hash of the packaged Helm chart
|
| services.github-runners.<name>.user | User under which to run the service
|
| services.tahoe.nodes.<name>.client.shares.happy | The number of distinct storage nodes required to store
a file.
|
| services.opensearch.settings."cluster.name" | The name of the cluster.
|
| services.buildkite-agents.<name>.tags | Tags for the agent.
|
| services.quicktun.<name>.protocol | Which protocol to use.
|
| security.pam.services.<name>.u2fAuth | If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key
|
| services.rss2email.feeds.<name>.to | Email address to which to send feed items
|
| services.graylog.rootUsername | Name of the default administrator user
|
| services.ax25.axports.<name>.callsign | The callsign of the physical interface to bind to.
|
| services.uhub.<name>.plugins.*.settings | Settings specific to this plugin.
|
| environment.etc.<name>.user | User name of file owner
|
| systemd.network.networks.<name>.quickFairQueueingConfigClass | Each attribute in this set specifies an option in the
[QuickFairQueueingClass] section of the unit
|
| services.i2pd.ifname | Network interface to bind to.
|
| boot.loader.systemd-boot.windows.<name>.efiDeviceHandle | The device handle of the EFI System Partition (ESP) where the Windows bootloader is
located
|
| power.ups.upsmon.monitor.<name>.user | Username from upsd.users for accessing this UPS
|
| users.users.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.users.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| services.public-inbox.inboxes.<name>.watch | Paths for public-inbox-watch(1) to monitor for new mail.
|
| services.dokuwiki.sites.<name>.package | The dokuwiki package to use.
|
| services.znapzend.zetup.<name>.dataset | The dataset to use for this source.
|
| services.github-runners.<name>.package | The github-runner package to use.
|
| services.frp.instances.<name>.role | The frp consists of client and server
|
| services.udp-over-tcp.tcp2udp.<name>.threads | Sets the number of worker threads to use
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| services.drupal.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|
| services.ddclient.username | User name.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.members | The members of this group
|
| services.gitwatch.<name>.message | Optional text to use in as commit message; all occurrences of %d will be replaced by formatted date/time
|
| services.fedimintd.<name>.nginx.config.http3 | Whether to enable the HTTP/3 protocol
|
| services.kanidm.provision.systems.oauth2.<name>.preferShortUsername | Use 'name' instead of 'spn' in the preferred_username claim
|
| services.tahoe.nodes.<name>.tub.location | The external location that the node should listen on
|
| services.nginx.virtualHosts.<name>.kTLS | Whether to enable kTLS support
|
| containers.<name>.extraVeths.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.agate.hostnames | Domain name of this Gemini server, enables checking hostname and port
in requests. (multiple occurrences means basic vhosts)
|
| services.cjdns.ETHInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.cjdns.UDPInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.httpd.virtualHosts.<name>.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.restic.backups.<name>.exclude | Patterns to exclude when backing up
|
| services.httpd.virtualHosts.<name>.listen.*.port | Port to listen on
|
| services.borgbackup.jobs.<name>.repo | Remote or local repository to back up to.
|
| services.iodine.clients.<name>.extraConfig | Additional command line parameters
|
| services.nginx.virtualHosts.<name>.listen.*.addr | Listen address.
|
| services.xserver.displayManager.lightdm.greeters.enso.iconTheme.name | Name of the icon theme to use for the lightdm-enso-os-greeter
|
| services.dokuwiki.sites.<name>.acl | Access Control Lists: see https://www.dokuwiki.org/acl
Mutually exclusive with services.dokuwiki.aclFile
Set this to a value other than null to take precedence over aclFile option
|
| networking.vlans.<name>.id | The vlan identifier
|
| services.znapzend.zetup.<name>.sendDelay | Specify delay (in seconds) before sending snaps to the destination
|
| services.netbird.clients.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.netbird.tunnels.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.restic.backups.<name>.paths | Which paths to backup, in addition to ones specified via
dynamicFilesFrom
|
| services.tahoe.nodes.<name>.sftpd.accounts.file | Path to the accounts file.
|
| services.wyoming.piper.servers.<name>.piper | The piper-tts package to use.
|
| services.neo4j.ssl.policies.<name>.clientAuth | The client authentication stance for this policy.
|
| services.nsd.zones.<name>.allowAXFRFallback | If NSD as secondary server should be allowed to AXFR if the primary
server does not allow IXFR.
|