| services.redis.servers.<name>.save | The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes
|
| systemd.nspawn.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of this unit
|
| systemd.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| services.httpd.virtualHosts.<name>.adminAddr | E-mail address of the server administrator.
|
| services.bitcoind.<name>.configFile | The configuration file path to supply bitcoind.
|
| security.pam.services.<name>.fprintAuth | If set, fingerprint reader will be used (if exists and
your fingerprints are enrolled).
|
| hardware.sane.brscan4.netDevices.<name>.ip | The ip address of the device
|
| hardware.sane.brscan5.netDevices.<name>.ip | The ip address of the device
|
| boot.initrd.luks.devices.<name>.yubikey.gracePeriod | Time in seconds to wait for the YubiKey.
|
| security.pam.services.<name>.limits.*.value | Value of this limit
|
| services.k3s.manifests.<name>.source | Path of the source .yaml file.
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.fedimintd.<name>.nginx.path | Path to host the API on and forward to the daemon's api port
|
| services.pppd.peers.<name>.autostart | Whether the PPP session is automatically started at boot time.
|
| services.dokuwiki.sites.<name>.acl.*.level | Permission level to restrict the actor(s) to
|
| services.bepasty.servers.<name>.workDir | Path to the working directory (used for config and pidfile)
|
| services.spiped.config.<name>.encrypt | Take unencrypted connections from the
source socket and send encrypted
connections to the target socket.
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| fileSystems.<name>.fsType | Type of the file system
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod | How frequently to change keys
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod | How frequently to change keys
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| services.firewalld.zones.<name>.short | Short description for the zone.
|
| services.firewalld.zones.<name>.ports | Ports to allow in the zone.
|
| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.restic.backups.<name>.package | The restic package to use.
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| boot.initrd.luks.devices.<name>.yubikey.storage.fsType | The filesystem of the unencrypted device.
|
| services.redis.servers.<name>.extraParams | Extra parameters to append to redis-server invocation
|
| users.mysql.pam.logging.pidColumn | The name of the column in the log table to which the pid of the
process utilising the pam_mysql authentication
service is stored.
|
| services.ndppd.proxies.<name>.timeout | Controls how long to wait for a Neighbor Advertisement Message before
invalidating the entry, in milliseconds.
|
| services.fedimintd.<name>.nginx.config.http3 | Whether to enable the HTTP/3 protocol
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| services.drupal.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|
| services.nginx.virtualHosts.<name>.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.tahoe.nodes.<name>.client.shares.needed | The number of shares required to reconstitute a file.
|
| services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.name | Name of the cursor theme to use for the lightdm-slick-greeter.
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.cjdns.ETHInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.cjdns.UDPInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.postfixadmin.database.username | Username for the postgresql connection
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| systemd.services.<name>.scriptArgs | Arguments passed to the main process script
|
| systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.paretosecurity.users.<name>.inviteId | A unique ID that links the agent to Pareto Cloud
|
| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| services.httpd.virtualHosts.<name>.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.nginx.virtualHosts.<name>.acmeRoot | Directory for the ACME challenge, which is public
|
| services.fedimintd.<name>.nginx.fqdn | Public domain of the API address of the reverse proxy/tls terminator.
|
| virtualisation.oci-containers.containers.<name>.login.username | Username for login.
|
| services.cassandra.jmxRoles.*.username | Username for JMX
|
| services.bitcoind.<name>.testnet | Whether to use the testnet instead of mainnet.
|
| services.tahoe.nodes.<name>.tub.location | The external location that the node should listen on
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.redis.servers.<name>.group | Group account under which this instance of redis-server runs.
If left as the default value this group will automatically be
created on system activation, otherwise you are responsible for
ensuring the group exists before the redis service starts.
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| services.fedimintd.<name>.nginx.config.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.sourcehut.settings."builds.sr.ht::worker".name | Listening address and listening port
of the build runner (with HTTP port if not 80).
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.group | The group which should be allowed access to the given resource.
|
| systemd.slices.<name>.requisite | Similar to requires
|
| systemd.timers.<name>.requisite | Similar to requires
|
| services.jupyter.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyter.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| services.nylon.<name>.deniedIPRanges | Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:
[ "0.0.0.0/0" ]
To block all other access than the allowed.
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| services.kanidm.provision.persons.<name>.displayName | Display name
|
| users.mysql.pam.logging.timeColumn | The name of the column in the log table to which the timestamp of the
log entry is stored.
|
| services.netbird.clients.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.netbird.tunnels.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.wyoming.piper.servers.<name>.piper | The piper-tts package to use.
|
| services.neo4j.ssl.policies.<name>.clientAuth | The client authentication stance for this policy.
|
| services.nsd.zones.<name>.multiMasterCheck | If enabled, checks all masters for the last zone version
|
| services.netbird.tunnels.<name>.dir.state | A state directory used by NetBird client to store config.json, state.json & resolv.conf.
|
| services.netbird.clients.<name>.dir.state | A state directory used by NetBird client to store config.json, state.json & resolv.conf.
|
| services.httpd.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.nginx.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.sanoid.datasets.<name>.yearly | Number of yearly snapshots.
|
| services.sympa.settingsFile.<name>.source | Path of the source file.
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| services.sanoid.datasets.<name>.hourly | Number of hourly snapshots.
|
| services.spiped.config.<name>.timeout | Timeout, in seconds, after which an attempt to connect to
the target or a protocol handshake will be aborted (and the
connection dropped) if not completed
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.fedimintd.<name>.enable | Whether to enable fedimintd.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.wyoming.piper.servers.<name>.useCUDA | Whether to accelerate the underlying onnxruntime library with CUDA.
|
| services.davis.nginx.locations.<name>.root | Root directory for requests.
|
| services.movim.nginx.locations.<name>.root | Root directory for requests.
|
| services.slskd.nginx.locations.<name>.root | Root directory for requests.
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| services.drupal.sites.<name>.privateFilesDir | The location of the Drupal private files directory.
|
| services.openvpn.servers.<name>.autoStart | Whether this OpenVPN instance should be started automatically.
|
| services.prometheus.exporters.rtl_433.channels.*.name | Name to match.
|