| services.nginx.virtualHosts.<name>.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.redis.servers.<name>.slowLogLogSlowerThan | Log queries whose execution take longer than X in milliseconds.
|
| services.borgbackup.jobs.<name>.appendFailedSuffix | Append a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
|
| services.dokuwiki.sites.<name>.poolConfig | Options for the DokuWiki PHP pool
|
| services.nntp-proxy.users.<name>.passwordHash | SHA-512 password hash (can be generated by
mkpasswd -m sha-512 <password>)
|
| services.rspamd.workers.<name>.includes | List of files to include in configuration
|
| services.tarsnap.archives.<name>.nodump | Exclude files with the nodump flag.
|
| services.syncoid.commands.<name>.extraArgs | Extra syncoid arguments for this command.
|
| services.snipe-it.nginx.locations.<name>.root | Root directory for requests.
|
| services.nebula.networks.<name>.listen.host | IP address to listen on.
|
| services.nebula.networks.<name>.listen.port | Port number to listen on.
|
| services.wstunnel.servers.<name>.enable | Whether to enable this wstunnel instance.
|
| services.znc.confOptions.networks.<name>.port | IRC server port.
|
| services.wstunnel.clients.<name>.enable | Whether to enable this wstunnel instance.
|
| services.icecast.hostname | DNS name or IP address that will be used for the stream directory lookups or possibly the playlist generation if a Host header is not provided.
|
| security.pam.services.<name>.requireWheel | Whether to permit root access only to members of group wheel.
|
| services.rke2.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| services.httpd.virtualHosts.<name>.http2 | Whether to enable HTTP 2
|
| services.buildkite-agents.<name>.enable | Whether to enable this buildkite agent
|
| services.xserver.xkb.extraLayouts.<name>.geometryFile | The path to the xkb geometry file
|
| services.sourcehut.settings."builds.sr.ht::worker".name | Listening address and listening port
of the build runner (with HTTP port if not 80).
|
| services.tahoe.nodes.<name>.sftpd.hostPrivateKeyFile | Path to the SSH host private key.
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.label | Each address may be tagged with a label string
|
| systemd.user.sockets.<name>.wants | Start the specified units when this unit is started.
|
| systemd.user.targets.<name>.wants | Start the specified units when this unit is started.
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.kmonad.keyboards.<name>.config | Keyboard configuration.
|
| services.opkssh.providers.<name>.issuer | Issuer URI
|
| services.xserver.displayManager.lightdm.greeters.enso.iconTheme.name | Name of the icon theme to use for the lightdm-enso-os-greeter
|
| services.tahoe.nodes.<name>.sftpd.accounts.file | Path to the accounts file.
|
| services.restic.backups.<name>.extraBackupArgs | Extra arguments passed to restic backup.
|
| services.redis.servers.<name>.openFirewall | Whether to open ports in the firewall for the server.
|
| fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| virtualisation.qemu.drives.*.name | A name for the drive
|
| services.nginx.proxyCachePath.<name>.useTempPath | Nginx first writes files that are destined for the cache to a temporary
storage area, and the use_temp_path=off directive instructs Nginx to
write them to the same directories where they will be cached
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| systemd.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| security.pam.services.<name>.sssdStrictAccess | enforce sssd access control
|
| services.tinc.networks.<name>.rsaPrivateKeyFile | Path of the private RSA keyfile.
|
| services.udp-over-tcp.tcp2udp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.udp-over-tcp.udp2tcp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.public-inbox.inboxes.<name>.address | The email addresses of the public-inbox.
|
| services.znapzend.zetup.<name>.destinations.<name>.postsend | Command to run after sending the snapshot to the destination
|
| services.kimai.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| security.pam.services.<name>.howdy.control | This option sets the PAM "control" used for this module.
|
| services.borgbackup.jobs.<name>.paths | Path(s) to back up
|
| systemd.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.gitlab-runner.services.<name>.limit | Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit.
|
| systemd.sockets.<name>.aliases | Aliases of that unit.
|
| systemd.targets.<name>.aliases | Aliases of that unit.
|
| services.restic.backups.<name>.pruneOpts | A list of options (--keep-* et al.) for 'restic forget
--prune', to automatically prune old snapshots
|
| services.geoclue2.appConfig.<name>.desktopID | Desktop ID of the application.
|
| services.rspamd.overrides.<name>.source | Path of the source file.
|
| services.sanoid.templates.<name>.hourly | Number of hourly snapshots.
|
| services.sanoid.templates.<name>.yearly | Number of yearly snapshots.
|
| services.gitlab-runner.services.<name>.description | Name/description of the runner.
|
| services.github-runners.<name>.extraLabels | Extra labels in addition to the default (unless disabled through the noDefaultLabels option)
|
| services.firewalld.services.<name>.ports | Ports of the service.
|
| power.ups.upsmon.monitor.<name>.user | Username from upsd.users for accessing this UPS
|
| systemd.user.sockets.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.user.targets.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.geth.<name>.authrpc.jwtsecret | Path to a JWT secret for authenticated RPC endpoint.
|
| services.geth.<name>.websocket.address | Listen address of Go Ethereum WebSocket API.
|
| services.borgbackup.jobs.<name>.postInit | Shell commands to run after borg init.
|
| services.wstunnel.servers.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.wstunnel.clients.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| systemd.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| services.firewalld.zones.<name>.version | Version of the zone.
|
| security.pam.services.<name>.forwardXAuth | Whether X authentication keys should be passed from the
calling user to the target user (e.g. for
su)
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| services.nginx.virtualHosts.<name>.listen.*.port | Port number to listen on
|
| services.sympa.domains.<name>.settings | The robot.conf configuration file as key value set
|
| services.nsd.zones.<name>.children | Children zones inherit all options of their parents
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| services.httpd.virtualHosts.<name>.sslServerChain | Path to server SSL chain file.
|
| services.tarsnap.archives.<name>.maxbwRateUp | Upload bandwidth rate limit in bytes.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod | How frequently to change keys
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod | How frequently to change keys
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers | Ensure that only the given members are part of this group at every server start.
|
| services.borgbackup.repos.<name>.path | Where to store the backups
|
| security.pam.services.<name>.logFailures | Whether to log authentication failures in /var/log/faillog.
|
| services.tinc.networks.<name>.settings | Configuration of the Tinc daemon for this network
|
| services.xserver.displayManager.lightdm.greeters.slick.iconTheme.name | Name of the icon theme to use for the lightdm-slick-greeter.
|
| services.home-assistant.config.homeassistant.name | Name of the location where Home Assistant is running.
|
| services.firewalld.services.<name>.short | Short description for the service.
|
| services.firewalld.zones.<name>.services | Services to allow in the zone.
|
| services.kmonad.keyboards.<name>.device | Path to the keyboard's device file.
|
| services.davis.nginx.locations.<name>.index | Adds index directive.
|
| services.davis.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.firewalld.zones.<name>.icmpBlocks | ICMP types to block in the zone.
|
| services.dokuwiki.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| services.movim.nginx.locations.<name>.index | Adds index directive.
|
| services.slskd.nginx.locations.<name>.index | Adds index directive.
|
| services.restic.backups.<name>.progressFps | Controls the frequency of progress reporting.
|
| services.movim.nginx.locations.<name>.alias | Alias directory for requests.
|