| containers.<name>.extraVeths.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| services.httpd.virtualHosts.<name>.sslServerChain | Path to server SSL chain file.
|
| services.tarsnap.archives.<name>.maxbwRateUp | Upload bandwidth rate limit in bytes.
|
| systemd.units.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| networking.jool.siit | Definitions of SIIT instances of Jool
|
| services.borgbackup.repos.<name>.path | Where to store the backups
|
| security.pam.services.<name>.logFailures | Whether to log authentication failures in /var/log/faillog.
|
| services.tinc.networks.<name>.settings | Configuration of the Tinc daemon for this network
|
| networking.fooOverUDP.<name>.local | Local address (and optionally device) to bind to using the given port.
|
| services.netbird.clients.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.netbird.tunnels.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.kimai.sites.<name>.database.charset | Database charset.
|
| services.drupal.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| security.pam.services.<name>.failDelay.enable | If enabled, this will replace the FAIL_DELAY setting from login.defs
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.label | Each address may be tagged with a label string
|
| services.netbird.tunnels.<name>.dir.runtime | A runtime directory used by NetBird client.
|
| services.netbird.clients.<name>.dir.runtime | A runtime directory used by NetBird client.
|
| services.wyoming.piper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.wyoming.piper.servers.<name>.enable | Whether to enable Wyoming Piper server.
|
| boot.initrd.luks.devices.<name>.gpgCard.publicKey | Path to the Public Key.
|
| services.httpd.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| systemd.user.services.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.kmonad.keyboards.<name>.device | Path to the keyboard's device file.
|
| services.errbot.instances.<name>.admins | List of identifiers of errbot admins.
|
| services.firewalld.zones.<name>.icmpBlocks | ICMP types to block in the zone.
|
| services.anubis.instances.<name>.enable | Whether to enable this instance of Anubis.
|
| services.dokuwiki.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| services.restic.backups.<name>.progressFps | Controls the frequency of progress reporting.
|
| services.httpd.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nginx.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.gitlab-runner.services.<name>.tagList | Tag list
|
| systemd.user.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.borgbackup.jobs.<name>.preHook | Shell commands to run before the backup
|
| services.wstunnel.servers.<name>.listen.host | The hostname.
|
| services.wstunnel.servers.<name>.listen.port | The port.
|
| services.rke2.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| services.phpfpm.pools.<name>.settings | PHP-FPM pool directives
|
| services.fedimintd.<name>.nginx.config.root | The path of the web root directory.
|
| services.fedimintd.<name>.bitcoin.rpc.url | Bitcoin node (bitcoind/electrum/esplora) address to connect to
|
| services.xscreensaver.hooks | An attrset of events and commands to run upon each event
|
| systemd.user.slices.<name>.sliceConfig | Each attribute in this set specifies an option in the
[Slice] section of the unit
|
| systemd.user.sockets.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.targets.<name>.upholds | Keeps the specified running while this unit is running
|
| services.bluemap.storage.<name>.storage-type | Type of storage config
|
| services.awstats.configs.<name>.hostAliases | List of aliases the site has.
|
| services.opkssh.providers.<name>.clientId | OAuth client ID
|
| services.pgbackrest.repos.<name>.sftp-host | SFTP repository host
|
| services.redis.servers.<name>.databases | Set the number of databases.
|
| services.wordpress.sites.<name>.package | The wordpress package to use.
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.anubis.instances.<name>.user | The user under which Anubis is run
|
| services.k3s.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.drupal.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.wstunnel.clients.<name>.addNetBind | Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.
|
| services.caddy.virtualHosts.<name>.extraConfig | Additional lines of configuration appended to this virtual host in the
automatically generated Caddyfile.
|
| services.davis.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.slskd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.movim.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.spiped.config.<name>.waitForDNS | Wait for DNS
|
| services.easytier.instances.<name>.extraSettings | Extra settings to add to easytier-‹name›.toml.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.netbird.tunnels.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| services.netbird.clients.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| systemd.network.links.<name>.enable | Whether to enable this .link unit
|
| services.vmalert.instances.<name>.settings.rule | Path to the files with alerting and/or recording rules.
|
| services.autorandr.hooks.predetect | Predetect hook executed before autorandr attempts to run xrandr.
|
| users.extraUsers.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| networking.ipips.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.wstunnel.clients.<name>.soMark | Mark network packets with the SO_MARK sockoption with the specified value
|
| services.udp-over-tcp.tcp2udp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.udp-over-tcp.udp2tcp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.tcp2udp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.udp2tcp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| power.ups.ups.<name>.description | Description of the UPS.
|
| services.awstats.configs.<name>.logFormat | The log format being used
|
| services.znapzend.zetup.<name>.presnap | Command to run before snapshots are taken on the source dataset,
e.g. for database locking/flushing
|
| services.tarsnap.archives.<name>.period | Create archive at this interval
|
| services.nginx.proxyCachePath.<name>.inactive | Cached data that has not been accessed for the time specified by
the inactive parameter is removed from the cache, regardless of
its freshness.
|
| services.postfix.settings.master.<name>.type | The type of the service
|
| services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.name | Name of the cursor theme to use for the lightdm-slick-greeter.
|
| services.vdirsyncer.jobs.<name>.enable | Whether to enable this vdirsyncer job.
|
| systemd.nspawn.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| services.restic.backups.<name>.extraOptions | Extra extended options to be passed to the restic --option flag.
|
| security.acme.certs.<name>.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.prePublish | How long in advance to publish new keys
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.prePublish | How long in advance to publish new keys
|
| systemd.user.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.github-runners.<name>.extraLabels | Extra labels in addition to the default (unless disabled through the noDefaultLabels option)
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| services.restic.backups.<name>.timerConfig | When to run the backup
|
| systemd.slices.<name>.startLimitBurst | Configure unit start rate limiting
|