| services.ghostunnel.servers.<name>.allowURI | Allow client if URI subject alternative name appears in the list.
|
| services.httpd.virtualHosts.<name>.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| boot.initrd.systemd.contents.<name>.text | Text of the file.
|
| services.awstats.configs.<name>.type | The type of log being collected.
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| services.graylog.nodeIdFile | Path of the file containing the graylog node-id
|
| services.klipper.logFile | Path of the file Klipper should log to
|
| programs.zsh.ohMyZsh.custom | Path to a custom oh-my-zsh package to override config of oh-my-zsh.
(Can't be used along with customPkgs).
|
| programs.rush.shell | The resolved shell path that users can inherit to set rush as their login shell
|
| services.cfssl.configFile | Path to configuration file
|
| users.ldap.bind.passwordFile | The path to a file containing the credentials to use when binding
to the LDAP server (if not binding anonymously).
|
| services.uptermd.hostKey | Path to SSH host key
|
| security.pam.services.<name>.otpwAuth | If set, the OTPW system will be used (if
~/.otpw exists).
|
| services.znapzend.zetup.<name>.destinations.<name>.plan | The znapzend backup plan to use for the source
|
| services.h2o.hosts.<name>.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| security.acme.certs.<name>.server | ACME Directory Resource URI
|
| services.bacula-sd.device.<name>.mediaType | The specified name-string names the type of media supported by this
device, for example, DLT7000
|
| services.bitcoind.<name>.package | The bitcoind package to use.
|
| services.sympa.settingsFile.<name>.text | Text of the file.
|
| services.cjdns.UDPInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| services.cjdns.ETHInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| systemd.user.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.sockets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.fedimintd.<name>.p2p.url | Public address for p2p connections from peers (if TCP is used)
|
| networking.fooOverUDP.<name>.local.address | Local address to bind to
|
| services.tahoe.nodes.<name>.sftpd.port | The port on which the SFTP server will listen
|
| services.anubis.instances.<name>.settings.BIND | The address that Anubis listens to
|
| systemd.services.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|
| services.h2o.hosts.<name>.tls.identity | Key / certificate pairs for the virtual host.
|
| services.nsd.zones.<name>.dnssecPolicy.zsk | Key policy for zone signing keys
|
| services.nsd.zones.<name>.dnssecPolicy.ksk | Key policy for key signing keys
|
| services.ndppd.proxies.<name>.router | Turns on or off the router flag for Neighbor Advertisement Messages.
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| systemd.user.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| systemd.slices.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.timers.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| services.dokuwiki.sites.<name>.acl.*.page | Page or namespace to restrict
|
| services.drupal.sites.<name>.configSyncDir | The location of the Drupal config sync directory.
|
| services.rspamd.workers.<name>.type | The type of this worker
|
| systemd.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.keepalived.vrrpScripts.<name>.group | Name of group to run the script under
|
| services.bacula-sd.director.<name>.tls | TLS Options for the Director in this Configuration.
|
| services.bacula-fd.director.<name>.tls | TLS Options for the Director in this Configuration.
|
| services.jupyter.kernels.<name>.argv | Command and arguments to start the kernel.
|
| services.bepasty.servers.<name>.bind | Bind address to be used for this server.
|
| services.netbird.clients.<name>.port | Port the NetBird client listens on.
|
| services.netbird.tunnels.<name>.port | Port the NetBird client listens on.
|
| services.redis.servers.<name>.slaveOf.port | port of the Redis master
|
| security.pam.services.<name>.unixAuth | Whether users can log in with passwords defined in
/etc/shadow.
|
| services.redis.servers.<name>.logLevel | Specify the server verbosity level, options: debug, verbose, notice, warning.
|
| services.i2pd.inTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.geth.<name>.websocket.apis | APIs to enable over WebSocket
|
| services.headscale.settings.database.postgres.name | Database name.
|
| security.acme.certs.<name>.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| systemd.services.<name>.startAt | Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7)
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| openstack.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| services.librenms.dataDir | Path of the LibreNMS state directory.
|
| services.code-server.socket | Path to a socket (bind-addr will be ignored).
|
| services.gatus.configFile | Path to the Gatus configuration file
|
| hardware.pcmcia.config | Path to the configuration file which maps the memory, IRQs
and ports used by the PCMCIA hardware.
|
| services.self-deploy.sshKeyFile | Path to SSH private key used to fetch private repositories over
SSH.
|
| services.opengfw.rulesFile | Path to file containing OpenGFW rules.
|
| services.iodine.clients.<name>.relay | DNS server to use as an intermediate relay to the iodined server
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| systemd.nspawn.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of this unit
|
| systemd.user.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| services.keyd.keyboards.<name>.ids | Device identifiers, as shown by keyd(1).
|
| services.udp-over-tcp.tcp2udp.<name>.fwmark | If given, sets the SO_MARK option on the TCP socket.
|
| services.udp-over-tcp.udp2tcp.<name>.fwmark | If given, sets the SO_MARK option on the TCP socket.
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.tahoe.introducers.<name>.nickname | The nickname of this Tahoe introducer.
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| services.i2pd.inTunnels.<name>.accessList | I2P nodes that are allowed to connect to this service.
|
| services.drupal.sites.<name>.modulesDir | The location for users to install Drupal modules.
|
| security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| services.public-inbox.inboxes.<name>.url | URL where this inbox can be accessed over HTTP.
|
| systemd.network.networks.<name>.DHCP | Whether to enable DHCP on the interfaces matched.
|
| services.i2pd.outTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.kubernetes.kubelet.taints.<name>.key | Key of taint.
|
| services.r53-ddns.hostname | Manually specify the hostname
|
| services.kanidm.provision.persons.<name>.legalName | Full legal name
|
| services.fedimintd.<name>.nginx.config.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.bitcoind.<name>.testnet | Whether to use the testnet instead of mainnet.
|
| security.pam.services.<name>.pamMount | Enable PAM mount (pam_mount) system to mount filesystems on user login.
|
| services.firezone.server.provision.accounts.<name>.actors.<name>.email | The email address used to authenticate as this account
|
| users.ldap.base | The distinguished name of the search base.
|
| services.multipath.devices.*.san_path_err_forget_rate | If set to a value greater than 0, multipathd will check whether the path
failures has exceeded the san_path_err_threshold within this many checks
i.e san_path_err_forget_rate
|
| services.httpd.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.caddy.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.rss2email.feeds.<name>.url | The URL at which to fetch the feed.
|