| services.logcheck.ignoreCron.<name>.user | User that runs the cronjob.
|
| boot.initrd.systemd.contents.<name>.source | Path of the source file.
|
| services.nsd.zones.<name>.dnssecPolicy.keyttl | TTL for dnssec records
|
| services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.name | Name of the icon theme to use for the lightdm-gtk-greeter.
|
| systemd.services.<name>.scriptArgs | Arguments passed to the main process script
|
| systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| security.pam.services.<name>.updateWtmp | Whether to update /var/log/wtmp.
|
| services.hostapd.radios.<name>.band | Specifies the frequency band to use, possible values are 2g for 2.4 GHz,
5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz.
|
| services.bitcoind.<name>.testnet | Whether to use the testnet instead of mainnet.
|
| systemd.user.services.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.xserver.displayManager.lightdm.greeters.slick.theme.name | Name of the theme to use for the lightdm-slick-greeter.
|
| services.xserver.xkb.extraLayouts.<name>.symbolsFile | The path to the xkb symbols file
|
| services.postfix.masterConfig.<name>.type | The type of the service
|
| services.metricbeat.modules.<name>.module | The name of the module
|
| systemd.slices.<name>.requisite | Similar to requires
|
| systemd.timers.<name>.requisite | Similar to requires
|
| services.i2pd.inTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| security.pam.services.<name>.enableUMask | If enabled, the pam_umask module will be loaded.
|
| services.acpid.handlers.<name>.action | Shell commands to execute when the event is triggered.
|
| services.logcheck.ignore.<name>.regex | Regex specifying which log lines to ignore.
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.members | The members of this group
|
| services.nginx.virtualHosts.<name>.quic | Whether to enable the QUIC transport protocol
|
| hardware.display.outputs.<name>.edid | An EDID filename to be used for configured display, as in edid/<filename>
|
| services.drupal.sites.<name>.extraConfig | Extra configuration values that you want to insert into settings.php
|
| services.phpfpm.pools.<name>.phpOptions | "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
|
| systemd.user.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| systemd.user.tmpfiles.users.<name>.rules | Per-user rules for creation, deletion and cleaning of volatile and
temporary files automatically
|
| security.pam.services.<name>.failDelay.delay | The delay time (in microseconds) on failure.
|
| services.netbird.tunnels.<name>.logLevel | Log level of the NetBird daemon.
|
| services.netbird.clients.<name>.logLevel | Log level of the NetBird daemon.
|
| services.fedimintd.<name>.enable | Whether to enable fedimintd.
|
| services.bacula-sd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.bacula-fd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| security.auditd.plugins.<name>.type | This tells the dispatcher how the plugin wants to be run
|
| services.nsd.zones.<name>.maxRefreshSecs | Limit refresh time for secondary zones
|
| systemd.user.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.filebeat.inputs.<name>.type | The input type
|
| security.acme.certs.<name>.dnsProvider | DNS Challenge provider
|
| services.frp.instances.<name>.enable | Whether to enable frp.
|
| services.akkoma.frontends.<name>.ref | Akkoma frontend reference.
|
| services.redis.servers.<name>.unixSocketPerm | Change permissions for the socket
|
| services.tinc.networks.<name>.package | The tinc_pre package to use.
|
| boot.initrd.clevis.devices.<name>.secretFile | Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).
|
| services.prosody.virtualHosts.<name>.ssl.key | Path to the key file.
|
| services.znapzend.zetup.<name>.plan | The znapzend backup plan to use for the source
|
| services.kanidm.provision.systems.oauth2.<name>.preferShortUsername | Use 'name' instead of 'spn' in the preferred_username claim
|
| security.pam.services.<name>.nodelay | Whether the delay after typing a wrong password should be disabled.
|
| services.drupal.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.phpfpm.pools.<name>.extraConfig | Extra lines that go into the pool configuration
|
| systemd.network.networks.<name>.bond | A list of bond interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.vlan | A list of vlan interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.xfrm | A list of xfrm interfaces to be added to the network section of the
unit
|
| systemd.user.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| programs.ssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.drupal.sites.<name>.database.user | Database user.
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.i2pd.outTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile | Path to the SSH host public key.
|
| services.h2o.hosts.<name>.tls.extraSettings | Additional TLS/SSL-related configuration options
|
| services.httpd.virtualHosts.<name>.adminAddr | E-mail address of the server administrator.
|
| security.pam.services.<name>.rssh | If set, the calling user's SSH agent is used to authenticate
against the configured keys
|
| security.pam.services.<name>.fprintAuth | If set, fingerprint reader will be used (if exists and
your fingerprints are enrolled).
|
| hardware.sane.brscan4.netDevices.<name>.ip | The ip address of the device
|
| hardware.sane.brscan5.netDevices.<name>.ip | The ip address of the device
|
| services.xserver.displayManager.lightdm.greeters.enso.iconTheme.name | Name of the icon theme to use for the lightdm-enso-os-greeter
|
| services.fedimintd.<name>.nginx.config.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.nghttpx.backends.*.params.dns | Name resolution of a backends host name is done at start up,
or configuration reload
|
| services.tahoe.nodes.<name>.client.shares.total | The number of shares required to store a file.
|
| services.redis.servers.<name>.save | The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes
|
| security.pam.services.<name>.limits.*.value | Value of this limit
|
| services.k3s.manifests.<name>.source | Path of the source .yaml file.
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.fedimintd.<name>.nginx.path | Path to host the API on and forward to the daemon's api port
|
| services.pppd.peers.<name>.autostart | Whether the PPP session is automatically started at boot time.
|
| programs.ssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| programs.neovim.runtime.<name>.enable | Whether this runtime directory should be generated
|
| services.dokuwiki.sites.<name>.acl.*.level | Permission level to restrict the actor(s) to
|
| services.bepasty.servers.<name>.workDir | Path to the working directory (used for config and pidfile)
|
| services.spiped.config.<name>.encrypt | Take unencrypted connections from the
source socket and send encrypted
connections to the target socket.
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| services.opensearch.settings."cluster.name" | The name of the cluster.
|
| services.nginx.virtualHosts.<name>.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.drupal.sites.<name>.database.host | Database host address.
|
| services.drupal.sites.<name>.database.port | Database host port.
|
| services.firewalld.zones.<name>.short | Short description for the zone.
|
| services.firewalld.zones.<name>.ports | Ports to allow in the zone.
|
| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.restic.backups.<name>.package | The restic package to use.
|
| boot.initrd.luks.devices.<name>.yubikey.twoFactor | Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
|
| boot.initrd.luks.devices.<name>.yubikey.keyLength | Length of the LUKS slot key derived with PBKDF2 in byte.
|
| services.redis.servers.<name>.extraParams | Extra parameters to append to redis-server invocation
|