| services.wstunnel.clients.<name>.addNetBind | Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.
|
| systemd.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.anubis.instances.<name>.user | The user under which Anubis is run
|
| services.k3s.autoDeployCharts.<name>.version | The version of the Helm chart
|
| systemd.user.timers.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.slices.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.tarsnap.archives.<name>.period | Create archive at this interval
|
| services.nginx.proxyCachePath.<name>.inactive | Cached data that has not been accessed for the time specified by
the inactive parameter is removed from the cache, regardless of
its freshness.
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| systemd.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| services.awstats.configs.<name>.logFormat | The log format being used
|
| services.znapzend.zetup.<name>.presnap | Command to run before snapshots are taken on the source dataset,
e.g. for database locking/flushing
|
| services.gancio.nginx.locations.<name>.root | Root directory for requests.
|
| services.fedimintd.<name>.bitcoin.rpc.kind | Kind of a bitcoin node.
|
| services.akkoma.nginx.locations.<name>.root | Root directory for requests.
|
| services.fluidd.nginx.locations.<name>.root | Root directory for requests.
|
| services.snipe-it.nginx.locations.<name>.index | Adds index directive.
|
| services.matomo.nginx.locations.<name>.root | Root directory for requests.
|
| services.snipe-it.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.monica.nginx.locations.<name>.root | Root directory for requests.
|
| services.vdirsyncer.jobs.<name>.enable | Whether to enable this vdirsyncer job.
|
| services.github-runners.<name>.nodeRuntimes | List of Node.js runtimes the runner should support.
|
| services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.name | Name of the cursor theme to use for the lightdm-gtk-greeter.
|
| services.wstunnel.clients.<name>.soMark | Mark network packets with the SO_MARK sockoption with the specified value
|
| services.udp-over-tcp.tcp2udp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.udp-over-tcp.udp2tcp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.tcp2udp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.udp2tcp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| services.gitlab-runner.services.<name>.cloneUrl | Overwrite the URL for the GitLab instance
|
| services.restic.backups.<name>.extraOptions | Extra extended options to be passed to the restic --option flag.
|
| services.neo4j.ssl.policies.<name>.ciphers | Restrict the allowed ciphers of this policy to those defined
here
|
| services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| services.kimai.sites.<name>.database.charset | Database charset.
|
| services.jitsi-videobridge.xmppConfigs.<name>.hostName | Hostname of the XMPP server to connect to
|
| security.pam.services.<name>.ttyAudit.openOnly | Set the TTY audit flag when opening the session,
but do not restore it when closing the session
|
| networking.ipips.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| services.kanata.keyboards.<name>.extraArgs | Extra command line arguments passed to kanata.
|
| services.netbird.tunnels.<name>.dir.runtime | A runtime directory used by NetBird client.
|
| services.netbird.clients.<name>.dir.runtime | A runtime directory used by NetBird client.
|
| services.wyoming.piper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.wyoming.piper.servers.<name>.enable | Whether to enable Wyoming Piper server.
|
| containers.<name>.config | A specification of the desired configuration of this
container, as a NixOS module.
|
| containers.<name>.autoStart | Whether the container is automatically started at boot-time.
|
| services.hostapd.radios.<name>.networks | This defines a BSS, colloquially known as a WiFi network
|
| services.wstunnel.servers.<name>.listen.host | The hostname.
|
| services.wstunnel.servers.<name>.listen.port | The port.
|
| services.spiped.config.<name>.waitForDNS | Wait for DNS
|
| services.drupal.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| security.pam.services.<name>.failDelay.enable | If enabled, this will replace the FAIL_DELAY setting from login.defs
|
| systemd.user.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.restic.backups.<name>.timerConfig | When to run the backup
|
| services.rke2.autoDeployCharts.<name>.version | The version of the Helm chart
|
| security.pam.services.<name>.howdy.enable | Whether to enable the Howdy PAM module
|
| services.drupal.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| hardware.alsa.cardAliases.<name>.id | The ID of the sound card
|
| services.fedimintd.<name>.nginx.config.root | The path of the web root directory.
|
| services.bacula-sd.device.<name>.extraDeviceConfig | Extra configuration to be passed in Device directive.
|
| services.fedimintd.<name>.bitcoin.rpc.url | Bitcoin node (bitcoind/electrum/esplora) address to connect to
|
| services.hostapd.radios.<name>.wifi6.require | Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't.
|
| services.h2o.hosts.<name>.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| services.httpd.virtualHosts.<name>.extraConfig | These lines go to httpd.conf verbatim
|
| services.rke2.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| services.davis.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.slskd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.movim.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| programs.ssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.anubis.instances.<name>.policy | Anubis policy configuration
|
| services.geoclue2.appConfig.<name>.isAllowed | Whether the application will be allowed access to location information.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.netbird.tunnels.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| services.netbird.clients.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| services.reposilite.settings.hostname | The hostname to bind to
|
| fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| systemd.user.sockets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.targets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| services.netbird.clients.<name>.autoStart | Start the service with the system
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.openvpn.servers.<name>.config | Configuration of this OpenVPN instance
|
| services.drupal.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.dokuwiki.sites.<name>.plugins | List of path(s) to respective plugin(s) which are copied into the 'plugin' directory.
These plugins need to be packaged before use, see example.
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort | Target port of container
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|