| services.monica.nginx.locations.<name>.index | Adds index directive.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.webhook.hooks.<name>.execute-command | The command that should be executed when the hook is triggered.
|
| services.wstunnel.clients.<name>.connectTo | Server address and port to connect to.
|
| services.borgbackup.jobs.<name>.doInit | Run borg init if the
specified repo does not exist
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.prePublish | How long in advance to publish new keys
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.prePublish | How long in advance to publish new keys
|
| services.k3s.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.snapper.configs.<name>.ALLOW_GROUPS | List of groups allowed to operate with the config
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.akkoma.frontends.<name>.package | Akkoma frontend package.
|
| services.sanoid.templates.<name>.monthly | Number of monthly snapshots.
|
| services.vdirsyncer.jobs.<name>.configFile | existing configuration file
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|
| services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.kanidm.provision.systems.oauth2.<name>.displayName | Display name
|
| power.ups.ups.<name>.directives | List of configuration directives for this UPS.
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|
| services.dovecot2.mailboxes.<name>.auto | Whether to automatically create or create and subscribe to the mailbox or not.
|
| services.blockbook-frontend.<name>.sync | Synchronizes until tip, if together with zeromq, keeps index synchronized.
|
| services.drupal.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.spiped.config.<name>.resolveRefresh | Resolution refresh time for the target socket, in seconds.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id | IKE identity to use for authentication round
|
| services.rsync.jobs.<name>.destination | Destination directory.
|
| containers.<name>.extraVeths | Extra veth-pairs to be created for the container.
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| systemd.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.tor.relay.onionServices.<name>.version | See torrc manual.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| security.wrappers.<name>.group | The group of the wrapper program.
|
| security.wrappers.<name>.owner | The owner of the wrapper program.
|
| services.spiped.config.<name>.source | Address on which spiped should listen for incoming
connections
|
| services.gitlab-runner.services.<name>.buildsDir | Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
|
| systemd.user.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| environment.etc.<name>.text | Text of the file.
|
| services.kanata.keyboards.<name>.config | Configuration other than defcfg
|
| services.wordpress.sites.<name>.poolConfig | Options for the WordPress PHP pool
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.wstunnel.servers.<name>.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.restic.backups.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| services.znc.confOptions.networks.<name>.server | IRC server address.
|
| services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| services.wstunnel.servers.<name>.listen | Address and port to listen on
|
| services.headscale.settings.dns.extra_records.*.name | DNS record name.
|
| services.rke2.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| services.snapserver.streams.<name>.type | The type of input stream.
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.openssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.davis.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fedimintd.<name>.api_iroh.bind | Address to bind on for Iroh endpoint for API connections
|
| services.syncoid.commands.<name>.useCommonArgs | Whether to add the configured common arguments to this command.
|
| services.slskd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.movim.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.httpd.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| networking.sits.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| boot.initrd.luks.devices.<name>.device | Path of the underlying encrypted block device.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters | A list of filter to restrict traffic
|
| services.firewalld.zones.<name>.sourcePorts.*.port | |
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.nbd.server.exports.<name>.extraOptions | Extra options for this export
|
| systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.dokuwiki.sites.<name>.pluginsConfig | List of the dokuwiki (un)loaded plugins.
|
| services.drupal.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.public-inbox.inboxes.<name>.coderepo | Nicknames of a 'coderepo' section associated with the inbox.
|
| programs.dms-shell.plugins.<name>.src | Source of the plugin package or path
|
| services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.drupal.sites.<name>.virtualHost.servedDirs | This option provides a simple way to serve static directories.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| systemd.user.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| boot.specialFileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| containers.<name>.bindMounts | An extra list of directories that is bound to the container.
|
| services.jupyterhub.kernels.<name>.argv | Command and arguments to start the kernel.
|
| services.blockbook-frontend.<name>.rpc.user | Username for JSON-RPC connections.
|
| services.fluidd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.buildkite-agents.<name>.extraGroups | Groups the user for this buildkite agent should belong to
|
| services.gancio.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.akkoma.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.blockbook-frontend.<name>.rpc.port | Port for JSON-RPC connections.
|
| services.matomo.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.monica.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.sanoid.datasets.<name>.useTemplate | Names of the templates to use for this dataset.
|
| services.wordpress.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| systemd.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.fedimintd.<name>.api_iroh.port | UDP Port to bind Iroh endpoint for API connections
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.postPublish | How long after deactivation to keep a key in the zone
|
| services.nebula.networks.<name>.settings | Nebula configuration
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish | How long after deactivation to keep a key in the zone
|
| services.github-runners.<name>.extraPackages | Extra packages to add to PATH of the service to make them available to workflows.
|