| systemd.user.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.headscale.settings.derp.paths | List of file paths containing DERP maps
|
| services.easytier.instances.<name>.settings | Settings to generate easytier-‹name›.toml
|
| services.xserver.displayManager.lightdm.greeters.enso.theme.name | Name of the theme to use for the lightdm-enso-os-greeter
|
| services.rke2.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| services.httpd.virtualHosts.<name>.adminAddr | E-mail address of the server administrator.
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.keySize | Key size in bits
|
| services.tor.relay.onionServices.<name>.map | See torrc manual.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.keySize | Key size in bits
|
| services.filebeat.inputs.<name>.type | The input type
|
| services.tahoe.nodes.<name>.client.helper | The furl for a Tahoe helper node
|
| systemd.services.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| security.pam.services.<name>.limits.*.value | Value of this limit
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.nginx.virtualHosts.<name>.quic | Whether to enable the QUIC transport protocol
|
| services.hostapd.radios.<name>.band | Specifies the frequency band to use, possible values are 2g for 2.4 GHz,
5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz.
|
| services.drupal.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| systemd.user.services.<name>.startAt | Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7)
|
| services.firewalld.zones.<name>.short | Short description for the zone.
|
| services.firewalld.zones.<name>.ports | Ports to allow in the zone.
|
| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.restic.backups.<name>.package | The restic package to use.
|
| security.acme.certs.<name>.dnsProvider | DNS Challenge provider
|
| security.pam.services.<name>.fprintAuth | If set, fingerprint reader will be used (if exists and
your fingerprints are enrolled).
|
| hardware.sane.brscan4.netDevices.<name>.ip | The ip address of the device
|
| hardware.sane.brscan5.netDevices.<name>.ip | The ip address of the device
|
| services.keepalived.vrrpInstances.<name>.vmacInterface | Name of the vmac interface to use. keepalived will come up with a name
if you don't specify one.
|
| services.fedimintd.<name>.package | The fedimint package to use.
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.tor.relay.onionServices | See torrc manual.
Because tor.service runs in its own RootDirectory=,
when using a onion service to reverse-proxy to a Unix socket,
you need to make that Unix socket available
within the mount namespace of tor.service
|
| services.pingvin-share.dataDir | The path to the data directory in which Pingvin Share will store its data.
|
| services.knot.enableXDP | Extends the systemd unit with permissions to allow for the use of
the eXpress Data Path (XDP).
Make sure to read up on functional limitations
when running in XDP mode.
|
| services.conman.configFile | The absolute path to the configuration file
|
| services.jenkinsSlave.home | The path to use as JENKINS_HOME
|
| services.gns3-server.ssl.certFile | Path to the SSL certificate file
|
| services.atalkd.configFile | Optional path to a custom atalkd.conf file
|
| services.snmpd.configFile | Path to the snmpd.conf file
|
| services.nipap.nipap-www.unixSocket | Path to UNIX socket to bind to.
|
| services.k3s.agentTokenFile | File path containing the k3s token agents can use to connect to the server
|
| services.postgresql.systemCallFilter.<name>.enable | Whether to enable ‹name› in postgresql's syscall filter.
|
| services.phpfpm.pools.<name>.extraConfig | Extra lines that go into the pool configuration
|
| systemd.network.networks.<name>.bond | A list of bond interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.vlan | A list of vlan interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.xfrm | A list of xfrm interfaces to be added to the network section of the
unit
|
| systemd.user.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| services.pppd.peers.<name>.autostart | Whether the PPP session is automatically started at boot time.
|
| services.jupyterhub.kernels.<name>.language | Language of the environment
|
| services.buildkite-agents.<name>.dataDir | The workdir for the agent
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.group | The group which should be allowed access to the given resource.
|
| services.rke2.autoDeployCharts.<name>.hash | The hash of the packaged Helm chart
|
| services.anubis.instances | An attribute set of Anubis instances
|
| services.cjdns.ETHInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.cjdns.UDPInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.redis.servers.<name>.extraParams | Extra parameters to append to redis-server invocation
|
| services.gitwatch.<name>.message | Optional text to use in as commit message; all occurrences of %d will be replaced by formatted date/time
|
| services.redis.servers.<name>.user | User account under which this instance of redis-server runs.
If left as the default value this user will automatically be
created on system activation, otherwise you are responsible for
ensuring the user exists before the redis service starts.
|
| networking.interfaces.<name>.virtualType | The type of interface to create
|
| services.kanidm.provision.persons.<name>.displayName | Display name
|
| services.tahoe.nodes.<name>.storage.enable | Whether to enable storage service.
|
| services.wyoming.piper.servers.<name>.uri | URI to bind the wyoming server to.
|
| services.znapzend.zetup.<name>.plan | The znapzend backup plan to use for the source
|
| programs.neovim.runtime.<name>.enable | Whether this runtime directory should be generated
|
| services.dokuwiki.sites.<name>.acl.*.level | Permission level to restrict the actor(s) to
|
| services.spiped.config.<name>.encrypt | Take unencrypted connections from the
source socket and send encrypted
connections to the target socket.
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| systemd.targets.<name>.requisite | Similar to requires
|
| systemd.sockets.<name>.requisite | Similar to requires
|
| services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.name | Name of the icon theme to use for the lightdm-gtk-greeter.
|
| security.auditd.plugins.<name>.type | This tells the dispatcher how the plugin wants to be run
|
| services.nsd.zones.<name>.maxRefreshSecs | Limit refresh time for secondary zones
|
| services.xserver.displayManager.lightdm.greeters.slick.theme.name | Name of the theme to use for the lightdm-slick-greeter.
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.nsd.zones.<name>.dnssecPolicy.keyttl | TTL for dnssec records
|
| services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| services.ndppd.proxies.<name>.timeout | Controls how long to wait for a Neighbor Advertisement Message before
invalidating the entry, in milliseconds.
|
| services.quicktun.<name>.remoteFloat | Whether to allow the remote address and port to change when properly encrypted packets are received.
|
| networking.wlanInterfaces | Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)
|
| services.sanoid.datasets.<name>.yearly | Number of yearly snapshots.
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| services.sanoid.datasets.<name>.hourly | Number of hourly snapshots.
|
| services.fedimintd.<name>.nginx.fqdn | Public domain of the API address of the reverse proxy/tls terminator.
|
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.type | The resource type
|
| boot.initrd.luks.devices.<name>.keyFileSize | The size of the key file
|
| services.github-runners.<name>.user | User under which to run the service
|
| services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| programs.ssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.incron.enable | Whether to enable the incron daemon
|
| services.darkhttpd.rootDir | Path from which to serve files.
|
| services.i2pd.reseed.zipfile | Path to local .zip file to reseed from.
|
| services.bluesky-pds.goat.enable | Add goat to PATH
|
| services.cyrus-imap.cyrusConfigFile | Path to the configuration file used for Cyrus.
|
| services.nagios.plugins | Packages to be added to the Nagios PATH
|
| services.public-inbox.nntp.cert | Path to TLS certificate to use for connections to public-inbox-nntpd(1).
|
| services.rutorrent.dataDir | Storage path of ruTorrent.
|
| services.rtorrent.rpcSocket | RPC socket path.
|