| containers.<name>.extraVeths.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| services.kanata.keyboards.<name>.extraArgs | Extra command line arguments passed to kanata.
|
| services.restic.backups.<name>.timerConfig | When to run the backup
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| services.hostapd.radios.<name>.networks | This defines a BSS, colloquially known as a WiFi network
|
| systemd.network.networks.<name>.linkConfig | Each attribute in this set specifies an option in the
[Link] section of the unit
|
| systemd.network.networks.<name>.cakeConfig | Each attribute in this set specifies an option in the
[CAKE] section of the unit
|
| systemd.network.networks.<name>.lldpConfig | Each attribute in this set specifies an option in the
[LLDP] section of the unit
|
| services.geoclue2.appConfig.<name>.isSystem | Whether the application is a system component or not.
|
| services.orangefs.server.fileSystems.<name>.id | File system ID (must be unique within configuration).
|
| security.pam.services.<name>.kwallet.package | The kwallet-pam package to use.
|
| services.sabnzbd.settings.servers.<name>.ssl | Whether the server supports TLS
|
| services.znapzend.zetup.<name>.mbuffer.enable | Whether to use mbuffer.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| services.bacula-sd.device.<name>.extraDeviceConfig | Extra configuration to be passed in Device directive.
|
| systemd.slices.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.timers.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.hostapd.radios.<name>.wifi6.require | Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't.
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| services.httpd.virtualHosts.<name>.extraConfig | These lines go to httpd.conf verbatim
|
| systemd.network.networks.<name>.gateway | A list of gateways to be added to the network section of the
unit
|
| systemd.network.networks.<name>.address | A list of addresses to be added to the network section of the
unit
|
| services.nebula.networks.<name>.tun.disable | When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.wyoming.piper.servers.<name>.lengthScale | Phoneme length value.
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.neo4j.ssl.policies.<name>.tlsVersions | Restrict the TLS protocol versions of this policy to those
defined here.
|
| services.wyoming.piper.servers.<name>.speaker | ID of a specific speaker in a multi-speaker model.
|
| services.netbird.clients.<name>.autoStart | Start the service with the system
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.openvpn.servers.<name>.config | Configuration of this OpenVPN instance
|
| services.wordpress.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.drupal.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.dokuwiki.sites.<name>.plugins | List of path(s) to respective plugin(s) which are copied into the 'plugin' directory.
These plugins need to be packaged before use, see example.
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| services.anubis.instances.<name>.policy | Anubis policy configuration
|
| containers.<name>.extraVeths.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| services.easytier.instances.<name>.settings.network_name | EasyTier network name.
|
| services.jitsi-videobridge.xmppConfigs.<name>.hostName | Hostname of the XMPP server to connect to
|
| services.inadyn.settings.custom.<name>.ddns-path | DDNS server path
|
| services.github-runners.<name>.enable | Whether to enable GitHub Actions runner
|
| services.easytier.instances.<name>.settings.hostname | Hostname shown in peer list and web console.
|
| services.sabnzbd.settings.servers.<name>.host | Hostname of the server
|
| services.sabnzbd.settings.servers.<name>.port | Port of the server
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file | File name in the rsa folder for which this passphrase
should be used.
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| systemd.network.netdevs.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| services.bepasty.servers.<name>.extraConfig | Extra configuration for bepasty server to be appended on the
configuration.
see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
for all options.
|
| services.hostapd.radios.<name>.wifi5.require | Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.
|
| systemd.network.netdevs.<name>.bridgeConfig | Each attribute in this set specifies an option in the
[Bridge] section of the unit
|
| systemd.network.netdevs.<name>.ipvtapConfig | Each attribute in this set specifies an option in the [IPVTAP] section of the unit
|
| systemd.network.netdevs.<name>.netdevConfig | Each attribute in this set specifies an option in the
[Netdev] section of the unit
|
| systemd.network.networks.<name>.macvlan | A list of macvlan interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.ipvlanConfig | Each attribute in this set specifies an option in the [IPVLAN] section of the unit
|
| systemd.network.networks.<name>.macvtap | A list of macvtap interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.tunnelConfig | Each attribute in this set specifies an option in the
[Tunnel] section of the unit
|
| systemd.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.nipap.settings.nipapd.db_name | Name of database to use on PostgreSQL server.
|
| boot.initrd.luks.devices.<name>.fido2.credential | The FIDO2 credential ID.
|
| services.firezone.server.provision.accounts.<name>.auth | All authentication providers to provision
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| services.rshim.device | Specify the device name to attach
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| services.tinc.networks.<name>.listenAddress | The ip address to listen on for incoming connections.
|
| services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| services.anubis.instances.<name>.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| services.snapper.configs.<name>.ALLOW_USERS | List of users allowed to operate with the config. "root" is always
implicitly included
|
| services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.davis.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.davis.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.slskd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.movim.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.slskd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id | IKE identity to use for authentication round
|
| services.buildkite-agents.<name>.hooks | "Agent" hooks to install
|
| systemd.paths.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.fedimintd.<name>.nginx.config.quic | Whether to enable the QUIC transport protocol
|
| services.fedimintd.<name>.nginx.path_ws | Path to host the API on and forward to the daemon's api port
|
| services.nginx.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host
|
| boot.initrd.luks.devices.<name>.yubikey.storage.device | An unencrypted device that will temporarily be mounted in stage-1
|
| fileSystems.<name>.label | Label of the device
|
| services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| services.znc.confOptions.networks.<name>.extraConf | Extra config for the network
|
| services.inadyn.settings.provider.<name>.ssl | Whether to use HTTPS for this DDNS provider.
|
| services.github-runners.<name>.url | Repository to add the runner to
|
| services.logcheck.ignoreCron.<name>.timeArgs | "min hr dom mon dow" crontab time args, to auto-create a cronjob too
|
| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|