| systemd.paths.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.spiped.config.<name>.weakHandshake | Use fast/weak handshaking: This reduces the CPU time spent
in the initial connection setup, at the expense of losing
perfect forward secrecy.
|
| services.kmonad.keyboards.<name>.defcfg.compose.key | The (optional) compose key to use.
|
| boot.loader.grub.extraFiles | A set of files to be copied to /boot
|
| services.tarsnap.archives.<name>.excludes | Exclude files and directories matching these patterns.
|
| services.fedimintd.<name>.bitcoin.network | Bitcoin network to participate in.
|
| systemd.user.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.httpd.virtualHosts.<name>.documentRoot | The path of Apache's document root directory
|
| services.kanata.keyboards.<name>.devices | Paths to keyboard devices
|
| services.drupal.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| security.pam.services.<name>.gnupg.noAutostart | Don't start gpg-agent if it is not running
|
| services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| systemd.network.networks.<name>.bridgeConfig | Each attribute in this set specifies an option in the
[Bridge] section of the unit
|
| systemd.network.networks.<name>.pfifoFastConfig | Each attribute in this set specifies an option in the
[PFIFOFast] section of the unit
|
| nix.registry.<name>.flake | The flake input from is rewritten to.
|
| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| services.znc.confOptions.networks.<name>.channels | IRC channels to join.
|
| services.fedimintd.<name>.nginx.config.listen.*.port | Port number to listen on
|
| services.nginx.virtualHosts.<name>.reuseport | Create an individual listening socket
|
| services.redis.servers.<name>.maxclients | Set the max number of connected clients at the same time.
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.klipper.firmwares.<name>.package | Path to the built firmware package.
|
| services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.easytier.instances.<name>.enable | Enable the instance.
|
| services.opkssh.providers.<name>.lifetime | Token lifetime
|
| services.namecoind.rpc.port | Port the RPC server will bind to.
|
| systemd.user.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.fedimintd.<name>.nginx.config.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.znapzend.zetup.<name>.destinations.<name>.postsend | Command to run after sending the snapshot to the destination
|
| services.snapserver.streams.<name>.query | Key-value pairs that convey additional parameters about a stream.
|
| services.davis.hostname | Domain of the host to serve davis under
|
| users.users.<name>.extraGroups | The user's auxiliary groups.
|
| services.wstunnel.servers.<name>.restrictTo | Accepted traffic will be forwarded only to this service.
|
| services.keepalived.vrrpScripts.<name>.rise | Required number of successes for OK transition.
|
| services.keepalived.vrrpScripts.<name>.fall | Required number of failures for KO transition.
|
| services.keepalived.vrrpInstances.<name>.vmacInterface | Name of the vmac interface to use. keepalived will come up with a name
if you don't specify one.
|
| services.errbot.instances.<name>.identity | Errbot identity configuration
|
| services.neo4j.ssl.policies.<name>.trustedDir | Path to directory of X.509 certificates in PEM format for
trusted parties
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.label | Each address may be tagged with a label string
|
| services.syncoid.commands.<name>.recvOptions | Advanced options to pass to zfs recv
|
| services.syncoid.commands.<name>.sendOptions | Advanced options to pass to zfs send
|
| services.openvpn.servers.<name>.authUserPass.password | The password to store inside the credentials file.
|
| services.fcgiwrap.instances.<name>.socket.type | Socket type: 'unix', 'tcp' or 'tcp6'.
|
| services.fcgiwrap.instances.<name>.socket.user | User to be set as owner of the UNIX socket.
|
| services.znc.confOptions.networks.<name>.password | IRC server password, such as for a Slack gateway.
|
| services.v4l2-relayd.instances.<name>.output.format | The video-format to write to output-stream.
|
| services.roundcube.database.dbname | Name of the postgresql database
|
| services.nominatim.database.dbname | Name of the postgresql database.
|
| services.radicle.httpd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fedimintd.<name>.nginx.config.listen | Listen addresses and ports for this virtual host
|
| services.anuko-time-tracker.nginx.locations.<name>.root | Root directory for requests.
|
| services.vdirsyncer.jobs.<name>.config.statusPath | vdirsyncer's status path
|
| image.repart.partitions.<name>.repartConfig | Specify the repart options for a partiton as a structural setting
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters | A list of filter to restrict traffic
|
| services.traefik.dynamic.files.<name>.settings | Dynamic configuration for Traefik, written in Nix.
This will be serialized to JSON (which is considered valid YAML) at build, and passed as part of the static file.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.authelia.instances.<name>.enable | Whether to enable Authelia instance.
|
| services.autorandr.profiles.<name>.config | Per output profile configuration.
|
| services.sanoid.templates.<name>.autosnap | Whether to automatically take snapshots.
|
| services.firewalld.zones.<name>.forwardPorts.*.port | |
| services.drupal.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.drupal.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| services.wstunnel.servers.<name>.listen.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.monica.hostname | The hostname to serve monica on.
|
| services.radicle.ci.broker.settings.adapters.<name>.env | Environment variables to add when running the adapter.
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.bacula-fd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.bacula-sd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.orangefs.server.fileSystems.<name>.troveSyncData | Sync data.
|
| services.vdirsyncer.jobs.<name>.config.general | general configuration
|
| services.sabnzbd.settings.servers.<name>.displayname | Human-friendly description of the server
|
| users.users.<name>.cryptHomeLuks | Path to encrypted luks device that contains
the user's home directory.
|
| services.wordpress.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.hostapd.radios.<name>.settings | Extra configuration options to put at the end of global initialization, before defining BSSs
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| services.prefect.workerPools.<name>.installPolicy | install policy for the worker (always, if-not-present, never, prompt)
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| services.sanoid.datasets.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.anubis.instances.<name>.policy.extraBots | Additional bot rules appended to the policy
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.nagios.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.nagios.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.wordpress.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.borgbackup.jobs.<name>.privateTmp | Set the PrivateTmp option for
the systemd-service
|
| services.public-inbox.settings.coderepo.<name>.cgitUrl | URL of a cgit instance
|
| services.orangefs.server.fileSystems.<name>.troveSyncMeta | Sync meta data.
|
| services.fedimintd.<name>.nginx.config.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| systemd.network.networks.<name>.flowQueuePIEConfig | Each attribute in this set specifies an option in the
[FlowQueuePIE] section of the unit
|
| services.headscale.settings.dns.extra_records.*.name | DNS record name.
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|