| services.sabnzbd.settings.servers.<name>.displayname | Human-friendly description of the server
|
| services.rsync.jobs.<name>.destination | Destination directory.
|
| services.gancio.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.monica.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.matomo.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.matomo.webServerUser | Name of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used
|
| services.gitlab-runner.services.<name>.description | Name/description of the runner.
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| systemd.network.networks.<name>.qdiscConfig | Each attribute in this set specifies an option in the
[QDisc] section of the unit
|
| systemd.network.networks.<name>.pfifoConfig | Each attribute in this set specifies an option in the
[PFIFO] section of the unit
|
| systemd.network.networks.<name>.bfifoConfig | Each attribute in this set specifies an option in the
[BFIFO] section of the unit
|
| services.mpdscribble.endpoints.<name>.username | Username for the scrobble service.
|
| services.v4l2-relayd.instances.<name>.enable | Whether to enable this v4l2-relayd instance.
|
| services.spiped.config.<name>.source | Address on which spiped should listen for incoming
connections
|
| fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| systemd.user.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.tahoe.introducers.<name>.tub.port | The port on which the introducer will listen.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| services.drupal.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.kanata.keyboards.<name>.config | Configuration other than defcfg
|
| services.wordpress.sites.<name>.poolConfig | Options for the WordPress PHP pool
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.wstunnel.servers.<name>.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.errbot.instances.<name>.plugins | List of errbot plugin derivations.
|
| services.restic.backups.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| services.wstunnel.servers.<name>.listen | Address and port to listen on
|
| services.davis.nginx.serverName | Name of this virtual host
|
| services.movim.nginx.serverName | Name of this virtual host
|
| services.slskd.nginx.serverName | Name of this virtual host
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.nsd.zones.<name>.dnssecPolicy.algorithm | Which algorithm to use for DNSSEC
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| services.snapserver.streams.<name>.type | The type of input stream.
|
| services.borgbackup.jobs.<name>.prune.keep | Prune a repository by deleting all archives not matching any of the
specified retention options
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.openssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| systemd.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.httpd.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.fedimintd.<name>.api_iroh.bind | Address to bind on for Iroh endpoint for API connections
|
| services.syncoid.commands.<name>.useCommonArgs | Whether to add the configured common arguments to this command.
|
| services.geoclue2.appConfig.<name>.desktopID | Desktop ID of the application.
|
| services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.file | File name in the ecdsa folder for which this
passphrase should be used.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.file | File name in the pkcs8 folder for which this
passphrase should be used.
|
| services.tahoe.nodes.<name>.storage.reservedSpace | The amount of filesystem space to not use for storage.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.radicle.httpd.nginx.locations.<name>.root | Root directory for requests.
|
| services.fedimintd.<name>.nginx.config.acmeRoot | Directory for the ACME challenge, which is public
|
| services.nsd.zones.<name>.dnssecPolicy.coverage | The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
| services.gitlab-runner.services.<name>.limit | Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit.
|
| services.dokuwiki.sites.<name>.pluginsConfig | List of the dokuwiki (un)loaded plugins.
|
| services.public-inbox.inboxes.<name>.coderepo | Nicknames of a 'coderepo' section associated with the inbox.
|
| services.mailpit.instances.<name>.listen | HTTP bind interface and port for UI.
|
| systemd.shutdownRamfs.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.github-runners.<name>.extraLabels | Extra labels in addition to the default (unless disabled through the noDefaultLabels option)
|
| services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.fedimintd.<name>.nginx.config.listen.*.ssl | Enable SSL.
|
| services.znc.confOptions.networks.<name>.modules | ZNC network modules to load.
|
| systemd.user.sockets.<name>.listenDatagrams | For each item in this list, a ListenDatagram
option in the [Socket] section will be created.
|
| systemd.user.targets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.sockets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.jupyterhub.kernels.<name>.argv | Command and arguments to start the kernel.
|
| services.blockbook-frontend.<name>.rpc.user | Username for JSON-RPC connections.
|
| services.blockbook-frontend.<name>.rpc.port | Port for JSON-RPC connections.
|
| services.sanoid.datasets.<name>.useTemplate | Names of the templates to use for this dataset.
|
| services.fedimintd.<name>.api_iroh.port | UDP Port to bind Iroh endpoint for API connections
|
| services.nebula.networks.<name>.settings | Nebula configuration
|
| systemd.user.timers.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.user.slices.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.logcheck.ignoreCron.<name>.cmdline | Command line for the cron job
|
| services.fedimintd.<name>.nginx.config.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| services.autorandr.profiles.<name>.hooks | Profile hook scripts.
|
| services.znapzend.zetup.<name>.recursive | Whether to do recursive snapshots.
|
| services.borgbackup.repos.<name>.group | The group borg serve is run as
|
| systemd.user.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.znapzend.zetup.<name>.postsnap | Command to run after snapshots are taken on the source dataset,
e.g. for database unlocking
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| users.extraUsers.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.wordpress.sites.<name>.database.user | Database user.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from | The start of the port range, inclusive.
|
| services.klipper.firmwares.<name>.enable | Whether to enable building of firmware for manual flashing
.
|
| services.fedimintd.<name>.ui.openFirewall | Opens TCP port in firewall for built-in UI
|
| services.public-inbox.inboxes.<name>.inboxdir | The absolute path to the directory which hosts the public-inbox.
|
| services.inadyn.settings.custom.<name>.include | File to include additional settings for this provider from.
|
| systemd.sockets.<name>.listenDatagrams | For each item in this list, a ListenDatagram
option in the [Socket] section will be created.
|
| services.snipe-it.nginx.serverName | Name of this virtual host
|
| services.drupal.sites.<name>.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|