| systemd.user.paths.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| boot.initrd.luks.devices.<name>.allowDiscards | Whether to allow TRIM requests to the underlying device
|
| services.rke2.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| services.easytier.instances.<name>.settings.hostname | Hostname shown in peer list and web console.
|
| containers.<name>.path | As an alternative to specifying
config, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort | Target port of container
|
| services.openvpn.servers.<name>.config | Configuration of this OpenVPN instance
|
| services.netbird.clients.<name>.autoStart | Start the service with the system
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.buildkite-agents.<name>.enable | Whether to enable this buildkite agent
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.dokuwiki.sites.<name>.plugins | List of path(s) to respective plugin(s) which are copied into the 'plugin' directory.
These plugins need to be packaged before use, see example.
|
| programs.schroot.profiles.<name>.fstab | A file in the format described in fstab(5), used to mount filesystems inside the chroot
|
| services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.hickory-dns.settings.listen_addrs_ipv6 | List of ipv6 addresses on which to listen for DNS queries.
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| services.davis.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.movim.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.slskd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.openafsServer.roles.backup.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.nbd.server.exports.<name>.extraOptions | Extra options for this export
|
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.bepasty.servers.<name>.extraConfig | Extra configuration for bepasty server to be appended on the
configuration.
see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
for all options.
|
| services.hostapd.radios.<name>.wifi5.require | Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.
|
| services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| systemd.user.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.user.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.network.networks.<name>.macvtap | A list of macvtap interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.bridgeConfig | Each attribute in this set specifies an option in the
[Bridge] section of the unit
|
| systemd.network.netdevs.<name>.tunnelConfig | Each attribute in this set specifies an option in the
[Tunnel] section of the unit
|
| systemd.network.netdevs.<name>.netdevConfig | Each attribute in this set specifies an option in the
[Netdev] section of the unit
|
| systemd.network.netdevs.<name>.ipvlanConfig | Each attribute in this set specifies an option in the [IPVLAN] section of the unit
|
| systemd.network.networks.<name>.macvlan | A list of macvlan interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.ipvtapConfig | Each attribute in this set specifies an option in the [IPVTAP] section of the unit
|
| programs.xfs_quota.projects.<name>.path | Project directory.
|
| systemd.network.netdevs.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.drupal.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.drupal.sites.<name>.virtualHost.servedDirs | This option provides a simple way to serve static directories.
|
| services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| services.tinc.networks.<name>.listenAddress | The ip address to listen on for incoming connections.
|
| services.fluidd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.akkoma.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.gancio.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.monica.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.matomo.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| systemd.user.services.<name>.requisite | Similar to requires
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| services.snapper.configs.<name>.ALLOW_USERS | List of users allowed to operate with the config. "root" is always
implicitly included
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.prometheus.exporters.unpoller.controllers.*.hash_pii | Hash, with md5, client names and MAC addresses
|
| services.fedimintd.<name>.nginx.path_ws | Path to host the API on and forward to the daemon's api port
|
| systemd.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| services.snipe-it.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.geoclue2.appConfig.<name>.desktopID | Desktop ID of the application.
|
| services.drupal.sites.<name>.virtualHost.logFormat | Log format for Apache's log files
|
| services.mpdscribble.endpoints.<name>.username | Username for the scrobble service.
|
| services.wordpress.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.github-runners.<name>.extraLabels | Extra labels in addition to the default (unless disabled through the noDefaultLabels option)
|
| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| services.jibri.xmppEnvironments.<name>.call.login.username | User part of the JID for the recorder.
|
| security.pam.services.<name>.kwallet.package | The kwallet-pam package to use.
|
| services.sabnzbd.settings.servers.<name>.ssl | Whether the server supports TLS
|
| services.znapzend.zetup.<name>.mbuffer.enable | Whether to use mbuffer.
|
| systemd.shutdownRamfs.contents.<name>.target | Path of the symlink.
|
| systemd.network.networks.<name>.dhcpV4Config | Each attribute in this set specifies an option in the
[DHCPv4] section of the unit
|
| systemd.network.networks.<name>.dhcpV6Config | Each attribute in this set specifies an option in the
[DHCPv6] section of the unit
|
| services.logcheck.ignoreCron.<name>.timeArgs | "min hr dom mon dow" crontab time args, to auto-create a cronjob too
|
| services.anubis.instances.<name>.group | The group under which Anubis is run
|
| systemd.user.slices.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.wordpress.sites.<name>.themes | Path(s) to respective theme(s) which are copied from the 'theme' directory.
These themes need to be packaged before use, see example.
|
| systemd.user.timers.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.orangefs.server.fileSystems.<name>.id | File system ID (must be unique within configuration).
|
| services.anubis.instances.<name>.extraFlags | A list of extra flags to be passed to Anubis.
|
| services.nginx.upstreams.<name>.extraConfig | These lines go to the end of the upstream verbatim.
|
| services.syncoid.commands.<name>.service | Systemd configuration specific to this syncoid service.
|
| services.tarsnap.archives.<name>.verbose | Whether to produce verbose logging output.
|
| services.vault-agent.instances.<name>.enable | Whether to enable this vault-agent instance.
|
| services.borgbackup.jobs.<name>.extraArgs | Additional arguments for all borg calls the
service has
|
| services.dokuwiki.sites.<name>.extraConfigs | Path(s) to additional configuration files that are then linked to the 'conf' directory.
|
| services.fedimintd.<name>.nginx.path_ui | Path to host the built-in UI on and forward to the daemon's api port
|
| users.extraUsers.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.wyoming.piper.servers.<name>.lengthScale | Phoneme length value.
|
| services.lemmy.settings.hostname | The domain name of your instance (eg 'lemmy.ml').
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| services.gitlab-runner.services.<name>.tagList | Tag list
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.neo4j.ssl.policies.<name>.tlsVersions | Restrict the TLS protocol versions of this policy to those
defined here.
|
| services.wyoming.piper.servers.<name>.speaker | ID of a specific speaker in a multi-speaker model.
|
| services.borgbackup.jobs.<name>.doInit | Run borg init if the
specified repo does not exist
|