| virtualisation.oci-containers.containers.<name>.login.username | Username for login.
|
| services.wordpress.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| systemd.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.jupyterhub.kernels.<name>.language | Language of the environment
|
| services.snapserver.streams.<name>.query | Key-value pairs that convey additional parameters about a stream.
|
| services.klipper.firmwares.<name>.configFile | Path to firmware config which is generated using klipper-genconf
|
| services.firewalld.services.<name>.sourcePorts.*.port | |
| services.klipper.firmwares.<name>.package | Path to the built firmware package.
|
| systemd.services.<name>.confinement.mode | The value full-apivfs (the default) sets up
private /dev, /proc,
/sys, /tmp and /var/tmp file systems
in a separate user name space
|
| ec2.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| security.acme.certs.<name>.csrKey | Path to the private key to the matching certificate signing request.
|
| services.hadoop.hdfs.namenode.enable | Whether to enable HDFS NameNode.
|
| services.firewalld.services.<name>.includes | Services to include for the service.
|
| systemd.user.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.borgbackup.jobs.<name>.exclude | Exclude paths matching any of the given patterns
|
| services.kanata.keyboards.<name>.configFile | The config file
|
| services.keyd.keyboards.<name>.settings | Configuration, except ids section, that is written to /etc/keyd/.conf
|
| services.wstunnel.servers.<name>.restrictTo | Accepted traffic will be forwarded only to this service.
|
| services.keepalived.vrrpScripts.<name>.fall | Required number of failures for KO transition.
|
| services.keepalived.vrrpScripts.<name>.rise | Required number of successes for OK transition.
|
| services.zabbixWeb.hostname | Hostname for either nginx or httpd.
|
| services.borgbackup.jobs.<name>.privateTmp | Set the PrivateTmp option for
the systemd-service
|
| services.easytier.instances.<name>.enable | Enable the instance.
|
| services.opkssh.providers.<name>.lifetime | Token lifetime
|
| security.acme.certs.<name>.s3Bucket | S3 bucket name to use for HTTP-01 based challenges
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| systemd.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| services.wyoming.faster-whisper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.matomo.hostname | URL of the host, without https prefix
|
| systemd.user.timers.<name>.wants | Start the specified units when this unit is started.
|
| systemd.user.slices.<name>.wants | Start the specified units when this unit is started.
|
| users.users.<name>.subUidRanges | Subordinate user ids that user is allowed to use
|
| users.users.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| services.kubernetes.kubelet.taints.<name>.value | Value of taint.
|
| services.sabnzbd.settings.servers.<name>.displayname | Human-friendly description of the server
|
| services.mailman.ldap.attrMap.username | LDAP-attribute that corresponds to the username-attribute in mailman.
|
| services.errbot.instances.<name>.identity | Errbot identity configuration
|
| services.netbird.tunnels.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.netbird.clients.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.wyoming.faster-whisper.servers.<name>.enable | Whether to enable Wyoming faster-whisper server.
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| services.prefect.workerPools.<name>.installPolicy | install policy for the worker (always, if-not-present, never, prompt)
|
| services.displayManager.dms-greeter.compositor.name | The Wayland compositor to run the greeter in
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| systemd.user.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.sabnzbd.settings.servers.<name>.timeout | Time, in seconds, to wait for a response before
attempting error recovery.
|
| services.openvpn.servers.<name>.updateResolvConf | Use the script from the update-resolv-conf package to automatically
update resolv.conf with the DNS information provided by openvpn
|
| services.authelia.instances.<name>.enable | Whether to enable Authelia instance.
|
| services.autorandr.profiles.<name>.config | Per output profile configuration.
|
| services.sanoid.templates.<name>.autosnap | Whether to automatically take snapshots.
|
| services.hostapd.radios.<name>.networks.<name>.ignoreBroadcastSsid | Send empty SSID in beacons and ignore probe request frames that do not
specify full SSID, i.e., require stations to know SSID
|
| services.borgbackup.jobs.<name>.appendFailedSuffix | Append a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
|
| services.nebula.networks.<name>.firewall.inbound | Firewall rules for inbound traffic.
|
| services.orangefs.server.fileSystems.<name>.extraConfig | Extra config for <FileSystem> section.
|
| services.buildkite-agents.<name>.enable | Whether to enable this buildkite agent
|
| services.logrotate.settings.<name>.files | Single or list of files for which rules are defined
|
| services.anubis.instances.<name>.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| users.extraUsers.<name>.shell | The path to the user's shell
|
| services.sanoid.datasets.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.gitlab-runner.services.<name>.description | Name/description of the runner.
|
| services.tarsnap.archives.<name>.includes | Include only files and directories matching these
patterns (the empty list includes everything)
|
| services.mautrix-meta.instances.<name>.enable | Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.
|
| services.tor.relay.onionServices.<name>.settings.RendPostPeriod | See torrc manual.
|
| services.firewalld.zones.<name>.forwardPorts.*.port | |
| services.inadyn.settings.provider.<name>.include | File to include additional settings for this provider from.
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| services.kanidm.provision.systems.oauth2.<name>.public | Whether this is a public client (enforces PKCE, doesn't use a basic secret)
|
| services.easytier.instances.<name>.extraArgs | Extra args append to the easytier command-line.
|
| services.logrotate.settings.<name>.enable | Whether to enable setting individual kill switch.
|
| services.syncthing.settings.folders.<name>.type | Controls how the folder is handled by Syncthing
|
| services.borgbackup.jobs.<name>.dumpCommand | Backup the stdout of this program instead of filesystem paths
|
| services.ghostunnel.servers.<name>.allowAll | If true, allow all clients, do not check client cert subject.
|
| services.home-assistant.config.homeassistant.name | Name of the location where Home Assistant is running.
|
| services.kanidm.provision.systems.oauth2.<name>.scopeMaps | Maps kanidm groups to returned oauth scopes
|
| boot.initrd.systemd.groups.<name>.gid | ID of the group in initrd.
|
| services.znapzend.zetup.<name>.destinations.<name>.postsend | Command to run after sending the snapshot to the destination
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.path | Stream URL
|
| services.xserver.xkb.extraLayouts.<name>.languages | A list of languages provided by the layout.
(Use ISO 639-2 codes, for example: "eng" for english)
|
| services.nitter.server.hostname | Hostname of the instance.
|
| services.btrbk.instances.<name>.onCalendar | How often this btrbk instance is started
|
| services.kanidm.provision.persons.<name>.present | Whether to ensure that this person is present or absent.
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| systemd.slices.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.timers.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| virtualisation.fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.geoclue2.appConfig.<name>.desktopID | Desktop ID of the application.
|
| services.firewalld.zones.<name>.forwardPorts.*.to-port | |
| services.restic.backups.<name>.repository | repository to backup to.
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.wstunnel.clients.<name>.settings | Command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.settings | Command line arguments to pass to wstunnel
|
| services.wyoming.faster-whisper.servers.<name>.device | Determines the platform faster-whisper is run on
|