| services.tahoe.nodes.<name>.tub.location | The external location that the node should listen on
|
| services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.name | Name of the cursor theme to use for the lightdm-slick-greeter.
|
| security.pam.services.<name>.requireWheel | Whether to permit root access only to members of group wheel.
|
| services.rke2.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| systemd.network.networks.<name>.enable | Whether to manage network configuration using systemd-network
|
| systemd.network.networks.<name>.tunnel | A list of tunnel interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.bridge | A list of bridge interfaces to be added to the network section of the
unit
|
| hardware.display.outputs.<name>.mode | A video kernel parameter (framebuffer mode) configuration for the specific output:
<xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m][eDd]
See for more information:
|
| services.easytier.instances.<name>.settings.network_name | EasyTier network name.
|
| programs.ssh.setXAuthLocation | Whether to set the path to xauth for X11-forwarded connections
|
| services.gocd-server.packages | Packages to add to PATH for the Go
|
| services.cfdyndns.apiTokenFile | The path to a file containing the API Token
used to authenticate with CloudFlare.
|
| services.jenkins.packages | Packages to add to PATH for the jenkins process.
|
| services.unpoller.loki.pass | Path of a file containing the password for Loki
|
| services.netbox.ldapConfigPath | Path to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py
|
| networking.bonds.<name>.driverOptions | Options for the bonding driver
|
| services.dokuwiki.sites.<name>.poolConfig | Options for the DokuWiki PHP pool
|
| services.nntp-proxy.users.<name>.passwordHash | SHA-512 password hash (can be generated by
mkpasswd -m sha-512 <password>)
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| systemd.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.headscale.settings.noise.private_key_path | Path to noise private key file, generated automatically if it does not exist.
|
| services.icecast.hostname | DNS name or IP address that will be used for the stream directory lookups or possibly the playlist generation if a Host header is not provided.
|
| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| services.restic.backups.<name>.extraBackupArgs | Extra arguments passed to restic backup.
|
| services.redis.servers.<name>.openFirewall | Whether to open ports in the firewall for the server.
|
| systemd.user.services.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.network.networks.<name>.bridgeMDBs | A list of BridgeMDB sections to be added to the unit
|
| systemd.network.networks.<name>.bridgeFDBs | A list of BridgeFDB sections to be added to the unit
|
| networking.vlans.<name>.interface | The interface the vlan will transmit packets through.
|
| security.pam.services.<name>.sssdStrictAccess | enforce sssd access control
|
| services.udp-over-tcp.udp2tcp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.udp-over-tcp.tcp2udp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.public-inbox.inboxes.<name>.address | The email addresses of the public-inbox.
|
| systemd.network.networks.<name>.extraConfig | Extra configuration append to unit
|
| security.pam.services.<name>.usshAuth | If set, users with an SSH certificate containing an authorized principal
in their SSH agent are able to log in
|
| systemd.timers.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.slices.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| boot.initrd.luks.devices.<name>.yubikey.saltLength | Length of the new salt in byte (64 is the effective maximum).
|
| security.apparmor.policies.<name>.state | How strictly this policy should be enforced
|
| services.geoclue2.appConfig.<name>.desktopID | Desktop ID of the application.
|
| services.sanoid.templates.<name>.yearly | Number of yearly snapshots.
|
| services.sanoid.templates.<name>.hourly | Number of hourly snapshots.
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.nginx.proxyCachePath.<name>.levels | The levels parameter defines structure of subdirectories in cache: from
1 to 3, each level accepts values 1 or 2
|
| services.grafana.settings.database.client_cert_path | The path to the client cert
|
| services.headscale.settings.dns.extra_records.*.name | DNS record name.
|
| services.firewalld.zones.<name>.version | Version of the zone.
|
| programs.xfs_quota.projects.<name>.id | Project ID.
|
| security.pam.services.<name>.howdy.control | This option sets the PAM "control" used for this module.
|
| systemd.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| systemd.network.netdevs.<name>.vxlanConfig | Each attribute in this set specifies an option in the
[VXLAN] section of the unit
|
| services.multipath.devices.*.flush_on_last_del | If set to "yes" multipathd will disable queueing when the last path to a
device has been deleted.
|
| systemd.user.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.borgbackup.jobs.<name>.postInit | Shell commands to run after borg init.
|
| services.geth.<name>.websocket.address | Listen address of Go Ethereum WebSocket API.
|
| boot.initrd.luks.devices.<name>.yubikey.gracePeriod | Time in seconds to wait for the YubiKey.
|
| services.wstunnel.clients.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.wstunnel.servers.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| services.github-runners.<name>.workDir | Working directory, available as $GITHUB_WORKSPACE during workflow runs
and used as a default for repository checkouts
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| security.pam.services.<name>.setLoginUid | Set the login uid of the process
(/proc/self/loginuid) for auditing
purposes
|
| services.osquery.flags.logger_path | Base directory used for logging.
If left as the default value, this directory will be automatically created before the
service starts, otherwise you are responsible for ensuring the directory exists with
the appropriate ownership and permissions.
|
| services.gateone.settingsDir | Path of configuration files for GateOne.
|
| services.dendrite.tlsCert | The path to the TLS certificate.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
|
| services.anuko-time-tracker.nginx.root | The path of the web root directory.
|
| services.devpi-server.secretFile | Path to a shared secret file used for synchronization,
Required for all nodes in a replica/primary setup.
|
| services.nomad.extraPackages | Extra packages to add to PATH for the Nomad agent process.
|
| services.molly-brown.certPath | Path to TLS certificate
|
| services.opengfw.pcapReplay | Path to PCAP replay file
|
| services.sshwifty.sharedKeyFile | Path to a file containing the shared key.
|
| services.pomerium.configFile | Path to Pomerium config YAML
|
| services.stargazer.store | Path to the certificate store on disk
|
| services.traefik.static.file | Path to Traefik's static configuration file.
|
| services.zitadel.masterKeyFile | Path to a file containing a master encryption key for ZITADEL
|
| services.stash.passwordFile | Path to file containing password for login.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod | How frequently to change keys
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod | How frequently to change keys
|
| services.tarsnap.archives.<name>.maxbwRateUp | Upload bandwidth rate limit in bytes.
|
| systemd.network.networks.<name>.bridgeVLANs | A list of BridgeVLAN sections to be added to the unit
|
| services.pingvin-share.hostname | The domain name of your instance
|
| services.anubis.instances.<name>.enable | Whether to enable this instance of Anubis.
|
| services.firewalld.zones.<name>.icmpBlocks | ICMP types to block in the zone.
|
| services.dokuwiki.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| services.errbot.instances.<name>.admins | List of identifiers of errbot admins.
|
| services.davis.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.davis.nginx.locations.<name>.index | Adds index directive.
|
| services.movim.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.slskd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.movim.nginx.locations.<name>.index | Adds index directive.
|
| services.restic.backups.<name>.progressFps | Controls the frequency of progress reporting.
|
| services.slskd.nginx.locations.<name>.index | Adds index directive.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id | IKE identity to use for authentication round
|
| services.github-runners.<name>.url | Repository to add the runner to
|
| services.awstats.configs.<name>.hostAliases | List of aliases the site has.
|
| services.bluemap.storage.<name>.storage-type | Type of storage config
|
| services.redis.servers.<name>.databases | Set the number of databases.
|