| services.anubis.instances.<name>.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| systemd.services.<name>.confinement.mode | The value full-apivfs (the default) sets up
private /dev, /proc,
/sys, /tmp and /var/tmp file systems
in a separate user name space
|
| services.k3s.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.nebula.networks.<name>.tun.disable | When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
|
| services.blockbook-frontend.<name>.rpc.url | URL for JSON-RPC connections.
|
| image.repart.partitions.<name>.contents | The contents to end up in the filesystem image.
|
| services.jupyterhub.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.sanoid.datasets.<name>.autosnap | Whether to automatically take snapshots.
|
| services.prosody.virtualHosts.<name>.enabled | Whether to enable the virtual host
|
| services.wstunnel.clients.<name>.connectTo | Server address and port to connect to.
|
| services.webhook.hooks.<name>.execute-command | The command that should be executed when the hook is triggered.
|
| services.sabnzbd.settings.servers.<name>.port | Port of the server
|
| services.sabnzbd.settings.servers.<name>.host | Hostname of the server
|
| services.snapper.configs.<name>.ALLOW_GROUPS | List of groups allowed to operate with the config
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| systemd.sockets.<name>.listenDatagrams | For each item in this list, a ListenDatagram
option in the [Socket] section will be created.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|
| services.mailpit.instances.<name>.max | Maximum number of emails to keep
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| services.akkoma.frontends.<name>.package | Akkoma frontend package.
|
| services.sanoid.templates.<name>.monthly | Number of monthly snapshots.
|
| services.vdirsyncer.jobs.<name>.configFile | existing configuration file
|
| systemd.shutdownRamfs.contents.<name>.source | Path of the source file.
|
| containers.<name>.extraVeths | Extra veth-pairs to be created for the container.
|
| services.inadyn.settings.custom.<name>.ddns-path | DDNS server path
|
| systemd.sockets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| services.spiped.config.<name>.resolveRefresh | Resolution refresh time for the target socket, in seconds.
|
| services.anki-sync-server.users.*.username | User name accepted by anki-sync-server.
|
| services.spiped.config.<name>.source | Address on which spiped should listen for incoming
connections
|
| services.drupal.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.sabnzbd.settings.servers.<name>.displayname | Human-friendly description of the server
|
| systemd.slices.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.timers.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| boot.initrd.luks.devices.<name>.fido2.credential | The FIDO2 credential ID.
|
| services.rsync.jobs.<name>.destination | Destination directory.
|
| systemd.network.networks.<name>.bfifoConfig | Each attribute in this set specifies an option in the
[BFIFO] section of the unit
|
| systemd.network.networks.<name>.pfifoConfig | Each attribute in this set specifies an option in the
[PFIFO] section of the unit
|
| systemd.network.networks.<name>.qdiscConfig | Each attribute in this set specifies an option in the
[QDisc] section of the unit
|
| services.v4l2-relayd.instances.<name>.enable | Whether to enable this v4l2-relayd instance.
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file | File name in the rsa folder for which this passphrase
should be used.
|
| systemd.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| systemd.user.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.gitlab-runner.services.<name>.description | Name/description of the runner.
|
| services.kanata.keyboards.<name>.config | Configuration other than defcfg
|
| services.wordpress.sites.<name>.poolConfig | Options for the WordPress PHP pool
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| services.wstunnel.servers.<name>.listen | Address and port to listen on
|
| services.davis.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.davis.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.slskd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.movim.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.slskd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.wstunnel.servers.<name>.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.errbot.instances.<name>.plugins | List of errbot plugin derivations.
|
| services.restic.backups.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| services.github-runners.<name>.nodeRuntimes | List of Node.js runtimes the runner should support.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.inadyn.settings.provider.<name>.ssl | Whether to use HTTPS for this DDNS provider.
|
| services.httpd.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.firezone.server.provision.accounts.<name>.auth | All authentication providers to provision
|
| services.znc.confOptions.networks.<name>.extraConf | Extra config for the network
|
| services.openssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.snapserver.streams.<name>.type | The type of input stream.
|
| services.fedimintd.<name>.nginx.config.quic | Whether to enable the QUIC transport protocol
|
| services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| services.fedimintd.<name>.api_iroh.bind | Address to bind on for Iroh endpoint for API connections
|
| services.syncoid.commands.<name>.useCommonArgs | Whether to add the configured common arguments to this command.
|
| services.v4l2-relayd.instances.<name>.input.width | The width to read from input-stream.
|
| services.fedimintd.<name>.nginx.config.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.firewalld.services.<name>.ports | Ports of the service.
|
| services.firewalld.zones.<name>.sourcePorts.*.port | |
| services.gitlab-runner.services.<name>.limit | Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit.
|
| services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.acme-dns.settings.general.nsname | Zone name server.
|
| services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| services.dokuwiki.sites.<name>.pluginsConfig | List of the dokuwiki (un)loaded plugins.
|
| services.mailpit.instances.<name>.listen | HTTP bind interface and port for UI.
|
| services.public-inbox.inboxes.<name>.coderepo | Nicknames of a 'coderepo' section associated with the inbox.
|
| systemd.shutdownRamfs.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| containers.<name>.bindMounts | An extra list of directories that is bound to the container.
|
| services.vdirsyncer.jobs.<name>.config.pairs | vdirsyncer pair configurations
|
| systemd.user.sockets.<name>.listenDatagrams | For each item in this list, a ListenDatagram
option in the [Socket] section will be created.
|
| boot.specialFileSystems.<name>.device | The device as passed to mount
|
| systemd.user.sockets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.targets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.rke2.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.snipe-it.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|