| services.pgbackrest.repos.<name>.sftp-host | SFTP repository host
|
| services.opkssh.providers.<name>.clientId | OAuth client ID
|
| services.wordpress.sites.<name>.package | The wordpress package to use.
|
| security.pam.services.<name>.logFailures | Whether to log authentication failures in /var/log/faillog.
|
| services.tinc.networks.<name>.settings | Configuration of the Tinc daemon for this network
|
| services.github-runners.<name>.extraLabels | Extra labels in addition to the default (unless disabled through the noDefaultLabels option)
|
| services.httpd.virtualHosts.<name>.http2 | Whether to enable HTTP 2
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.mpdscribble.endpoints.<name>.username | Username for the scrobble service.
|
| services.tahoe.nodes.<name>.client.shares.needed | The number of shares required to reconstitute a file.
|
| systemd.sockets.<name>.listenDatagrams | For each item in this list, a ListenDatagram
option in the [Socket] section will be created.
|
| systemd.user.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.znc.confOptions.networks.<name>.useSSL | Whether to use SSL to connect to the IRC server.
|
| security.pam.services.<name>.forwardXAuth | Whether X authentication keys should be passed from the
calling user to the target user (e.g. for
su)
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| services.nginx.virtualHosts.<name>.listen.*.port | Port number to listen on
|
| services.sympa.domains.<name>.settings | The robot.conf configuration file as key value set
|
| systemd.network.networks.<name>.canConfig | Each attribute in this set specifies an option in the
[CAN] section of the unit
|
| systemd.network.networks.<name>.pieConfig | Each attribute in this set specifies an option in the
[PIE] section of the unit
|
| systemd.network.netdevs.<name>.fooOverUDPConfig | Each attribute in this set specifies an option in the
[FooOverUDP] section of the unit
|
| services.prometheus.exporters.node-cert.paths | List of paths to search for SSL certificates.
|
| services.drupal.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| systemd.slices.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.timers.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters | A list of filter to restrict traffic
|
| services.kanidm.provision.systems.oauth2.<name>.displayName | Display name
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| services.matomo.webServerUser | Name of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used
|
| services.borgbackup.jobs.<name>.preHook | Shell commands to run before the backup
|
| systemd.sockets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.gitlab-runner.services.<name>.description | Name/description of the runner.
|
| services.fedimintd.<name>.bitcoin.rpc.kind | Kind of a bitcoin node.
|
| services.gancio.nginx.locations.<name>.root | Root directory for requests.
|
| services.fluidd.nginx.locations.<name>.root | Root directory for requests.
|
| services.akkoma.nginx.locations.<name>.root | Root directory for requests.
|
| services.snipe-it.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.matomo.nginx.locations.<name>.root | Root directory for requests.
|
| services.snipe-it.nginx.locations.<name>.index | Adds index directive.
|
| services.monica.nginx.locations.<name>.root | Root directory for requests.
|
| services.vdirsyncer.jobs.<name>.enable | Whether to enable this vdirsyncer job.
|
| services.github-runners.<name>.nodeRuntimes | List of Node.js runtimes the runner should support.
|
| security.wrappers | This option effectively allows adding setuid/setgid bits, capabilities,
changing file ownership and permissions of a program without directly
modifying it
|
| services.cfdyndns.apikeyFile | The path to a file containing the API Key
used to authenticate with CloudFlare.
|
| services.db-rest.redis.passwordFile | Path to a file containing the redis password.
|
| services.gitea.minioSecretAccessKey | Path to a file containing the Minio secret access key.
|
| services.etebase-server.unixSocket | The path to the socket to bind to.
|
| services.openssh.hostKeys | NixOS can automatically generate SSH host keys
|
| services.mpd.settings.db_file | The path to MPD's database.
|
| services.nezha-agent.clientSecretFile | Path to the file contained the client_secret of the dashboard.
|
| services.osquery.flags.pidfile | Path used for pid file.
|
| services.syncplay.statsDBFile | Path to SQLite database file to store stats
|
| services.kea.dhcp6.configFile | Kea DHCP6 configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/dhcp6-srv.html
|
| services.kea.dhcp4.configFile | Kea DHCP4 configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/dhcp4-srv.html
|
| services.caddy.virtualHosts.<name>.extraConfig | Additional lines of configuration appended to this virtual host in the
automatically generated Caddyfile.
|
| services.kimai.sites.<name>.database.charset | Database charset.
|
| services.anubis.instances.<name>.settings.POLICY_FNAME | The policy file to use
|
| services.tarsnap.archives.<name>.period | Create archive at this interval
|
| services.httpd.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nginx.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.restic.backups.<name>.pruneOpts | A list of options (--keep-* et al.) for 'restic forget
--prune', to automatically prune old snapshots
|
| services.nginx.proxyCachePath.<name>.useTempPath | Nginx first writes files that are destined for the cache to a temporary
storage area, and the use_temp_path=off directive instructs Nginx to
write them to the same directories where they will be cached
|
| services.movim.h2o.serverName | Server name to be used for this virtual host
|
| services.wstunnel.servers.<name>.listen.host | The hostname.
|
| services.wstunnel.servers.<name>.listen.port | The port.
|
| services.netbird.clients.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.netbird.tunnels.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.xserver.windowManager.xmonad.config | Configuration from which XMonad gets compiled
|
| services.restic.backups.<name>.extraOptions | Extra extended options to be passed to the restic --option flag.
|
| systemd.network.networks.<name>.ipoIBConfig | Each attribute in this set specifies an option in the
[IPoIB] section of the unit
|
| services.wstunnel.clients.<name>.addNetBind | Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.
|
| systemd.network.netdevs.<name>.vrfConfig | Each attribute in this set specifies an option in the
[VRF] section of the unit
|
| users.extraUsers.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| services.kanata.keyboards.<name>.extraArgs | Extra command line arguments passed to kanata.
|
| services.netbird.clients.<name>.dir.runtime | A runtime directory used by NetBird client.
|
| services.netbird.tunnels.<name>.dir.runtime | A runtime directory used by NetBird client.
|
| services.wyoming.piper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.wyoming.piper.servers.<name>.enable | Whether to enable Wyoming Piper server.
|
| systemd.user.services.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.nginx.proxyCachePath.<name>.inactive | Cached data that has not been accessed for the time specified by
the inactive parameter is removed from the cache, regardless of
its freshness.
|
| systemd.user.timers.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.slices.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.bacula-sd.device.<name>.extraDeviceConfig | Extra configuration to be passed in Device directive.
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.anubis.instances.<name>.user | The user under which Anubis is run
|
| services.k3s.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| services.neo4j.ssl.policies.<name>.ciphers | Restrict the allowed ciphers of this policy to those defined
here
|
| services.easytier.instances.<name>.settings.hostname | Hostname shown in peer list and web console.
|
| services.httpd.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.neo4j.ssl.policies.<name>.trustAll | Makes this policy trust all remote parties
|
| services.davis.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.movim.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.slskd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| security.auditd.plugins.<name>.format | Binary passes the data exactly as the audit event dispatcher gets it from
the audit daemon
|
| programs.ssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|