| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| networking.jool.nat64.<name>.global.pool6 | The prefix used for embedding IPv4 into IPv6 addresses
|
| services.drupal.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| programs.schroot.profiles.<name>.fstab | A file in the format described in fstab(5), used to mount filesystems inside the chroot
|
| services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| systemd.user.services.<name>.requisite | Similar to requires
|
| systemd.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.drupal.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.anubis.instances.<name>.extraFlags | A list of extra flags to be passed to Anubis.
|
| services.nginx.upstreams.<name>.extraConfig | These lines go to the end of the upstream verbatim.
|
| services.syncoid.commands.<name>.service | Systemd configuration specific to this syncoid service.
|
| services.tarsnap.archives.<name>.verbose | Whether to produce verbose logging output.
|
| services.vault-agent.instances.<name>.enable | Whether to enable this vault-agent instance.
|
| services.wyoming.piper.servers.<name>.noiseWidth | Phoneme width noise value.
|
| services.znapzend.zetup.<name>.mbuffer.size | The size for mbuffer
|
| services.wordpress.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.fluidd.nginx.locations.<name>.index | Adds index directive.
|
| services.blockbook-frontend.<name>.rpc.url | URL for JSON-RPC connections.
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| image.repart.partitions.<name>.contents | The contents to end up in the filesystem image.
|
| services.gancio.nginx.locations.<name>.index | Adds index directive.
|
| services.akkoma.nginx.locations.<name>.index | Adds index directive.
|
| services.gancio.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.jupyterhub.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.fluidd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.matomo.nginx.locations.<name>.index | Adds index directive.
|
| services.sanoid.datasets.<name>.autosnap | Whether to automatically take snapshots.
|
| services.prosody.virtualHosts.<name>.enabled | Whether to enable the virtual host
|
| services.monica.nginx.locations.<name>.index | Adds index directive.
|
| services.matomo.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.wstunnel.clients.<name>.connectTo | Server address and port to connect to.
|
| services.webhook.hooks.<name>.execute-command | The command that should be executed when the hook is triggered.
|
| services.netbird.clients.<name>.autoStart | Start the service with the system
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.i2pd.ifname | Network interface to bind to.
|
| services.snapper.configs.<name>.ALLOW_USERS | List of users allowed to operate with the config. "root" is always
implicitly included
|
| systemd.sockets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.targets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.rke2.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| users.mysql.pam.logging.userColumn | The name of the column in the log table to which the name of the
user being authenticated is stored.
|
| users.mysql.pam.logging.hostColumn | The name of the column in the log table to which the name of the user
being authenticated is stored.
|
| services.akkoma.frontends.<name>.package | Akkoma frontend package.
|
| services.sanoid.templates.<name>.monthly | Number of monthly snapshots.
|
| services.vdirsyncer.jobs.<name>.configFile | existing configuration file
|
| services.sabnzbd.settings.servers.<name>.displayname | Human-friendly description of the server
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.id | A unique identifier for this authentication token
|
| systemd.network.netdevs.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.borgbackup.jobs.<name>.extraArgs | Additional arguments for all borg calls the
service has
|
| services.drupal.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.firewalld.zones.<name>.sources | Source addresses, address ranges, MAC addresses or ipsets to bind.
|
| services.rsync.jobs.<name>.destination | Destination directory.
|
| services.h2o.hosts.<name>.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.prePublish | How long in advance to publish new keys
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.prePublish | How long in advance to publish new keys
|
| systemd.network.networks.<name>.dhcpV4Config | Each attribute in this set specifies an option in the
[DHCPv4] section of the unit
|
| systemd.network.networks.<name>.dhcpV6Config | Each attribute in this set specifies an option in the
[DHCPv6] section of the unit
|
| systemd.user.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.user.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.wakapi.passwordSaltFile | The path to a file containing the password salt to use for Wakapi.
|
| services.jicofo.userPasswordFile | Path to file containing password for XMPP user connection.
|
| services.gitea.settings.log.ROOT_PATH | Root path for log files.
|
| services.gitlab.registry.certFile | Path to GitLab container registry certificate.
|
| services.headscale.configFile | Path to the configuration file of headscale.
|
| services.bonsaid.configFile | Path to a .json file specifying the state transitions
|
| services.jigasi.userPasswordFile | Path to file containing password for XMPP user connection.
|
| services.gitea.database.socket | Path to the unix socket file to use for authentication.
|
| services.radicle.publicKey | An SSH public key (as an absolute file path or directly as a string),
usually generated by rad auth
|
| services.ncdns.dnssec.keys.private | Path to the file containing the KSK private key.
|
| services.kea.dhcp-ddns.configFile | Kea DHCP-DDNS configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/ddns.html
|
| services.blockbook-frontend.<name>.sync | Synchronizes until tip, if together with zeromq, keeps index synchronized.
|
| services.dovecot2.mailboxes.<name>.auto | Whether to automatically create or create and subscribe to the mailbox or not.
|
| services.spiped.config.<name>.resolveRefresh | Resolution refresh time for the target socket, in seconds.
|
| services.gitlab-runner.services.<name>.tagList | Tag list
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| services.tor.relay.onionServices.<name>.version | See torrc manual.
|
| services.v4l2-relayd.instances.<name>.enable | Whether to enable this v4l2-relayd instance.
|
| services.anubis.instances.<name>.group | The group under which Anubis is run
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| systemd.user.slices.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.user.timers.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.snapper.configs.<name>.ALLOW_GROUPS | List of groups allowed to operate with the config
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.wstunnel.servers.<name>.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.errbot.instances.<name>.plugins | List of errbot plugin derivations.
|
| services.restic.backups.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| services.znc.confOptions.networks.<name>.server | IRC server address.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.snapserver.streams.<name>.type | The type of input stream.
|
| services.logcheck.ignoreCron.<name>.timeArgs | "min hr dom mon dow" crontab time args, to auto-create a cronjob too
|
| networking.interfaces.<name>.mtu | MTU size for packets leaving the interface
|
| systemd.user.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|