| programs.ssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| boot.initrd.luks.devices.<name>.yubikey.gracePeriod | Time in seconds to wait for the YubiKey.
|
| services.wordpress.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.borgbackup.jobs.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.tokenFile | The token value
|
| services.easytier.instances.<name>.configFile | Path to easytier config file
|
| programs.neovim.runtime.<name>.enable | Whether this runtime directory should be generated
|
| services.fedimintd.<name>.nginx.config.locations | Declarative location config
|
| services.jirafeau.nginxConfig.locations.<name>.alias | Alias directory for requests.
|
| services.jirafeau.nginxConfig.locations.<name>.index | Adds index directive.
|
| services.gerrit.plugins | List of plugins to add to Gerrit
|
| services.fcgiwrap.instances.<name>.process.user | User as which this instance of fcgiwrap will be run
|
| fileSystems.<name>.fsType | Type of the file system
|
| services.davis.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.slskd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.movim.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.blockbook-frontend.<name>.public | Public http server binding [address]:port.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.path | Stream URL
|
| services.gitlab-runner.services.<name>.runUntagged | Register to run untagged builds; defaults to
true when tagList is empty
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| services.xserver.cmt.models | Which models to enable cmt for
|
| systemd.user.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqid | Fixed reqid to use for this CHILD_SA
|
| services.kanidm.provision.systems.oauth2.<name>.public | Whether this is a public client (enforces PKCE, doesn't use a basic secret)
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| boot.initrd.luks.devices.<name>.yubikey.storage.fsType | The filesystem of the unencrypted device.
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| services.nginx.virtualHosts.<name>.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.wordpress.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.firewalld.zones.<name>.egressPriority | Priority for outbound traffic
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id | Server side EAP-Identity to expect in the EAP method
|
| systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.keepalived.vrrpScripts.<name>.script | (Path of) Script command to execute followed by args, i.e. cmd [args]...
|
| services.fedimintd.<name>.nginx.config.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| systemd.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.user.timers.<name>.requisite | Similar to requires
|
| systemd.user.slices.<name>.requisite | Similar to requires
|
| services.fluidd.nginx.serverName | Name of this virtual host
|
| services.akkoma.nginx.serverName | Name of this virtual host
|
| services.gancio.nginx.serverName | Name of this virtual host
|
| services.monica.nginx.serverName | Name of this virtual host
|
| services.matomo.nginx.serverName | Name of this virtual host
|
| services.sanoid.datasets.<name>.recursive | Whether to recursively snapshot dataset children
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.values | A set of columns that will be used as values of this metric.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.labels | A set of columns that will be used as Prometheus labels.
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.caddy.virtualHosts.<name>.listenAddresses | A list of host interfaces to bind to for this virtual host.
|
| services.restic.backups.<name>.backupPrepareCommand | A script that must run before starting the backup process.
|
| services.restic.backups.<name>.backupCleanupCommand | A script that must run after finishing the backup process.
|
| services.nsd.zones.<name>.outgoingInterface | This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server
|
| services.gitlab-runner.services.<name>.preGetSourcesScript | Runner-specific command script executed before code is pulled.
|
| services.dolibarr.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.librenms.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.kanboard.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.fediwall.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.bookstack.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.agorakit.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.mainsail.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.pixelfed.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.wordpress.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.snipe-it.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| systemd.timers.<name>.requisite | Similar to requires
|
| systemd.slices.<name>.requisite | Similar to requires
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys | List of raw public key candidates to use for
authentication
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.anuko-time-tracker.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| services.bacula-sd.autochanger.<name>.devices | |
| services.authelia.instances.<name>.settings.log.level | Level of verbosity for logs.
|
| services.tarsnap.archives.<name>.followSymlinks | Whether to follow all symlinks in archive trees.
|
| services.vmalert.instances.<name>.settings | vmalert configuration, passed via command line flags
|
| services.openbao.settings.listener.<name>.address | The TCP address or UNIX socket path to listen on.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| services.gitea-actions-runner.instances.<name>.token | Plain token to register at the configured Gitea/Forgejo instance.
|
| services.vdirsyncer.jobs.<name>.forceDiscover | Run yes | vdirsyncer discover prior to vdirsyncer sync
|
| services.firewalld.zones.<name>.interfaces | Interfaces to bind.
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.kanidm.provision.systems.oauth2.<name>.scopeMaps | Maps kanidm groups to returned oauth scopes
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp | Enable IPComp compression before encryption
|
| services.i2pd.outTunnels.<name>.destinationPort | Connect to particular port at destination.
|
| services.jirafeau.nginxConfig.locations.<name>.tryFiles | Adds try_files directive.
|
| services.borgbackup.jobs.<name>.extraCompactArgs | Additional arguments for borg compact
|
| services.radicle.httpd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.gitlab.smtp.username | Username of the SMTP server for GitLab.
|
| systemd.user.services.<name>.notSocketActivated | If set, a changed unit is never assumed to be
socket-activated on configuration switch, even if
it might have associated socket units
|
| services.cjdns.ETHInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.cjdns.UDPInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.syncthing.settings.folders.<name>.path | The path to the folder which should be shared
|
| systemd.user.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.warpgate.settings.sso_providers.*.name | Internal identifier of SSO provider.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| services.firezone.server.provision.accounts.<name>.gatewayGroups | All gateway groups (sites) to provision
|
| services.wordpress.sites.<name>.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|