| fileSystems.<name>.device | The device as passed to mount
|
| services.gitlab-runner.services.<name>.postGetSourcesScript | Runner-specific command script executed after code is pulled.
|
| security.acme.certs.<name>.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| services.kanboard.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.librenms.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.agorakit.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.caddy.virtualHosts.<name>.listenAddresses | A list of host interfaces to bind to for this virtual host.
|
| services.dolibarr.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.invoiceplane.sites.<name>.cron.key | Cron key taken from the administration page.
|
| services.fediwall.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.restic.backups.<name>.backupPrepareCommand | A script that must run before starting the backup process.
|
| services.restic.backups.<name>.backupCleanupCommand | A script that must run after finishing the backup process.
|
| services.pixelfed.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.mainsail.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| boot.loader.grub.extraFiles | A set of files to be copied to /boot
|
| services.firewalld.zones.<name>.interfaces | Interfaces to bind.
|
| services.drupal.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.keepalived.vrrpScripts.<name>.script | (Path of) Script command to execute followed by args, i.e. cmd [args]...
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.help | A human-readable description of this metric.
|
| services.tarsnap.archives.<name>.followSymlinks | Whether to follow all symlinks in archive trees.
|
| services.traefik.dynamic.files.<name>.settings | Dynamic configuration for Traefik, written in Nix.
This will be serialized to JSON (which is considered valid YAML) at build, and passed as part of the static file.
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.firezone.server.provision.accounts.<name>.relayGroups | All relay groups to provision
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.name | Name of the contact point
|
| services.i2pd.outTunnels.<name>.destinationPort | Connect to particular port at destination.
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.postfix.masterConfig.<name>.privileged | |
| services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| services.wordpress.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.vdirsyncer.jobs.<name>.forceDiscover | Run yes | vdirsyncer discover prior to vdirsyncer sync
|
| security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| boot.loader.systemd-boot.windows.<name>.title | The title of the boot menu entry.
|
| services.davis.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.slskd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.movim.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kmonad.keyboards.<name>.defcfg.compose.key | The (optional) compose key to use.
|
| services.wyoming.faster-whisper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| hardware.alsa.controls.<name>.maxVolume | The maximum volume in dB.
|
| services.blockbook-frontend.<name>.internal | Internal http server binding [address]:port.
|
| services.orangefs.server.fileSystems.<name>.extraConfig | Extra config for <FileSystem> section.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.warpgate.settings.sso_providers.*.name | Internal identifier of SSO provider.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.query | The SQL query to run.
|
| services.drupal.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.openssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| systemd.timers.<name>.requisite | Similar to requires
|
| systemd.slices.<name>.requisite | Similar to requires
|
| services.wordpress.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.autosuspend.checks.<name>.enabled | Whether to enable this activity check.
|
| services.bookstack.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.anuko-time-tracker.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.keepalived.vrrpScripts.<name>.timeout | Seconds after which script is considered to have failed.
|
| services.firewalld.zones.<name>.masquerade | Whether to enable masquerading in the zone.
|
| services.bookstack.nginx.locations.<name>.index | Adds index directive.
|
| services.borgbackup.jobs.<name>.extraCompactArgs | Additional arguments for borg compact
|
| services.dovecot2.mailboxes.<name>.specialUse | Null if no special use flag is set
|
| systemd.user.units.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.snapper.configs.<name>.TIMELINE_CLEANUP | Defines whether the timeline cleanup algorithm should be run for the config.
|
| services.wyoming.faster-whisper.servers.<name>.enable | Whether to enable Wyoming faster-whisper server.
|
| services.sanoid.datasets.<name>.recursive | Whether to recursively snapshot dataset children
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_HOURLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_YEARLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_WEEKLY | Limits for timeline cleanup.
|
| services.mosquitto.bridges.<name>.addresses | Remote endpoints for the bridge.
|
| services.snipe-it.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.gitlab-runner.services.<name>.dockerAllowedImages | Whitelist allowed images.
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.inadyn.settings.provider.<name>.include | File to include additional settings for this provider from.
|
| services.wordpress.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| boot.initrd.luks.devices.<name>.yubikey | The options to use for this LUKS device in YubiKey-PBA
|
| systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.fedimintd.<name>.nginx.config.listen | Listen addresses and ports for this virtual host
|
| networking.bonds.<name>.mode | DEPRECATED, use driverOptions
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| security.auditd.plugins.<name>.args | This allows you to pass arguments to the child program
|
| services.firezone.server.provision.accounts.<name>.policies | All policies to provision
|
| security.auditd.plugins.<name>.active | Whether to enable Whether to enable this plugin.
|
| services.postfix.settings.master.<name>.maxproc | The maximum number of processes to spawn for this service
|
| services.kimai.sites.<name>.database.serverVersion | MySQL exact version string
|
| services.sabnzbd.settings.servers.<name>.timeout | Time, in seconds, to wait for a response before
attempting error recovery.
|
| systemd.network.links.<name>.linkConfig | Each attribute in this set specifies an option in the
[Link] section of the unit
|
| services.nsd.zones.<name>.outgoingInterface | This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.fedimintd.<name>.environment | Extra Environment variables to pass to the fedimintd.
|
| services.jirafeau.nginxConfig.locations.<name>.root | Root directory for requests.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df | Whether to copy the DF bit to the outer IPv4 header in tunnel mode
|
| containers.<name>.specialArgs | A set of special arguments to be passed to NixOS modules
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.moodle.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.syncthing.settings.folders.<name>.type | Controls how the folder is handled by Syncthing
|
| services.radicle.httpd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.nagios.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.fedimintd.<name>.nginx.config.basicAuthFile | Basic Auth password file for a vhost
|