| services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| systemd.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| services.snipe-it.nginx.serverName | Name of this virtual host
|
| services.firezone.server.provision.accounts.<name>.auth | All authentication providers to provision
|
| services.logcheck.ignoreCron.<name>.cmdline | Command line for the cron job
|
| systemd.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.k3s.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.errbot.instances.<name>.extraConfig | String to be appended to the config verbatim
|
| services.wyoming.piper.servers.<name>.lengthScale | Phoneme length value.
|
| services.wordpress.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucNickname | Videobridges use the same XMPP account and need to be distinguished by the
nickname (aka resource part of the JID)
|
| services.thanos.rule.alertmanagers.urls | Alertmanager replica URLs to push firing alerts
|
| programs.river.package | The river package to use
|
| services.hledger-web.stateDir | Path the service has access to
|
| services.asusd.profileConfig.source | Path of the source file.
|
| security.apparmor.packages | List of packages to be added to AppArmor's include path
|
| services.movim.h2o.tls.identity.*.key-file | Path to key file
|
| services.traefik.dynamic.file | Path to Traefik's dynamic configuration file.
You cannot use this option alongside the declarative configuration options.
|
| services.syslog-ng.extraModulePaths | A list of paths that should be included in syslog-ng's
--module-path option
|
| services.oauth2-proxy.clientSecretFile | The path to a file containing the OAuth Client Secret.
|
| services.szurubooru.dataDir | The path to the data directory in which Szurubooru will store its data.
|
| services.lubelogger.dataDir | Path to LubeLogger config and metadata inside of /var/lib/.
|
| services.xinetd.services.*.server | Path of the program that implements the service.
|
| services.webdav-server-rs.configFile | Path to config file
|
| services.jirafeau.nginxConfig.root | The path of the web root directory.
|
| system.preSwitchChecks | A set of shell script fragments that are executed before the switch to a
new NixOS system configuration
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups | A list of gateway groups (sites) which can reach the resource and may be used to connect to it.
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_id | Identity to use as peer identity during EAP authentication
|
| services.firewalld.zones.<name>.sources.*.ipset | An ipset.
|
| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| services.sabnzbd.settings.servers.<name>.port | Port of the server
|
| services.sabnzbd.settings.servers.<name>.host | Hostname of the server
|
| services.nginx.virtualHosts.<name>.locations | Declarative location config
|
| services.vault-agent.instances.<name>.package | The vault package to use.
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| services.orangefs.server.fileSystems.<name>.id | File system ID (must be unique within configuration).
|
| services.znapzend.zetup.<name>.postsnap | Command to run after snapshots are taken on the source dataset,
e.g. for database unlocking
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.neo4j.ssl.policies.<name>.tlsVersions | Restrict the TLS protocol versions of this policy to those
defined here.
|
| services.wordpress.sites.<name>.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.
|
| services.wyoming.piper.servers.<name>.speaker | ID of a specific speaker in a multi-speaker model.
|
| services.grafana.provision.dashboards.settings.providers.*.name | A unique provider name.
|
| services.drupal.sites.<name>.virtualHost.logFormat | Log format for Apache's log files
|
| systemd.network.networks.<name>.ipv6SendRAConfig | Each attribute in this set specifies an option in the
[IPv6SendRA] section of the unit
|
| systemd.network.netdevs.<name>.l2tpSessions | Each item in this array specifies an option in the
[L2TPSession] section of the unit
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| services.fedimintd.<name>.api.openFirewall | Opens port in firewall for fedimintd's api port
|
| services.pgbackrest.stanzas.<name>.jobs | Backups jobs to schedule for this stanza as described in:
https://pgbackrest.org/user-guide.html#quickstart/schedule-backup
|
| services.frp.instances.<name>.settings | Frp configuration, for configuration options
see the example of client
or server on github.
|
| boot.initrd.luks.devices.<name>.fido2.credential | The FIDO2 credential ID.
|
| services.blockbook-frontend.<name>.cssDir | Location of the dir with main.css CSS file
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| boot.initrd.luks.devices.<name>.allowDiscards | Whether to allow TRIM requests to the underlying device
|
| services.rke2.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.strongswan-swanctl.swanctl.connections.<name>.pools | List of named IP pools to allocate virtual IP addresses
and other configuration attributes from
|
| services.atalkd.interfaces.<name>.config | Optional configuration string for this interface.
|
| services.borgbackup.repos.<name>.quota | Storage quota for the repository
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updown | Updown script to invoke on CHILD_SA up and down events.
|
| networking.wlanInterfaces.<name>.meshID | MeshID of interface with type mesh.
|
| services.gitea.repositoryRoot | Path to the git repositories.
|
| services.i2pd.reseed.floodfill | Path to router info of floodfill to reseed from.
|
| services.code-server.extraPackages | Additional packages to add to the code-server PATH.
|
| services.chhoto-url.settings.db_url | The path of the sqlite database.
|
| services.athens.storage.mongo.certPath | Path to the certificate file for the mongo database.
|
| services.ergochat.configFile | Path to configuration file
|
| programs.k3b.enable | Whether to enable k3b, the KDE disk burning application
|
| services.mailman.serve.virtualRoot | Path to mount the mailman-web django application on.
|
| services.podgrab.passwordFile | The path to a file containing the PASSWORD environment variable
definition for Podgrab's authentication.
|
| services.outline.utilsSecretFile | File path that contains the utility secret key
|
| services.mackerel-agent.apiKeyFile | Path to file containing the Mackerel API key
|
| services.kea.ctrl-agent.configFile | Kea Control Agent configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/agent.html
|
| xdg.portal.extraPortals | List of additional portals to add to path
|
| services.waagent.extraPackages | Additional packages to add to the waagent PATH.
|
| services.nginx.upstreams.<name>.servers | Defines the address and other parameters of the upstream servers
|
| services.nebula.networks.<name>.tun.disable | When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| networking.wireless.networks.<name>.pskRaw | Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
networking.wireless.secretsFile and prefixed
with ext:) containing the network pre-shared key.
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
Mutually exclusive with psk and auth.
|
| services.httpd.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.multipath.devices.*.skip_kpartx | If set to yes, kpartx will not automatically create partitions on the device
|
| services.wstunnel.clients.<name>.remoteToLocal | Listen on remote and forwards traffic from local
|
| services.blockbook-frontend.<name>.debug | Debug mode, return more verbose errors, reload templates on each request.
|
| services.openafsServer.roles.backup.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.wstunnel.clients.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.borgbackup.jobs.<name>.postHook | Shell commands to run just before exit
|
| services.gitlab-runner.services.<name>.cloneUrl | Overwrite the URL for the GitLab instance
|
| systemd.network.netdevs.<name>.macvlanConfig | Each attribute in this set specifies an option in the
[MACVLAN] section of the unit
|
| services.openafsServer.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.openafsClient.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.inadyn.settings.provider.<name>.ssl | Whether to use HTTPS for this DDNS provider.
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.wordpress.sites.<name>.uploadsDir | This directory is used for uploads of pictures
|
| services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.groups | A list of groups for which targets are retrieved, only supported when targeting the container role
|
| services.v4l2-relayd.instances.<name>.input.width | The width to read from input-stream.
|
| services.davis.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.davis.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.slskd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|