| services.waagent.settings.ResourceDisk.MountOptions | This option specifies disk mount options to be passed to the mount -o command
|
| services.snapserver.settings.tcp-streaming.port | Port to listen on for snapclient connections.
|
| services.warpgate.settings.http.certificate | Path to HTTPS listener certificate.
|
| services.tinyproxy.settings.Anonymous | If an Anonymous keyword is present, then anonymous proxying is enabled
|
| services.amule.settings.ExternalConnect.ECPassword | MD5 hash of the password, obtainaible with echo "<password>" | md5sum | cut -d ' ' -f 1
|
| services.sourcehut.settings."pages.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."lists.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."paste.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| programs.neovim.runtime.<name>.target | Name of symlink
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.opensnitch.settings.Audit.AudispSocketPath | Configure audit socket path
|
| services.bitmagnet.settings.postgres.password | Password for database user
|
| users.users.<name>.shell | The path to the user's shell
|
| boot.initrd.systemd.tmpfiles.settings | Similar to systemd.tmpfiles.settings but the rules are
only applied by systemd-tmpfiles before initrd-switch-root.target
|
| services.redis.servers.<name>.slaveOf.port | port of the Redis master
|
| services.tor.settings.AuthDirHasIPv6Connectivity | See torrc manual.
|
| services.opengfw.settings.workers.tcpMaxBufferedPagesTotal | TCP max total buffered pages.
|
| services.quickwit.settings.rest.listen_port | The port to listen on for HTTP REST traffic.
|
| services.wastebin.settings.WASTEBIN_HTTP_TIMEOUT | Maximum number of seconds a request can be processed until wastebin responds with 408
|
| services.keycloak.settings.http-relative-path | The path relative to / for serving
resources.
In versions of Keycloak using Wildfly (<17),
this defaulted to /auth
|
| services.headscale.settings.database.postgres.user | Database user.
|
| services.opengfw.settings.workers.tcpMaxBufferedPagesPerConn | TCP max total bufferd pages per connection.
|
| systemd.user.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.immichframe.settings.Accounts | Accounts configuration, multiple are permitted
|
| services.hans.clients.<name>.server | IP address of server running hans
|
| services.geth.<name>.authrpc.vhosts | List of virtual hostnames from which to accept requests.
|
| services.drupal.sites.<name>.themesDir | The location for users to install Drupal themes.
|
| services.nsd.zones.<name>.minRefreshSecs | Limit refresh time for secondary zones.
|
| services.spiped.config.<name>.maxConns | Limit on the number of simultaneous connections allowed.
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.draupnir.settings.homeserverUrl | Base URL of the Matrix homeserver that provides the Client-Server API.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.epgstation.settings.mirakurunPath | URL to connect to Mirakurun.
|
| services.opensearch.settings."discovery.type" | The type of discovery to use.
|
| services.sourcehut.settings."meta.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| services.garage.settings.metadata_dir | The metadata directory, put this on a fast disk (e.g
|
| systemd.automounts.*.name | The name of this systemd unit, including its extension
|
| services.scrutiny.collector.settings.api.endpoint | Scrutiny app API endpoint for sending metrics to.
|
| services.epgstation.settings.encodeProcessNum | The maximum number of processes that EPGStation would allow to run
at the same time for encoding or streaming videos.
|
| services.bitcoind.<name>.dataDir | The data directory for bitcoind.
|
| services.sourcehut.settings."sr.ht".service-key | An absolute file path (which should be outside the Nix-store)
to a key used for encrypting session cookies
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| services.suricata.settings.dpdk | Data Plane Development Kit is a framework for fast packet processing in data plane applications running on a wide variety of CPU architectures
|
| services.fedimintd.<name>.nginx.config.locations.<name>.root | Root directory for requests.
|
| services.autorandr.profiles.<name>.config.<name>.scale.method | Output scaling method.
|
| services.headscale.settings.database.postgres.port | Database host port.
|
| services.headscale.settings.database.postgres.host | Database host address.
|
| security.agnos.settings.accounts.*.email | Email associated with this account.
|
| services.znapzend.zetup.<name>.destinations.<name>.label | Label for this destination
|
| services.matrix-synapse.settings.listeners | List of ports that Synapse should listen on, their purpose and their configuration
|
| users.extraGroups.<name>.gid | The group GID
|
| services.glitchtip.settings.GLITCHTIP_DOMAIN | The URL under which GlitchTip is externally reachable.
|
| services.tor.settings.PublishHidServDescriptors | See torrc manual.
|
| services.opensearch.settings."transport.port" | The port to listen on for transport traffic.
|
| services.tor.settings.MaxAdvertisedBandwidth | See torrc manual.
|
| services.ocsinventory-agent.settings.debug | Whether to enable debug mode.
|
| services.rsync.jobs.<name>.inhibit | Run the rsync process with an inhibition lock taken;
see systemd-inhibit(1) for a list of possible operations.
|
| boot.initrd.luks.devices.<name>.keyFile | The name of the file (can be a raw device or a partition) that
should be used as the decryption key for the encrypted device
|
| services.dependency-track.settings."alpine.oidc.client.id" | Defines the client ID to be used for OpenID Connect
|
| services.hickory-dns.settings.zones.*.zone_type | One of:
- "Primary" (the master, authority for the zone).
- "Secondary" (the slave, replicated from the primary).
- "External" (a cached zone that queries other nameservers)
|
| services.netbird.server.dashboard.settings | An attribute set that will be used to substitute variables when building the dashboard
|
| services.suricata.settings.vars.address-groups.EXTERNAL_NET | EXTERNAL_NET variable.
|
| boot.initrd.luks.devices.<name>.header | The name of the file or block device that
should be used as header for the encrypted device.
|
| security.pam.services.<name>.showMotd | Whether to show the message of the day.
|
| systemd.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.etebase-server.settings.global.media_root | The media directory.
|
| services.geth.<name>.metrics.enable | Whether to enable Go Ethereum prometheus metrics.
|
| services.bitcoind.<name>.rpc.users | RPC user information for JSON-RPC connections.
|
| services.redis.servers.<name>.slaveOf | IP and port to which this redis instance acts as a slave.
|
| systemd.user.services.<name>.script | Shell commands executed as the service's main process.
|
| services.fastnetmon-advanced.settings | Extra configuration options to declaratively load into FastNetMon Advanced
|
| services.mautrix-discord.settings.homeserver | fullDataDiration
|
| services.swapspace.settings.freetarget | Percentage of free space swapspace should aim for when adding swapspace
|
| services.wgautomesh.settings.interface | Wireguard interface to manage (it is NOT created by wgautomesh, you
should use another NixOS option to create it such as
networking.wireguard.interfaces.wg0 = {...};).
|
| services.wgautomesh.settings.peers.*.endpoint | Bootstrap endpoint for connecting to this Wireguard peer if no
other address is known or none are working.
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.anuko-time-tracker.settings.defaultCurrency | Defines a default currency symbol for new groups
|
| services.minidlna.settings.enable_tivo | Support for streaming .jpg and .mp3 files to a TiVo supporting HMO.
|
| services.reposilite.settings.keyPassword | Plaintext password used to unlock the Java KeyStore set in services.reposilite.settings.keyPath
|
| services.sftpgo.settings.webdavd.bindings.*.address | Network listen address
|
| services.grafana.settings.security.admin_user | Default admin username.
|
| services.bitcoind.<name>.pidFile | Location of bitcoind pid file.
|
| services.matrix-appservice-irc.settings.database | Configuration for the database
|
| services.mautrix-discord.settings.appservice | Appservice configuration
|
| services.fastnetmon-advanced.traffic_db.settings | Additional settings for /etc/fastnetmon/traffic_db.conf
|
| services.suricata.settings.logging.default-log-format | The default output format
|
| systemd.services.<name>.script | Shell commands executed as the service's main process.
|
| services.grafana.settings.database.password | The database user's password (not applicable for sqlite3)
|
| services.tor.settings.FetchUselessDescriptors | See torrc manual.
|
| services.cgit.<name>.nginx.location | Location to serve cgit under.
|
| services.rspamd.locals.<name>.source | Path of the source file.
|
| services.spiped.config.<name>.target | Address to which spiped should connect.
|
| security.pam.services.<name>.oathAuth | If set, the OATH Toolkit will be used.
|
| services.kimai.sites.<name>.poolConfig | Options for the Kimai PHP pool
|
| services.geth.<name>.authrpc.enable | Whether to enable Go Ethereum Auth RPC API.
|
| systemd.user.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.user.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| nix.registry.<name>.to | The flake reference from is rewritten to
|
| users.users.<name>.enable | If set to false, the user account will not be created
|