| services.i2pd.inTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| hardware.bluetooth.settings | Set configuration for system-wide bluetooth (/etc/bluetooth/main.conf)
|
| services.geoipupdate.settings.EditionIDs | List of database edition IDs
|
| services.syncthing.settings.options.relaysEnabled | When true, relays will be connected to and potentially used for device to device connections.
|
| services.slskd.settings.soulseek.listen_port | The port on which to listen for incoming connections.
|
| services.slskd.settings.soulseek.description | The user description for the Soulseek network.
|
| services.warpgate.settings.mysql.certificate | Path to MySQL listener certificate.
|
| services.suricata.settings.logging.outputs.console.enable | Whether to enable logging to console.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.keySize | Key size in bits
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.keySize | Key size in bits
|
| services.hddfancontrol.settings | Parameter-sets for each instance of hddfancontrol.
|
| services.awstats.configs.<name>.extraConfig | Extra configuration to be appended to awstats.${name}.conf.
|
| services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| services.bitcoind.<name>.group | The group as which to run bitcoind.
|
| services.sourcehut.settings."builds.sr.ht::worker".bind-address | HTTP bind address for serving local build information/monitoring.
|
| services.matrix-synapse.settings.listeners.*.path | Unix domain socket path to bind this listener to.
|
| services.geoipupdate.settings.LicenseKey | A file containing the MaxMind license key
|
| services.grafana.provision.alerting.rules.settings | Grafana rules configuration in Nix
|
| services.adguardhome.settings | AdGuard Home configuration
|
| users.users.<name>.pamMount | Attributes for user's entry in
pam_mount.conf.xml
|
| services.taler.exchange.settings.exchange.MASTER_PUBLIC_KEY | Used by the exchange to verify information signed by the offline system.
|
| services.pid-fan-controller.settings.heatSources.*.pidParams.D | K_d of PID controller.
|
| services.pid-fan-controller.settings.heatSources.*.pidParams.P | K_p of PID controller.
|
| services.pid-fan-controller.settings.heatSources.*.pidParams.I | K_i of PID controller.
|
| services.phpfpm.pools.<name>.socket | Path to the unix socket file on which to accept FastCGI requests.
This option is read-only and managed by NixOS.
|
| services.tor.settings.ConnDirectionStatistics | See torrc manual.
|
| services.tor.settings.ExitPolicyRejectLocalInterfaces | See torrc manual.
|
| services.rosenpass.settings.public_key | Path to a file containing the public key of the local Rosenpass peer
|
| services.rosenpass.settings.secret_key | Path to a file containing the secret key of the local Rosenpass peer
|
| systemd.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| systemd.user.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.tlsrpt.reportd.settings.http_script | Call to an HTTPS client, that accepts the URL on the commandline and the request body from stdin.
|
| services.crowdsec.settings.capi.credentialsFile | The CAPI credential file to use.
|
| services.crowdsec.settings.lapi.credentialsFile | The LAPI credential file to use.
|
| services.grafana.settings.smtp.from_address | Address used when sending out emails.
|
| services.sourcehut.settings."pages.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| security.loginDefs.settings.TTYGROUP | The terminal permissions: the login tty will be owned by the TTYGROUP group,
and the permissions will be set to TTYPERM
|
| services.suricata.settings.pcap-file.checksum-checks | Possible values are:
- yes: checksum validation is forced
- no: checksum validation is disabled
- auto: Suricata uses a statistical approach to detect when
checksum off-loading is used. (default)
Warning: 'checksum-validation' must be set to yes to have checksum tested.
|
| networking.wireguard.interfaces.<name>.peers.*.name | Name used to derive peer unit name.
|
| services.stash.settings.stash.*.excludevideo | Whether to exclude video files from being scanned into Stash
|
| services.stash.settings.stash.*.excludeimage | Whether to exclude image files from being scanned into Stash
|
| services.httpd.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.nginx.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.sourcehut.settings."builds.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."meta.sr.ht::billing".stripe-public-key | Public key for Stripe
|
| services.suwayomi-server.settings.server.systemTrayEnabled | Whether to enable a system tray icon, if possible.
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.i2pd.outTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.nsd.zones.<name>.provideXFR | Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
|
| services.fedimintd.<name>.nginx.config.locations.<name>.index | Adds index directive.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.alias | Alias directory for requests.
|
| nix.settings.sandbox | If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build
|
| services.stash.settings.blobs_storage | Where to store blobs
|
| services.stash.settings.scrapers_path | Path to scrapers
|
| services.nix-store-gcs-proxy.<name>.enable | Whether to enable proxy for this bucket
|
| services.jupyter.kernels.<name>.displayName | Name that will be shown to the user.
|
| programs.openvpn3.netcfg.settings | Options stored in /etc/openvpn3/netcfg.json configuration file
|
| services.globalprotect.settings | GlobalProtect-openconnect configuration
|
| services.drupal.sites.<name>.package | The drupal package to use.
|
| services.sabnzbd.settings.misc.email_server | SMTP server for email alerts (server:host)
|
| services.sabnzbd.settings.misc.enable_https | Whether to enable HTTPS for the web UI
|
| services.suricata.settings.vars.address-groups.TELNET_SERVERS | TELNET_SERVERS variable.
|
| services.autorandr.profiles.<name>.config.<name>.primary | Whether output should be marked as primary
|
| systemd.paths.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.openvpn.servers.<name>.up | Shell commands executed when the instance is starting.
|
| services.tor.settings.GuardfractionFile | See torrc manual.
|
| services.nezha-agent.settings.report_delay | The interval between system status reportings
|
| services.draupnir.settings.rawHomeserverUrl | Public base URL of the Matrix homeserver that provides the Client-Server API when using the Draupnir's
Report forwarding feature.
When using Pantalaimon, do not set this to the Pantalaimon URL!
|
| services.nginx.virtualHosts.<name>.http3 | Whether to enable the HTTP/3 protocol
|
| systemd.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.suwayomi-server.settings.server.basicAuthEnabled | Whether to enable basic access authentication for Suwayomi-Server
|
| services.ocsinventory-agent.settings | Configuration for /etc/ocsinventory-agent/ocsinventory-agent.cfg
|
| services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| systemd.paths.<name>.wants | Start the specified units when this unit is started.
|
| services.journald.remote.settings.Remote.ServerKeyFile | A path to a SSL secret key file in PEM format
|
| services.autosuspend.checks.<name>.class | Name of the class implementing the check
|
| services.filebeat.modules.<name>.module | The name of the module
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.slskd.settings.retention.files.incomplete | Lifespan of incomplete downloading files in minutes.
|
| services.grafana.settings.database.cache_mode | For sqlite3 only.
Shared cache setting used for connecting to the database.
|
| services.nextcloud-spreed-signaling.settings.mcu.type | The type of MCU to use
|
| services.maubot.settings.server.ui_base_path | The base path for the UI.
|
| services.crab-hole.settings.blocklist.allow_list | List of allowlists
|
| services.grafana.settings.server.socket_gid | GID where the socket should be set when protocol=socket
|
| services.jupyter.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.fedimintd.<name>.ui.bind | Address to bind on for UI connections
|
| services.nginx.virtualHosts.<name>.root | The path of the web root directory.
|
| services.nebula.networks.<name>.ca | Path to the certificate authority certificate.
|
| services.redis.servers.<name>.syslog | Enable logging to the system logger.
|
| services.redis.servers.<name>.enable | Whether to enable Redis server.
|
| services.rspamd.workers.<name>.count | Number of worker instances to run
|
| services.redis.servers.<name>.slowLogMaxLen | Maximum number of items to keep in slow log.
|
| services.rspamd.workers.<name>.type | The type of this worker
|
| security.pam.services.<name>.otpwAuth | If set, the OTPW system will be used (if
~/.otpw exists).
|
| services.stash.settings.preview_audio | Include audio stream in previews
|
| services.quicktun.<name>.tunMode | Whether to operate in tun (IP) or tap (Ethernet) mode.
|
| services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKey | Legacy RSA public key of the host in PEM format, including start and
end markers
|