| nix.registry.<name>.from | The flake reference to be rewritten
|
| security.acme.certs.<name>.s3Bucket | S3 bucket name to use for HTTP-01 based challenges
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.keySize | Key size in bits
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.keySize | Key size in bits
|
| services.nezha-agent.settings.report_delay | The interval between system status reportings
|
| services.autorandr.profiles.<name>.config.<name>.primary | Whether output should be marked as primary
|
| services.suwayomi-server.settings.server.basicAuthEnabled | Whether to enable basic access authentication for Suwayomi-Server
|
| services.bitcoind.<name>.pidFile | Location of bitcoind pid file.
|
| security.pam.services.<name>.oathAuth | If set, the OATH Toolkit will be used.
|
| services.matrix-appservice-irc.settings.database.engine | Which database engine to use
|
| services.draupnir.settings.rawHomeserverUrl | Public base URL of the Matrix homeserver that provides the Client-Server API when using the Draupnir's
Report forwarding feature.
When using Pantalaimon, do not set this to the Pantalaimon URL!
|
| services.geth.<name>.authrpc.enable | Whether to enable Go Ethereum Auth RPC API.
|
| systemd.user.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.user.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| services.kimai.sites.<name>.poolConfig | Options for the Kimai PHP pool
|
| services.ocsinventory-agent.settings | Configuration for /etc/ocsinventory-agent/ocsinventory-agent.cfg
|
| systemd.services.<name>.script | Shell commands executed as the service's main process.
|
| services.slskd.settings.retention.files.incomplete | Lifespan of incomplete downloading files in minutes.
|
| services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| systemd.paths.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.maubot.settings.server.ui_base_path | The base path for the UI.
|
| services.i2pd.outTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.grafana.settings.database.cache_mode | For sqlite3 only.
Shared cache setting used for connecting to the database.
|
| services.nextcloud-spreed-signaling.settings.mcu.type | The type of MCU to use
|
| services.journald.remote.settings.Remote.ServerKeyFile | A path to a SSL secret key file in PEM format
|
| power.ups.users.<name>.actions | Allow the user to do certain things with upsd
|
| services.crab-hole.settings.blocklist.allow_list | List of allowlists
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.jupyter.kernels.<name>.displayName | Name that will be shown to the user.
|
| services.stash.settings.preview_audio | Include audio stream in previews
|
| services.grafana.settings.server.socket_gid | GID where the socket should be set when protocol=socket
|
| services.bitcoind.<name>.group | The group as which to run bitcoind.
|
| services.moosefs.cgiserver.settings.GUISERV_LISTEN_PORT | Port for GUI server to listen on.
|
| services.matrix-appservice-irc.settings.ircService.servers | IRC servers to connect to
|
| users.users.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.autosuspend.checks.<name>.class | Name of the class implementing the check
|
| services.firewalld.settings.NftablesCounters | Whether to add a counter to every nftables rule.
|
| systemd.user.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.phpfpm.pools.<name>.socket | Path to the unix socket file on which to accept FastCGI requests.
This option is read-only and managed by NixOS.
|
| services.libeufin.bank.settings.libeufin-bank.CURRENCY | The currency under which the libeufin-bank should operate
|
| services.waagent.settings.Provisioning.Agent | Which provisioning agent to use.
|
| services.wastebin.settings.WASTEBIN_DATABASE_PATH | Path to the sqlite3 database file
|
| services.grafana.settings.server.socket_mode | Mode where the socket should be set when protocol=socket
|
| systemd.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| services.librespeed.frontend.servers.*.name | Name shown in the server list.
|
| hardware.tuxedo-drivers.settings.fn-lock | Enables or disables the laptop keyboard's Function (Fn) lock at boot
|
| services.grafana-image-renderer.settings.rendering.args | List of CLI flags passed to chromium.
|
| services.dependency-track.settings."alpine.ldap.enabled" | Defines if LDAP will be used for user authentication
|
| services.filebeat.modules.<name>.module | The name of the module
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.fedimintd.<name>.nginx.config.locations.<name>.tryFiles | Adds try_files directive.
|
| services.drupal.sites.<name>.package | The drupal package to use.
|
| services.nginx.virtualHosts.<name>.http3 | Whether to enable the HTTP/3 protocol
|
| services.matrix-continuwuity.settings | Generates the continuwuity.toml configuration file
|
| services.tor.settings.ClientRejectInternalAddresses | See torrc manual.
|
| services.transmission.settings.umask | Sets transmission's file mode creation mask
|
| services.bitmagnet.settings.http_server.port | HTTP server listen port
|
| services.openvpn.servers.<name>.up | Shell commands executed when the instance is starting.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module | Optional PKCS#11 module name.
|
| services.nsd.zones.<name>.provideXFR | Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
|
| services.nix-store-gcs-proxy.<name>.enable | Whether to enable proxy for this bucket
|
| services.grafana.provision.alerting.rules.settings.groups | List of rule groups to import or update.
|
| services.pretix.settings.pretix.registration | Whether to allow registration of new admin users.
|
| services.moosefs.cgiserver.settings.GUISERV_LISTEN_HOST | IP address to bind GUI server to (* means any).
|
| services.syncthing.settings.options.localAnnouncePort | The port on which to listen and send IPv4 broadcast announcements to.
|
| services.dependency-track.settings."alpine.oidc.enabled" | Defines if OpenID Connect will be used for user authentication
|
| services.crowdsec-firewall-bouncer.settings.api_url | URL of the local API.
|
| services.libeufin.nexus.settings.nexus-ebics.CLIENT_PRIVATE_KEYS_FILE | Filesystem location where Nexus should store the subscriber private keys.
|
| services.suricata.settings.logging.outputs.syslog.facility | Facility to log to.
|
| services.listmonk.database.settings.smtp.*.max_conns | Maximum number of simultaneous connections, defaults to 1
|
| services.dependency-track.settings."alpine.oidc.issuer" | Defines the issuer URL to be used for OpenID Connect
|
| services.healthchecks.settings.SECRET_KEY_FILE | Path to a file containing the secret key.
|
| services.dependency-track.settings."alpine.database.url" | Specifies the JDBC URL to use when connecting to the database.
|
| services.pretalx.settings.files.upload_limit | Maximum file upload size in MiB.
|
| services.suricata.settings.logging.default-output-filter | A regex to filter output
|
| systemd.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.nextcloud-spreed-signaling.settings | Declarative configuration
|
| services.sourcehut.settings."meta.sr.ht::billing".stripe-secret-key | An absolute file path (which should be outside the Nix-store)
to a secret key for Stripe
|
| services.ferretdb.settings.FERRETDB_TELEMETRY | Enable or disable basic telemetry
|
| services.transmission.settings.utp-enabled | Whether to enable Micro Transport Protocol (µTP).
|
| services.stash.settings.calculate_md5 | Whether to calculate MD5 checksums for scene video files
|
| services.neo4j.ssl.policies.<name>.privateKey | The name of private PKCS #8 key file for this policy to be found
in the baseDirectory, or the absolute path to
the key file
|
| services.jupyter.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.fedimintd.<name>.ui.bind | Address to bind on for UI connections
|
| services.nginx.virtualHosts.<name>.root | The path of the web root directory.
|
| services.redis.servers.<name>.syslog | Enable logging to the system logger.
|
| services.redis.servers.<name>.enable | Whether to enable Redis server.
|
| services.rspamd.workers.<name>.count | Number of worker instances to run
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.tor.settings.DoSRefuseSingleHopClientRendezvous | See torrc manual.
|
| services.sourcehut.settings."hg.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.dendrite.settings.media_api.base_path | Storage path for uploaded media.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.redis.servers.<name>.slowLogMaxLen | Maximum number of items to keep in slow log.
|
| security.pam.services.<name>.otpwAuth | If set, the OTPW system will be used (if
~/.otpw exists).
|
| services.rspamd.workers.<name>.type | The type of this worker
|
| services.reposilite.settings.defaultFrontend | Whether to enable the default included frontend with a dashboard.
|