| systemd.network.netdevs.<name>.wlanConfig | Each attribute in this set specifies an option in the [WLAN] section of the unit
|
| systemd.network.netdevs.<name>.bondConfig | Each attribute in this set specifies an option in the
[Bond] section of the unit
|
| systemd.network.netdevs.<name>.vlanConfig | Each attribute in this set specifies an option in the
[VLAN] section of the unit
|
| systemd.network.netdevs.<name>.xfrmConfig | Each attribute in this set specifies an option in the
[Xfrm] section of the unit
|
| systemd.network.netdevs.<name>.peerConfig | Each attribute in this set specifies an option in the
[Peer] section of the unit
|
| services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| services.jirafeau.nginxConfig.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.factorio.username | Your factorio.com login credentials
|
| services.coder.database.username | Username for accessing the database.
|
| services.radicle.httpd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| security.acme.certs.<name>.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| boot.initrd.luks.devices.<name>.yubikey.storage.fsType | The filesystem of the unencrypted device.
|
| services.firefox-syncserver.singleNode.hostname | Host name to use for this service.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.root | Root directory for requests.
|
| services.hostapd.radios.<name>.wifi5.capabilities | VHT (Very High Throughput) capabilities given as a list of flags
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| image.repart.partitions.<name>.storePaths | The store paths to include in the partition.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams | See torrc manual.
|
| services.limesurvey.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.k3s.nodeName | Node name.
|
| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| systemd.network.networks.<name>.routes | A list of route sections to be added to the unit
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.handle | Hex-encoded CKA_ID or handle of the private key on the token or TPM,
respectively.
|
| networking.bonds.<name>.miimon | DEPRECATED, use driverOptions
|
| users.users.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.bcg.automaticRenameNodes | Automatically rename all nodes.
|
| hardware.display.outputs.<name>.mode | A video kernel parameter (framebuffer mode) configuration for the specific output:
<xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m][eDd]
See for more information:
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret | Value of the EAP/XAuth secret
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.keepalived.vrrpInstances.<name>.interface | Interface for inside_network, bound by vrrp.
|
| services.archisteamfarm.bots.<name>.enabled | Whether to enable the bot on startup.
|
| services.cloudflared.tunnels.<name>.warp-routing.enabled | Enable warp routing
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| systemd.shutdownRamfs.contents.<name>.text | Text of the file.
|
| services.fedimintd.<name>.nginx.config.listen.*.extraParameters | Extra parameters of this listen directive.
|
| services.system76-scheduler.assignments.<name>.nice | Niceness.
|
| systemd.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.anubis.instances.<name>.settings.DIFFICULTY | The difficulty required for clients to solve the challenge
|
| systemd.user.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.sockets.<name>.requisite | Similar to requires
|
| systemd.user.targets.<name>.requisite | Similar to requires
|
| services.stargazer.certOrg | The name of the organization responsible for the X.509
certificate's /O name.
|
| services.authelia.instances.<name>.settings.log.file_path | File path where the logs will be written
|
| services.limesurvey.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.librenms.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.kanboard.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.agorakit.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.dolibarr.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.fediwall.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.mainsail.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.pixelfed.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding | Pads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality
|
| services.prometheus.scrapeConfigs.*.job_name | The job name assigned to scraped metrics by default.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets | Maximum number of packets processed before CHILD_SA gets closed
|
| services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.armagetronad.servers.<name>.openFirewall | Set to true to open the configured UDP port for Armagetron Advanced.
|
| services.strongswan-swanctl.swanctl.pools.<name>.addrs | Addresses allocated in pool
|
| services.system76-scheduler.assignments.<name>.prio | CPU scheduler priority.
|
| programs.tsmClient.servers.<name>.tcpport | TCP port of the IBM TSM server
|
| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| systemd.network.networks.<name>.enable | Whether to manage network configuration using systemd-network
|
| systemd.network.networks.<name>.tunnel | A list of tunnel interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.bridge | A list of bridge interfaces to be added to the network section of the
unit
|
| services.limesurvey.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.pantalaimon-headless.instances.<name>.ssl | Whether or not SSL verification should be enabled for outgoing
connections to the homeserver.
|
| services.gitlab-runner.services.<name>.registrationFlags | Extra command-line flags passed to
gitlab-runner register
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.index | Adds index directive.
|
| services.cloudflared.tunnels.<name>.originRequest.tcpKeepAlive | The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| systemd.network.networks.<name>.domains | A list of domains to pass to the network config.
|
| services.honk.host | The host name or IP address the server should listen to.
|
| services.syncthing.settings.folders.<name>.versioning.type | The type of versioning
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret | Value of decryption passphrase for PKCS#12 container.
|
| services.namecoind.rpc.password | Password for RPC connections.
|
| systemd.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.armagetronad.servers.<name>.settings | Armagetron Advanced server rules configuration
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.hostapd.radios.<name>.wifi6.operatingChannelWidth | Determines the operating channel width for HE.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret | Value of the PPK
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.hostapd.radios.<name>.wifi4.capabilities | HT (High Throughput) capabilities given as a list of flags
|
| boot.initrd.luks.devices.<name>.yubikey.storage.path | Absolute path of the salt on the unencrypted device with
that device's root directory as "/".
|
| services.wstunnel.clients.<name>.tlsVerifyCertificate | Whether to verify the TLS certificate of the server
|
| services.system76-scheduler.assignments.<name>.ioPrio | IO scheduler priority.
|
| networking.interfaces.<name>.virtualType | The type of interface to create
|
| services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| systemd.network.networks.<name>.bridgeMDBs | A list of BridgeMDB sections to be added to the unit
|
| systemd.network.networks.<name>.bridgeFDBs | A list of BridgeFDB sections to be added to the unit
|
| services.hostapd.radios.<name>.wifi5.operatingChannelWidth | Determines the operating channel width for VHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.hostapd.radios.<name>.wifi7.operatingChannelWidth | Determines the operating channel width for EHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|