| systemd.user.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.name | Name of the datasource to delete.
|
| services.syncplay.maxUsernameLength | Maximum number of characters in a username.
|
| services.hostapd.radios.<name>.wifi5.operatingChannelWidth | Determines the operating channel width for VHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.hostapd.radios.<name>.wifi7.operatingChannelWidth | Determines the operating channel width for EHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.hostapd.radios.<name>.wifi5.capabilities | VHT (Very High Throughput) capabilities given as a list of flags
|
| systemd.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.hadoop.hdfs.namenode.restartIfChanged | Automatically restart the service on config change
|
| services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.firefox-syncserver.singleNode.hostname | Host name to use for this service.
|
| services.consul-template.instances.<name>.settings.template | Template section of consul-template
|
| services.gitlab-runner.services.<name>.registrationFlags | Extra command-line flags passed to
gitlab-runner register
|
| systemd.services.<name>.confinement.packages | Additional packages or strings with context to add to the closure of
the chroot
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable | See torrc manual.
|
| boot.initrd.luks.devices.<name>.yubikey.storage.path | Absolute path of the salt on the unencrypted device with
that device's root directory as "/".
|
| services.nextcloud-spreed-signaling.backends.<name>.urls | List of URLs of the Nextcloud instance
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity | Timeout before closing CHILD_SA after inactivity
|
| services.tsmBackup.servername | Create a systemd system service
tsm-backup.service that starts
a backup based on the given servername's stanza
|
| power.ups.ups.<name>.description | Description of the UPS.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes | Maximum bytes processed before CHILD_SA gets closed
|
| systemd.user.slices.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.timers.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.firezone.server.provision.accounts.<name>.features.idp_sync | Whether to enable the idp_sync feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.rest_api | Whether to enable the rest_api feature for this account.
|
| systemd.slices.<name>.sliceConfig | Each attribute in this set specifies an option in the
[Slice] section of the unit
|
| systemd.nspawn.<name>.filesConfig | Each attribute in this set specifies an option in the
[Files] section of this unit
|
| services.cloudflared.tunnels.<name>.originRequest.proxyType | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.keepalived.vrrpInstances.<name>.noPreempt | VRRP will normally preempt a lower priority machine when a higher
priority machine comes online. "nopreempt" allows the lower priority
machine to maintain the master role, even when a higher priority machine
comes back online
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.simplesamlphp.<name>.configDir | Path to the SimpleSAMLphp config directory.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dscp | Whether to copy the DSCP (Differentiated Services Field Codepoint)
header field to/from the outer IP header in tunnel mode
|
| security.auditd.plugins.<name>.args | This allows you to pass arguments to the child program
|
| systemd.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| services.skydns.nameservers | Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
|
| services.bonsaid.settings.*.event_name | Name of the event which should trigger this transition when received by bonsaid
|
| services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|
| services.hostapd.radios.<name>.wifi4.capabilities | HT (High Throughput) capabilities given as a list of flags
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| virtualisation.oci-containers.containers.<name>.privileged | Give extended privileges to the container
|
| virtualisation.oci-containers.containers.<name>.entrypoint | Override the default entrypoint of the image.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| services.github-runners.<name>.extraEnvironment | Extra environment variables to set for the runner, as an attrset.
|
| boot.initrd.systemd.contents.<name>.target | Path of the symlink.
|
| services.cloudflared.tunnels.<name>.originRequest.tlsTimeout | Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
|
| services.zoneminder.hostname | The hostname on which to listen.
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.cloudflared.tunnels.<name>.originRequest.httpHostHeader | Sets the HTTP Host header on requests sent to the local service.
|
| systemd.network.links.<name>.extraConfig | Extra configuration append to unit
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.description | Optional description for the API token
|
| environment.etc.<name>.group | Group name of file owner
|
| services.angrr.settings.temporary-root-policies.<name>.priority | Priority of this policy
|
| systemd.network.links.<name>.linkConfig | Each attribute in this set specifies an option in the
[Link] section of the unit
|
| services.onlyoffice.hostname | FQDN for the OnlyOffice instance.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action | Action to perform for this CHILD_SA on DPD timeout
|
| boot.initrd.luks.devices.<name>.yubikey.gracePeriod | Time in seconds to wait for the YubiKey.
|
| systemd.user.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| boot.initrd.systemd.contents.<name>.source | Path of the source file.
|
| services.prometheus.exporters.mail.configuration.servers.*.name | Value for label 'configname' which will be added to all metrics.
|
| services.cloudflared.tunnels.<name>.edgeIPVersion | Specifies the IP address version (IPv4 or IPv6) used to establish a connection between cloudflared and the Cloudflare global network
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| networking.sits.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.movim.h2o.serverName | Server name to be used for this virtual host
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|
| services.authelia.instances.<name>.settings.log.keep_stdout | Whether to also log to stdout when a file_path is defined.
|
| services.armagetronad.servers.<name>.settings | Armagetron Advanced server rules configuration
|
| boot.specialFileSystems.<name>.fsType | Type of the file system
|
| systemd.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| systemd.targets.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.sockets.<name>.upholds | Keeps the specified running while this unit is running
|
| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.vikunja.frontendHostname | The Hostname under which the frontend is running.
|
| services.blockbook-frontend.<name>.extraCmdLineOptions | Extra command line options to pass to Blockbook
|
| services.simplesamlphp.<name>.package | The simplesamlphp package to use.
|
| services.simplesamlphp.<name>.phpfpmPool | The PHP-FPM pool that serves SimpleSAMLphp instance.
|
| services.invoiceplane.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.cassandra.jmxRoles.*.username | Username for JMX
|
| services.keycloak.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload | Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.keepalived.vrrpInstances.<name>.interface | Interface for inside_network, bound by vrrp.
|
| services.archisteamfarm.bots.<name>.enabled | Whether to enable the bot on startup.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa | Whether to set mark_in on the inbound SA
|
| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration with runner registration
tokens
|
| services.armagetronad.servers.<name>.openFirewall | Set to true to open the configured UDP port for Armagetron Advanced.
|
| security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| systemd.network.networks.<name>.DHCP | Whether to enable DHCP on the interfaces matched.
|
| services.authelia.instances.<name>.settings.telemetry.metrics.enabled | Enable Metrics.
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.retention | The duration in seconds for which the bucket will retain data (0 is infinite).
|
| services.icingaweb2.modules.monitoring.backends.<name>.resource | Name of the IDO resource
|
| services.invoiceplane.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.wstunnel.clients.<name>.tlsVerifyCertificate | Whether to verify the TLS certificate of the server
|
| systemd.user.timers.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|