| services.fedimintd.<name>.nginx.config.sslCertificateKey | Path to server SSL certificate key.
|
| services.evremap.settings.device_name | The name of the device that should be remapped
|
| security.auditd.plugins.<name>.format | Binary passes the data exactly as the audit event dispatcher gets it from
the audit daemon
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.brd | The broadcast address on the interface.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret | Value of decryption passphrase for ECDSA key.
|
| services.radicle.httpd.nginx.serverName | Name of this virtual host
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.cloudflared.tunnels.<name>.originRequest.caPool | Path to the certificate authority (CA) for the certificate of your origin
|
| services.tor.relay.onionServices.<name>.authorizedClients | Authorized clients for a v3 onion service,
as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
See torrc manual.
|
| services.snapserver.streams.<name>.location | For type pipe or file, the path to the pipe or file
|
| systemd.network.networks.<name>.bridgeVLANs | A list of BridgeVLAN sections to be added to the unit
|
| networking.bonds.<name>.miimon | DEPRECATED, use driverOptions
|
| users.users.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.borgbackup.jobs.<name>.environment | Environment variables passed to the backup script
|
| systemd.network.networks.<name>.extraConfig | Extra configuration append to unit
|
| systemd.user.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.borgbackup.jobs.<name>.persistentTimer | Set the Persistent option for the
systemd.timer(5)
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
|
| services.jibri.xmppEnvironments.<name>.call.login.passwordFile | File containing the password for the user.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceSingleHopMode | See torrc manual.
|
| services.limesurvey.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| hardware.opentabletdriver.enable | Enable OpenTabletDriver udev rules, user service and blacklist kernel
modules known to conflict with OpenTabletDriver.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret | Value of decryption passphrase for PKCS#8 key.
|
| systemd.network.networks.<name>.canConfig | Each attribute in this set specifies an option in the
[CAN] section of the unit
|
| systemd.network.networks.<name>.pieConfig | Each attribute in this set specifies an option in the
[PIE] section of the unit
|
| systemd.network.netdevs.<name>.fooOverUDPConfig | Each attribute in this set specifies an option in the
[FooOverUDP] section of the unit
|
| services.mosquitto.bridges.<name>.addresses.*.address | Address of the remote MQTT broker.
|
| services.icingaweb2.modules.monitoring.backends.<name>.resource | Name of the IDO resource
|
| services.neo4j.ssl.policies | Defines the SSL policies for use with Neo4j connectors
|
| security.apparmor.policies.<name>.state | How strictly this policy should be enforced
|
| systemd.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.klipper.firmwares.<name>.enableKlipperFlash | Whether to enable flashings scripts for firmware
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_QUARTERLY | Limits for timeline cleanup.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| boot.loader.grub.extraFiles | A set of files to be copied to /boot
|
| services.radicle.httpd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.kmonad.keyboards.<name>.defcfg.fallthrough | Whether to enable re-emitting unhandled key events.
|
| services.firefox-syncserver.singleNode.hostname | Host name to use for this service.
|
| services.bonsaid.settings.*.event_name | Name of the event which should trigger this transition when received by bonsaid
|
| services.simplesamlphp.<name>.package | The simplesamlphp package to use.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| networking.wg-quick.interfaces.<name>.listenPort | 16-bit port for listening
|
| programs.xfs_quota.projects.<name>.id | Project ID.
|
| services.zeronsd.servedNetworks.<name>.settings.log_level | Log Level.
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams | See torrc manual.
|
| services.limesurvey.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.mastodon.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class
|
| services.tarsnap.archives.<name>.checkpointBytes | Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value
|
| services.sabnzbd.settings.servers.<name>.ssl_verify | Level of TLS verification
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.index | Adds index directive.
|
| services.jibri.xmppEnvironments.<name>.usageTimeout | The duration that the Jibri session can be
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.namecoind.rpc.password | Password for RPC connections.
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret | Value of the EAP/XAuth secret
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| services.armagetronad.servers.<name>.package | The armagetronad-dedicated package to use
|
| services.tt-rss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.handle | Hex-encoded CKA_ID or handle of the private key on the token or TPM,
respectively.
|
| services.wordpress.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.simplesamlphp.<name>.phpfpmPool | The PHP-FPM pool that serves SimpleSAMLphp instance.
|
| services.patroni.namespace | Path within the configuration store where Patroni will keep information about the cluster.
|
| systemd.network.networks.<name>.ipoIBConfig | Each attribute in this set specifies an option in the
[IPoIB] section of the unit
|
| services.pcscd.extendReaderNames | String to append to every reader name
|
| services.borgbackup.jobs.<name>.encryption.passCommand | A command which prints the passphrase to stdout
|
| services.angrr.settings.profile-policies.<name>.keep-current-system | Whether to keep the current system generation
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| services.bcg.device | Device name to configure gateway to use.
|
| systemd.user.timers.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.slices.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.factorio.username | Your factorio.com login credentials
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action | Action to perform for this CHILD_SA on DPD timeout
|
| systemd.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.limesurvey.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.sabnzbd.settings.servers.<name>.connections | Number of parallel connections permitted by
the server.
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| services.fediwall.nginx.serverName | Name of this virtual host
|
| services.librenms.nginx.serverName | Name of this virtual host
|
| services.kanboard.nginx.serverName | Name of this virtual host
|
| services.dolibarr.nginx.serverName | Name of this virtual host
|
| services.agorakit.nginx.serverName | Name of this virtual host
|
| services.mainsail.nginx.serverName | Name of this virtual host
|
| services.pixelfed.nginx.serverName | Name of this virtual host
|
| systemd.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| programs.uwsm.waylandCompositors.<name>.prettyName | The full name of the desktop entry file.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|
| services.jirafeau.nginxConfig.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.bepasty.servers.<name>.defaultPermissions | default permissions for all unauthenticated accesses.
|
| systemd.network.networks.<name>.cakeConfig | Each attribute in this set specifies an option in the
[CAKE] section of the unit
|
| systemd.network.networks.<name>.lldpConfig | Each attribute in this set specifies an option in the
[LLDP] section of the unit
|
| systemd.network.networks.<name>.linkConfig | Each attribute in this set specifies an option in the
[Link] section of the unit
|
| services.blockbook-frontend.<name>.extraCmdLineOptions | Extra command line options to pass to Blockbook
|
| services.keepalived.vrrpInstances.<name>.trackScripts | List of script names to invoke for health tracking.
|
| programs.ssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.addr | IP address, optionally with a netmask: IPADDR[/MASK]
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|