| security.wrappers.<name>.permissions | The permissions of the wrapper program
|
| services.davis.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.borgbackup.jobs.<name>.readWritePaths | By default, borg cannot write anywhere on the system but
$HOME/.config/borg and $HOME/.cache/borg
|
| services.movim.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.i2pd.outTunnels.<name>.destinationPort | Connect to particular port at destination.
|
| services.multipath.devices.*.detect_prio | If set to "yes", multipath will try to detect if the device supports
SCSI-3 ALUA
|
| programs.proxychains.proxies.<name>.enable | Whether to enable this proxy.
|
| services.firewalld.services.<name>.includes | Services to include for the service.
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority | Optional fixed priority for IPsec policies
|
| services.vmalert.settings.rule | Path to the files with alerting and/or recording rules.
Consider using the services.vmalert.rules option as a convenient alternative for declaring rules
directly in the nix language.
|
| services.flannel.kubeconfig | Path to kubeconfig to use for storing flannel config using the
Kubernetes API
|
| services.duplicity.secretFile | Path of a file containing secrets (gpg passphrase, access key...) in
the format of EnvironmentFile as described by
systemd.exec(5)
|
| services.mailman.ldap.bindPasswordFile | Path to the file containing the bind password of the service account
defined by services.mailman.ldap.bindDn.
|
| services.slskd.settings.web.url_base | The base path in the url for web requests.
|
| services.tcsd.endorsementCred | Path to the endorsement credential for your TPM
|
| services.tcsd.conformanceCred | Path to the conformance credential for your TPM
|
| services.warpgate.settings.mysql.key | Path to MySQL listener private key.
|
| services.gitea-actions-runner.instances.<name>.token | Plain token to register at the configured Gitea/Forgejo instance.
|
| services.vdirsyncer.jobs.<name>.forceDiscover | Run yes | vdirsyncer discover prior to vdirsyncer sync
|
| services.gitlab-runner.services.<name>.executor | Select executor, eg. shell, docker, etc
|
| systemd.network.networks.<name>.routingPolicyRules | A list of routing policy rules sections to be added to the unit
|
| boot.binfmt.registrations.<name>.offset | The byte offset of the magic number used for recognition.
|
| services.kmonad.keyboards.<name>.defcfg.compose.key | The (optional) compose key to use.
|
| services.wyoming.faster-whisper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.grafana.provision.datasources.settings.datasources.*.name | Name of the datasource
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.blockbook-frontend.<name>.internal | Internal http server binding [address]:port.
|
| services.nebula.networks.<name>.firewall.inbound | Firewall rules for inbound traffic.
|
| services.orangefs.server.fileSystems.<name>.extraConfig | Extra config for <FileSystem> section.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| security.auditd.plugins.<name>.direction | The option is dictated by the plugin
|
| services.nginx.virtualHosts.<name>.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.snipe-it.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.bacula-fd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.bacula-sd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.autosuspend.checks.<name>.enabled | Whether to enable this activity check.
|
| services.bookstack.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.anuko-time-tracker.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.keepalived.vrrpScripts.<name>.timeout | Seconds after which script is considered to have failed.
|
| services.firewalld.zones.<name>.masquerade | Whether to enable masquerading in the zone.
|
| services.bookstack.nginx.locations.<name>.index | Adds index directive.
|
| services.journald.remote.settings.Remote.ServerCertificateFile | A path to a SSL certificate file in PEM format
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_HOURLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_YEARLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_WEEKLY | Limits for timeline cleanup.
|
| services.mosquitto.bridges.<name>.addresses | Remote endpoints for the bridge.
|
| users.mysql.pam.table | The name of table that maps unique login names to the passwords.
|
| system.nixos.codeName | The NixOS release code name (e.g. Emu).
|
| services.dolibarr.h2o.serverName | Server name to be used for this virtual host
|
| services.slurm.partitionName | Name by which the partition may be referenced
|
| services.wordpress.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess | Hostaccess variable to pass to updown script
|
| services.davis.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.slskd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.movim.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.traefik.dynamic.files.<name>.settings | Dynamic configuration for Traefik, written in Nix.
This will be serialized to JSON (which is considered valid YAML) at build, and passed as part of the static file.
|
| services.kanata.keyboards.<name>.configFile | The config file
|
| security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| services.keyd.keyboards.<name>.settings | Configuration, except ids section, that is written to /etc/keyd/.conf
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid | If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac | If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff),
the entry is available for any station (client) to use
|
| services.gitlab-runner.services.<name>.dockerVolumes | Bind-mount a volume and create it
if it doesn't exist prior to mounting.
|
| services.snapper.configs.<name>.TIMELINE_CLEANUP | Defines whether the timeline cleanup algorithm should be run for the config.
|
| services.wyoming.faster-whisper.servers.<name>.enable | Whether to enable Wyoming faster-whisper server.
|
| services.redmine.components.minimagick_font_path | MiniMagick font path
|
| services.drupal.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.vmalert.instances.<name>.settings | vmalert configuration, passed via command line flags
|
| services.anubis.instances.<name>.policy.extraBots | Additional bot rules appended to the policy
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| services.glusterfs.tlsSettings.tlsPem | Path to the certificate used for TLS.
|
| services.grafana-to-ntfy.settings.bauthPass | The path to the password you will use in the Grafana webhook settings.
|
| services.hebbot.templates.project | A path to the Markdown file for the project template.
|
| services.hebbot.templates.section | A path to the Markdown file for the section template.
|
| services.immich.settings | Configuration for Immich
|
| services.gitlab-runner.extraPackages | Extra packages to add to PATH for the gitlab-runner process
|
| services.thanos.store.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.nextcloud.config.dbpassFile | The full path to a file that contains the database password.
|
| services.traefik.dynamic.dir | Path to the directory Traefik should watch for configuration files.
Files in this directory matching the glob _nixos-* (reserved for Nix-managed dynamic configurations) will be deleted as part of
systemd-tmpfiles-resetup.service, regardless of their origin..
|
| services.thanos.query.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.ncdns.dnssec.keys.public | Path to the file containing the KSK public key
|
| services.zabbixServer.database.socket | Path to the unix socket file to use for authentication.
|
| services.zabbixServer.extraPackages | Packages to be added to the Zabbix PATH
|
| services.stash.settings.generated | Path to generated files
|
| services.inadyn.settings.provider.<name>.include | File to include additional settings for this provider from.
|
| services.borgbackup.jobs.<name>.extraCompactArgs | Additional arguments for borg compact
|
| services.dovecot2.mailboxes.<name>.specialUse | Null if no special use flag is set
|
| services.consul-template.instances.<name>.enable | Whether to enable this consul-template instance.
|
| services.grafana.settings.paths.provisioning | Folder that contains provisioning config files that grafana will apply on startup and while running
|
| systemd.network.networks.<name>.dhcpServerStaticLeases | A list of DHCPServerStaticLease sections to be added to the unit
|
| services.fedimintd.<name>.environment | Extra Environment variables to pass to the fedimintd.
|
| services.jirafeau.nginxConfig.locations.<name>.root | Root directory for requests.
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.name | Name of the template, must be unique
|
| services.snapserver.streams.<name>.sampleFormat | Default sample format.
|
| services.syncthing.settings.folders.<name>.label | The label of the folder.
|