| containers.<name>.restartIfChanged | Whether the container should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.jitsi-videobridge.xmppConfigs.<name>.domain | Domain part of JID of the XMPP user, if it is different from hostName.
|
| services.peertube-runner.instancesToRegister.<name>.url | URL of the PeerTube instance.
|
| services.icingaweb2.modules.monitoring.backends.<name>.resource | Name of the IDO resource
|
| services.nginx.virtualHosts.<name>.listen.*.extraParameters | Extra parameters of this listen directive.
|
| containers.<name>.forwardPorts | List of forwarded ports from host to container
|
| services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.wordpress.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.namecoind.rpc.port | Port the RPC server will bind to.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| services.davis.hostname | Domain of the host to serve davis under
|
| services.autorandr.profiles.<name>.hooks.predetect | Predetect hook executed before autorandr attempts to run xrandr.
|
| services.davis.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.movim.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.slskd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| containers.<name>.allowedDevices.*.node | Path to device node
|
| systemd.network.networks.<name>.networkEmulatorConfig | Each attribute in this set specifies an option in the
[NetworkEmulator] section of the unit
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformee | HE single user beamformee support
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformer | HE single user beamformer support
|
| services.samba-wsdd.hostname | Override (NetBIOS) hostname to be used (default hostname).
|
| programs.ssh.knownHosts | The set of system-wide known SSH hosts
|
| services.kanidm.provision.systems.oauth2.<name>.imageFile | Application image to display in the WebUI
|
| services.plausible.database.postgres.dbname | Name of the database to use.
|
| services.fedimintd.<name>.consensus.finalityDelay | Consensus peg-in finality delay.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out | Netfilter mark and mask for output traffic
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.simplesamlphp.<name>.phpfpmPool | The PHP-FPM pool that serves SimpleSAMLphp instance.
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.keepalived.vrrpInstances.<name>.virtualIps | Declarative vhost config
|
| services.dawarich.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| services.mastodon.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| services.vault-agent.instances.<name>.settings.template | Template section of vault-agent
|
| services.anubis.instances.<name>.settings.BIND_NETWORK | The network family that Anubis should bind to
|
| services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| services.hostapd.radios.<name>.wifi7.singleUserBeamformee | EHT single user beamformee support
|
| services.hostapd.radios.<name>.wifi7.singleUserBeamformer | EHT single user beamformer support
|
| services.nebula.networks.<name>.lighthouses | List of IPs of lighthouse hosts this node should report to and query from
|
| services.znapzend.zetup.<name>.timestampFormat | The timestamp format to use for constructing snapshot names
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| systemd.user.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.snipe-it.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packets | Packet range from which to choose a random value to subtract from
rekey_packets
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.anubis.instances.<name>.policy.useDefaultBotRules | Whether to include Anubis's default bot detection rules via the
(data)/meta/default-config.yaml import
|
| services.bookstack.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.invoiceplane.sites.<name>.settings | Structural InvoicePlane configuration
|
| systemd.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.zabbixWeb.hostname | Hostname for either nginx or httpd.
|
| services.anuko-time-tracker.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| systemd.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.mediawiki.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dscp | Whether to copy the DSCP (Differentiated Services Field Codepoint)
header field to/from the outer IP header in tunnel mode
|
| services.easytier.instances.<name>.configServer | Configure the instance from config server
|
| security.pam.services | This option defines the PAM services
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.borgbackup.jobs.<name>.createCommand | Borg command to use for archive creation
|
| systemd.user.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| programs.uwsm.waylandCompositors.<name>.binPath | The wayland-compositor binary path that will be called by UWSM
|
| services.wordpress.sites.<name>.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| systemd.network.networks.<name>.quickFairQueueingConfigClass | Each attribute in this set specifies an option in the
[QuickFairQueueingClass] section of the unit
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| services.dolibarr.h2o.serverName | Server name to be used for this virtual host
|
| services.gitlab.smtp.username | Username of the SMTP server for GitLab.
|
| services.jibri.xmppEnvironments.<name>.xmppServerHosts | Hostnames of the XMPP servers to connect to.
|
| services.sanoid.datasets.<name>.use_template | Names of the templates to use for this dataset.
|
| containers.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.passwordFile | The password for this entry, read from the given file when starting hostapd
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| services.gitea-actions-runner.instances.<name>.labels | Labels used to map jobs to their runtime environment
|
| services.librenms.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.agorakit.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dolibarr.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.kanboard.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fediwall.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.pixelfed.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.mainsail.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.keepalived.vrrpInstances.<name>.extraConfig | Extra lines to be added verbatim to the vrrp_instance section.
|
| services.radicle.ci.adapters.native.instances.<name>.package | The radicle-native-ci package to use.
|
| services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload | Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation
|
| services.firewalld.services.<name>.sourcePorts.*.protocol | |
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| services.blockbook-frontend.<name>.extraCmdLineOptions | Extra command line options to pass to Blockbook
|
| services.ghostunnel.servers.<name>.extraArguments | Extra arguments to pass to ghostunnel server
|
| services.vdirsyncer.jobs.<name>.additionalGroups | additional groups to add the dynamic user to
|
| services.pcscd.extendReaderNames | String to append to every reader name
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa | Whether to set mark_in on the inbound SA
|
| services.bookstack.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.strongswan-swanctl.swanctl.pools.<name>.netmask | Address or CIDR subnets
StrongSwan default: []
|
| services.nextcloud.notify_push.dbname | Database name.
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|