| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.cjdns.UDPInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| services.cjdns.ETHInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| services.nsd.zones.<name>.maxRefreshSecs | Limit refresh time for secondary zones
|
| services.lidarr.settings.update.automatically | Automatically download and install updates.
|
| services.radarr.settings.update.automatically | Automatically download and install updates.
|
| services.sonarr.settings.update.automatically | Automatically download and install updates.
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.orgId | Organization ID, default = 1
|
| users.extraUsers.<name>.shell | The path to the user's shell
|
| systemd.user.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| security.pam.services.<name>.makeHomeDir | Whether to try to create home directories for users
with $HOMEs pointing to nonexistent
locations on session login.
|
| services.prosody.virtualHosts.<name>.ssl.key | Path to the key file.
|
| services.kanidm.server.settings.online_backup.path | Path to the output directory for backups.
|
| systemd.slices.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| users.groups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| systemd.timers.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.i2pd.outTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile | Path to the SSH host public key.
|
| services.ferretdb.settings.FERRETDB_POSTGRESQL_URL | PostgreSQL URL for 'pg' handler
|
| services.headscale.settings.dns.base_domain | Defines the base domain to create the hostnames for MagicDNS
|
| services.tor.settings.ServerTransportPlugin.transports | List of pluggable transports.
|
| services.nextcloud-spreed-signaling.settings.http.listen | IP and port to listen on for HTTP requests, in the format of ip:port
|
| services.libeufin.bank.settings.libeufin-bankdb-postgres.CONFIG | The database connection string for the libeufin-bank database.
|
| users.users.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.xserver.displayManager.lightdm.greeters.enso.theme.name | Name of the theme to use for the lightdm-enso-os-greeter
|
| services.fedimintd.<name>.nginx.config.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.grafana.settings.security.secret_key | Secret key used for signing
|
| security.pam.u2f.settings.authfile | By default pam-u2f module reads the keys from
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set)
|
| services.your_spotify.settings.MONGO_ENDPOINT | The endpoint of the Mongo database.
|
| security.pam.services.<name>.limits.*.type | Type of this limit
|
| services.netbird.tunnels.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| services.netbird.clients.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| services.httpd.virtualHosts.<name>.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.wgautomesh.settings.gossip_port | wgautomesh gossip port, this MUST be the same number on all nodes in
the wgautomesh network.
|
| services.sharkey.settings.fulltextSearch.provider | Which provider to use for full text search
|
| services.headscale.settings.tls_key_path | Path to key for already created certificate.
|
| services.swapspace.settings.max_swapsize | Greatest allowed size for individual swapfiles
|
| services.swapspace.settings.min_swapsize | Smallest allowed size for individual swapfiles
|
| services.sourcehut.settings."builds.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.warpgate.settings.postgres.certificate | Path to PostgreSQL listener certificate.
|
| systemd.user.services.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.services.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.borgbackup.jobs.<name>.wrapper | Name of the wrapper that is installed into PATH
|
| services.xserver.xkb.extraLayouts.<name>.compatFile | The path to the xkb compat file
|
| services.i2pd.ifname | Network interface to bind to.
|
| services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| services.drupal.sites.<name>.database.user | Database user.
|
| services.nginx.virtualHosts.<name>.quic | Whether to enable the QUIC transport protocol
|
| systemd.user.services.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.borgbackup.jobs.<name>.postCreate | Shell commands to run after borg create
|
| services.dependency-track.settings."alpine.oidc.teams.default" | Defines one or more team names that auto-provisioned OIDC users shall be added to
|
| services.tuned.settings.dynamic_tuning | Whether to enable dynamic tuning.
|
| services.znapzend.zetup.<name>.plan | The znapzend backup plan to use for the source
|
| hardware.alsa.cardAliases.<name>.driver | Name of the kernel module that provides the card.
|
| systemd.services.<name>.upholds | Keeps the specified running while this unit is running
|
| services.draupnir.settings.managementRoom | The room ID or alias where moderators can use the bot's functionality
|
| services.umurmur.settings.max_bandwidth | Maximum bandwidth (in bits per second) that clients may send
speech at.
|
| services.grafana.provision.alerting.policies.settings | Grafana notification policies configuration in Nix
|
| services.slskd.settings.directories.incomplete | Directory where incomplete downloading files are stored.
|
| services.sanoid.datasets.<name>.daily | Number of daily snapshots.
|
| services.logcheck.ignore.<name>.level | Set the logcheck level.
|
| services.znapzend.zetup.<name>.enable | Whether to enable this source.
|
| users.extraUsers.<name>.enable | If set to false, the user account will not be created
|
| services.yandex-disk.username | Your yandex.com login name.
|
| security.pam.services.<name>.limits.*.item | Item this limit applies to
|
| services.headscale.settings.oidc.extra_params | Custom query parameters to send with the Authorize Endpoint request.
|
| services.tahoe.nodes.<name>.sftpd.accounts.file | Path to the accounts file.
|
| services.i2pd.inTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.drupal.sites.<name>.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.
|
| power.ups.upsmon.monitor.<name>.user | Username from upsd.users for accessing this UPS
|
| services.maubot.settings.plugin_databases | Plugin database settings
|
| services.mackerel-agent.settings.host_status.on_stop | Host status after agent shutdown.
|
| services.olivetin.settings.ListenAddressSingleHTTPFrontend | The address to listen on for the internal "microproxy" frontend.
|
| services.drupal.sites.<name>.database.host | Database host address.
|
| services.drupal.sites.<name>.database.port | Database host port.
|
| services.drupal.sites.<name>.extraConfig | Extra configuration values that you want to insert into settings.php
|
| services.phpfpm.pools.<name>.phpOptions | "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
|
| security.acme.certs.<name>.group | Group running the ACME client.
|
| security.pam.services.<name>.gnupg.storeOnly | Don't send the password immediately after login, but store for PAM
session.
|
| services.matrix-synapse.settings.listeners.*.resources | List of HTTP resources to serve on this listener.
|
| users.users.<name>.subUidRanges.*.count | Count of subordinate user ids
|
| users.users.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| security.pam.u2f.settings.interactive | Set to prompt a message and wait before testing the presence of a U2F device
|
| services.redis.servers.<name>.group | Group account under which this instance of redis-server runs.
If left as the default value this group will automatically be
created on system activation, otherwise you are responsible for
ensuring the group exists before the redis service starts.
|
| services.keepalived.vrrpScripts.<name>.user | Name of user to run the script under.
|
| services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.name | Name of the icon theme to use for the lightdm-gtk-greeter.
|
| services.stash.settings.parallel_tasks | Number of parallel tasks to start during scan/generate
|
| services.journald.upload.settings.Upload.NetworkTimeoutSec | When network connectivity to the server is lost, this option
configures the time to wait for the connectivity to get restored
|
| services.udp-over-tcp.tcp2udp.<name>.forward | The IP and port to forward all traffic to.
|
| services.udp-over-tcp.udp2tcp.<name>.nodelay | Enables TCP_NODELAY on the TCP socket.
|
| services.nsd.zones.<name>.rrlWhitelist | Whitelists the given rrl-types.
|
| services.udp-over-tcp.udp2tcp.<name>.forward | The IP and port to forward all traffic to.
|
| services.udp-over-tcp.tcp2udp.<name>.nodelay | Enables TCP_NODELAY on the TCP socket.
|
| users.extraUsers.<name>.pamMount | Attributes for user's entry in
pam_mount.conf.xml
|
| security.pam.services.<name>.updateWtmp | Whether to update /var/log/wtmp.
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes | List of mute time intervals to import or update.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|