| networking.vswitches.<name>.openFlowRules | OpenFlow rules to insert into the Open vSwitch
|
| services.cntlm.domain | Proxy account domain/workgroup name.
|
| services.hddfancontrol.settings.<drive-bay-name>.extraArgs | Extra commandline arguments for hddfancontrol
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| containers.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| services.cloudflared.tunnels.<name>.originRequest.tlsTimeout | Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
|
| services.kanidm.provision.systems.oauth2.<name>.removeOrphanedClaimMaps | Whether claim maps not specified here but present in kanidm should be removed from kanidm.
|
| programs.tsmClient.servers.<name>.genPasswd | Whether to enable automatic client password generation
|
| networking.supplicant.<name>.extraCmdArgs | Command line arguments to add when executing wpa_supplicant.
|
| networking.wg-quick.interfaces.<name>.postDown | Command called after the interface is taken down.
|
| services.namecoind.rpc.password | Password for RPC connections.
|
| networking.macvlans.<name>.interface | The interface the macvlan will transmit packets through.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| services.bcg.automaticRenameKitNodes | Automatically rename kit's nodes.
|
| services.namecoind.generate | Whether to generate (mine) Namecoins.
|
| services.invoiceplane.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.cloudflared.tunnels.<name>.originRequest.proxyPort | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.invoiceplane.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_out | Netfilter mark applied to packets after the outbound IPsec SA processed
them
|
| programs.schroot.profiles.<name>.copyfiles | A list of files to copy into the chroot from the host system.
|
| services.armagetronad.servers.<name>.roundSettings | Armagetron Advanced server per-round configuration
|
| services.fedimintd.<name>.nginx.config.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitID | See torrc manual.
|
| services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret | Value of the NTLM secret, which is the NT Hash of the actual secret,
that is, MD4(UTF-16LE(secret))
|
| services.limesurvey.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| containers.<name>.timeoutStartSec | Time for the container to start
|
| services.angrr.settings.temporary-root-policies.<name>.priority | Priority of this policy
|
| services.jibri.xmppEnvironments.<name>.control.login.passwordFile | File containing the password for the user.
|
| services.radicle.ci.adapters.native.instances.<name>.runtimePackages | Packages added to the adapter's PATH.
|
| services.cyrus-imap.user | Cyrus IMAP user name
|
| image.repart.partitions.<name>.stripNixStorePrefix | Whether to strip /nix/store/ from the store paths
|
| services.taskserver.organisations.<name>.users | A list of user names that belong to the organization.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name | Name of the filter
|
| services.actual.settings.hostname | The address to listen on
|
| services.postfixadmin.database.username | Username for the postgresql connection
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action | Action to perform after loading the configuration.
- The default of
none loads the connection only, which
then can be manually initiated or used as a responder configuration.
- The value
trap installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
- The value
start initiates the connection actively.
- Since version 5.9.6 two modes above can be combined with
trap|start,
to immediately initiate a connection for which trap policies have been installed
|
| services.sanoid.datasets.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name | See this list
for the available filters.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| networking.interfaces.<name>.wakeOnLan.enable | Whether to enable wol on this interface.
|
| networking.wireless.networks.<name>.bssid | If set, this network block is used only when associating with
the AP using the configured BSSID.
|
| services.tayga.tunDevice | Name of the nat64 tun device.
|
| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPorts | See torrc manual.
|
| services.jirafeau.nginxConfig.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| networking.bridges.<name>.interfaces | The physical network interfaces connected by the bridge.
|
| services.keepalived.vrrpInstances.<name>.unicastPeers | Do not send VRRP adverts over VRRP multicast group
|
| services.matrix-tuwunel.settings.global.server_name | The server_name is the name of this server
|
| services.matrix-conduit.settings.global.server_name | The server_name is the name of this server
|
| services.pihole-web.hostName | Domain name for the website.
|
| services.hddfancontrol.settings.<drive-bay-name>.disks | Drive(s) to get temperature from
Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| networking.wireless.networks.<name>.hidden | Set this to true if the SSID of the network is hidden.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable | See torrc manual.
|
| services.cloudflared.tunnels.<name>.credentialsFile | Credential file
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| services.pretix.settings.pretix.instance_name | The name of this installation.
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| services.cloudflared.tunnels.<name>.originRequest.originServerName | Hostname that cloudflared should expect from your origin server certificate.
|
| services.avahi.hostName | Host name advertised on the LAN
|
| services.murmur.user | The name of an existing user to use to run the service
|
| services.nscd.config | Configuration to use for Name Service Cache Daemon
|
| services.factorio.loadLatestSave | Load the latest savegame on startup
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.code-server.host | The host name or IP address the server should listen to.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| services.shorewall6.configs | This option defines the Shorewall configs
|
| containers.<name>.restartIfChanged | Whether the container should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| containers.<name>.allowedDevices.*.node | Path to device node
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeout | Timeout after which an idle keepalive connection can be discarded.
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediated_by | The name of the connection to mediate this connection through
|
| containers.<name>.interfaces | The list of interfaces to be moved into the container.
|
| services.tailscale.serve.services | Services to configure for Tailscale Serve
|
| boot.initrd.luks.devices.<name>.bypassWorkqueues | Whether to bypass dm-crypt's internal read and write workqueues
|
| services.borgbackup.repos.<name>.authorizedKeysAppendOnly | Public SSH keys that can only be used to append new data (archives) to the repository
|
| boot.binfmt.registrations.<name>.interpreter | The interpreter to invoke to run the program
|
| programs.proxychains.proxies.<name>.enable | Whether to enable this proxy.
|
| services.anubis.instances.<name>.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.davis.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.davis.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.slskd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.slskd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.keepalived.vrrpInstances.<name>.trackInterfaces | List of network interfaces to monitor for health tracking.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets | Number of packets processed before initiating CHILD_SA rekeying
|
| boot.initrd.luks.devices.<name>.fido2.credentials | List of FIDO2 credential IDs
|
| services.limesurvey.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.limesurvey.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.gitlab-runner.services.<name>.environmentVariables | Custom environment variables injected to build environment
|
| security.auditd.plugins.<name>.direction | The option is dictated by the plugin
|
| networking.interfaces.<name>.ipv6.routes | List of extra IPv6 static routes that will be assigned to the interface.
|
| containers.<name>.forwardPorts | List of forwarded ports from host to container
|
| services.taskserver.organisations.<name>.groups | A list of group names that belong to the organization.
|
| services.avahi.domainName | Domain name for all advertisements.
|