| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| services.tahoe.nodes.<name>.tub.location | The external location that the node should listen on
|
| services.xserver.displayManager.lightdm.greeters.slick.theme.name | Name of the theme to use for the lightdm-slick-greeter.
|
| services.nextcloud-spreed-signaling.settings.grpc.targets | For target type static: List of GRPC targets to connect to for clustering mode.
|
| services.ax25.axports.<name>.kissParams | Kissattach parameters for this interface.
|
| services.filebeat.inputs.<name>.type | The input type
|
| services.phpfpm.pools.<name>.extraConfig | Extra lines that go into the pool configuration
|
| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| services.your_spotify.settings.SPOTIFY_PUBLIC | The public client ID of your Spotify application
|
| services.warpgate.settings.ssh.external_port | The SSH listener is reachable via this port externally.
|
| systemd.units.<name>.aliases | Aliases of that unit.
|
| systemd.paths.<name>.aliases | Aliases of that unit.
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.tuned.settings.sleep_interval | Interval in which the TuneD daemon is waken up and checks for events (in seconds).
|
| services.i2pd.outTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.kubernetes.kubelet.taints.<name>.key | Key of taint.
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| services.homebridge.settings.platforms.*.platform | Platform type
|
| systemd.user.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.slices.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.timers.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.netbird.tunnels.<name>.interface | Name of the network interface managed by this client.
|
| services.netbird.clients.<name>.interface | Name of the network interface managed by this client.
|
| services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.blockbook-frontend.<name>.user | The user as which to run blockbook-frontend-‹name›.
|
| services.prosody.virtualHosts.<name>.ssl | Paths to SSL files
|
| services.logcheck.ignoreCron.<name>.user | User that runs the cronjob.
|
| systemd.services.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.services.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod | How frequently to change keys
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod | How frequently to change keys
|
| services.nextcloud-spreed-signaling.settings.turn.servers | A list of TURN servers to use
|
| services.postsrsd.settings.unprivileged-user | Unprivileged user to drop privileges to.
Our systemd unit never runs postsrsd as a privileged process, so this option is read-only.
|
| services.tahoe.nodes.<name>.client.shares.needed | The number of shares required to reconstitute a file.
|
| power.ups.ups.<name>.maxStartDelay | This can be set as a global variable above your first UPS
definition and it can also be set in a UPS section
|
| services.acpid.handlers.<name>.action | Shell commands to execute when the event is triggered.
|
| security.pam.services.<name>.enableUMask | If enabled, the pam_umask module will be loaded.
|
| services.logcheck.ignore.<name>.regex | Regex specifying which log lines to ignore.
|
| boot.initrd.extraFiles.<name>.source | The object to make available inside the initrd.
|
| services.prosody.virtualHosts.<name>.ssl.cert | Path to the certificate file.
|
| services.kanidm.provision.persons.<name>.legalName | Full legal name
|
| systemd.services.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.tuned.settings.reapply_sysctl | Whether to enable the reapplying of global sysctls after TuneD sysctls are applied.
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.grafana.settings.users.default_theme | Sets the default UI theme. system matches the user's system theme.
|
| services.beesd.filesystems.<name>.workDir | Name (relative to the root of the filesystem) of the subvolume where
the hash table will be stored.
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| systemd.user.services.<name>.scriptArgs | Arguments passed to the main process script
|
| services.grafana.settings.server.read_timeout | Sets the maximum time using a duration format (5s/5m/5ms)
before timing out read of an incoming request and closing idle connections.
0 means there is no timeout for reading the request.
|
| services.sourcehut.settings."hg.sr.ht".changegroup-script | A changegroup script which is installed in every mercurial repo
|
| services.firezone.server.provision.accounts.<name>.actors.<name>.email | The email address used to authenticate as this account
|
| services.znapzend.zetup.<name>.destinations.<name>.host | Host to use for the destination dataset
|
| services.epgstation.settings.concurrentEncodeNum | The maximum number of encoding jobs that EPGStation would run at the
same time.
|
| services.ghostunnel.servers.<name>.allowCN | Allow client if common name appears in the list.
|
| services.postfix.masterConfig.<name>.type | The type of the service
|
| services.borgmatic.settings.repositories.*.path | Path to the repository
|
| services.autorandr.profiles.<name>.config.<name>.transform | Refer to
xrandr(1)
for the documentation of the transform matrix.
|
| services.quicktun.<name>.upScript | Run specified command or script after the tunnel device has been opened.
|
| services.akkoma.initDb.username | Name of the database user to initialise the database with
|
| services.syncthing.settings.options.localAnnounceEnabled | Whether to send announcements to the local LAN, also use such announcements to find other devices.
|
| services.netbird.tunnels.<name>.logLevel | Log level of the NetBird daemon.
|
| services.netbird.clients.<name>.logLevel | Log level of the NetBird daemon.
|
| services.filesender.settings.admin_email | Email address of FileSender administrator(s)
|
| security.pam.services.<name>.nodelay | Whether the delay after typing a wrong password should be disabled.
|
| virtualisation.interfaces.<name>.name | Interface name
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| security.pam.services.<name>.fprintAuth | If set, fingerprint reader will be used (if exists and
your fingerprints are enrolled).
|
| services.netbird.clients.<name>.dir.state | A state directory used by NetBird client to store config.json, state.json & resolv.conf.
|
| services.netbird.tunnels.<name>.dir.state | A state directory used by NetBird client to store config.json, state.json & resolv.conf.
|
| services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| services.readarr.settings.update.automatically | Automatically download and install updates.
|
| services.nsd.zones.<name>.multiMasterCheck | If enabled, checks all masters for the last zone version
|
| systemd.user.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.nextcloud-spreed-signaling.settings.turn.apikeyFile | The path to the file containing the value for turn.apikey
|
| services.nextcloud-spreed-signaling.settings.turn.secretFile | The path to the file containing the value for turn.secret
|
| services.bepasty.servers.<name>.workDir | Path to the working directory (used for config and pidfile)
|
| services.dokuwiki.sites.<name>.acl.*.level | Permission level to restrict the actor(s) to
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| services.spiped.config.<name>.encrypt | Take unencrypted connections from the
source socket and send encrypted
connections to the target socket.
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter | The auth adapter type
|
| services.warpgate.settings.sso_providers | Configure OIDC single sign-on providers.
|
| security.pam.services.<name>.u2fAuth | If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key
|
| services.warpgate.settings.http.external_port | The HTTP listener is reachable via this port externally.
|
| services.sabnzbd.settings.misc.bandwidth_max | Maximum bandwidth in bytes(!)/sec (supports prefixes)
|
| services.xserver.displayManager.lightdm.greeters.enso.iconTheme.name | Name of the icon theme to use for the lightdm-enso-os-greeter
|
| users.extraUsers.<name>.extraGroups | The user's auxiliary groups.
|
| services.ghostunnel.servers.<name>.allowOU | Allow client if organizational unit name appears in the list.
|
| services.matrix-continuwuity.settings.global.port | The port(s) continuwuity will be running on
|
| services.taler.exchange.settings.exchangedb-postgres.CONFIG | Database connection URI.
|
| services.taler.merchant.settings.merchantdb-postgres.CONFIG | Database connection URI.
|
| hardware.alsa.controls.<name>.device | Name of the PCM device to control (slave).
|
| services.nextcloud.settings.enabledPreviewProviders | The preview providers that should be explicitly enabled.
|
| services.akkoma.frontends.<name>.ref | Akkoma frontend reference.
|
| services.frp.instances.<name>.enable | Whether to enable frp.
|
| services.redis.servers.<name>.unixSocketPerm | Change permissions for the socket
|
| services.drupal.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| services.drupal.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|