| services.gnome.at-spi2-core.enable | Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.bitlbee.hostName | Normally, BitlBee gets a hostname using getsockname()
|
| services.filesender.database.hostname | Database hostname.
|
| services.suricata.settings.unix-command.filename | Filename for unix-command socket.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.pretalx.nginx.domain | The domain name under which to set up the virtual host.
|
| services.sympa.database.user | Database user
|
| services.dovecot2.user | Dovecot user name.
|
| services.snipe-it.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.thanos.rule.alert.label-drop | Labels by name to drop before sending to alertmanager
|
| services.zoneminder.database.username | Username for accessing the database.
|
| services.resilio.deviceName | Name of the Resilio Sync device.
|
| services.lasuite-docs.domain | Domain name of the docs instance.
|
| services.lasuite-meet.domain | Domain name of the meet instance.
|
| systemd.user.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.dawarich.user | User under which dawarich runs
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.strongswan-swanctl.swanctl.connections.<name>.encap | To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
NAT detection payloads
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| services.saunafs.masterHost | IP or hostname name of master host.
|
| services.pantalaimon-headless.instances.<name>.extraSettings | Extra configuration options
|
| systemd.network.networks.<name>.vxlan | A list of vxlan interfaces to be added to the network section of the
unit
|
| services.hddfancontrol.settings.<drive-bay-name>.logVerbosity | Verbosity of the log level
|
| boot.initrd.luks.devices.<name>.yubikey.storage.path | Absolute path of the salt on the unencrypted device with
that device's root directory as "/".
|
| services.centrifugo.environmentFiles | Files to load environment variables from
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| services.nginx.resolver | Configures name servers used to resolve names of upstream servers into addresses
|
| services.mail.sendmailSetuidWrapper.program | The name of the wrapper program
|
| services.strongswan-swanctl.swanctl.connections.<name>.local | Section for a local authentication round
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.kerberos_server.settings.realms.<name>.acl.*.target | The principals that 'access' applies to.
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| hardware.sane.brscan5.netDevices.<name>.model | The model of the network device.
|
| systemd.user.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.misskey.settings.db.db | The database name.
|
| services.dokuwiki.webserver | Whether to use nginx or caddy for virtual host management
|
| services.freshrss.webserver | Whether to use nginx or caddy for virtual host management
|
| services.moosefs.masterHost | IP or DNS name of the MooseFS master server.
|
| services.ncps.cache.storage.s3.bucket | The name of the S3 bucket.
|
| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| systemd.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.avahi.publish.domain | Whether to announce the locally used domain name for browsing by other hosts.
|
| services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| services.tor.client.onionServices.<name>.clientAuthorizations | Clients' authorizations for a v3 onion service,
as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
See torrc manual.
|
| networking.greTunnels.<name>.type | Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| systemd.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.mjolnir.pantalaimon.username | The username to login with.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris | List of CRL distribution points (ldap, http, or file URI)
|
| services.dolibarr.domain | Domain name of your server.
|
| services.bookstack.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.bookstack.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries | SQL queries to run.
|
| services.reposilite.settings.hostname | The hostname to bind to
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| services.varnish.listen.*.user | User name who owns the socket file.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals | AH proposals to offer for the CHILD_SA
|
| services.shorewall6.configs | This option defines the Shorewall configs
|
| services.opendkim.keyPath | The path that opendkim should put its generated private keys into
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| services.mjpg-streamer.group | mjpg-streamer group name.
|
| security.dhparams.params.<name>.path | The resulting path of the generated Diffie-Hellman parameters
file for other services to reference
|
| networking.greTunnels.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.wakapi.database.user | The name of the user to use for Wakapi.
|
| services.baikal.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.strongswan-swanctl.swanctl.connections.<name>.version | IKE major version to use for connection.
- 1 uses IKEv1 aka ISAKMP,
- 2 uses IKEv2.
- A connection using the default of 0 accepts both IKEv1 and IKEv2 as
responder, and initiates the connection actively with IKEv2
|
| boot.initrd.luks.devices.<name>.gpgCard.encryptedPass | Path to the GPG encrypted passphrase.
|
| services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote | Section for a remote authentication round
|
| services.suricata.settings.logging.outputs.file.filename | Filename of the logfile.
|
| security.acme.certs.<name>.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| image.repart.partitions.<name>.storePaths | The store paths to include in the partition.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| systemd.network.networks.<name>.routes | A list of route sections to be added to the unit
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|