| systemd.network.netdevs.<name>.wireguardPeers | Each item in this array specifies an option in the
[WireGuardPeer] section of the unit
|
| boot.binfmt.registrations.<name>.offset | The byte offset of the magic number used for recognition.
|
| services.deye-dummycloud.mqttUsername | MQTT username
|
| services.postgresqlWalReceiver.receivers.<name>.compress | Enables gzip compression of write-ahead logs, and specifies the compression level
(0 through 9, 0 being no compression and 9 being best compression)
|
| services.mainsail.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.pixelfed.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.mainsail.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.pixelfed.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fediwall.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.dolibarr.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.agorakit.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.librenms.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.librenms.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.agorakit.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.kanboard.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.dolibarr.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fediwall.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.kanboard.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name | Name of the filter
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| containers.<name>.autoStart | Whether the container is automatically started at boot-time.
|
| containers.<name>.config | A specification of the desired configuration of this
container, as a NixOS module.
|
| services.icingaweb2.modules.monitoring.backends.<name>.disabled | Disable this backend
|
| systemd.network.networks.<name>.dhcpServerStaticLeases | A list of DHCPServerStaticLease sections to be added to the unit
|
| services.rshim.index | Specify the index to create device path /dev/rshim<index>
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| networking.supplicant.<name>.extraCmdArgs | Command line arguments to add when executing wpa_supplicant.
|
| systemd.user.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.vsmartcard-vpcd.hostname | Hostname of a waiting vpicc server vpcd will be connecting to
|
| services.kismet.serverName | The name of the server.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort | Target port of container
|
| networking.macvlans.<name>.interface | The interface the macvlan will transmit packets through.
|
| services.rss-bridge.pool | Name of phpfpm pool that is used to run web-application
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve | How should the speed curve look like
|
| services.keycloak.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| system.nixos.codeName | The NixOS release code name (e.g. Emu).
|
| services.strongswan-swanctl.swanctl.connections.<name>.pull | If the default of yes is used, Mode Config works in pull mode, where the
initiator actively requests a virtual IP
|
| services.nscd.enable | Whether to enable the Name Service Cache Daemon
|
| services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers | Additionally enable the recommended set of pairwise ciphers
|
| networking.wg-quick.interfaces.<name>.mtu | If not specified, the MTU is automatically determined
from the endpoint addresses or the system default route, which is usually
a sane choice
|
| security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| systemd.network.networks.<name>.fairQueueingConfig | Each attribute in this set specifies an option in the
[FairQueueing] section of the unit
|
| services.rspamd.locals | Local configuration files, written into /etc/rspamd/local.d/{name}.
|
| systemd.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| systemd.user.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.postgresqlWalReceiver.receivers.<name>.slot | Require pg_receivewal to use an existing replication slot (see
Section 26.2.6 of the PostgreSQL manual)
|
| services.kubernetes.kubelet.hostname | Kubernetes kubelet hostname override.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals | AH proposals to offer for the CHILD_SA
|
| containers.<name>.path | As an alternative to specifying
config, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
|
| services.librenms.user | Name of the LibreNMS user.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.hadoop.hdfs.namenode.restartIfChanged | Automatically restart the service on config change
|
| services.tt-rss.virtualHost | Name of the nginx virtualhost to use and setup
|
| boot.loader.systemd-boot.extraFiles | A set of files to be copied to $BOOT
|
| systemd.network.netdevs.<name>.batmanAdvancedConfig | Each attribute in this set specifies an option in the
[BatmanAdvanced] section of the unit
|
| networking.wg-quick.interfaces.<name>.address | The IP addresses of the interface.
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.hddfancontrol.settings.<drive-bay-name>.logVerbosity | Verbosity of the log level
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| networking.bridges.<name>.interfaces | The physical network interfaces connected by the bridge.
|
| services.mastodon.smtp.user | SMTP login name.
|
| services.dawarich.smtp.user | SMTP login name.
|
| services.kerberos_server.settings.realms.<name>.acl.*.target | The principals that 'access' applies to.
|
| networking.wireless.networks.<name>.psk | The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw with an external
reference to keep it safe.
Mutually exclusive with pskRaw.
|
| services.pretix.nginx.domain | The domain name under which to set up the virtual host.
|
| programs.tsmClient.servers.<name>.passworddir | Directory that holds the TSM
node's password information.
|
| systemd.network.netdevs.<name>.wireguardConfig | Each attribute in this set specifies an option in the
[WireGuard] section of the unit
|
| services.postfix.settings.main.myhostname | The internet hostname of this mail system
|
| containers.<name>.extraVeths | Extra veth-pairs to be created for the container.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries | SQL queries to run.
|
| services.strongswan-swanctl.swanctl.connections.<name>.encap | To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
NAT detection payloads
|
| systemd.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| boot.binfmt.registrations.<name>.interpreter | The interpreter to invoke to run the program
|
| services.cloudflared.tunnels.<name>.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| networking.wireless.networks.<name>.ssid | You could use this field to override the network's ssid
|
| services.bookstack.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.bookstack.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.grav.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.strongswan-swanctl.swanctl.connections.<name>.local | Section for a local authentication round
|
| services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris | List of CRL distribution points (ldap, http, or file URI)
|
| systemd.network.networks.<name>.heavyHitterFilterConfig | Each attribute in this set specifies an option in the
[HeavyHitterFilter] section of the unit
|
| systemd.network.networks.<name>.tokenBucketFilterConfig | Each attribute in this set specifies an option in the
[TokenBucketFilter] section of the unit
|
| services.tor.client.onionServices.<name>.clientAuthorizations | Clients' authorizations for a v3 onion service,
as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
See torrc manual.
|
| systemd.user.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.selfoss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|