| services.strongswan-swanctl.swanctl.connections.<name>.local | Section for a local authentication round
|
| security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| services.murmur.user | The name of an existing user to use to run the service
|
| services.nscd.config | Configuration to use for Name Service Cache Daemon
|
| services.avahi.hostName | Host name advertised on the LAN
|
| networking.wireless.networks.<name>.hidden | Set this to true if the SSID of the network is hidden.
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.tayga.tunDevice | Name of the nat64 tun device.
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| services.postgresqlWalReceiver.receivers.<name>.statusInterval | Specifies the number of seconds between status packets sent back to the server
|
| systemd.network.networks.<name>.routingPolicyRules | A list of routing policy rules sections to be added to the unit
|
| services.pihole-web.hostName | Domain name for the website.
|
| systemd.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| networking.bridges.<name>.interfaces | The physical network interfaces connected by the bridge.
|
| services.keycloak.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| services.kubernetes.kubelet.hostname | Kubernetes kubelet hostname override.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| services.code-server.host | The host name or IP address the server should listen to.
|
| services.mautrix-meta.instances.<name>.registrationServiceUnit | The registration service that generates the registration file
|
| security.acme.certs.<name>.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| systemd.user.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.strongswan-swanctl.swanctl.pools.<name>.split_exclude | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.split_include | Address or CIDR subnets
StrongSwan default: []
|
| programs.proxychains.proxies.<name>.enable | Whether to enable this proxy.
|
| services.strongswan-swanctl.swanctl.connections.<name>.version | IKE major version to use for connection.
- 1 uses IKEv1 aka ISAKMP,
- 2 uses IKEv2.
- A connection using the default of 0 accepts both IKEv1 and IKEv2 as
responder, and initiates the connection actively with IKEv2
|
| boot.binfmt.registrations.<name>.offset | The byte offset of the magic number used for recognition.
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.monica.mail.fromName | Mail "from" name.
|
| systemd.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris | List of OCSP URIs
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| services.pantalaimon-headless.instances.<name>.homeserver | The URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
|
| systemd.network.netdevs.<name>.wireguardPeers | Each item in this array specifies an option in the
[WireGuardPeer] section of the unit
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote | Section for a remote authentication round
|
| services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding | Disables chunked transfer encoding
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| systemd.network.networks.<name>.dhcpServerStaticLeases | A list of DHCPServerStaticLease sections to be added to the unit
|
| services.tailscale.serve.services | Services to configure for Tailscale Serve
|
| systemd.user.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.postgresqlWalReceiver.receivers.<name>.environment | Environment variables passed to the service
|
| containers.<name>.specialArgs | A set of special arguments to be passed to NixOS modules
|
| security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries | SQL queries to run.
|
| networking.interfaces.<name>.ipv6.routes | List of extra IPv6 static routes that will be assigned to the interface.
|
| services.avahi.domainName | Domain name for all advertisements.
|
| services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|
| services.influxdb2.provision.organizations.<name>.buckets | Buckets to provision in this organization.
|
| networking.interfaces.<name>.ipv6.routes.*.via | IPv6 address of the next hop.
|
| networking.interfaces.<name>.ipv4.routes.*.via | IPv4 address of the next hop.
|
| services.authelia.instances.<name>.environmentVariables | Additional environment variables to provide to authelia
|
| services.patroni.scope | Cluster name.
|
| services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| services.tt-rss.email.fromName | Name for sending outgoing mail
|
| services.influxdb2.provision.organizations.<name>.present | Whether to ensure that this organization is present or absent.
|
| systemd.network.networks.<name>.fairQueueingConfig | Each attribute in this set specifies an option in the
[FairQueueing] section of the unit
|
| networking.vswitches.<name>.openFlowVersion | Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with openFlowRules).
|
| services.postgresqlWalReceiver.receivers.<name>.postgresqlPackage | The postgresql package to use.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serverport | imap port number (at the moment only tls connection is supported)
|
| services.peertube-runner.instancesToRegister.<name>.runnerDescription | Runner description declared to the PeerTube instance.
|
| networking.wg-quick.interfaces.<name>.mtu | If not specified, the MTU is automatically determined
from the endpoint addresses or the system default route, which is usually
a sane choice
|
| networking.wg-quick.interfaces.<name>.address | The IP addresses of the interface.
|
| boot.binfmt.registrations.<name>.interpreter | The interpreter to invoke to run the program
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| fileSystems.<name>.options | Options used to mount the file system
|
| fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.cyrus-imap.group | Cyrus IMAP group name
|
| systemd.network.netdevs.<name>.batmanAdvancedConfig | Each attribute in this set specifies an option in the
[BatmanAdvanced] section of the unit
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| services.icingaweb2.modules.monitoring.transports.<name>.instance | Assign a icinga instance to this transport
|
| services.weblate.smtp.user | SMTP login name.
|
| security.ipa.ipaHostname | Fully-qualified hostname used to identify this host in the IPA domain.
|
| services.tor.settings.ServerDNSAllowNonRFC953Hostnames | See torrc manual.
|
| services.factorio.loadLatestSave | Load the latest savegame on startup
|
| systemd.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.hadoop.hdfs.namenode.restartIfChanged | Automatically restart the service on config change
|
| systemd.user.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.baikal.pool | Name of existing phpfpm pool that is used to run web-application
|
| security.wrappers.<name>.permissions | The permissions of the wrapper program
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveConnections | Maximum number of idle keepalive connections between Tunnel and your origin
|
| programs.tsmClient.servers.<name>.passworddir | Directory that holds the TSM
node's password information.
|
| systemd.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.samba-wsdd.domain | Set domain name (disables workgroup).
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve | How should the speed curve look like
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| services.postfix.settings.main.myhostname | The internet hostname of this mail system
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|