| services.filesender.database.hostname | Database hostname.
|
| services.murmur.group | The name of an existing group to use to run the service
|
| fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| systemd.network.netdevs.<name>.wireguardConfig | Each attribute in this set specifies an option in the
[WireGuard] section of the unit
|
| services.guix.publish.user | Name of the user to change once the server is up.
|
| services.keter.bundle.appName | The name keter assigns to this bundle
|
| services.teeworlds.game.tournamentMode | Whether to enable tournament mode
|
| services.vault.address | The name of the ip interface to listen to
|
| networking.wireless.networks.<name>.psk | The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw with an external
reference to keep it safe.
Mutually exclusive with pskRaw.
|
| systemd.user.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.zoneminder.database.username | Username for accessing the database.
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| systemd.network.networks.<name>.heavyHitterFilterConfig | Each attribute in this set specifies an option in the
[HeavyHitterFilter] section of the unit
|
| systemd.network.networks.<name>.tokenBucketFilterConfig | Each attribute in this set specifies an option in the
[TokenBucketFilter] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation | Whether this connection is a mediation connection, that is, whether this
connection is used to mediate other connections using the IKEv2 Mediation
Extension
|
| containers.<name>.macvlans | The list of host interfaces from which macvlans will be
created
|
| services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| virtualisation.kvmgt.vgpus.<name>.uuid | UUID(s) of VGPU device
|
| services.tmate-ssh-server.host | External host name
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| networking.wireless.networks.<name>.ssid | You could use this field to override the network's ssid
|
| services.dsnet.settings.ExternalHostname | The hostname that clients should use to connect to this server
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| programs.uwsm.waylandCompositors.<name>.extraArgs | Extra command-line arguments pass to to the compsitor.
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| networking.supplicant.<name>.configFile.path | External wpa_supplicant.conf configuration file
|
| virtualisation.fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.epmd.enable | Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),
which acts as a name server on all hosts involved in distributed
Erlang computations.
|
| networking.interfaces.<name>.virtual | Whether this interface is virtual and should be created by tunctl
|
| services.easytier.instances.<name>.settings.network_secret | EasyTier network credential used for verification and
encryption
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.ghostunnel.servers.<name>.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.matrix-synapse.workers.<name>.worker_listeners | List of ports that this worker should listen on, their purpose and their configuration.
|
| services.suricata.settings.unix-command.filename | Filename for unix-command socket.
|
| services.gdomap.enable | Whether to enable GNUstep Distributed Objects name server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| services.outline.smtp.host | Host name or IP address of the SMTP server.
|
| services.shorewall6.configs | This option defines the Shorewall configs
|
| services.kerberos_server.settings.realms.<name>.acl.*.principal | Which principal the rule applies to
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.mjolnir.pantalaimon.username | The username to login with.
|
| networking.vswitches.<name>.extraOvsctlCmds | Commands to manipulate the Open vSwitch database
|
| services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| services.postgresqlWalReceiver.receivers.<name>.synchronous | Flush the WAL data to disk immediately after it has been received
|
| networking.supplicant.<name>.extraConf | Configuration options for wpa_supplicant.conf
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals | ESP proposals to offer for the CHILD_SA
|
| users.mysql.pam.table | The name of table that maps unique login names to the passwords.
|
| services.kismet.serverName | The name of the server.
|
| services.bacula-sd.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.tls.verifyPeer | Verify peer certificate
|
| containers.<name>.allowedDevices | A list of device nodes to which the containers has access to.
|
| services.reposilite.settings.hostname | The hostname to bind to
|
| networking.vlans | This option allows you to define vlan devices that tag packets
on top of a physical interface
|
| systemd.user.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.sockets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.sockets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The base64 public key to the peer.
|
| services.prometheus.remoteWrite.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| systemd.network.networks.<name>.quickFairQueueingConfig | Each attribute in this set specifies an option in the
[QuickFairQueueing] section of the unit
|
| users.mysql.pam.logging.rHostColumn | The name of the column in the log table to which the name of the remote
host that initiates the session is stored
|
| systemd.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| containers.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| programs.nix-required-mounts.allowedPatterns.<name>.paths | A list of glob patterns, indicating which paths to expose to the sandbox
|
| services.bacula-dir.tls.verifyPeer | Verify peer certificate
|
| services.librenms.user | Name of the LibreNMS user.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.type | The type of the listener, usually http.
|
| networking.wireguard.interfaces.<name>.ips | The IP addresses of the interface.
|
| services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| systemd.user.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.port | The port to listen for HTTP(S) requests on.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.mode | File permissions on the UNIX domain socket.
|
| systemd.shutdownRamfs.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.rspamd.locals | Local configuration files, written into /etc/rspamd/local.d/{name}.
|
| networking.wireless.networks.<name>.extraConfig | Extra configuration lines appended to the network block
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| services.forgejo.dump.file | Filename to be used for the dump
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.temp | Temperature in °C at which the fan speed should be changed
|
| networking.domain | The system domain name
|
| containers.<name>.timeoutStartSec | Time for the container to start
|
| services.rss-bridge.pool | Name of phpfpm pool that is used to run web-application
|
| boot.zfs.devNodes | Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d option
|
| services.tt-rss.virtualHost | Name of the nginx virtualhost to use and setup
|
| networking.wireless.networks.<name>.auth | Use this option to configure advanced authentication methods
like EAP
|
| services.rshim.index | Specify the index to create device path /dev/rshim<index>
|
| boot.binfmt.registrations.<name>.fixBinary | Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| services.peertube-runner.instancesToRegister.<name>.registrationTokenFile | Path to a file containing a registration token for the PeerTube instance
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|