| services.outline.smtp.host | Host name or IP address of the SMTP server.
|
| users.extraUsers.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.influxdb2.provision.organizations.<name>.present | Whether to ensure that this organization is present or absent.
|
| systemd.timers.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.slices.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.influxdb2.provision.initialSetup.username | Primary username
|
| security.ipa.ipaHostname | Fully-qualified hostname used to identify this host in the IPA domain.
|
| services.peertube-runner.instancesToRegister.<name>.runnerDescription | Runner description declared to the PeerTube instance.
|
| systemd.network.networks.<name>.flowQueuePIEConfig | Each attribute in this set specifies an option in the
[FlowQueuePIE] section of the unit
|
| boot.specialFileSystems.<name>.options | Options used to mount the file system
|
| boot.specialFileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.postgresqlWalReceiver.receivers.<name>.postgresqlPackage | The postgresql package to use.
|
| services.baikal.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.strongswan-swanctl.swanctl.connections.<name>.aggressive | Enables Aggressive Mode instead of Main Mode with Identity
Protection
|
| fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| systemd.paths.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| networking.jool.nat64.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.forgejo.dump.file | Filename to be used for the dump
|
| networking.interfaces.<name>.useDHCP | Whether this interface should be configured with DHCP
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| services.rke2.nodeName | Node name.
|
| services.postgresqlWalReceiver.receivers.<name>.synchronous | Flush the WAL data to disk immediately after it has been received
|
| security.apparmor.policies.<name>.profile | The profile file contents
|
| boot.initrd.luks.devices.<name>.fido2.credentials | List of FIDO2 credential IDs
|
| systemd.network.networks.<name>.ipv6Prefixes | A list of ipv6Prefix sections to be added to the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_port | Local UDP port for IKE communication
|
| services.epmd.enable | Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),
which acts as a name server on all hosts involved in distributed
Erlang computations.
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| programs.uwsm.waylandCompositors.<name>.prettyName | The full name of the desktop entry file.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| services.code-server.host | The host name or IP address the server should listen to.
|
| networking.wireless.networks.<name>.pskRaw | Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
networking.wireless.secretsFile and prefixed
with ext:) containing the network pre-shared key.
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
Mutually exclusive with psk and auth.
|
| services.strongswan-swanctl.swanctl.connections.<name>.rekey_time | IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
does not re-check associated credentials
|
| services.prometheus.exporters.py-air-control.deviceHostname | The hostname of the air purification device from which to scrape the metrics.
|
| systemd.user.sockets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.user.targets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.network.networks.<name>.pfifoHeadDropConfig | Each attribute in this set specifies an option in the
[PFIFOHeadDrop] section of the unit
|
| systemd.network.networks.<name>.dhcpServerConfig | Each attribute in this set specifies an option in the
[DHCPServer] section of the unit
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| services.tayga.tunDevice | Name of the nat64 tun device.
|
| services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| services.rshim.index | Specify the index to create device path /dev/rshim<index>
|
| systemd.user.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.prometheus.remoteWrite.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| services.cyrus-imap.group | Cyrus IMAP group name
|
| networking.bonds.<name>.driverOptions | Options for the bonding driver
|
| services.pcscd.extendReaderNames | String to append to every reader name
|
| services.mysql.galeraCluster.localName | The unique name that identifies this particular node within the cluster
|
| systemd.network.networks.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of the unit
|
| systemd.network.networks.<name>.ipv6AcceptRAConfig | Each attribute in this set specifies an option in the
[IPv6AcceptRA] section of the unit
|
| services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|
| networking.fooOverUDP.<name>.protocol | Protocol number of the encapsulated packets
|
| networking.wg-quick.interfaces.<name>.dns | The IP addresses of DNS servers to configure.
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.samba.nmbd.enable | Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
service requests
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_port | Remote UDP port for IKE communication
|
| services.strongswan-swanctl.swanctl.connections.<name>.childless | Use childless IKE_SA initiation (allow, prefer, force or never)
|
| services.pihole-web.hostName | Domain name for the website.
|
| services.murmur.group | The name of an existing group to use to run the service
|
| services.ghostunnel.servers.<name>.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| systemd.sockets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.heisenbridge.namespaces | Configure the 'namespaces' section of the registration.yml for the bridge and the server
|
| services.bacula-sd.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.tls.verifyPeer | Verify peer certificate
|
| networking.nftables.tables.<name>.content | The table content.
|
| services.matrix-synapse.workers.<name>.worker_listeners | List of ports that this worker should listen on, their purpose and their configuration.
|
| users.mysql.pam.userColumn | The name of the column that contains a unix login name.
|
| services.nscd.enable | Whether to enable the Name Service Cache Daemon
|
| services.firezone.server.provision.accounts.<name>.features.flow_activities | Whether to enable the flow_activities feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.traffic_filters | Whether to enable the traffic_filters feature for this account.
|
| services.prometheus.exporters.fritz.settings.devices.*.hostname | Hostname under which the target device is reachable.
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| networking.vlans.<name>.interface | The interface the vlan will transmit packets through.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeout | Charon by default uses the normal retransmission mechanism and timeouts to
check the liveness of a peer, as all messages are used for liveness
checking
|
| users.ldap.base | The distinguished name of the search base.
|
| networking.wg-quick.interfaces.<name>.preUp | Commands called at the start of the interface setup.
|
| systemd.network.networks.<name>.addresses | A list of address sections to be added to the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.proposals | A proposal is a set of algorithms
|
| services.gammu-smsd.backend.sql.user | User name used for connection to the database
|
| systemd.sockets.<name>.listenDatagrams | For each item in this list, a ListenDatagram
option in the [Socket] section will be created.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name | Name of the filter
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| services.strongswan-swanctl.swanctl.connections.<name>.keyingtries | Number of retransmission sequences to perform during initial
connect
|
| security.auditd.plugins.<name>.direction | The option is dictated by the plugin
|
| services.bacula-dir.tls.verifyPeer | Verify peer certificate
|
| systemd.slices.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.timers.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.avahi.domainName | Domain name for all advertisements.
|
| services.mqtt2influxdb.influxdb.username | Username for InfluxDB login.
|
| services.rss-bridge.pool | Name of phpfpm pool that is used to run web-application
|