| services.coturn.cli-password | CLI access password
|
| security.sudo.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| boot.swraid.enable | Whether to enable support for Linux MD RAID arrays
|
| services.restic.backups.<name>.runCheck | Whether to run the check command with the provided checkOpts options.
|
| services.surrealdb.extraFlags | Specify a list of additional command line flags.
|
| services.xbanish.arguments | Arguments to pass to xbanish command
|
| services.vmalert.settings | vmalert configuration, passed via command line flags
|
| services.icecream.daemon.extraArgs | Additional command line parameters.
|
| services.certmgr.svcManager | This specifies the service manager to use for restarting or reloading services
|
| nix.buildMachines.*.publicHostKey | The (base64-encoded) public host key of this builder
|
| services.davis.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| security.sudo-rs.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| services.movim.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.syncthing.extraFlags | Extra flags passed to the syncthing command in the service definition.
|
| security.run0.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via run0.
|
| boot.loader.systemd-boot.editor | Whether to allow editing the kernel command-line before
boot
|
| services.hadoop.hdfs.httpfs.extraFlags | Extra command line flags to pass to HDFS JournalNode
|
| services.tailscale.extraSetFlags | Extra flags to pass to tailscale set.
|
| services.minetest-server.extraArgs | Additional command line flags to pass to the minetest executable.
|
| services.snipe-it.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.xandikos.extraOptions | Extra command line arguments to pass to xandikos.
|
| security.sudo.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| security.doas.wheelNeedsPassword | Whether users of the wheel group must provide a password to
run commands as super user via doas.
|
| services.endlessh.extraOptions | Additional command line options to pass to the endlessh daemon.
|
| boot.loader.grub.users | User accounts for GRUB
|
| services.rkvm.server.settings.key | TLS key path.
This should be generated with rkvm-certificate-gen.
|
| services.varnish.extraCommandLine | Command line switches for varnishd (run 'varnishd -?' to get list of options)
|
| system.switch.inhibitors | Attribute set of strings that will prevent switching into a configuration when
they change
|
| security.sudo-rs.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| services.gocd-server.extraOptions | Specifies additional command line arguments to pass to Go
|
| services.jenkins.extraJavaOptions | Additional command line arguments to pass to the Java run time (as opposed to Jenkins).
|
| services.gocd-agent.startupOptions | Specifies startup command line arguments to pass to Go
|
| services.calibre-server.extraFlags | Extra flags to pass to the calibre-server command
|
| services.duplicity.extraFlags | Extra command-line flags passed to duplicity
|
| services.scollector.extraOpts | Extra scollector command line options
|
| services.tailscale.extraUpFlags | Extra flags to pass to tailscale up
|
| services.sitespeed-io.runs.*.extraArgs | Extra command line arguments to pass to the program.
|
| services.openssh.startWhenNeeded | If set, sshd is socket-activated; that
is, instead of having it permanently running as a daemon,
systemd will start an instance for each incoming connection.
|
| services.ddclient.interval | The interval at which to run the check and update
|
| services.endlessh-go.extraOptions | Additional command line options to pass to the endlessh-go daemon.
|
| services.fluidd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.akkoma.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.gancio.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.lighthouse.extraArgs | Additional arguments passed to every lighthouse command.
|
| nix.settings | Configuration for Nix, see
https://nixos.org/manual/nix/stable/command-ref/conf-file.html or
nix.conf(5) for available options
|
| services.matomo.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.monica.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.prometheus.exporters.script.settings | Free-form configuration for script_exporter, expressed as a Nix attrset and rendered to YAML.
Migration note:
The previous format using script = "sleep 5" is no longer supported
|
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| programs.neovim.configure | Generate your init file from your list of plugins and custom commands
|
| services.airsonic.jvmOptions | Extra command line options for the JVM running AirSonic
|
| services.iodine.clients.<name>.extraConfig | Additional command line parameters
|
| services.snapraid.sync.interval | How often to run snapraid sync.
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| services.xinetd.services.*.serverArgs | Command-line arguments for the server program.
|
| nixpkgs.flake.setNixPath | Whether to set NIX_PATH to include nixpkgs=flake:nixpkgs such that <nixpkgs>
lookups receive the version of nixpkgs that the system was built with, in concert with
nixpkgs.flake.setFlakeRegistry
|
| services.magnetico.web.credentials | The credentials to access the web interface, in case authentication is
enabled, in the format username:hash
|
| services.magnetico.web.credentialsFile | The path to the file holding the credentials to access the web
interface
|
| services.unclutter.extraOptions | More arguments to pass to the unclutter command
|
| services.pfix-srsd.secretsFile | The secret data used to encode the SRS address.
to generate, use a command like:
for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done
|
| services.gocd-server.startupOptions | Specifies startup command line arguments to pass to Go
|
| services.infnoise.fillDevRandom | Whether to run the infnoise driver as a daemon to refill /dev/random
|
| services.c2fmzq-server.settings | Configuration for c2FmZQ-server passed as CLI arguments
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| programs.captive-browser.dhcp-dns | The shell (/bin/sh) command executed to obtain the DHCP
DNS server address
|
| security.pam.u2f.settings.appid | By default pam-u2f module sets the application
ID to pam://$HOSTNAME
|
| services.slurm.controlMachine | The short hostname of the machine where SLURM control functions are
executed (i.e. the name returned by the command "hostname -s", use "tux001"
rather than "tux001.my.com").
|
| services.locate.interval | Update the locate database at this interval
|
| services.mysqlBackup.gzipOptions | Command line options to use when invoking gzip
|
| services.pdfding.gunicorn.extraArgs | Command line arguments passed to Gunicorn server.
|
| services.yggdrasil-jumper.extraArgs | Extra command line arguments for Yggdrasil Jumper.
|
| services.znapzend.zetup.<name>.destinations.<name>.postsend | Command to run after sending the snapshot to the destination
|
| services.borgbackup.jobs.<name>.postInit | Shell commands to run after borg init.
|
| services.apcupsd.enable | Whether to enable the APC UPS daemon. apcupsd monitors your UPS and
permits orderly shutdown of your computer in the event of a power
failure
|
| services.snapraid.scrub.interval | How often to run snapraid scrub.
|
| services.hardware.lcd.server.usbPermissions | Set group-write permissions on a USB device
|
| programs.sway.wrapperFeatures.base | Whether to enable the base wrapper to execute extra session commands and prepend a
dbus-run-session to the sway command.
|
| services.buildkite-agents.<name>.shell | Command that buildkite-agent 3 will execute when it spawns a shell.
|
| services.opensmtpd.extraServerArgs | Extra command line arguments provided when the smtpd process
is started.
|
| services.tailscale.extraDaemonFlags | Extra flags to pass to tailscaled.
|
| services.postfix.masterConfig.<name>.args | Arguments to pass to the command
|
| programs.regreet.enable | Enable ReGreet, a clean and customizable greeter for greetd
|
| services.displayManager.generic.execCmd | Command to start the display manager.
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.rustdesk-server.relay.extraArgs | A list of extra command line arguments to pass to the hbbr process.
|
| services.tinc.networks.<name>.debugLevel | The amount of debugging information to add to the log. 0 means little
logging while 5 is the most logging. man tincd for
more details.
|
| systemd.network.networks.<name>.enable | Whether to manage network configuration using systemd-network
|
| services.zapret.params | Specify the bypass parameters for Zapret binary
|
| services.coturn.listening-ips | Listener IP addresses of relay server
|
| programs.hyprland.enable | Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks
|
| services.hadoop.hdfs.datanode.extraFlags | Extra command line flags to pass to HDFS DataNode
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| services.magnetico.web.extraOptions | Extra command line arguments to pass to magneticow.
|
| services.restic.backups.<name>.paths | Which paths to backup, in addition to ones specified via
dynamicFilesFrom
|
| services.etebase-server.enable | Whether to enable the Etebase server
|
| security.pam.services.<name>.forwardXAuth | Whether X authentication keys should be passed from the
calling user to the target user (e.g. for
su)
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| services.gitlab-runner.clear-docker-cache.flags | Any additional flags passed to clear-docker-cache.
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|