| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_id | String identifying the Postquantum Preshared Key (PPK) to be used.
|
| services.gitlab.databaseUsername | GitLab database user.
|
| services.pgadmin.emailServer.username | SMTP server username for email delivery
|
| services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in)
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| services.cloudflared.tunnels.<name>.originRequest.connectTimeout | Timeout for establishing a new TCP connection to your origin server
|
| services.factorio.loadLatestSave | Load the latest savegame on startup
|
| boot.binfmt.registrations.<name>.matchCredentials | Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit)
|
| services.firezone.server.smtp.username | Username to authenticate against the SMTP relay
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails | List of emails to allow access to this vhost, or null to allow all.
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| services.discourse.admin.username | The admin user username.
|
| services.gancio.user | The user (and PostgreSQL database name) used to run the gancio server
|
| services.gitlab.host | GitLab host name
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.tlsrpt.reportd.settings.dbname | Path to the sqlite database.
|
| services.pantalaimon-headless.instances.<name>.listenAddress | The address where the daemon will listen to client connections
for this homeserver.
|
| services.gitlab-runner.services.<name>.environmentVariables | Custom environment variables injected to build environment
|
| services.gitea.dump.file | Filename to be used for the dump
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.password | |
| services.icingaweb2.modules.monitoring.transports.<name>.type | Type of this transport
|
| services.cntlm.domain | Proxy account domain/workgroup name.
|
| services.radicle.httpd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.radicle.httpd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.authelia.instances.<name>.settings.telemetry.metrics.address | The address to listen on for metrics
|
| boot.loader.systemd-boot.extraEntries | Any additional entries you want added to the systemd-boot menu
|
| services.postgresqlWalReceiver.receivers.<name>.compress | Enables gzip compression of write-ahead logs, and specifies the compression level
(0 through 9, 0 being no compression and 9 being best compression)
|
| users.mysql.pam.updateTable | The name of the table used for password alteration
|
| services.icingaweb2.modules.monitoring.transports.<name>.host | Host for the api or remote transport
|
| services.fcron.allow | Users allowed to use fcrontab and fcrondyn (one name per
line, all for everyone).
|
| services.hddfancontrol.settings.<drive-bay-name>.logVerbosity | Verbosity of the log level
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.icingaweb2.modules.monitoring.transports.<name>.path | Path to the socket for local or remote transports
|
| services.icingaweb2.modules.monitoring.transports.<name>.port | Port to connect to for the api or remote transport
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.strongswan-swanctl.swanctl.connections.<name>.dscp | Differentiated Services Field Codepoint to set on outgoing IKE packets for
this connection
|
| services.mainsail.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.pixelfed.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.mainsail.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.pixelfed.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fediwall.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.dolibarr.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.agorakit.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.librenms.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.librenms.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.agorakit.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.kanboard.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.dolibarr.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fediwall.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.kanboard.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.icingaweb2.modules.monitoring.backends.<name>.disabled | Disable this backend
|
| services.syncplay.maxUsernameLength | Maximum number of characters in a username.
|
| services.pantalaimon-headless.instances.<name>.extraSettings | Extra configuration options
|
| services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects | Allow localhost redirects
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.icecream.daemon.hostname | Hostname of the daemon in the icecream infrastructure
|
| services.tor.torsocks.socks5Username | SOCKS5 username
|
| security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| services.tayga.tunDevice | Name of the nat64 tun device.
|
| networking.networkmanager.insertNameservers | A list of name servers that should be inserted before
the ones configured in NetworkManager or received by DHCP.
|
| networking.networkmanager.appendNameservers | A list of name servers that should be appended
to the ones configured in NetworkManager or received by DHCP.
|
| services.pihole-web.hostName | Domain name for the website.
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.icingaweb2.libraryPaths | Libraries to add to the Icingaweb2 library path
|
| services.zoneminder.hostname | The hostname on which to listen.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.starttls | set to true for using STARTTLS to start a TLS connection
|
| services.cyrus-imap.user | Cyrus IMAP user name
|
| services.limesurvey.nginx.virtualHost.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.onlyoffice.hostname | FQDN for the OnlyOffice instance.
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| services.mail.sendmailSetuidWrapper.program | The name of the wrapper program
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| services.code-server.host | The host name or IP address the server should listen to.
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| services.syncthing.settings.folders.<name>.ignorePatterns | Syncthing can be configured to ignore certain files in a folder using ignore patterns
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| services.avahi.domainName | Domain name for all advertisements.
|
| services.hqplayerd.auth.username | Username used for HQPlayer's WebUI
|
| containers.<name>.allowedDevices.*.modifier | Device node access modifier
|
| services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| services.hadoop.hdfs.namenode.openFirewall | Open firewall ports for HDFS NameNode.
|
| services.patroni.scope | Cluster name.
|
| services.tailscale.serve.services | Services to configure for Tailscale Serve
|
| services.vikunja.frontendHostname | The Hostname under which the frontend is running.
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.murmur.user | The name of an existing user to use to run the service
|
| services.nscd.config | Configuration to use for Name Service Cache Daemon
|
| services.avahi.hostName | Host name advertised on the LAN
|