| networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| services.dovecot2.imapsieve.mailbox.*.causes | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when one of the listed IMAPSIEVE causes apply
|
| services.roundcube.enable | Whether to enable roundcube
|
| networking.wlanInterfaces.<name>.meshID | MeshID of interface with type mesh.
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| programs.xfs_quota.projects.<name>.fileSystem | XFS filesystem hosting the xfs_quota project.
|
| services.strongswan-swanctl.swanctl.connections.<name>.proposals | A proposal is a set of algorithms
|
| services.hickory-dns.settings.zones.*.zone | Zone name, like "example.com", "localhost", or "0.0.127.in-addr.arpa".
|
| boot.initrd.luks.devices.<name>.bypassWorkqueues | Whether to bypass dm-crypt's internal read and write workqueues
|
| services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| services.strongswan-swanctl.swanctl.connections.<name>.reauth_time | Time to schedule IKE reauthentication
|
| systemd.network.networks.<name>.ipv6PREF64Prefixes | A list of IPv6PREF64Prefix sections to be added to the unit
|
| services.vault-agent.instances | Attribute set of vault-agent instances
|
| services.btrbk.extraPackages | Extra packages for btrbk, like compression utilities for stream_compress.
Note: This option will get deprecated in future releases
|
| services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| containers.<name>.path | As an alternative to specifying
config, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
|
| openstack.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.portunus.dex.oidcClients | List of OIDC clients
|
| services.slskd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.movim.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.davis.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.xserver.xrandrHeads.*.output | The output name of the monitor, as shown by
xrandr(1) invoked without arguments.
|
| boot.initrd.luks.devices.<name>.fido2.credentials | List of FIDO2 credential IDs
|
| services.prometheus.remoteWrite.*.basic_auth.username | HTTP username
|
| services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.samba.usershares.group | Name of the group members of which will be allowed to create usershares
|
| networking.wg-quick.interfaces.<name>.postDown | Command called after the interface is taken down.
|
| services.bitwarden-directory-connector-cli.ldap.username | The user to authenticate as.
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| image.repart.partitions.<name>.stripNixStorePrefix | Whether to strip /nix/store/ from the store paths
|
| services.bitwarden-directory-connector-cli.ldap.hostname | The host the LDAP is accessible on.
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| programs.schroot.profiles.<name>.copyfiles | A list of files to copy into the chroot from the host system.
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| services.forgejo.settings.server.DOMAIN | Domain name of your server.
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| networking.wlanInterfaces.<name>.type | The type of the WLAN interface
|
| networking.wlanInterfaces.<name>.flags | Flags for interface of type monitor.
|
| networking.supplicant.<name>.driver | Force a specific wpa_supplicant driver.
|
| containers.<name>.extraVeths | Extra veth-pairs to be created for the container.
|
| services.snipe-it.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.writefreely.host | The public host name to serve.
|
| services.multipath.devices.*.prio | The name of the path priority routine
|
| services.slurm.dbdserver.storageUser | Database user name.
|
| services.rustus.storage.s3_region | S3 region name.
|
| services.matrix-synapse.settings.listeners.*.resources.*.names | List of resources to host on this listener.
|
| systemd.network.networks.<name>.ipv6RoutePrefixes | A list of ipv6RoutePrefix sections to be added to the unit
|
| services.nullmailer.config.defaulthost | The content of this attribute is appended to any address that
is missing a host name
|
| system.nixos.codeName | The NixOS release code name (e.g. Emu).
|
| services.zabbixWeb.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.cadvisor.storageDriverDb | Cadvisord storage driver database name.
|
| networking.wireless.networks.<name>.bssid | If set, this network block is used only when associating with
the AP using the configured BSSID.
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.ntopng.redis.createInstance | Local Redis instance name
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.postfix.networksStyle | Name of standard way of trusted network specification to use,
leave blank if you specify it explicitly or if you want to use
default (localhost-only).
|
| networking.interfaces.<name>.wakeOnLan.enable | Whether to enable wol on this interface.
|
| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| security.auditd.plugins.<name>.direction | The option is dictated by the plugin
|
| containers.<name>.bindMounts | An extra list of directories that is bound to the container.
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.bookstack.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.tabby.model | Specify the model that tabby will use to generate completions
|
| networking.wireless.networks.<name>.hidden | Set this to true if the SSID of the network is hidden.
|
| services.multipath.pathGroups.*.alias | The name of the multipath device
|
| services.nextcloud.autoUpdateApps.startAt | When to run the update
|
| services.prometheus.exporters.fritz.settings.devices.*.hostname | Hostname under which the target device is reachable.
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| networking.vswitches.<name>.openFlowRules | OpenFlow rules to insert into the Open vSwitch
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base | Defines the base URI for the Hash and URL feature supported by
IKEv2
|
| services.athens.index.postgres.database | Database name for the Postgres database.
|
| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| systemd.network.networks.<name>.routingPolicyRules | A list of routing policy rules sections to be added to the unit
|
| security.ipa.ipaHostname | Fully-qualified hostname used to identify this host in the IPA domain.
|
| systemd.user.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.nextcloud.settings.mail_smtpname | This depends on mail_smtpauth
|
| services.oncall.settings.db.conn.kwargs.database | Database name.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.stargazer.routes | Routes that Stargazer should server
|
| services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.username | HTTP username
|
| programs.proxychains.proxies.<name>.enable | Whether to enable this proxy.
|
| networking.supplicant.<name>.extraCmdArgs | Command line arguments to add when executing wpa_supplicant.
|
| boot.binfmt.registrations.<name>.offset | The byte offset of the magic number used for recognition.
|
| services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.matomo.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.fluidd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| networking.macvlans.<name>.interface | The interface the macvlan will transmit packets through.
|
| services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.jibri.xmppEnvironments.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.openvscode-server.host | The host name or IP address the server should listen to.
|