| boot.zfs.devNodes | Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d option
|
| services.smokeping.user | User that runs smokeping and (optionally) thttpd
|
| services.openafsServer.cellName | Cell name, this server will serve.
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| services.mastodon.user | User under which mastodon runs
|
| services.httpd.extraModules | Additional Apache modules to be used
|
| services.caddy.adapter | Name of the config adapter to use
|
| programs.tsmClient.defaultServername | If multiple server stanzas are declared with
programs.tsmClient.servers,
this option may be used to name a default
server stanza that IBM TSM uses in the absence of
a user-defined dsm.opt file
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| containers.<name>.bindMounts.<name>.isReadOnly | Determine whether the mounted path will be accessed in read-only mode.
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| services.sanoid.datasets.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.smokeping.owner | Real name of the owner of the instance
|
| services.cachix-watch-store.cacheName | Cachix binary cache name
|
| services.weechat.sessionName | Name of the screen session for weechat.
|
| networking.wireguard.interfaces.<name>.metric | Set the metric of routes related to this Wireguard interface.
|
| services.unpoller.influxdb.db | Database name
|
| systemd.network.networks.<name>.hierarchyTokenBucketConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucket] section of the unit
|
| users.mysql.pam.logging.userColumn | The name of the column in the log table to which the name of the
user being authenticated is stored.
|
| users.mysql.pam.logging.hostColumn | The name of the column in the log table to which the name of the user
being authenticated is stored.
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| boot.binfmt.registrations.<name>.preserveArgvZero | Whether to pass the original argv[0] to the interpreter
|
| systemd.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| services.gitlab.databaseName | GitLab database name.
|
| hardware.nvidia-container-toolkit.device-name-strategy | Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
|
| services.misskey.reverseProxy.host | The fully qualified domain name to bind to
|
| networking.wireless.networks.<name>.authProtocols | The list of authentication protocols accepted by this network
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.samba.winbindd.enable | Whether to enable Samba's winbindd, which provides a number of services
to the Name Service Switch capability found in most modern C libraries,
to arbitrary applications via PAM and ntlm_auth and to Samba itself.
|
| services.alerta.databaseName | Name of the database instance to connect to
|
| services.dovecot2.user | Dovecot user name.
|
| services.xserver.videoDriver | The name of the video driver for your graphics card
|
| services.resolved.llmnr | Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host
|
| systemd.network.networks.<name>.trivialLinkEqualizerConfig | Each attribute in this set specifies an option in the
[TrivialLinkEqualizer] section of the unit
|
| services.smokeping.hostName | DNS name for the urls generated in the cgi.
|
| services.athens.storage.mongo.defaultDBName | Name of the mongo database.
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| programs.nix-required-mounts.allowedPatterns.<name>.onFeatures | Which requiredSystemFeatures should trigger relaxation of the sandbox
|
| services.keyd.keyboards | Configuration for one or more device IDs
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| services.sanoid.templates.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| services.factorio.stateDirName | Name of the directory under /var/lib holding the server's data
|
| services.firezone.server.provision.accounts.<name>.features.multi_site_resources | Whether to enable the multi_site_resources feature for this account.
|
| services.acme-dns.settings.general.domain | Domain name to serve the requests off of.
|
| services.unpoller.unifi.defaults.user | Unifi service user name.
|
| containers.<name>.bindMounts.<name>.mountPoint | Mount point on the container file system.
|
| networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| services.ddclient.domains | Domain name(s) to synchronize.
|
| services.lasuite-docs.settings.DB_NAME | Name of the database
|
| services.lasuite-meet.settings.DB_NAME | Name of the database
|
| boot.binfmt.registrations.<name>.magicOrExtension | The magic number or extension to match on.
|
| programs.schroot.profiles.<name>.nssdatabases | System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
|
| services.zfs.autoSnapshot.flags | Flags to pass to the zfs-auto-snapshot command
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| networking.wireless.networks.<name>.priority | By default, all networks will get same priority group (0)
|
| services.pangolin.baseDomain | Your base fully qualified domain name (without any subdomains).
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.gancio.settings.db.database | Name of the PostgreSQL database
|
| services.syncplay.useACMEHost | If set, use NixOS-generated ACME certificate with the specified name for TLS
|
| services.supybot.plugins | Attribute set of additional plugins that will be symlinked to the
plugin subdirectory
|
| services.cloudlog.database.user | MySQL user name.
|
| services.restic.server.privateRepos | Enable private repos
|
| services.oncall.settings.db.conn.kwargs.database | Database name.
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| networking.vswitches.<name>.interfaces | The physical network interfaces connected by the vSwitch.
|
| services.tabby.model | Specify the model that tabby will use to generate completions
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| services.vault.storageBackend | The name of the type of storage backend
|
| services.portunus.ldap.searchUserName | The login name of the search user
|
| services.shairport-sync.user | User account name under which to run shairport-sync
|
| services.hatsu.settings.HATSU_DOMAIN | The domain name of your instance (eg 'hatsu.local').
|
| networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.interfaces.<name>.ipv4.routes.*.type | Type of the route
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| networking.ipips.<name>.encapsulation.limit | For an IPv6-based tunnel, the maximum number of nested
encapsulation to allow. 0 means no nesting, "none" unlimited.
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| services.jigasi.defaultJvbRoomName | Name of the default JVB room that will be joined if no special header is included in SIP invite.
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| systemd.network.networks.<name>.hierarchyTokenBucketClassConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucketClass] section of the unit
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name | Name of the filter
|
| services.pds.settings.PDS_HOSTNAME | Instance hostname (base domain name)
|
| networking.interfaces.<name>.ipv4.routes.*.address | IPv4 address of the network.
|
| networking.interfaces.<name>.ipv6.routes.*.address | IPv6 address of the network.
|
| hardware.fw-fanctrl.config.strategies.<name>.fanSpeedUpdateFrequency | How often the fan speed should be updated in seconds
|
| services.biboumi.settings.realname_from_jid | Whether the realname and username of each biboumi
user will be extracted from their JID
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| services.samba-wsdd.workgroup | Set workgroup name (default WORKGROUP).
|
| services.smokeping.linkStyle | DNS name for the urls generated in the cgi.
|
| services.parsedmarc.provision.localMail.recipientName | The DMARC mail recipient name, i.e. the name part of the
email address which receives DMARC reports
|