| services.echoip.virtualHost | Name of the nginx virtual host to use and setup
|
| systemd.network.networks.<name>.controlledDelayConfig | Each attribute in this set specifies an option in the
[ControlledDelay] section of the unit
|
| services.powerdns.enable | Whether to enable PowerDNS domain name server.
|
| services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| networking.interfaces.<name>.ipv4.routes.*.address | IPv4 address of the network.
|
| networking.interfaces.<name>.ipv6.routes.*.address | IPv6 address of the network.
|
| services.prometheus.scrapeConfigs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.dovecot2.group | Dovecot group name.
|
| services.misskey.reverseProxy.webserver.nginx.serverName | Name of this virtual host
|
| networking.fqdn | The fully qualified domain name (FQDN) of this host
|
| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| services.weblate.localDomain | The domain name serving your Weblate instance.
|
| services.nvme-rs.settings.email.smtp_username | SMTP username
|
| boot.loader.systemd-boot.windows.<name>.efiDeviceHandle | The device handle of the EFI System Partition (ESP) where the Windows bootloader is
located
|
| programs.zsh.ohMyZsh.theme | Name of the theme to be used by oh-my-zsh.
|
| systemd.network.networks.<name>.stochasticFairBlueConfig | Each attribute in this set specifies an option in the
[StochasticFairBlue] section of the unit
|
| networking.wireguard.interfaces.<name>.metric | Set the metric of routes related to this Wireguard interface.
|
| containers.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.type | The type of the listener, usually http.
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| networking.sits.<name>.encapsulation | Configures the type of encapsulation.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.port | The port to listen for HTTP(S) requests on.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.mode | File permissions on the UNIX domain socket.
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.mqtt2influxdb.mqtt.username | Username used to connect to the MQTT server.
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| services.strongswan-swanctl.swanctl.connections.<name>.over_time | Hard IKE_SA lifetime if rekey/reauth does not complete, as time
|
| programs.foot.theme | Theme name
|
| services.spacecookie.settings.hostname | The hostname the service is reachable via
|
| services.bookstack.mail.fromName | Mail "from" name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.aggressive | Enables Aggressive Mode instead of Main Mode with Identity
Protection
|
| fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| services.netbird.enable | Enables backward-compatible NetBird client service
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| services.openafsServer.cellName | Cell name, this server will serve.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.connections | A list of connection strings of the SQL servers to scrape metrics from
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| systemd.network.networks.<name>.hierarchyTokenBucketConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucket] section of the unit
|
| networking.wireless.networks.<name>.authProtocols | The list of authentication protocols accepted by this network
|
| services.strongswan-swanctl.swanctl.connections.<name>.unique | Connection uniqueness policy to enforce
|
| services.athens.storage.s3.bucket | Bucket name for the S3 storage backend.
|
| services.varnish.listen.*.group | Group name who owns the socket file.
|
| services.smokeping.owner | Real name of the owner of the instance
|
| services.cachix-watch-store.cacheName | Cachix binary cache name
|
| services.weechat.sessionName | Name of the screen session for weechat.
|
| boot.binfmt.registrations.<name>.preserveArgvZero | Whether to pass the original argv[0] to the interpreter
|
| programs.nix-required-mounts.allowedPatterns.<name>.onFeatures | Which requiredSystemFeatures should trigger relaxation of the sandbox
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| virtualisation.oci-containers.containers.<name>.login.username | Username for login.
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| services.rss-bridge.virtualHost | Name of the nginx or caddy virtualhost to use and setup
|
| services.netatalk.extmap | File name extension mappings
|
| services.gitlab.databaseName | GitLab database name.
|
| networking.interfaces.<name>.ipv6.addresses | List of IPv6 addresses that will be statically assigned to the interface.
|
| networking.interfaces.<name>.ipv4.addresses | List of IPv4 addresses that will be statically assigned to the interface.
|
| virtualisation.fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| virtualisation.oci-containers.containers.<name>.hostname | The hostname of the container.
|
| services.headscale.settings.dns.nameservers.global | List of nameservers to pass to Tailscale clients.
|
| services.matomo.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.monica.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.akkoma.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.gancio.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fluidd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| hardware.nvidia-container-toolkit.device-name-strategy | Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
|
| boot.binfmt.registrations.<name>.magicOrExtension | The magic number or extension to match on.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_port | Remote UDP port for IKE communication
|
| services.dependency-track.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_port | Local UDP port for IKE communication
|
| systemd.network.networks.<name>.trivialLinkEqualizerConfig | Each attribute in this set specifies an option in the
[TrivialLinkEqualizer] section of the unit
|
| services.smokeping.user | User that runs smokeping and (optionally) thttpd
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.alerta.databaseName | Name of the database instance to connect to
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.interfaces.<name>.ipv4.routes.*.type | Type of the route
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| virtualisation.fileSystems.<name>.fsType | Type of the file system
|
| services.strongswan-swanctl.swanctl.connections.<name>.rekey_time | IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
does not re-check associated credentials
|
| users.mysql.database | The name of the database containing the users
|
| networking.fqdnOrHostName | Either the fully qualified domain name (FQDN), or just the host name if
it does not exist
|
| fileSystems.<name>.device | The device as passed to mount
|
| services.athens.storage.minio.bucket | Bucket name for the minio storage backend.
|
| programs.schroot.profiles.<name>.nssdatabases | System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
|
| users.mysql.pam.logging.table | The name of the table to which logs are written.
|
| services.prosody.httpFileShare.domain | Domain name for a http_file_share service.
|
| services.strongswan-swanctl.swanctl.pools | Section defining named pools
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeout | Charon by default uses the normal retransmission mechanism and timeouts to
check the liveness of a peer, as all messages are used for liveness
checking
|
| networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| services.smokeping.hostName | DNS name for the urls generated in the cgi.
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_required | Whether a Postquantum Preshared Key (PPK) is required for this connection
|
| networking.bridges | This option allows you to define Ethernet bridge devices
that connect physical networks together
|
| containers.<name>.specialArgs | A set of special arguments to be passed to NixOS modules
|
| services.bird-lg.frontend.servers | Server name prefixes.
|
| services.ddclient.domains | Domain name(s) to synchronize.
|
| services.rke2.autoDeployCharts | Auto deploying Helm charts that are installed by the rke2 Helm controller
|
| services.prosody.uploadHttp.domain | Domain name for the http-upload service
|