| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| services.gitlab-runner.services.<name>.buildsDir | Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
|
| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|
| services.radicle.httpd.nginx.locations.<name>.root | Root directory for requests.
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| systemd.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.dokuwiki.sites.<name>.extraConfigs | Path(s) to additional configuration files that are then linked to the 'conf' directory.
|
| services.fedimintd.<name>.nginx.path_ui | Path to host the built-in UI on and forward to the daemon's api port
|
| services.firewalld.zones.<name>.sources | Source addresses, address ranges, MAC addresses or ipsets to bind.
|
| services.borgbackup.jobs.<name>.extraArgs | Additional arguments for all borg calls the
service has
|
| services.openssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.snapper.configs.<name>.ALLOW_GROUPS | List of groups allowed to operate with the config
|
| services.wstunnel.servers.<name>.listen | Address and port to listen on
|
| networking.vlans.<name>.id | The vlan identifier
|
| services.auto-epp.settings.Settings.epp_state_for_BAT | energy_performance_preference when on battery
See available epp states by running:
cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences
|
| users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| services.borgbackup.jobs.<name>.appendFailedSuffix | Append a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
|
| networking.sits.<name>.dev | The underlying network device on which the tunnel resides.
|
| systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| users.users.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.warpgate.settings.sso_providers.*.provider | SSO provider configurations.
|
| services.tahoe.introducers.<name>.tub.port | The port on which the introducer will listen.
|
| programs.ssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.sabnzbd.settings.misc.inet_exposure | Restrictions for access from non-local IP addresses
|
| services.gitlab-runner.services.<name>.dockerImage | Docker image to be used.
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.fedimintd.<name>.nginx.config.kTLS | Whether to enable kTLS support
|
| services.drupal.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.homebridge.settings.accessories.*.accessory | Accessory type
|
| services.nginx.upstreams.<name>.extraConfig | These lines go to the end of the upstream verbatim.
|
| services.syncoid.commands.<name>.service | Systemd configuration specific to this syncoid service.
|
| services.tarsnap.archives.<name>.verbose | Whether to produce verbose logging output.
|
| services.anubis.instances.<name>.extraFlags | A list of extra flags to be passed to Anubis.
|
| services.vault-agent.instances.<name>.enable | Whether to enable this vault-agent instance.
|
| services.system76-scheduler.settings.cfsProfiles.default.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.kanidm.server.settings.ldapbindaddress | Address and port the LDAP server is bound to
|
| services.kanata.keyboards.<name>.config | Configuration other than defcfg
|
| services.wordpress.sites.<name>.poolConfig | Options for the WordPress PHP pool
|
| services.bcg.mqtt.username | MQTT server access username.
|
| services.anki-sync-server.users.*.username | User name accepted by anki-sync-server.
|
| programs.openvpn3.log-service.settings.log_level | How verbose should the logging be
|
| environment.etc.<name>.user | User name of file owner
|
| services.znapzend.zetup.<name>.mbuffer.port | Port to use for mbuffer
|
| services.nsd.zones.<name>.dnssecPolicy.algorithm | Which algorithm to use for DNSSEC
|
| systemd.user.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| services.bonsaid.settings.*.delay_duration | Nanoseconds to wait after the previous state change before performing this transition
|
| services.tahoe.nodes.<name>.storage.reservedSpace | The amount of filesystem space to not use for storage.
|
| systemd.user.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.warpgate.settings.http.session_max_age | How long until a logged in session expires.
|
| services.drupal.sites.<name>.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|
| services.buildkite-agents.<name>.hooks | "Agent" hooks to install
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.sanoid.datasets.<name>.autosnap | Whether to automatically take snapshots.
|
| services.prosody.virtualHosts.<name>.enabled | Whether to enable the virtual host
|
| services.blockbook-frontend.<name>.rpc.url | URL for JSON-RPC connections.
|
| services.jupyterhub.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.wstunnel.clients.<name>.connectTo | Server address and port to connect to.
|
| services.webhook.hooks.<name>.execute-command | The command that should be executed when the hook is triggered.
|
| services.nextcloud.settings.mail_smtpdebug | Enable SMTP class debugging.
loglevel will likely need to be adjusted too.
See docs.
|
| services.hylafax.modems.<name>.config | Attribute set of values for the given modem
|
| services.stash.settings.preview_segments | Number of segments in a preview file
|
| services.stash.settings.sound_on_preview | Enable sound on mouseover previews
|
| services.spiped.config.<name>.resolveRefresh | Resolution refresh time for the target socket, in seconds.
|
| systemd.services.<name>.requisite | Similar to requires
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| systemd.user.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.prometheus.exporters.fritz.settings.devices.*.host_info | Enable extended host info for this device. Warning: This will heavily increase scrape time.
|
| services.synapse-auto-compressor.settings.chunk_size | The number of state groups to work on at once
|
| services.fedimintd.<name>.nginx.config.listen.*.ssl | Enable SSL.
|
| services.znc.confOptions.networks.<name>.modules | ZNC network modules to load.
|
| networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| users.extraUsers.<name>.subUidRanges.*.count | Count of subordinate user ids
|
| services.wordpress.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.tor.relay.onionServices.<name>.secretKey | Secret key of the onion service
|
| services.sanoid.templates.<name>.monthly | Number of monthly snapshots.
|
| services.akkoma.frontends.<name>.package | Akkoma frontend package.
|
| services.vdirsyncer.jobs.<name>.configFile | existing configuration file
|
| services.nylon.<name>.acceptInterface | Tell nylon which interface to listen for client requests on, default is "lo".
|
| services.buildkite-agents.<name>.shell | Command that buildkite-agent 3 will execute when it spawns a shell.
|
| services.filebeat.settings.output.elasticsearch.hosts | The list of Elasticsearch nodes to connect to
|
| services.v4l2-relayd.instances.<name>.enable | Whether to enable this v4l2-relayd instance.
|
| services.matrix-appservice-irc.settings.database.connectionString | The database connection string
|
| services.livekit.settings.rtc.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| services.wstunnel.clients.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.borgbackup.jobs.<name>.postHook | Shell commands to run just before exit
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| services.borgbackup.repos.<name>.group | The group borg serve is run as
|