| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| virtualisation.fileSystems.<name>.fsType | Type of the file system
|
| services.strongswan-swanctl.swanctl.connections.<name>.rekey_time | IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
does not re-check associated credentials
|
| users.mysql.database | The name of the database containing the users
|
| networking.fqdnOrHostName | Either the fully qualified domain name (FQDN), or just the host name if
it does not exist
|
| fileSystems.<name>.device | The device as passed to mount
|
| services.athens.storage.minio.bucket | Bucket name for the minio storage backend.
|
| programs.schroot.profiles.<name>.nssdatabases | System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
|
| users.mysql.pam.logging.table | The name of the table to which logs are written.
|
| services.prosody.httpFileShare.domain | Domain name for a http_file_share service.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeout | Charon by default uses the normal retransmission mechanism and timeouts to
check the liveness of a peer, as all messages are used for liveness
checking
|
| networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| services.smokeping.hostName | DNS name for the urls generated in the cgi.
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_required | Whether a Postquantum Preshared Key (PPK) is required for this connection
|
| networking.bridges | This option allows you to define Ethernet bridge devices
that connect physical networks together
|
| containers.<name>.specialArgs | A set of special arguments to be passed to NixOS modules
|
| services.bird-lg.frontend.servers | Server name prefixes.
|
| services.ddclient.domains | Domain name(s) to synchronize.
|
| services.rke2.autoDeployCharts | Auto deploying Helm charts that are installed by the rke2 Helm controller
|
| services.prosody.uploadHttp.domain | Domain name for the http-upload service
|
| systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| services.tomcat.virtualHosts | List consisting of a virtual host name and a list of web applications to deploy on each virtual host
|
| services.outline.storage.region | AWS S3 region name.
|
| security.dhparams.params | Diffie-Hellman parameters to generate
|
| services.tlsrpt.reportd.settings.organization_name | Name of the organization sending out the reports.
|
| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| services.strongswan-swanctl.swanctl.connections.<name>.keyingtries | Number of retransmission sequences to perform during initial
connect
|
| services.athens.index.mysql.database | Database name for the MySQL database.
|
| services.factorio.saveName | The name of the savegame that will be used by the server
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| networking.wireguard.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer
|
| services.avahi.nssmdns4 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| services.pangolin.baseDomain | Your base fully qualified domain name (without any subdomains).
|
| services.vault.storageBackend | The name of the type of storage backend
|
| services.xserver.videoDriver | The name of the video driver for your graphics card
|
| networking.ipips.<name>.encapsulation.limit | For an IPv6-based tunnel, the maximum number of nested
encapsulation to allow. 0 means no nesting, "none" unlimited.
|
| services.firezone.server.provision.accounts.<name>.features.flow_activities | Whether to enable the flow_activities feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.traffic_filters | Whether to enable the traffic_filters feature for this account.
|
| services.ncps.cache.lru.scheduleTimeZone | The name of the timezone to use for the cron schedule
|
| services.synergy.client.screenName | Use the given name instead of the hostname to identify
ourselves to the server.
|
| services.httpd.extraModules | Additional Apache modules to be used
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| systemd.network.networks.<name>.hierarchyTokenBucketClassConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucketClass] section of the unit
|
| services.postgresql.ensureUsers.*.ensureClauses.login | Grants the user, created by the ensureUser attr, login permissions
|
| services.nextcloud.config.objectstore.s3.hostname | Required for some non-Amazon implementations.
|
| services.discourse.admin.fullName | The admin user's full name.
|
| services.consul.interface.bind | The name of the interface to pull the bind_addr from.
|
| services.factorio.stateDirName | Name of the directory under /var/lib holding the server's data
|
| networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| services.borgmatic.configurations.<name>.repositories.*.path | Path to the repository
|
| services.zabbixWeb.nginx.virtualHost | Nginx configuration can be done by adapting services.nginx.virtualHosts.<name>
|
| services.zabbixWeb.httpd.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.<name>
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| networking.interfaces.<name>.ipv4.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (24).
|
| networking.interfaces.<name>.ipv6.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (64).
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.nix-serve.secretKeyFile | The path to the file used for signing derivation data
|
| services.xserver.displayManager.lightdm.greeter.package | The LightDM greeter to login via
|
| services.synergy.server.screenName | Use the given name instead of the hostname to identify
this screen in the configuration.
|
| services.influxdb2.provision.initialSetup.username | Primary username
|
| networking.vswitches.<name>.controllers | Specify the controller targets
|
| services.prometheus.exporters.pihole.piholeHostname | Hostname or address where to find the Pi-Hole webinterface
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.shairport-sync.user | User account name under which to run shairport-sync
|
| services.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.heisenbridge.namespaces | Configure the 'namespaces' section of the registration.yml for the bridge and the server
|
| services.unpoller.influxdb.db | Database name
|
| virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.slurm.dbdserver.dbdHost | Hostname of the machine where slurmdbd
is running (i.e. name returned by hostname -s).
|
| services.netbird.server.signal.domain | The domain name for the signal service.
|
| containers.<name>.macvlans | The list of host interfaces from which macvlans will be
created
|
| services.keyd.keyboards | Configuration for one or more device IDs
|
| networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| users.mysql.pam.updateTable | The name of the table used for password alteration
|
| fileSystems.<name>.options | Options used to mount the file system
|
| fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| services.samba-wsdd.workgroup | Set workgroup name (default WORKGROUP).
|
| services.smokeping.linkStyle | DNS name for the urls generated in the cgi.
|
| virtualisation.fileSystems.<name>.label | Label of the device
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| networking.sits.<name>.encapsulation.sourcePort | Source port when using UDP encapsulation
|
| virtualisation.oci-containers.containers.<name>.serviceName | Systemd service name that manages the container
|
| services.paperless.passwordFile | A file containing the superuser password
|
| services.autorandr.matchEdid | Match displays based on edid instead of name
|
| services.prefect.databaseName | database name for postgres only
|
| services.corosync.clusterName | Name of the corosync cluster.
|
| services.jigasi.defaultJvbRoomName | Name of the default JVB room that will be joined if no special header is included in SIP invite.
|
| fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| services.k3s.charts | Packaged Helm charts that are linked to /var/lib/rancher/k3s/server/static/charts before k3s starts
|