| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.bacula-dir.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.firezone.server.provision.accounts.<name>.features.self_hosted_relays | Whether to enable the self_hosted_relays feature for this account.
|
| services.matrix-synapse.settings.listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| hardware.firmware | List of packages containing firmware files
|
| services.slskd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.movim.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.davis.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| virtualisation.oci-containers.containers.<name>.volumes | List of volumes to attach to this container
|
| services.ntopng.redis.createInstance | Local Redis instance name
|
| services.lldap.environment | Environment variables passed to the service
|
| networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| virtualisation.oci-containers.containers.<name>.log-driver | Logging driver for the container
|
| services.borgmatic.configurations.<name>.source_directories | List of source directories and files to backup
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| services.canaille.settings.SERVER_NAME | The domain name on which canaille will be served.
|
| services.forgejo.settings.server.DOMAIN | Domain name of your server.
|
| services.snipe-it.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.onlyoffice.postgresName | The name of database OnlyOffice should use.
|
| boot.zfs.extraPools | Name or GUID of extra ZFS pools that you wish to import during boot
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| services.stargazer.routes | Routes that Stargazer should server
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.limesurvey.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.<name>
|
| services.multipath.devices.*.product | Regular expression to match the product name
|
| services.k3s.charts | Packaged Helm charts that are linked to /var/lib/rancher/k3s/server/static/charts before k3s starts
|
| services.nextcloud.settings.mail_smtpname | This depends on mail_smtpauth
|
| services.prometheus.exporters.py-air-control.deviceHostname | The hostname of the air purification device from which to scrape the metrics.
|
| services.mainsail.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.pixelfed.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.dolibarr.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fediwall.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.librenms.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.kanboard.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.agorakit.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.dependency-track.nginx.domain | The domain name under which to set up the virtual host.
|
| virtualisation.oci-containers.containers.<name>.environment | Environment variables to set for this container.
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| programs.regreet.cursorTheme.package | The package that provides the cursor theme given in the name option.
|
| services.portunus.dex.oidcClients | List of OIDC clients
|
| services.slskd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.movim.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.davis.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| services.mobilizon.settings.":mobilizon".":instance".hostname | Your instance's hostname
|
| services.prometheus.scrapeConfigs.*.basic_auth.username | HTTP username
|
| services.rke2.charts | Packaged Helm charts that are linked to /var/lib/rancher/rke2/server/static/charts before rke2 starts
|
| services.athens.index.postgres.database | Database name for the Postgres database.
|
| services.monica.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.matomo.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.gancio.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.akkoma.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.fluidd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| programs.kubeswitch.commandName | The name of the command to use
|
| users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| services.snipe-it.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| services.subsonic.listenAddress | The host name or IP address on which to bind Subsonic
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| image.repart.verityStore.partitionIds.store | Specify the attribute name of the store partition.
|
| services.tailscale.interfaceName | The interface name for tunnel traffic
|
| services.radicle.httpd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| virtualisation.oci-containers.containers.<name>.environmentFiles | Environment files for this container.
|
| services.victoriametrics.basicAuthUsername | Basic Auth username used to protect VictoriaMetrics instance by authorization
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| services.bluesky-pds.settings.PDS_HOSTNAME | Instance hostname (base domain name)
|
| virtualisation.sharedDirectories.<name>.securityModel | The security model to use for this share:
passthrough: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)mapped-xattr: some of the file attributes like uid, gid, mode bits and link target are stored as file attributesmapped-file: the attributes are stored in the hidden .virtfs_metadata directory
|
| services.pgbackrest.repos | An attribute set of repositories as described in:
https://pgbackrest.org/configuration.html#section-repository
Each repository defaults to set repo-host to the attribute's name
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds | Periodically re-execute the wg utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes
|
| services.documize.stateDirectoryName | The name of the directory below /var/lib/private
where documize runs in and stores, for example, backups.
|
| services.umami.settings.TRACKER_SCRIPT_NAME | Allows you to assign a custom name to the tracker script different from the default script.js.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.librenms.database.database | Name of the database on the MySQL/MariaDB server.
|
| services.xserver.displayManager.lightdm.greeters.gtk.indicators | List of allowed indicator modules to use for the lightdm gtk
greeter panel
|
| services.printing.cups-pdf.instances | Permits to raise one or more cups-pdf instances
|
| services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.matomo.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.fluidd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.mjolnir.pantalaimon | pantalaimon options (enables E2E Encryption support)
|
| hardware.trackpoint.device | The device name of the trackpoint
|
| services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.moodle.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.nagios.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.znc.useLegacyConfig | Whether to propagate the legacy options under
services.znc.confOptions.* to the znc config
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds | When the dynamic endpoint refresh that is configured via
dynamicEndpointRefreshSeconds exits (likely due to a failure),
restart that service after this many seconds
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| nixpkgs.flake.source | The path to the nixpkgs sources used to build the system
|
| services._3proxy.resolution.nscache | Set name cache size for IPv4.
|
| services.consul.interface.advertise | The name of the interface to pull the advertise_addr from.
|
| services.thinkfan.sensors.*.query | The query string used to match one or more sensors: can be
a fullpath to the temperature file (single sensor) or a fullpath
to a driver directory (multiple sensors).
When multiple sensors match, the query can be restricted using the
name or indices options.
|
| services.rsnapshot.extraConfig | rsnapshot configuration option in addition to the defaults from
rsnapshot and this module
|