| services.tabby.model | Specify the model that tabby will use to generate completions
|
| virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| virtualisation.oci-containers.containers.<name>.imageFile | Path to an image file to load before running the image
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.name_filter | Specify a name filter (works as a LIKE) to apply on the server listing request.
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.logrotate.settings | logrotate freeform settings: each attribute here will define its own section,
ordered by services.logrotate.settings.<name>.priority,
which can either define files to rotate with their settings
or settings common to all further files settings
|
| networking.supplicant.<name>.userControlled.socketDir | Directory of sockets for controlling wpa_supplicant.
|
| networking.interfaces.<name>.ipv6.addresses.*.address | IPv6 address of the interface
|
| networking.interfaces.<name>.ipv4.addresses.*.address | IPv4 address of the interface
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| networking.sits.<name>.encapsulation.sourcePort | Source port when using UDP encapsulation
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| services.radicle.httpd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.rosenpass.settings.peers.*.device | Name of the local WireGuard interface to use for this peer.
|
| networking.wg-quick.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| virtualisation.interfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| services.grafana.settings.server.domain | The public facing domain name used to access grafana from a browser
|
| networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| systemd.network.networks.<name>.deficitRoundRobinSchedulerConfig | Each attribute in this set specifies an option in the
[DeficitRoundRobinScheduler] section of the unit
|
| services.nominatim.database.superUser | Postgresql database superuser used to create Nominatim database and
import data
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| networking.openconnect.interfaces.<name>.autoStart | Whether this VPN connection should be started automatically.
|
| virtualisation.fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| networking.wireguard.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| services.mainsail.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.pixelfed.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.dolibarr.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.fediwall.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.kanboard.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.agorakit.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.librenms.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| virtualisation.allInterfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| services.anuko-time-tracker.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.calibre-web.options.reverseProxyAuth.header | Auth proxy header name.
|
| services.libeufin.nexus.settings.nexus-ebics.HOST_ID | Name of the EBICS host.
|
| services.suricata.settings.default-log-dir | The default logging directory
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| networking.interfaces.<name>.ipv6.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (64).
|
| networking.interfaces.<name>.ipv4.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (24).
|
| services.zabbixWeb.httpd.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| boot.binfmt.registrations.<name>.recognitionType | Whether to recognize executables by magic number or extension.
|
| services.nghttpx.frontends.*.params.sni-fwd | When performing a match to select a backend server, SNI host
name received from the client is used instead of the request
host
|
| services.prometheus.exporters.process.settings.process_names | All settings expressed as an Nix attrset
|
| networking.wireguard.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| services.oncall.settings.db.conn.kwargs.database | Database name.
|
| services._3proxy.resolution.nscache6 | Set name cache size for IPv6.
|
| services.sourcehut.settings."sr.ht".global-domain | Global domain name.
|
| networking.wireguard.interfaces.<name>.allowedIPsAsRoutes | Determines whether to add allowed IPs as routes or not.
|
| services.prometheus.exporters.pve.user | User name under which the pve exporter shall be run.
|
| services.prometheus.exporters.kea.user | User name under which the kea exporter shall be run.
|
| services.prometheus.exporters.zfs.user | User name under which the zfs exporter shall be run.
|
| services.prometheus.exporters.nut.user | User name under which the nut exporter shall be run.
|
| services.prometheus.exporters.sql.user | User name under which the sql exporter shall be run.
|
| services.prometheus.exporters.lnd.user | User name under which the lnd exporter shall be run.
|
| systemd.network.networks.<name>.genericRandomEarlyDetectionConfig | Each attribute in this set specifies an option in the
[GenericRandomEarlyDetection] section of the unit
|
| networking.openconnect.interfaces.<name>.gateway | Gateway server to connect to.
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| services.bookstack.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| services._3proxy.resolution.nserver | List of nameservers to use
|
| virtualisation.credentials.<name>.source | Source file on the host containing the credential data.
|
| containers.<name>.additionalCapabilities | Grant additional capabilities to the container
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.postgresql.ensureUsers | Ensures that the specified users exist
|
| services.radicle.httpd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| boot.zfs.forceImportAll | Forcibly import all ZFS pool(s)
|
| containers | A set of NixOS system configurations to be run as lightweight
containers
|
| services.icingaweb2.modulePackages | Name-package attrset of Icingaweb 2 modules packages to enable
|
| services.postfixadmin.enable | Whether to enable postfixadmin
|
| networking.openconnect.interfaces.<name>.privateKey | Private key to authenticate with.
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.exporters.snmp.user | User name under which the snmp exporter shall be run.
|
| services.prometheus.exporters.nats.user | User name under which the nats exporter shall be run.
|
| services.prometheus.exporters.json.user | User name under which the json exporter shall be run.
|
| services.prometheus.exporters.flow.user | User name under which the flow exporter shall be run.
|
| services.prometheus.exporters.mqtt.user | User name under which the mqtt exporter shall be run.
|
| services.prometheus.exporters.ping.user | User name under which the ping exporter shall be run.
|
| services.prometheus.exporters.ipmi.user | User name under which the ipmi exporter shall be run.
|
| services.prometheus.exporters.mail.user | User name under which the mail exporter shall be run.
|
| services.prometheus.exporters.ebpf.user | User name under which the ebpf exporter shall be run.
|
| services.prometheus.exporters.bind.user | User name under which the bind exporter shall be run.
|
| services.prometheus.exporters.bird.user | User name under which the bird exporter shall be run.
|
| services.prometheus.exporters.knot.user | User name under which the knot exporter shall be run.
|
| services.prometheus.exporters.node.user | User name under which the node exporter shall be run.
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| systemd.network.networks.<name>.deficitRoundRobinSchedulerClassConfig | Each attribute in this set specifies an option in the
[DeficitRoundRobinSchedulerClass] section of the unit
|
| services.miniupnpd.externalInterface | Name of the external interface.
|
| services.certspotter.watchlist | Domain names to watch
|