| services.wstunnel.servers.<name>.listen | Address and port to listen on
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.openssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| documentation.man.mandoc.settings.output.style | Path to the file used for an external style-sheet
|
| systemd.user.sockets.<name>.aliases | Aliases of that unit.
|
| systemd.user.targets.<name>.aliases | Aliases of that unit.
|
| networking.networkmanager.settings | Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this
|
| services.tlsrpt.reportd.settings.sendmail_script | Path to a sendmail-compatible executable for delivery reports.
|
| services.nginx.upstreams.<name>.extraConfig | These lines go to the end of the upstream verbatim.
|
| services.tarsnap.archives.<name>.verbose | Whether to produce verbose logging output.
|
| services.anubis.instances.<name>.extraFlags | A list of extra flags to be passed to Anubis.
|
| services.vault-agent.instances.<name>.enable | Whether to enable this vault-agent instance.
|
| services.fedimintd.<name>.nginx.config.kTLS | Whether to enable kTLS support
|
| services.glitchtip.settings.ENABLE_USER_REGISTRATION | When true, any user will be able to register
|
| services.nsd.zones.<name>.dnssecPolicy.algorithm | Which algorithm to use for DNSSEC
|
| systemd.nspawn.<name>.execConfig | Each attribute in this set specifies an option in the
[Exec] section of this unit
|
| systemd.timers.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.slices.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.tahoe.nodes.<name>.storage.reservedSpace | The amount of filesystem space to not use for storage.
|
| services.slskd.settings.flags.force_share_scan | Force a rescan of shares on every startup.
|
| services.drupal.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.kanata.keyboards.<name>.config | Configuration other than defcfg
|
| services.wordpress.sites.<name>.poolConfig | Options for the WordPress PHP pool
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.drupal.sites.<name>.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|
| networking.ipips.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| services.wordpress.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| systemd.user.slices.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.timers.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.jibri.xmppEnvironments.<name>.call.login.username | User part of the JID for the recorder.
|
| services.znapzend.zetup.<name>.mbuffer.port | Port to use for mbuffer
|
| services.sanoid.datasets.<name>.autosnap | Whether to automatically take snapshots.
|
| services.prosody.virtualHosts.<name>.enabled | Whether to enable the virtual host
|
| services.blockbook-frontend.<name>.rpc.url | URL for JSON-RPC connections.
|
| services.jupyterhub.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.wstunnel.clients.<name>.connectTo | Server address and port to connect to.
|
| services.webhook.hooks.<name>.execute-command | The command that should be executed when the hook is triggered.
|
| services.parsedmarc.settings.general.save_forensic | Save forensic report data to Elasticsearch and/or Splunk.
|
| services.system76-scheduler.settings.cfsProfiles.responsive.latency | sched_latency_ns.
|
| services.anki-sync-server.users.*.username | User name accepted by anki-sync-server.
|
| services.spiped.config.<name>.resolveRefresh | Resolution refresh time for the target socket, in seconds.
|
| documentation.man.mandoc.settings.output.toc | Whether to enable printing a table of contents near the beginning of the HTML output
of mandoc(1) if an input file contains at least two
non-standard sections
.
|
| services.fedimintd.<name>.nginx.config.listen.*.ssl | Enable SSL.
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| systemd.user.services.<name>.restartIfChanged | Whether the service should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.openldap.configDir | Use this config directory instead of generating one from the
settings option
|
| services.buildkite-agents.<name>.hooks | "Agent" hooks to install
|
| users.extraUsers.<name>.packages | The set of packages that should be made available to the user
|
| services.prometheus.alertmanagerIrcRelay.settings | Configuration for Alertmanager IRC Relay as a Nix attribute set
|
| systemd.user.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| services.system76-scheduler.settings.cfsProfiles.responsive.preempt | Preemption mode.
|
| services.sanoid.templates.<name>.monthly | Number of monthly snapshots.
|
| services.akkoma.frontends.<name>.package | Akkoma frontend package.
|
| services.vdirsyncer.jobs.<name>.configFile | existing configuration file
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints | List of receivers that should be deleted.
|
| systemd.services.<name>.requisite | Similar to requires
|
| services.warpgate.settings.config_provider | Source of truth of users
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| services.system76-scheduler.settings.cfsProfiles.responsive.nr-latency | sched_nr_latency.
|
| services.v4l2-relayd.instances.<name>.enable | Whether to enable this v4l2-relayd instance.
|
| services.tor.relay.onionServices.<name>.secretKey | Secret key of the onion service
|
| services.nextcloud-spreed-signaling.settings.sessions.hashkeyFile | The path to the file containing the value for sessions.hashkey
|
| services.hylafax.modems.<name>.config | Attribute set of values for the given modem
|
| virtualisation.xen.store.settings.quota.maxWatch | Maximum number of watches by the Xenstore Watchdog.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters | A list of filter to restrict traffic
|
| services.matrix-synapse.settings.listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.monica.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.matomo.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.monica.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.matomo.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fluidd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.gancio.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.akkoma.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.akkoma.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.gancio.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fluidd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.firewalld.services.<name>.ports.*.port | |
| users.extraUsers.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| services.nylon.<name>.acceptInterface | Tell nylon which interface to listen for client requests on, default is "lo".
|
| services.buildkite-agents.<name>.shell | Command that buildkite-agent 3 will execute when it spawns a shell.
|
| services.borgbackup.repos.<name>.group | The group borg serve is run as
|
| services.znapzend.zetup.<name>.postsnap | Command to run after snapshots are taken on the source dataset,
e.g. for database unlocking
|
| systemd.user.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.wstunnel.clients.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.borgbackup.jobs.<name>.postHook | Shell commands to run just before exit
|
| programs.neovim.runtime.<name>.text | Text of the file.
|
| services.rsync.jobs.<name>.destination | Destination directory.
|
| services.firezone.server.provision.accounts.<name>.auth | All authentication providers to provision
|
| services.bcg.mqtt.username | MQTT server access username.
|
| services.restic.backups.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| services.wstunnel.servers.<name>.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.errbot.instances.<name>.plugins | List of errbot plugin derivations.
|
| services.wordpress.sites.<name>.database.user | Database user.
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file | File name in the rsa folder for which this passphrase
should be used.
|
| services.gitlab-runner.services.<name>.buildsDir | Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
|
| services.wyoming.faster-whisper.servers.<name>.uri | URI to bind the wyoming server to.
|