| services.spacecookie.settings.hostname | The hostname the service is reachable via
|
| virtualisation.credentials.<name>.mechanism | The mechanism used to pass the credential to the VM.
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.unpoller.influxdb.db | Database name
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.syncplay.useACMEHost | If set, use NixOS-generated ACME certificate with the specified name for TLS
|
| services.supybot.plugins | Attribute set of additional plugins that will be symlinked to the
plugin subdirectory
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| services.synergy.server.screenName | Use the given name instead of the hostname to identify
this screen in the configuration.
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.strongswan-swanctl.swanctl.connections.<name>.childless | Use childless IKE_SA initiation (allow, prefer, force or never)
|
| networking.hostName | The name of the machine
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.stargazer.routes.*.route | Route section name
|
| services.prometheus.exporters.mqtt.mqttUsername | Username which should be used to authenticate against the MQTT broker.
|
| services.lasuite-docs.settings.DB_NAME | Name of the database
|
| services.lasuite-meet.settings.DB_NAME | Name of the database
|
| services.zabbixWeb.nginx.virtualHost | Nginx configuration can be done by adapting services.nginx.virtualHosts.<name>
|
| services.zabbixWeb.httpd.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.<name>
|
| specialisation.<name>.configuration | Arbitrary NixOS configuration
|
| services.slurm.dbdserver.dbdHost | Hostname of the machine where slurmdbd
is running (i.e. name returned by hostname -s).
|
| services.slskd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.movim.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.davis.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.cloudlog.database.user | MySQL user name.
|
| services.sanoid.templates.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| networking.bonds.<name>.xmit_hash_policy | DEPRECATED, use driverOptions
|
| virtualisation.oci-containers.containers.<name>.cmd | Commandline arguments to pass to the image's entrypoint.
|
| services.suwayomi-server.settings.server.basicAuthUsername | The username value that you have to provide when authenticating.
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| services.snipe-it.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.resolved.llmnr | Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host
|
| services.dependency-track.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.athens.storage.minio.bucket | Bucket name for the minio storage backend.
|
| services.strongswan-swanctl.swanctl.connections.<name>.proposals | A proposal is a set of algorithms
|
| services.nvme-rs.settings.email.smtp_username | SMTP username
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| services.writefreely.host | The public host name to serve.
|
| services.authelia.instances.<name>.settings.default_2fa_method | Default 2FA method for new users and fallback for preferred but disabled methods.
|
| services.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| services.influxdb2.provision.initialSetup.username | Primary username
|
| services.prometheus.exporters.dmarc.imap.username | Login username for the IMAP connection.
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| services.multipath.devices.*.prio | The name of the path priority routine
|
| services.athens.index.mysql.database | Database name for the MySQL database.
|
| services.hatsu.settings.HATSU_DOMAIN | The domain name of your instance (eg 'hatsu.local').
|
| services.minetest-server.world | Name of the world to use
|
| services.mastodon.user | User under which mastodon runs
|
| services.cadvisor.storageDriverDb | Cadvisord storage driver database name.
|
| services.coder.database.database | Name of database.
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer | Identity under which the peer is registered at the mediation server, that
is, the IKE identity the other end of this connection uses as its local
identity on its connection to the mediation server
|
| services.misskey.reverseProxy.host | The fully qualified domain name to bind to
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.slurm.controlMachine | The short hostname of the machine where SLURM control functions are
executed (i.e. the name returned by the command "hostname -s", use "tux001"
rather than "tux001.my.com").
|
| services.pds.settings.PDS_HOSTNAME | Instance hostname (base domain name)
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| hardware.display.edid.linuxhw | Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID
Attribute names will be mapped to EDID filenames <NAME>.bin
|
| services.multipath.pathGroups.*.alias | The name of the multipath device
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| virtualisation.oci-containers.containers.<name>.pull | Image pull policy for the container
|
| services.xserver.xrandrHeads.*.output | The output name of the monitor, as shown by
xrandr(1) invoked without arguments.
|
| services.knot-resolver.enable | Whether to enable knot-resolver (version 6) domain name server
|
| boot.initrd.secrets | Secrets to append to the initrd
|
| programs.regreet.font.package | The package that provides the font given in the name option.
|
| services.suricata.settings.logging.outputs.file.filename | Filename of the logfile.
|
| services.matomo.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.monica.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.akkoma.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.gancio.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fluidd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| services.netbird.server.signal.domain | The domain name for the signal service.
|
| virtualisation.oci-containers.containers.<name>.labels | Labels to attach to the container at runtime.
|
| services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| services.vault-agent.instances | Attribute set of vault-agent instances
|
| services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| services.sanoid.datasets.<name>.process_children_only | Whether to only snapshot child datasets if recursing.
|
| services.restic.server.privateRepos | Enable private repos
|
| services.tailscale.authKeyFile | A file containing the auth key
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.nominatim.enable | Whether to enable nominatim
|
| services.tailscale.derper.domain | Domain name under which the derper server is reachable.
|
| services.openvscode-server.host | The host name or IP address the server should listen to.
|
| services.gitea.settings.server.DOMAIN | Domain name of your server.
|
| services.ncps.cache.lru.scheduleTimeZone | The name of the timezone to use for the cron schedule
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| services.roundcube.enable | Whether to enable roundcube
|
| services._3proxy.resolution | Use this option to configure name resolution and DNS caching.
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.bind_addresses | IP addresses to bind the listener to.
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.postfix.networksStyle | Name of standard way of trusted network specification to use,
leave blank if you specify it explicitly or if you want to use
default (localhost-only).
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|