| services.restic.backups.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| services.wstunnel.servers.<name>.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.errbot.instances.<name>.plugins | List of errbot plugin derivations.
|
| services.nextcloud-spreed-signaling.settings.stats.allowed_ips | List of IP addresses that are allowed to access the debug, stats and metrics endpoints
|
| services.matrix-conduit.settings.global.trusted_servers | Servers trusted with signing server keys.
|
| services.kanata.keyboards.<name>.config | Configuration other than defcfg
|
| services.wordpress.sites.<name>.poolConfig | Options for the WordPress PHP pool
|
| services.snapserver.settings.tcp.bind_to_address | Address to listen on for snapclient connections.
|
| services.firezone.server.settingsSecret.TOKENS_SALT | A file containing a unique base64 encoded secret for the
TOKENS_SALT
|
| services.nextcloud.settings.mail_smtpsecure | This depends on mail_smtpmode
|
| services.wstunnel.servers.<name>.listen | Address and port to listen on
|
| systemd.sockets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| services.snapserver.streams.<name>.type | The type of input stream.
|
| services.nextcloud-spreed-signaling.settings.sessions.blockkeyFile | The path to the file containing the value for sessions.blockkey
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| services.mbpfan.settings.general.polling_interval | The polling interval.
|
| virtualisation.containerd.settings | Verbatim lines to add to containerd.toml
|
| services.grafana.settings.users.allow_org_create | Set to false to prohibit users from creating new organizations.
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| security.wrappers.<name>.enable | Whether to enable the wrapper.
|
| services.gitlab-runner.services.<name>.dockerImage | Docker image to be used.
|
| services.movim.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.slskd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.syncoid.commands.<name>.useCommonArgs | Whether to add the configured common arguments to this command.
|
| services.fedimintd.<name>.api_iroh.bind | Address to bind on for Iroh endpoint for API connections
|
| services.davis.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| services.firewalld.zones.<name>.sourcePorts.*.port | |
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.matrix-appservice-irc.settings.ircService.passwordEncryptionKeyPath | Location of the key with which IRC passwords are encrypted
for storage
|
| services.spiped.config.<name>.source | Address on which spiped should listen for incoming
connections
|
| services.openssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.wordpress.sites.<name>.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.matrix-synapse.settings.max_image_pixels | Maximum number of pixels that will be thumbnailed
|
| services.matrix-synapse.settings.media_store_path | Directory where uploaded images and attachments are stored.
|
| services.matrix-synapse.settings.signing_key_path | Path to the signing key to sign messages with.
|
| services.maubot.settings.server.plugin_base_path | The base path for plugin endpoints
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.nbd.server.exports.<name>.extraOptions | Extra options for this export
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.public-inbox.inboxes.<name>.coderepo | Nicknames of a 'coderepo' section associated with the inbox.
|
| services.mailpit.instances.<name>.listen | HTTP bind interface and port for UI.
|
| services.dokuwiki.sites.<name>.pluginsConfig | List of the dokuwiki (un)loaded plugins.
|
| services.drupal.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.rke2.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.filebeat.settings.output.elasticsearch.hosts | The list of Elasticsearch nodes to connect to
|
| power.ups.users.<name>.instcmds | Let the user initiate specific instant commands
|
| environment.etc.<name>.uid | UID of created file
|
| environment.etc.<name>.gid | GID of created file
|
| services.public-inbox.settings.publicinboxmda.spamcheck | If set to spamc, public-inbox-watch(1) will filter spam
using SpamAssassin.
|
| services.grafana.settings.database.client_key_path | The path to the client key
|
| services.drupal.sites.<name>.virtualHost.servedDirs | This option provides a simple way to serve static directories.
|
| services.matomo.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.sanoid.datasets.<name>.useTemplate | Names of the templates to use for this dataset.
|
| services.monica.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.jupyterhub.kernels.<name>.argv | Command and arguments to start the kernel.
|
| services.blockbook-frontend.<name>.rpc.user | Username for JSON-RPC connections.
|
| services.blockbook-frontend.<name>.rpc.port | Port for JSON-RPC connections.
|
| services.buildkite-agents.<name>.extraGroups | Groups the user for this buildkite agent should belong to
|
| services.gancio.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.fluidd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.akkoma.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| boot.specialFileSystems.<name>.fsType | Type of the file system
|
| systemd.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| services.httpd.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.snapserver.settings.http.bind_to_address | Address to listen on for snapclient connections.
|
| services.grafana.settings.server.static_root_path | Root path for static assets.
|
| security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| systemd.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish | How long after deactivation to keep a key in the zone
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.postPublish | How long after deactivation to keep a key in the zone
|
| services.fedimintd.<name>.api_iroh.port | UDP Port to bind Iroh endpoint for API connections
|
| services.github-runners.<name>.extraPackages | Extra packages to add to PATH of the service to make them available to workflows.
|
| services.tor.settings.VersioningAuthoritativeDirectory | See torrc manual.
|
| power.ups.ups.<name>.shutdownOrder | When you have multiple UPSes on your system, you usually need to
turn them off in a certain order. upsdrvctl shuts down all the
0s, then the 1s, 2s, and so on
|
| services.autorandr.profiles.<name>.hooks | Profile hook scripts.
|
| services.znapzend.zetup.<name>.recursive | Whether to do recursive snapshots.
|
| services.rshim.device | Specify the device name to attach
|
| services.logcheck.ignoreCron.<name>.cmdline | Command line for the cron job
|
| systemd.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| systemd.user.slices.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.timers.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.parsedmarc.settings.general.save_aggregate | Save aggregate report data to Elasticsearch and/or Splunk.
|
| services.snipe-it.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.public-inbox.inboxes.<name>.inboxdir | The absolute path to the directory which hosts the public-inbox.
|
| services.klipper.firmwares.<name>.enable | Whether to enable building of firmware for manual flashing
.
|
| services.fedimintd.<name>.ui.openFirewall | Opens TCP port in firewall for built-in UI
|
| security.auditd.plugins.<name>.path | This is the absolute path to the plugin executable.
|
| services.borgbackup.repos.<name>.group | The group borg serve is run as
|
| services.znapzend.zetup.<name>.postsnap | Command to run after snapshots are taken on the source dataset,
e.g. for database unlocking
|
| systemd.user.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| networking.supplicant.<name>.bridge | Name of the bridge interface that wpa_supplicant should listen at.
|