| services.strongswan-swanctl.swanctl.connections.<name>.fragmentation | Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation)
|
| services.multipath.pathGroups.*.alias | The name of the multipath device
|
| services.snipe-it.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.btrbk.extraPackages | Extra packages for btrbk, like compression utilities for stream_compress.
Note: This option will get deprecated in future releases
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| services.victoriatraces.basicAuthUsername | Basic Auth username used to protect VictoriaTraces instance by authorization
|
| users.mysql.pam.logging.timeColumn | The name of the column in the log table to which the timestamp of the
log entry is stored.
|
| services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.postfix.networksStyle | Name of standard way of trusted network specification to use,
leave blank if you specify it explicitly or if you want to use
default (localhost-only).
|
| users.mysql.pam.logging.pidColumn | The name of the column in the log table to which the pid of the
process utilising the pam_mysql authentication
service is stored.
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| containers.<name>.nixpkgs | A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container
|
| services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.sanoid.datasets.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| services.zabbixWeb.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.firezone.server.provision.accounts.<name>.features.self_hosted_relays | Whether to enable the self_hosted_relays feature for this account.
|
| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| services.znc.useLegacyConfig | Whether to propagate the legacy options under
services.znc.confOptions.* to the znc config
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| services.vikunja.database.database | Database name.
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.openvscode-server.host | The host name or IP address the server should listen to.
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| networking.dhcpcd.setHostname | Whether to set the machine hostname based on the information
received from the DHCP server.
The hostname will be changed only if the current one is
the empty string, localhost or nixos
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.bookstack.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.lasuite-meet.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| services.prometheus.exporters.nginxlog.settings.namespaces | Namespaces to collect the metrics for
|
| services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.matomo.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.fluidd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.canaille.settings.SERVER_NAME | The domain name on which canaille will be served.
|
| services.sanoid.templates.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| services.libeufin.nexus.settings.nexus-ebics.HOST_ID | Name of the EBICS host.
|
| services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| services.stargazer.routes | Routes that Stargazer should server
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.cassandra.clusterName | The name of the cluster
|
| services.moodle.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.nagios.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.radicle.httpd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.lavalink.plugins.*.configName | The name of the plugin to use as the key for the plugin configuration.
|
| services.rke2.charts | Packaged Helm charts that are linked to /var/lib/rancher/rke2/server/static/charts before rke2 starts
|
| containers.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| virtualisation.oci-containers.containers.<name>.cmd | Commandline arguments to pass to the image's entrypoint.
|
| services.keycloak.settings.hostname-backchannel-dynamic | Enables dynamic resolving of backchannel URLs,
including hostname, scheme, port and context path
|
| console.font | The font used for the virtual consoles
|
| services.dependency-track.nginx.domain | The domain name under which to set up the virtual host.
|
| services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| services.cloudflare-ddns.wafLists | List of WAF IP Lists to manage, in the format account-id/list-name.
(Experimental feature as of cloudflare-ddns 1.14.0).
|
| services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| services.rosenpass.defaultDevice | Name of the network interface to use for all peers by default.
|
| services.grafana.settings.server.domain | The public facing domain name used to access grafana from a browser
|
| services.libreswan.policies | A set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.printing.cups-pdf.instances | Permits to raise one or more cups-pdf instances
|
| services.jirafeau.nginxConfig.http3 | Whether to enable the HTTP/3 protocol
|
| services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| services.mobilizon.settings.":mobilizon".":instance".hostname | Your instance's hostname
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.prometheus.alertmanagerGotify.metrics.namespace | The namescape of the metrics.
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|