| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.znc.useLegacyConfig | Whether to propagate the legacy options under
services.znc.confOptions.* to the znc config
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| services.vikunja.database.database | Database name.
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.openvscode-server.host | The host name or IP address the server should listen to.
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| networking.dhcpcd.setHostname | Whether to set the machine hostname based on the information
received from the DHCP server.
The hostname will be changed only if the current one is
the empty string, localhost or nixos
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.bookstack.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.lasuite-meet.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| services.prometheus.exporters.nginxlog.settings.namespaces | Namespaces to collect the metrics for
|
| services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.matomo.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.fluidd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.canaille.settings.SERVER_NAME | The domain name on which canaille will be served.
|
| services.sanoid.templates.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| services.libeufin.nexus.settings.nexus-ebics.HOST_ID | Name of the EBICS host.
|
| networking.wireguard.interfaces.<name>.socketNamespace | The pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the
interface is moved via interfaceNamespace
|
| services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| services.stargazer.routes | Routes that Stargazer should server
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.cassandra.clusterName | The name of the cluster
|
| services.moodle.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.nagios.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.radicle.httpd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.lavalink.plugins.*.configName | The name of the plugin to use as the key for the plugin configuration.
|
| services.rke2.charts | Packaged Helm charts that are linked to /var/lib/rancher/rke2/server/static/charts before rke2 starts
|
| containers.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| virtualisation.oci-containers.containers.<name>.cmd | Commandline arguments to pass to the image's entrypoint.
|
| services.keycloak.settings.hostname-backchannel-dynamic | Enables dynamic resolving of backchannel URLs,
including hostname, scheme, port and context path
|
| console.font | The font used for the virtual consoles
|
| services.dependency-track.nginx.domain | The domain name under which to set up the virtual host.
|
| services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| services.cloudflare-ddns.wafLists | List of WAF IP Lists to manage, in the format account-id/list-name.
(Experimental feature as of cloudflare-ddns 1.14.0).
|
| services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| services.rosenpass.defaultDevice | Name of the network interface to use for all peers by default.
|
| services.grafana.settings.server.domain | The public facing domain name used to access grafana from a browser
|
| services.libreswan.policies | A set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.jirafeau.nginxConfig.http3 | Whether to enable the HTTP/3 protocol
|
| services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| services.mobilizon.settings.":mobilizon".":instance".hostname | Your instance's hostname
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.prometheus.alertmanagerGotify.metrics.namespace | The namescape of the metrics.
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| services.zabbixWeb.httpd.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.umami.settings.TRACKER_SCRIPT_NAME | Allows you to assign a custom name to the tracker script different from the default script.js.
|
| services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| virtualisation.oci-containers.containers.<name>.pull | Image pull policy for the container
|
| services.sanoid.datasets.<name>.process_children_only | Whether to only snapshot child datasets if recursing.
|
| services.victoriametrics.basicAuthUsername | Basic Auth username used to protect VictoriaMetrics instance by authorization
|
| services.bluesky-pds.settings.PDS_HOSTNAME | Instance hostname (base domain name)
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_email_domains | List of email domains to allow access to this vhost, or null to allow all.
|
| services.lldap.environment | Environment variables passed to the service
|
| boot.iscsi-initiator.target | Name of the iSCSI target to boot from.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.prometheus.remoteWrite.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.xserver.displayManager.lightdm.greeters.gtk.indicators | List of allowed indicator modules to use for the lightdm gtk
greeter panel
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.pixelfed.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.mainsail.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.librenms.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.kanboard.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.agorakit.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.dolibarr.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.fediwall.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.pgbackrest.repos | An attribute set of repositories as described in:
https://pgbackrest.org/configuration.html#section-repository
Each repository defaults to set repo-host to the attribute's name
|