| systemd.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.nvme-rs.settings.thresholds.error_threshold | Error count warning threshold
|
| services.swapspace.settings.cache_elasticity | Percentage of cache space considered to be "free"
|
| networking.fooOverUDP.<name>.local.dev | Network device to bind to.
|
| security.wrappers.<name>.source | The absolute path to the program to be wrapped.
|
| services.prosody.virtualHosts.<name>.extraConfig | Additional virtual host specific configuration
|
| services.wstunnel.clients.<name>.localToRemote | Listen on local and forwards traffic from remote.
|
| security.pam.services.<name>.kwallet.package | The kwallet-pam package to use.
|
| services.buildkite-agents.<name>.extraConfig | Extra lines to be added verbatim to the configuration file.
|
| services.znapzend.zetup.<name>.mbuffer.enable | Whether to use mbuffer.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| systemd.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.gitlab-runner.services.<name>.buildsDir | Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
|
| services.drupal.sites.<name>.virtualHost.logFormat | Log format for Apache's log files
|
| services.orangefs.server.fileSystems.<name>.id | File system ID (must be unique within configuration).
|
| services.grafana.settings.users.auto_assign_org | Set to true to automatically add new users to the main organization (id 1)
|
| services.errbot.instances.<name>.extraConfig | String to be appended to the config verbatim
|
| services.wordpress.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| services.wyoming.piper.servers.<name>.lengthScale | Phoneme length value.
|
| services.system76-scheduler.settings.processScheduler.refreshInterval | Process list poll interval, in seconds
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints | List of receivers that should be deleted.
|
| services.warpgate.settings.http.sni_certificates.*.key | Path to private key.
|
| services.matrix-synapse.settings.listeners.*.bind_addresses | IP addresses to bind the listener to.
|
| services.neo4j.ssl.policies.<name>.tlsVersions | Restrict the TLS protocol versions of this policy to those
defined here.
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.wordpress.sites.<name>.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.
|
| services.wyoming.piper.servers.<name>.speaker | ID of a specific speaker in a multi-speaker model.
|
| services.borgbackup.repos.<name>.quota | Storage quota for the repository
|
| services.nginx.virtualHosts.<name>.locations | Declarative location config
|
| services.firewalld.zones.<name>.sources.*.ipset | An ipset.
|
| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| services.vault-agent.instances.<name>.package | The vault package to use.
|
| services.firezone.server.settingsSecret.SECRET_KEY_BASE | A file containing a unique base64 encoded secret for the
SECRET_KEY_BASE
|
| services.firezone.server.settingsSecret.TOKENS_KEY_BASE | A file containing a unique base64 encoded secret for the
TOKENS_KEY_BASE
|
| services.grafana.settings.users.default_language | This setting configures the default UI language, which must be a supported IETF language tag, such as en-US.
|
| networking.fooOverUDP.<name>.local | Local address (and optionally device) to bind to using the given port.
|
| services.nginx.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.wstunnel.clients.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.borgbackup.jobs.<name>.postHook | Shell commands to run just before exit
|
| services.searx.faviconsSettings | Favicons settings for SearXNG.
|
| services.blockbook-frontend.<name>.cssDir | Location of the dir with main.css CSS file
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.pgbackrest.stanzas.<name>.jobs | Backups jobs to schedule for this stanza as described in:
https://pgbackrest.org/user-guide.html#quickstart/schedule-backup
|
| services.fedimintd.<name>.api.openFirewall | Opens port in firewall for fedimintd's api port
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.id | A unique identifier for this authentication token
|
| services.nginx.upstreams.<name>.servers | Defines the address and other parameters of the upstream servers
|
| services.grafana.settings.security.admin_password | Default admin password
|
| security.acme.certs.<name>.extraLegoRunFlags | Additional flags to pass to lego run.
|
| services.grafana.settings.users.viewers_can_edit | Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to
|
| services.jibri.xmppEnvironments.<name>.call.login.username | User part of the JID for the recorder.
|
| services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| services.parsedmarc.settings.elasticsearch.password | The password to use when connecting to Elasticsearch,
if required
|
| services.fedimintd.<name>.nginx.config.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| networking.ipips.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| services.tarsnap.archives.<name>.keyfile | Set a specific keyfile for this archive
|
| services.klipper.firmwares.<name>.serial | Path to serial port this printer is connected to
|
| power.ups.upsmon.monitor.<name>.system | Identifier of the UPS to monitor, in this form: <upsname>[@<hostname>[:<port>]]
See upsmon.conf for details.
|
| systemd.user.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.atalkd.interfaces.<name>.config | Optional configuration string for this interface.
|
| containers.<name>.privateNetwork | Whether to give the container its own private virtual
Ethernet interface
|
| services.wordpress.sites.<name>.uploadsDir | This directory is used for uploads of pictures
|
| containers.<name>.extraFlags | Extra flags passed to the systemd-nspawn command
|
| services.openafsServer.roles.backup.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.wstunnel.clients.<name>.remoteToLocal | Listen on remote and forwards traffic from local
|
| services.blockbook-frontend.<name>.debug | Debug mode, return more verbose errors, reload templates on each request.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| services.slskd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.movim.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.slskd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.ghostunnel.servers.<name>.key | Path to certificate private key (PEM with private key)
|
| services.davis.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.davis.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| systemd.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.drupal.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.enable | Boost Pipewire client priorities.
|
| systemd.units.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| users.extraUsers.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.grafana.settings.database.isolation_level | Only the MySQL driver supports isolation levels in Grafana
|
| services.i2pd.ifname6 | IPv6 interface to bind to.
|
| services.i2pd.ifname4 | IPv4 interface to bind to.
|
| services.v4l2-relayd.instances.<name>.input.width | The width to read from input-stream.
|
| services.postgresql.settings.log_line_prefix | A printf-style string that is output at the beginning of each log line
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file | File name in the rsa folder for which this passphrase
should be used.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucNickname | Videobridges use the same XMPP account and need to be distinguished by the
nickname (aka resource part of the JID)
|
| services.veilid.settings.core.protected_store.directory | The filesystem directory to store your protected store in.
|
| services.nginx.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|