| services._3proxy.resolution.nscache6 | Set name cache size for IPv6.
|
| services.foundationdb.tls.allowedPeers | "Peer verification string"
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds | Periodically re-execute the wg utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes
|
| services.prometheus.exporters.ecoflow.ecoflowDevicesPrettyNamesFile | File must contain one line, example: {"R3300000":"Delta 2","R3400000":"Delta Pro",...}
The key/value map of custom names for your devices
|
| services.influxdb2.provision.initialSetup.bucket | Primary bucket name
|
| networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| networking.fqdn | The fully qualified domain name (FQDN) of this host
|
| services.certspotter.watchlist | Domain names to watch
|
| services.prometheus.exporters.mailman3.user | User name under which the mailman3 exporter shall be run.
|
| services.discourse.siteSettings | Discourse site settings
|
| services.prometheus.exporters.buildkite-agent.user | User name under which the buildkite-agent exporter shall be run.
|
| services.pufferpanel.enable | Whether to enable PufferPanel game management server
|
| services.journaldriver.logName | Configures the name of the target log in Stackdriver Logging
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| services.prometheus.exporters.storagebox.user | User name under which the storagebox exporter shall be run.
|
| services.prometheus.exporters.scaphandre.user | User name under which the scaphandre exporter shall be run.
|
| services.crowdsec-firewall-bouncer.secrets.apiKeyPath | Path to the API key to authenticate with a local CrowdSec API
|
| services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| services.dolibarr.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.pgmanage.connections | pgmanage requires at least one PostgreSQL server be defined
|
| services.miniupnpd.externalInterface | Name of the external interface.
|
| boot.zfs.extraPools | Name or GUID of extra ZFS pools that you wish to import during boot
|
| services.yggdrasil.openMulticastPort | Whether to open the UDP port used for multicast peer discovery
|
| services.nextcloud-spreed-signaling.hostName | The host name to bind the nginx virtual host to, if
config.services.nextcloud-spreed-signaling.configureNginx is set to true.
|
| systemd.generators | Definition of systemd generators; see systemd.generator(5)
|
| services.grafana.settings.smtp.ehlo_identity | Name to be used as client identity for EHLO in SMTP dialog.
|
| containers.<name>.extraFlags | Extra flags passed to the systemd-nspawn command
|
| services.desktopManager.gnome.flashback.customSessions.*.wmLabel | The name of the window manager to show in the session chooser.
|
| services.prometheus.exporters.exportarr-radarr.user | User name under which the exportarr-radarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-lidarr.user | User name under which the exportarr-lidarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-bazarr.user | User name under which the exportarr-bazarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-sonarr.user | User name under which the exportarr-sonarr exporter shall be run.
|
| services.nextcloud.settings."profile.enabled" | Makes user-profiles globally available under nextcloud.tld/u/user.name
|
| containers.<name>.enableTun | Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN capability and
enabling access to /dev/net/tun.
|
| services.home-assistant.extraComponents | List of components that have their dependencies included in the package
|
| services.zfs.autoReplication.localFilesystem | Local ZFS filesystem from which snapshots should be sent
|
| services.matrix-synapse.settings.log_config | The file that holds the logging configuration.
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds | When the dynamic endpoint refresh that is configured via
dynamicEndpointRefreshSeconds exits (likely due to a failure),
restart that service after this many seconds
|
| services.gmediarender.friendlyName | A "friendly name" for identifying the endpoint.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.username | HTTP username
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| containers.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| fileSystems.<name>.device | The device as passed to mount
|
| services.archisteamfarm.bots | Bots name and configuration.
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| services.xserver.desktopManager.gnome.flashback.customSessions.*.wmLabel | The name of the window manager to show in the session chooser.
|
| services.umami.createPostgresqlDatabase | Whether to automatically create the database for Umami using PostgreSQL
|
| containers.<name>.privateNetwork | Whether to give the container its own private virtual
Ethernet interface
|
| services.dependency-track.database.databaseName | Database name to use when connecting to an external or
manually provisioned database; has no effect when a local
database is automatically provisioned
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| security.tpm2.tssUser | Name of the tpm device-owner and service user, set if applyUdevRules is
set.
|
| networking.fqdnOrHostName | Either the fully qualified domain name (FQDN), or just the host name if
it does not exist
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.exporters.exportarr-readarr.user | User name under which the exportarr-readarr exporter shall be run.
|
| containers.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.journaldriver.logStream | Configures the name of the Stackdriver Logging log stream into
which to write journald entries
|
| services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|
| networking.bridges | This option allows you to define Ethernet bridge devices
that connect physical networks together
|
| services.prometheus.exporters.artifactory.user | User name under which the artifactory exporter shall be run.
|
| services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| services.prometheus.exporters.mqtt.prometheusPrefix | Prefix added to the metric name.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowCN | Allow client if common name appears in the list.
|
| containers.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowOU | Allow client if organizational unit name appears in the list.
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.bluesky-pds.environmentFiles | File to load environment variables from
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowURI | Allow client if URI subject alternative name appears in the list.
|
| fileSystems.<name>.options | Options used to mount the file system
|
| fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| boot.initrd.secrets | Secrets to append to the initrd
|
| console.font | The font used for the virtual consoles
|
| services.prometheus.exporters.exportarr-prowlarr.user | User name under which the exportarr-prowlarr exporter shall be run.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.username | username is required if using Identity V2 API
|
| fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.matrix-appservice-irc.settings.homeserver.domain | The 'domain' part for user IDs on this home server
|
| services.veilid.settings.core.network.routing_table.bootstrap | Host name of existing well-known Veilid bootstrap servers for the network to connect to.
|
| services.yggdrasil.denyDhcpcdInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| containers.<name>.specialArgs | A set of special arguments to be passed to NixOS modules
|
| services.crowdsec-firewall-bouncer.settings.api_key | API key to authenticate with a local crowdsec API
|
| services.nipap.settings.auth.default_backend | Name of auth backend to use by default.
|
| services.mqtt2influxdb.influxdb.database | Name of the InfluxDB database.
|
| services.prometheus.exporters.modemmanager.user | User name under which the modemmanager exporter shall be run.
|
| services.matrix-alertmanager.matrixRooms | Combination of Alertmanager receiver(s) and rooms for the bot to join
|
| services.mosquitto.listeners.*.omitPasswordAuth | Omits password checking, allowing anyone to log in with any user name unless
other mandatory authentication methods (eg TLS client certificates) are configured.
|
| services.postgresql.ensureUsers.*.ensureClauses.inherit | Grants the user created inherit permissions
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.username | HTTP username
|
| services.warpgate.settings.external_host | Configure the domain name of this Warpgate instance
|
| containers.<name>.macvlans | The list of host interfaces from which macvlans will be
created
|
| services.datadog-agent.extraIntegrations | Extra integrations from the Datadog core-integrations
repository that should be built and included
|
| services.centrifugo.environmentFiles | Files to load environment variables from
|
| boot.iscsi-initiator.target | Name of the iSCSI target to boot from.
|
| hardware.display.edid.linuxhw | Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID
Attribute names will be mapped to EDID filenames <NAME>.bin
|
| programs.regreet.font.package | The package that provides the font given in the name option.
|