| users.mysql.pam.statusColumn | The name of the column or an SQL expression that indicates the status of
the user
|
| services.strongswan-swanctl.swanctl.connections | Section defining IKE connection configurations, each in its own subsection
with an arbitrary yet unique name
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.icingaweb2.modulePackages | Name-package attrset of Icingaweb 2 modules packages to enable
|
| services.pgbouncer.settings.pgbouncer.listen_addr | Specifies a list (comma-separated) of addresses where to listen for TCP connections
|
| services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_name | At most one of domain_id and domain_name must be provided if using username
with Identity V3
|
| services.strongswan-swanctl.swanctl.authorities | Section defining complementary attributes of certification authorities, each
in its own subsection with an arbitrary yet unique name
|
| services.crowdsec-firewall-bouncer.registerBouncer.bouncerName | Name to register the bouncer as to the CrowdSec API
|
| services.postgresql.ensureUsers.*.ensureDBOwnership | Grants the user ownership to a database with the same name
|
| services.outline.oidcAuthentication.displayName | Display name for OIDC authentication.
|
| containers.<name>.allowedDevices | A list of device nodes to which the containers has access to.
|
| services.warpgate.settings.sso_providers.*.label | SSO provider name displayed on login page.
|
| security.tpm2.fapi.profileName | Name of the default cryptographic profile chosen from the profile_dir directory.
|
| services.postgresql.ensureUsers.*.ensureClauses.createdb | Grants the user, created by the ensureUser attr, createdb permissions
|
| containers.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| containers.<name>.timeoutStartSec | Time for the container to start
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces | Optional namespace discovery
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.exporters.unpoller.controllers.*.user | Unifi service user name.
|
| services.pgbouncer.settings.pgbouncer.max_client_conn | Maximum number of client connections allowed
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| image.repart.verityStore.partitionIds.esp | Specify the attribute name of the ESP.
|
| networking.vswitches | This option allows you to define Open vSwitches that connect
physical networks together
|
| programs.regreet.theme.package | The package that provides the theme given in the name option.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_name | The project_id and project_name fields are optional for the Identity V2 API
|
| containers.<name>.forwardPorts | List of forwarded ports from host to container
|
| services.chatgpt-retrieval-plugin.qdrantCollection | name of the qdrant collection used to store documents.
|
| services.prometheus.exporters.wireguard.wireguardConfig | Path to the Wireguard Config to
add the peer's name to the stats of a peer
|
| containers.<name>.restartIfChanged | Whether the container should be restarted during a NixOS
configuration switch if its definition has changed.
|
| containers.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| services.journaldriver.googleCloudProject | Configures the name of the Google Cloud project to which to
forward journald logs
|
| containers.<name>.allowedDevices.*.node | Path to device node
|
| containers.<name>.interfaces | The list of interfaces to be moved into the container.
|
| services.taskserver.organisations | An attribute set where the keys name the organisation and the values
are a set of lists of users and
groups.
|
| containers.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| services.mosquitto.listeners.*.authPlugins.*.denySpecialChars | Automatically disallow all clients using #
or + in their name/id.
|
| services.mautrix-telegram.environmentFile | File containing environment variables to be passed to the mautrix-telegram service,
in which secret tokens can be specified securely by defining values for e.g.
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN,
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN,
MAUTRIX_TELEGRAM_TELEGRAM_API_ID,
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH and optionally
MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN
|
| services.postgresql.ensureUsers.*.ensureClauses.bypassrls | Grants the user, created by the ensureUser attr, replication permissions
|
| services.postgresql.ensureUsers.*.ensureClauses.superuser | Grants the user, created by the ensureUser attr, superuser permissions
|
| services.prometheus.exporters.mqtt.zigbee2MqttAvailability | Whether to enable Normalize sensor name for device availability metric added by Zigbee2MQTT..
|
| boot.kernelPatches | A list of additional patches to apply to the kernel
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.username | HTTP username
|
| system.nixos.label | NixOS version name to be used in the names of generated
outputs and boot labels
|
| systemd.network.config.routeTables | Defines route table names as an attrset of name to number
|
| services.prometheus.exporters.pgbouncer.connectionEnvFile | File that must contain the environment variable
PGBOUNCER_EXPORTER_CONNECTION_STRING which is set to the connection
string used by pgbouncer
|
| nixpkgs.flake.source | The path to the nixpkgs sources used to build the system
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".database | Name of the database
|
| containers.<name>.nixpkgs | A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container
|
| services.bitwarden-directory-connector-cli.sync.groupNameAttribute | Attribute for a name of group.
|
| programs.regreet.iconTheme.package | The package that provides the icon theme given in the name option.
|
| image.repart.verityStore.partitionIds.store | Specify the attribute name of the store partition.
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| services.influxdb2.provision.initialSetup.organization | Primary organization name
|
| services.prometheus.exporters.pgbouncer.connectionString | Connection string for accessing pgBouncer
|
| boot.loader.systemd-boot.windows | Make Windows bootable from systemd-boot
|
| services.postgresql.ensureUsers.*.ensureClauses.createrole | Grants the user, created by the ensureUser attr, createrole permissions
|
| hardware.nvidia-container-toolkit.enable-hooks | List of hooks to enable when generating the CDI specification
|
| users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| services.mqtt2influxdb.points.*.measurement | Name of the measurement
|
| containers.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| services.postgresql.ensureUsers.*.ensureClauses.replication | Grants the user, created by the ensureUser attr, replication permissions
|
| programs.regreet.cursorTheme.package | The package that provides the cursor theme given in the name option.
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| hardware.nvidia-container-toolkit.disable-hooks | List of hooks to disable when generating the CDI specification
|
| services.filesender.settings.log_facilities | Defines where FileSender logging is sent
|
| boot.loader.grub.fsIdentifier | Determines how GRUB will identify devices when generating the
configuration file
|
| hardware.display.edid.modelines | Attribute set of XFree86 Modelines automatically converted
and exposed as edid/<name>.bin files in initrd
|
| networking.hostName | The name of the machine
|
| image.repart.verityStore.partitionIds.store-verity | Specify the attribute name of the store's dm-verity hash partition.
|
| containers.<name>.forwardPorts.*.containerPort | Target port of container
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| systemd.automounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| boot.loader.systemd-boot.sortKey | The sort key used for the NixOS bootloader entries
|
| programs.msmtp.accounts | Named accounts and their respective configurations
|
| hardware.nvidia.prime.offload.offloadCmdMainProgram | Specifies the CLI name of the hardware.nvidia.prime.offload.enableOffloadCmd
convenience script for offloading programs to an nvidia device.
|
| hardware.trackpoint.device | The device name of the trackpoint
|
| users.ldap.bind.distinguishedName | The distinguished name to bind to the LDAP server with
|
| programs.kubeswitch.commandName | The name of the command to use
|
| containers.<name>.allowedDevices.*.modifier | Device node access modifier
|
| boot.loader.grub.configurationName | GRUB entry name instead of default.
|
| swapDevices.*.encrypted.label | Label of the unlocked encrypted device
|
| hardware.firmware | List of packages containing firmware files
|
| security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| containers.<name>.ephemeral | Runs container in ephemeral mode with the empty root filesystem at boot
|
| boot.initrd.compressor | The compressor to use on the initrd image
|
| containers.<name>.privateUsers | Whether to give the container its own private UIDs/GIDs space (user namespacing)
|
| boot.loader.grub.mirroredBoots.*.efiBootloaderId | The id of the bootloader to store in efi nvram
|
| programs.pay-respects.runtimeRules | List of rules to be added to /etc/xdg/pay-respects/rules.
pay-respects will read the contents of these generated rules to recommend command corrections
|
| networking.ucarp.downscript | Command to run after become backup, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| networking.nat.externalInterface | The name of the external network interface.
|
| containers.<name>.networkNamespace | Takes the path to a file representing a kernel network namespace that the container
shall run in
|
| specialisation.<name>.inheritParentConfig | Include the entire system's configuration
|
| documentation.man.mandoc.settings.output.man | A template for linked manuals (usually via the Xr macro) in HTML
output
|
| networking.networkmanager.ensureProfiles.profiles | Declaratively define NetworkManager profiles
|
| networking.dhcpcd.denyInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| hardware.printers.ensurePrinters | Will regularly ensure that the given CUPS printers are configured as declared here
|
| security.tpm2.tctiEnvironment.tabrmdConf | Configuration part of the tabrmd TCTI, like the D-Bus bus name
|
| documentation.man.mandoc.settings.output.paper | This option is for generating PostScript and PDF output
|
| networking.dhcpcd.allowInterfaces | Enable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|