| networking.openconnect.interfaces.<name>.protocol | Protocol to use.
|
| services.multipath.devices.*.marginal_path_err_recheck_gap_time | One of the four parameters of supporting path check based on accounting IO error such as intermittent error
|
| services.datadog-agent.hostname | The hostname to show in the Datadog dashboard (optional)
|
| services.cloudflared.tunnels.<name>.originRequest.originServerName | Hostname that cloudflared should expect from your origin server certificate.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitID | See torrc manual.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress | mailserver name or address
|
| services.borgbackup.repos.<name>.authorizedKeysAppendOnly | Public SSH keys that can only be used to append new data (archives) to the repository
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret | Value of the EAP/XAuth secret
|
| services.sanoid.templates.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.strongswan-swanctl.swanctl.pools.<name>.addrs | Addresses allocated in pool
|
| hardware.fw-fanctrl.config.strategies.<name>.movingAverageInterval | Interval (seconds) of the last temperatures to use to calculate the average temperature
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.opensnitch.settings.Server.Address | Unix socket path (unix:///tmp/osui.sock, the "unix:///" part is
mandatory) or TCP socket (192.168.1.100:50051).
|
| services.openvscode-server.connectionTokenFile | Path to a file that contains the connection token.
|
| services.prometheus.exporters.lnd.lndMacaroonDir | Path to lnd macaroons.
|
| services.xserver.desktopManager.gnome.sessionPath | Additional list of packages to be added to the session search path
|
| services.yggdrasil.settings.PrivateKeyPath | Path to the private key file on the host system
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeout | Timeout after which an idle keepalive connection can be discarded.
|
| networking.supplicant.<name>.userControlled.enable | Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli
|
| systemd.network.networks.<name>.fairQueueingControlledDelayConfig | Each attribute in this set specifies an option in the
[FairQueueingControlledDelay] section of the unit
|
| networking.ipips.<name>.encapsulation.type | Select the encapsulation type:
-
ipip to create an IPv4 within IPv4 tunnel (RFC 2003).
-
4in6 to create a 4in6 tunnel (RFC 2473);
-
ip6ip6 to create an IPv6 within IPv6 tunnel (RFC 2473);
For encapsulating IPv6 within IPv4 packets, see
the ad-hoc networking.sits option.
|
| services.jibri.xmppEnvironments.<name>.control.login.passwordFile | File containing the password for the user.
|
| services.slskd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.movim.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.slskd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.davis.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.davis.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| boot.loader.systemd-boot.windows.<name>.efiDeviceHandle | The device handle of the EFI System Partition (ESP) where the Windows bootloader is
located
|
| services.tmate-ssh-server.host | External host name
|
| services.samba-wsdd.domain | Set domain name (disables workgroup).
|
| services.monica.mail.fromName | Mail "from" name.
|
| services.vault.address | The name of the ip interface to listen to
|
| services.pixelfed.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.sftpgo.settings.httpd.bindings.*.address | Network listen address
|
| services.prometheus.exporters.postfix.showqPath | Path where Postfix places its showq socket.
|
| services.sftpgo.settings.sftpd.bindings.*.address | Network listen address
|
| services.prometheus.exporters.knot.knotLibraryPath | Path to the library of knot-dns.
|
| services.mainsail.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.xserver.desktopManager.budgie.sessionPath | Additional list of packages to be added to the session search path
|
| services.fediwall.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.agorakit.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.discourse.mail.outgoing.passwordFile | A file containing the password of the SMTP server account
|
| services.dolibarr.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.librenms.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.kanboard.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.bacula-sd.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.hercules-ci-agent.settings.binaryCachesPath | Path to a JSON file containing binary cache secret keys
|
| services.warpgate.settings.http.certificate | Path to HTTPS listener certificate.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPorts | See torrc manual.
|
| services.snipe-it.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.snipe-it.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| security.wrappers.<name>.capabilities | A comma-separated list of capability clauses to be given to the
wrapper program
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.wyoming.faster-whisper.servers.<name>.useTransformers | Whether to provide the dependencies to allow using transformer models.
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable | See torrc manual.
|
| services.pretix.settings.pretix.instance_name | The name of this installation.
|
| services.displayManager.dms-greeter.configHome | Path to a user's home directory from which to copy DankMaterialShell
configuration files
|
| services.librechat.credentialsFile | Path to a file that contains environment variables
|
| services.bacula-dir.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| virtualisation.podman.extraPackages | Extra dependencies for podman to be placed on $PATH in the wrapper.
|
| services.waagent.settings.ResourceDisk.MountPoint | This option specifies the path at which the resource disk is mounted
|
| services.anubis.instances.<name>.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.pantalaimon-headless.instances.<name>.listenPort | The port where the daemon will listen to client connections for
this homeserver
|
| services.matrix-tuwunel.settings.global.server_name | The server_name is the name of this server
|
| services.matrix-conduit.settings.global.server_name | The server_name is the name of this server
|
| virtualisation.fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.tor.settings.Nickname | See torrc manual.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.bacula-sd.autochanger.<name>.extraAutochangerConfig | Extra configuration to be passed in Autochanger directive.
|
| services.rosenpass.settings.secret_key | Path to a file containing the secret key of the local Rosenpass peer
|
| services.rosenpass.settings.public_key | Path to a file containing the public key of the local Rosenpass peer
|
| services.opensnitch.settings.Audit.AudispSocketPath | Configure audit socket path
|
| services.prometheus.exporters.dnsmasq.leasesPath | Path to the dnsmasq.leases file.
|
| services.healthchecks.settings.SECRET_KEY_FILE | Path to a file containing the secret key.
|
| hardware.nvidia-container-toolkit.mounts.*.containerPath | Container path.
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".http.ip | Listener IP address or Unix socket path
|
| virtualisation.xen.store.settings.pidFile | Path to the Xen Store Daemon PID file.
|
| virtualisation.docker.extraPackages | Extra packages to add to PATH for the docker daemon process.
|
| services.wastebin.settings.WASTEBIN_DATABASE_PATH | Path to the sqlite3 database file
|
| services.vault.extraSettingsPaths | Configuration files to load besides the immutable one defined by the NixOS module
|
| services.wasabibackend.customConfigFile | Defines the path to a custom configuration file that is copied to the user's directory
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| boot.binfmt.registrations.<name>.wrapInterpreterInShell | Whether to wrap the interpreter in a shell script
|
| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.bcg.automaticRenameNodes | Automatically rename all nodes.
|
| services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret | Value of the NTLM secret, which is the NT Hash of the actual secret,
that is, MD4(UTF-16LE(secret))
|
| services.kismet.serverName | The name of the server.
|
| services.dovecot2.user | Dovecot user name.
|
| services.cyrus-imap.group | Cyrus IMAP group name
|
| services.hddfancontrol.settings.<drive-bay-name>.pwmPaths | PWM filepath(s) to control fan speed (under /sys), followed by initial and fan-stop PWM values
Can also use command substitution to ensure the correct hwmonX is selected on every boot
|
| services.cloudflared.tunnels.<name>.originRequest.proxyAddress | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.monica.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.matomo.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|