| services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| networking.sits.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.kerberos_server.settings.includedir | Directories containing files to include in the Kerberos configuration.
|
| services.maddy.hostname | Hostname to use
|
| services.anubis.instances.<name>.policy.extraBots | Additional bot rules appended to the policy
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.nextcloud.settings.mail_smtpsecure | This depends on mail_smtpmode
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.restic.backups.<name>.repository | repository to backup to.
|
| services.firewalld.zones.<name>.forwardPorts.*.to-port | |
| services.firewalld.services.<name>.sourcePorts | Source ports for the service.
|
| documentation.man.mandoc.settings.output.width | The ASCII and UTF-8 output width, default is 78
|
| users.extraUsers.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.bookstack.nginx.locations.<name>.root | Root directory for requests.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.class | CPU scheduler class.
|
| services.movim.h2o.serverName | Server name to be used for this virtual host
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.easytier.instances.<name>.extraArgs | Extra args append to the easytier command-line.
|
| services.rshim.device | Specify the device name to attach
|
| services.printing.cups-pdf.instances.<name>.enable | Whether to enable this cups-pdf instance.
|
| services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| systemd.network.links.<name>.extraConfig | Extra configuration append to unit
|
| services.github-runners.<name>.group | Group under which to run the service
|
| fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| networking.ipips.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.borgbackup.jobs.<name>.privateTmp | Set the PrivateTmp option for
the systemd-service
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| services.system76-scheduler.settings.cfsProfiles.responsive.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.restic.backups.<name>.initialize | Create the repository if it doesn't exist.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.grafana.provision.alerting.templates.settings.templates.*.template | Alerting with a custom text template
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.ioClass | IO scheduler class.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| services.wyoming.piper.servers.<name>.streaming | Whether to enable audio streaming on sentence boundaries.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.gitlab-runner.services.<name>.postBuildScript | Runner-specific command script executed after code is pulled
and just after build executes.
|
| services.ghostunnel.servers.<name>.allowAll | If true, allow all clients, do not check client cert subject.
|
| virtualisation.xen.store.settings.quota.maxWatchEvents | Maximum number of outstanding watch events per watch.
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| systemd.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.nspawn.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.slskd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.movim.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.davis.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.drupal.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| environment.etc.<name>.uid | UID of created file
|
| environment.etc.<name>.gid | GID of created file
|
| users.extraUsers.<name>.isSystemUser | Indicates if the user is a system user or not
|
| systemd.user.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.units.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.firewalld.zones.<name>.ports.*.protocol | |
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| systemd.user.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.dovecot2.mailboxes.<name>.auto | Whether to automatically create or create and subscribe to the mailbox or not.
|
| services.blockbook-frontend.<name>.sync | Synchronizes until tip, if together with zeromq, keeps index synchronized.
|
| services.gitlab-runner.services.<name>.dockerExtraHosts | Add a custom host-to-IP mapping.
|
| services.anuko-time-tracker.nginx.locations.<name>.index | Adds index directive.
|
| services.anuko-time-tracker.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.jupyterhub.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyterhub.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.headscale.settings.derp.update_frequency | Frequency to update DERP maps.
|
| services.i2pd.proto.http.hostname | Expected hostname for WebUI.
|
| services.mainsail.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.pixelfed.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fediwall.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.agorakit.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.kanboard.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.dolibarr.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.librenms.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.invoiceplane.sites.<name>.cron.key | Cron key taken from the administration page.
|
| services.fcgiwrap.instances.<name>.socket.group | Group to be set as owner of the UNIX socket.
|
| networking.vswitches.<name>.interfaces.<name>.type | Openvswitch type to assign to interface
|
| networking.vswitches.<name>.interfaces.<name>.vlan | Vlan tag to apply to interface
|
| services.neo4j.ssl.policies.<name>.trustedDir | Path to directory of X.509 certificates in PEM format for
trusted parties
|
| services.matomo.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.monica.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fedimintd.<name>.nginx.config.basicAuthFile | Basic Auth password file for a vhost
|
| services.fedimintd.<name>.nginx.config.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.kimai.sites.<name>.database.serverVersion | MySQL exact version string
|
| systemd.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.borgbackup.jobs.<name>.dumpCommand | Backup the stdout of this program instead of filesystem paths
|
| services.grafana.provision.datasources.settings.datasources.*.uid | Custom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically.
|