| services.zfs.autoReplication.localFilesystem | Local ZFS filesystem from which snapshots should be sent
|
| services.limesurvey.nginx.virtualHost.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| swapDevices.*.encrypted.label | Label of the unlocked encrypted device
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.headscale.settings.tls_letsencrypt_hostname | Domain name to request a TLS certificate for.
|
| services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| services.prometheus.exporters.buildkite-agent.user | User name under which the buildkite-agent exporter shall be run.
|
| services.icingaweb2.modulePackages | Name-package attrset of Icingaweb 2 modules packages to enable
|
| services.prometheus.exporters.storagebox.user | User name under which the storagebox exporter shall be run.
|
| services.prometheus.exporters.scaphandre.user | User name under which the scaphandre exporter shall be run.
|
| services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| services.crowdsec-firewall-bouncer.secrets.apiKeyPath | Path to the API key to authenticate with a local CrowdSec API
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| services.misskey.reverseProxy.webserver.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| containers | A set of NixOS system configurations to be run as lightweight
containers
|
| services.rutorrent.nginx.exposeInsecureRPC2mount | If you do not enable one of the rpc or httprpc plugins you need to expose an RPC mount through scgi using this option
|
| containers.<name>.networkNamespace | Takes the path to a file representing a kernel network namespace that the container
shall run in
|
| services.pufferpanel.enable | Whether to enable PufferPanel game management server
|
| services.grafana.settings.smtp.ehlo_identity | Name to be used as client identity for EHLO in SMTP dialog.
|
| services.desktopManager.gnome.flashback.customSessions.*.wmLabel | The name of the window manager to show in the session chooser.
|
| services.prometheus.exporters.exportarr-radarr.user | User name under which the exportarr-radarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-lidarr.user | User name under which the exportarr-lidarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-bazarr.user | User name under which the exportarr-bazarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-sonarr.user | User name under which the exportarr-sonarr exporter shall be run.
|
| services.discourse.siteSettings | Discourse site settings
|
| services.dependency-track.database.databaseName | Database name to use when connecting to an external or
manually provisioned database; has no effect when a local
database is automatically provisioned
|
| hardware.display.edid.modelines | Attribute set of XFree86 Modelines automatically converted
and exposed as edid/<name>.bin files in initrd
|
| boot.loader.systemd-boot.windows | Make Windows bootable from systemd-boot
|
| services.matrix-synapse.settings.log_config | The file that holds the logging configuration.
|
| hardware.firmware | List of packages containing firmware files
|
| services.yggdrasil.denyDhcpcdInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.nextcloud.settings."profile.enabled" | Makes user-profiles globally available under nextcloud.tld/u/user.name
|
| services.bluesky-pds.environmentFiles | File to load environment variables from
|
| services.sanoid.datasets.<name>.force_post_snapshot_script | Whether to run the post script if the pre script fails
|
| system.nixos.label | NixOS version name to be used in the names of generated
outputs and boot labels
|
| services.mosquitto.listeners.*.omitPasswordAuth | Omits password checking, allowing anyone to log in with any user name unless
other mandatory authentication methods (eg TLS client certificates) are configured.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.username | Credentials are used to authenticate the requests to Uyuni API.
|
| services.matrix-alertmanager.matrixRooms | Combination of Alertmanager receiver(s) and rooms for the bot to join
|
| services.prometheus.exporters.exportarr-readarr.user | User name under which the exportarr-readarr exporter shall be run.
|
| services.prometheus.exporters.artifactory.user | User name under which the artifactory exporter shall be run.
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| programs.kubeswitch.commandName | The name of the command to use
|
| services.prometheus.exporters.mqtt.prometheusPrefix | Prefix added to the metric name.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowCN | Allow client if common name appears in the list.
|
| services.sanoid.templates.<name>.force_post_snapshot_script | Whether to run the post script if the pre script fails
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.username | HTTP username
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowOU | Allow client if organizational unit name appears in the list.
|
| services.mqtt2influxdb.influxdb.database | Name of the InfluxDB database.
|
| hardware.trackpoint.device | The device name of the trackpoint
|
| services.xserver.desktopManager.gnome.flashback.customSessions.*.wmLabel | The name of the window manager to show in the session chooser.
|
| image.repart.verityStore.partitionIds.store-verity | Specify the attribute name of the store's dm-verity hash partition.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowURI | Allow client if URI subject alternative name appears in the list.
|
| services.postgresql.ensureUsers.*.ensureDBOwnership | Grants the user ownership to a database with the same name
|
| services.datadog-agent.extraIntegrations | Extra integrations from the Datadog core-integrations
repository that should be built and included
|
| services.centrifugo.environmentFiles | Files to load environment variables from
|
| containers.<name>.additionalCapabilities | Grant additional capabilities to the container
|
| services.pgbouncer.settings.pgbouncer.max_client_conn | Maximum number of client connections allowed
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.exporters.exportarr-prowlarr.user | User name under which the exportarr-prowlarr exporter shall be run.
|
| boot.loader.grub.fsIdentifier | Determines how GRUB will identify devices when generating the
configuration file
|
| services.warpgate.settings.external_host | Configure the domain name of this Warpgate instance
|
| services.chatgpt-retrieval-plugin.qdrantCollection | name of the qdrant collection used to store documents.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.username | Consul username
|
| services.matrix-appservice-irc.settings.homeserver.domain | The 'domain' part for user IDs on this home server
|
| services.nipap.settings.auth.default_backend | Name of auth backend to use by default.
|
| services.crowdsec-firewall-bouncer.settings.api_key | API key to authenticate with a local crowdsec API
|
| services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.exporters.modemmanager.user | User name under which the modemmanager exporter shall be run.
|
| services.multipath.devices.*.user_friendly_names | If set to "yes", using the bindings file /etc/multipath/bindings
to assign a persistent and unique alias to the multipath, in the
form of mpath
|
| services.crowdsec-firewall-bouncer.registerBouncer.bouncerName | Name to register the bouncer as to the CrowdSec API
|
| services.strongswan-swanctl.swanctl.connections | Section defining IKE connection configurations, each in its own subsection
with an arbitrary yet unique name
|
| services.outline.oidcAuthentication.displayName | Display name for OIDC authentication.
|
| programs.msmtp.accounts | Named accounts and their respective configurations
|
| services.journaldriver.googleCloudProject | Configures the name of the Google Cloud project to which to
forward journald logs
|
| services.strongswan-swanctl.swanctl.authorities | Section defining complementary attributes of certification authorities, each
in its own subsection with an arbitrary yet unique name
|
| services.mosquitto.listeners.*.authPlugins.*.denySpecialChars | Automatically disallow all clients using #
or + in their name/id.
|
| services.taskserver.organisations | An attribute set where the keys name the organisation and the values
are a set of lists of users and
groups.
|
| services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.warpgate.settings.sso_providers.*.label | SSO provider name displayed on login page.
|
| users.ldap.bind.distinguishedName | The distinguished name to bind to the LDAP server with
|
| boot.loader.grub.configurationName | GRUB entry name instead of default.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.postgresql.ensureUsers.*.ensureClauses.inherit | Grants the user created inherit permissions
|
| security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| networking.ucarp.downscript | Command to run after become backup, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.username | HTTP username
|
| services.veilid.settings.core.network.routing_table.bootstrap | Host name of existing well-known Veilid bootstrap servers for the network to connect to.
|
| hardware.nvidia.prime.offload.offloadCmdMainProgram | Specifies the CLI name of the hardware.nvidia.prime.offload.enableOffloadCmd
convenience script for offloading programs to an nvidia device.
|
| networking.nat.externalInterface | The name of the external network interface.
|