| services.monica.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.matomo.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fluidd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.gancio.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.akkoma.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.gancio.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.sanoid.templates.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| services.routinator.settings.repository-dir | The path where the collected RPKI data is stored.
|
| services.reposilite.settings.keyPath | Path to the .jsk KeyStore or paths to the PKCS#8 certificate and private key, separated by a space (see example)
|
| services.radicle.httpd.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.gitlab.secrets.activeRecordPrimaryKeyFile | A file containing the secret used to encrypt some rails data
in the DB
|
| services.warpgate.settings.mysql.certificate | Path to MySQL listener certificate.
|
| services.kubernetes.apiserver.kubeletClientCaFile | Path to a cert file for connecting to kubelet.
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.id | This is the name that will be displayed by NetworkManager and GUIs.
|
| security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| services.mautrix-meta.instances.<name>.serviceDependencies | List of Systemd services to require and wait for when starting the application service.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.wordpress.webserver | Whether to use apache2 or nginx for virtual host management
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| services.limesurvey.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.limesurvey.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nginx.sso.configuration | nginx-sso configuration
(documentation)
as a Nix attribute set
|
| services.nextcloud.notify_push.dbhost | Database host (+port) or socket path
|
| services.prometheus.exporters.shelly.metrics-file | Path to the JSON file with the metric definitions
|
| services.bitwarden-directory-connector-cli.ldap.rootPath | Root path for LDAP.
|
| virtualisation.bootPartition | The path (inside the VM) to the device containing the EFI System Partition (ESP)
|
| services.cloudflared.tunnels.<name>.originRequest.proxyType | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.tarsnap.archives.<name>.aggressiveNetworking | Upload data over multiple TCP connections, potentially
increasing tarsnap's bandwidth utilisation at the cost
of slowing down all other network traffic
|
| services.murmur.group | The name of an existing group to use to run the service
|
| services.gdomap.enable | Whether to enable GNUstep Distributed Objects name server.
|
| services.davfs2.davUser | When invoked by root the mount.davfs daemon will run as this user
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| services.librenms.user | Name of the LibreNMS user.
|
| services.weblate.smtp.user | SMTP login name.
|
| services.authelia.instances.<name>.settings.log.keep_stdout | Whether to also log to stdout when a file_path is defined.
|
| services.cloudflared.tunnels.<name>.edgeIPVersion | Specifies the IP address version (IPv4 or IPv6) used to establish a connection between cloudflared and the Cloudflare global network
|
| services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.paths | Paths can point to a single service, or the root of a tree of services.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals | AH proposals to offer for the CHILD_SA
|
| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| services.mautrix-meta.instances.<name>.environmentFile | File containing environment variables to substitute when copying the configuration
out of Nix store to the services.mautrix-meta.dataDir
|
| services.pantalaimon-headless.instances.<name>.listenAddress | The address where the daemon will listen to client connections
for this homeserver.
|
| services.prometheus.exporters.varnish.healthPath | Path under which to expose healthcheck
|
| services.rosenpass.settings.peers.*.public_key | Path to a file containing the public key of the remote Rosenpass peer.
|
| services.anuko-time-tracker.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.multipath.devices.*.delay_watch_checks | This option is deprecated, and mapped to san_path_err_forget_rate
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| boot.binfmt.registrations.<name>.matchCredentials | Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit)
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.discourse.hostname | The hostname to serve Discourse on.
|
| services.bookstack.hostname | The hostname to serve BookStack on.
|
| services.gitlab-runner.services.<name>.environmentVariables | Custom environment variables injected to build environment
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| services.borgbackup.jobs.<name>.encryption.passphrase | The passphrase the backups are encrypted with
|
| services.limesurvey.httpd.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.prometheus.exporters.zfs.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.nut.passwordPath | A run-time path to the nutUser password file, which should be
provisioned outside of Nix store.
|
| services.thanos.downsample.tracing.config | Tracing configuration
|
| services.akkoma.config.":pleroma"."Pleroma.Upload".base_url | Base path which uploads will be stored at
|
| nixpkgs.pkgs | If set, the pkgs argument to all NixOS modules is the value of
this option, extended with nixpkgs.overlays, if
that is also set
|
| services.namecoind.rpc.address | IP address the RPC server will bind to.
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| services.factorio.username | Your factorio.com login credentials
|
| services.kerberos_server.settings.realms.<name>.acl | The privileges granted to a user.
|
| services.hddfancontrol.settings.<drive-bay-name>.logVerbosity | Verbosity of the log level
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| networking.wireguard.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| services.namecoind.generate | Whether to generate (mine) Namecoins.
|
| services.bcg.automaticRenameKitNodes | Automatically rename kit's nodes.
|
| services.guix.publish.user | Name of the user to change once the server is up.
|
| services.baikal.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.keter.bundle.appName | The name keter assigns to this bundle
|
| services.limesurvey.nginx.virtualHost.serverName | Name of this virtual host
|
| services.ocsinventory-agent.settings.local | If specified, the OCS Inventory Agent will run in offline mode
and the resulting inventory file will be stored in the specified path.
|
| services.bookstack.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.dolibarr.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| virtualisation.podman.networkSocket.tls.cert | Path to certificate describing the server.
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.postgresqlWalReceiver.receivers.<name>.compress | Enables gzip compression of write-ahead logs, and specifies the compression level
(0 through 9, 0 being no compression and 9 being best compression)
|
| services.hadoop.hdfs.namenode.enable | Whether to enable HDFS NameNode.
|
| services.prometheus.exporters.fastly.configFile | Path to a fastly-exporter configuration file
|
| services.prometheus.exporters.blackbox.configFile | Path to configuration file.
|
| services.prometheus.exporters.mail.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.unbound.unbound.ca | Path to the Unbound server certificate authority
|
| services.prometheus.exporters.ping.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.php-fpm.telemetryPath | Path under which to expose metrics.
|
| services.sourcehut.settings.mail.pgp-privkey | An absolute file path (which should be outside the Nix-store)
to an OpenPGP private key
|
| boot.loader.generic-extlinux-compatible.populateCmd | Contains the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument
|
| services.writefreely.admin.initialPasswordFile | Path to a file containing the initial password for the admin user
|
| services.pantalaimon-headless.instances.<name>.extraSettings | Extra configuration options
|
| services.bacula-sd.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.tls.verifyPeer | Verify peer certificate
|