| systemd.user.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.matrix-synapse.settings.listeners.*.bind_addresses | IP addresses to bind the listener to.
|
| users.extraUsers.<name>.description | A short description of the user account, typically the
user's full name
|
| services.matomo.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.gancio.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.maubot.settings.plugin_databases.postgres | The connection URL for plugin database
|
| services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| systemd.user.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.anubis.instances | An attribute set of Anubis instances
|
| services.wordpress.sites.<name>.languages | List of path(s) to respective language(s) which are copied from the 'languages' directory.
|
| boot.specialFileSystems.<name>.fsType | Type of the file system
|
| systemd.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| services.nextcloud-spreed-signaling.settings.backend.backendtype | Type of backend configuration
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.kimai.sites.<name>.environmentFile | Securely pass environment variabels to Kimai
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id | Client XAuth username used in the XAuth exchange.
|
| services.github-runners.<name>.noDefaultLabels | Disables adding the default labels
|
| services.monica.hostname | The hostname to serve monica on.
|
| services.maubot.configMutable | Whether maubot should write updated config into extraConfigFile. This will make your Nix module settings have no effect besides the initial config, as extraConfigFile takes precedence over NixOS settings!
|
| services.livekit.ingress.settings.rtc_config.port_range_end | End of UDP port range for WebRTC
|
| hardware.tuxedo-drivers.settings.charging-priority | These options manage the trade-off between battery charging and CPU performance when the USB-C power supply cannot provide sufficient power for both simultaneously:
charge_battery prioritizes battery charging (driver default)performance prioritizes maximum CPU performance
|
| systemd.sockets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| security.agnos.settings.accounts.*.certificates | Certificates for agnos to issue or renew.
|
| services.bookstack.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.vdirsyncer.jobs.<name>.config.storages | vdirsyncer storage configurations
|
| services.v4l2-relayd.instances.<name>.input.pipeline | The gstreamer-pipeline to use for the input-stream.
|
| services.davis.hostname | Domain of the host to serve davis under
|
| services.matrix-tuwunel.settings.global.trusted_servers | Servers listed here will be used to gather public keys of other servers
(notary trusted key servers)
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.postgresql.settings.log_line_prefix | A printf-style string that is output at the beginning of each log line
|
| services.matrix-tuwunel.settings.global.allow_federation | Whether this server federates with other servers.
|
| services.matrix-conduit.settings.global.allow_federation | Whether this server federates with other servers.
|
| systemd.user.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.searx.limiterSettings | Limiter settings for SearXNG.
|
| services.grafana.settings.security.allow_embedding | When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses
which will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>
|
| boot.initrd.luks.devices.<name>.keyFileTimeout | The amount of time in seconds for a keyFile to appear before
timing out and trying passwords.
|
| services.kubernetes.kubelet.taints.<name>.effect | Effect of taint.
|
| services.tahoe.introducers.<name>.package | The tahoelafs package to use.
|
| services.consul-template.instances.<name>.group | Group under which this instance runs.
|
| services.gitlab.smtp.username | Username of the SMTP server for GitLab.
|
| services.gitlab-runner.services.<name>.preGetSourcesScript | Runner-specific command script executed before code is pulled.
|
| services.wordpress.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| networking.sits.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.xserver.xkb.extraLayouts.<name>.languages | A list of languages provided by the layout.
(Use ISO 639-2 codes, for example: "eng" for english)
|
| services.headscale.settings.noise.private_key_path | Path to noise private key file, generated automatically if it does not exist.
|
| services.keepalived.vrrpScripts.<name>.weight | Following a failure, adjust the priority by this weight.
|
| services.k3s.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| services.k3s.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.mosquitto.listeners.*.users.<name>.acl | Control client access to topics on the broker.
|
| services.i2pd.inTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| documentation.man.mandoc.settings.output.width | The ASCII and UTF-8 output width, default is 78
|
| users.extraUsers.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| services.undervolt.useTimer | Whether to set a timer that applies the undervolt settings every 30s
|
| services.pgbackrest.stanzas.<name>.instances | An attribute set of database instances as described in:
https://pgbackrest.org/configuration.html#section-stanza
Each instance defaults to set pg-host to the attribute's name
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.help | A human-readable description of this metric.
|
| services.wordpress.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.librenms.database.username | Name of the user on the MySQL/MariaDB server
|
| services.anuko-time-tracker.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fcgiwrap.instances.<name>.process.group | Group as which this instance of fcgiwrap will be run.
|
| systemd.network.links.<name>.extraConfig | Extra configuration append to unit
|
| services.movim.nginx.serverName | Name of this virtual host
|
| services.slskd.nginx.serverName | Name of this virtual host
|
| services.davis.nginx.serverName | Name of this virtual host
|
| services.wyoming.faster-whisper.servers.<name>.device | Determines the platform faster-whisper is run on
|
| fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| services.firezone.server.provision.accounts.<name>.policies | All policies to provision
|
| fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| services.openafsServer.roles.backup.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| networking.ipips.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.restic.backups.<name>.repositoryFile | Path to the file containing the repository location to backup to.
|
| services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.id | A unique identifier for this authentication token
|
| services.grafana.settings.database.client_cert_path | The path to the client cert
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.grafana.provision.datasources.settings.datasources.*.access | Access mode. proxy or direct (Server or Browser in the UI)
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| services.strongswan-swanctl.swanctl.connections.<name>.pools | List of named IP pools to allocate virtual IP addresses
and other configuration attributes from
|
| virtualisation.xen.store.settings.quota.maxWatchEvents | Maximum number of outstanding watch events per watch.
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_DAILY | Limits for timeline cleanup.
|
| services.movim.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.slskd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.davis.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fcgiwrap.instances.<name>.process.user | User as which this instance of fcgiwrap will be run
|