| services.fedimintd.<name>.nginx.config.reuseport | Create an individual listening socket
|
| networking.jool.nat64 | Definitions of NAT64 instances of Jool
|
| networking.bonds.<name>.mode | DEPRECATED, use driverOptions
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| programs.ssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.maubot.settings.plugin_directories.load | The directories from which plugins should be loaded
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| hardware.sane.brscan5.netDevices.<name>.ip | The ip address of the device
|
| hardware.sane.brscan4.netDevices.<name>.ip | The ip address of the device
|
| virtualisation.docker.rootless.daemon.settings | Configuration for docker daemon
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.nagios.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.pools.<name>.dns | Address or CIDR subnets
StrongSwan default: []
|
| services.moodle.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp | Enable IPComp compression before encryption
|
| services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| services.gitlab-runner.services.<name>.postGetSourcesScript | Runner-specific command script executed after code is pulled.
|
| services.bookstack.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.bookstack.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.snapper.configs.<name>.TIMELINE_CLEANUP | Defines whether the timeline cleanup algorithm should be run for the config.
|
| services.prometheus.exporters.fritz.settings.devices.*.password_file | Path to a file which contains the password to authenticate with the target device
|
| programs.neovim.runtime.<name>.enable | Whether this runtime directory should be generated
|
| services.postfix.masterConfig.<name>.privileged | |
| services.xray.enable | Whether to run xray server
|
| services.firezone.server.provision.accounts.<name>.gatewayGroups | All gateway groups (sites) to provision
|
| systemd.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| systemd.nspawn.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of this unit
|
| services.public-inbox.settings.publicinboxwatch.watchspam | If set, mail in this maildir will be trained as spam and
deleted from all watched inboxes
|
| systemd.user.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.enable | Boost foreground process priorities.
(And de-boost background ones)
|
| services.firewalld.services.<name>.protocols | Protocols for the service.
|
| services.firewalld.services.<name>.ports.*.protocol | |
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.firezone.server.provision.accounts.<name>.resources | All resources to provision
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| services.firewalld.zones.<name>.masquerade | Whether to enable masquerading in the zone.
|
| services.keepalived.vrrpScripts.<name>.timeout | Seconds after which script is considered to have failed.
|
| services.autosuspend.checks.<name>.enabled | Whether to enable this activity check.
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| services.akkoma.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fluidd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.monica.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matomo.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.pgbackrest.repos.<name>.sftp-private-key-file | SFTP private key file
|
| services.kanidm.provision.systems.oauth2.<name>.present | Whether to ensure that this oauth2 resource server is present or absent.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_WEEKLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_YEARLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_HOURLY | Limits for timeline cleanup.
|
| services.mosquitto.bridges.<name>.addresses | Remote endpoints for the bridge.
|
| services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| virtualisation.xen.store.settings.xenstored.accessLog.file | Path to the Xen Store access log file.
|
| services.fcgiwrap.instances.<name>.socket.address | Socket address
|
| services.consul-template.instances.<name>.enable | Whether to enable this consul-template instance.
|
| systemd.user.slices.<name>.requisite | Similar to requires
|
| systemd.user.timers.<name>.requisite | Similar to requires
|
| services.swapspace.settings.buffer_elasticity | Percentage of buffer space considered to be "free"
|
| services.bitcoind.<name>.extraCmdlineOptions | Extra command line options to pass to bitcoind
|
| services.mpd.settings.playlist_directory | The directory where MPD stores playlists
|
| services.public-inbox.settings.publicinboxwatch.spamcheck | If set to spamc, public-inbox-watch(1) will filter spam
using SpamAssassin.
|
| security.agnos.settings.accounts.*.certificates.*.domains | Domains the certificate represents
|
| services.zabbixWeb.hostname | Hostname for either nginx or httpd.
|
| services.radicle.httpd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| networking.supplicant.<name>.bridge | Name of the bridge interface that wpa_supplicant should listen at.
|
| services.httpd.virtualHosts.<name>.listenAddresses | Listen addresses for this virtual host
|
| services.v4l2-relayd.instances.<name>.input.framerate | The framerate to read from input-stream.
|
| services.postfix.settings.main.message_size_limit | Maximum size of an email message in bytes.
https://www.postfix.org/postconf.5.html#message_size_limit
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.borgbackup.jobs.<name>.failOnWarnings | Fail the whole backup job if any borg command returns a warning
(exit code 1), for example because a file changed during backup.
|
| services.matrix-tuwunel.settings.global.unix_socket_path | Listen on a UNIX socket at the specified path
|
| security.auditd.settings.space_left | If the free space in the filesystem containing log_file drops below this value, the audit daemon takes the action specified by
space_left_action
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.blockbook-frontend.<name>.configFile | Location of the blockbook configuration file.
|
| services.v4l2-relayd.instances.<name>.extraPackages | Extra packages to add to GST_PLUGIN_PATH for the instance.
|
| systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.gitlab-runner.services.<name>.protected | When set to true Runner will only run on pipelines
triggered on protected branches
|
| boot.initrd.luks.devices.<name>.yubikey.storage.path | Absolute path of the salt on the unencrypted device with
that device's root directory as "/".
|
| services.strongswan-swanctl.swanctl.pools.<name>.dhcp | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.nbns | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.borgbackup.repos.<name>.allowSubRepos | Allow clients to create repositories in subdirectories of the
specified path
|
| services.snapserver.streams.<name>.sampleFormat | Default sample format.
|
| services.firezone.server.settingsSecret.COOKIE_ENCRYPTION_SALT | A file containing a unique base64 encoded secret for the
COOKIE_ENCRYPTION_SALT
|
| services.nezha-agent.settings.disable_send_query | Disable sending TCP/ICMP/HTTP requests.
|
| services.blockbook-frontend.<name>.package | The blockbook package to use.
|
| services.armagetronad.servers.<name>.dns | DNS address to use for this server
|
| services.invoiceplane.sites.<name>.enable | Whether to enable InvoicePlane web application.
|
| services.maubot.settings.plugin_directories.upload | The directory where uploaded new plugins should be stored.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|