| services.fcgiwrap.instances.<name>.process.prefork | Number of processes to prefork.
|
| networking.greTunnels.<name>.dev | The underlying network device on which the tunnel resides.
|
| networking.bridges.<name>.rstp | Whether the bridge interface should enable rstp.
|
| services.maubot.settings.plugin_directories.upload | The directory where uploaded new plugins should be stored.
|
| services.kanidm.provision.systems.oauth2.<name>.imageFile | Application image to display in the WebUI
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readBuckets | The organization's buckets which should be allowed to be read
|
| services.jirafeau.nginxConfig.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.jirafeau.nginxConfig.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.maubot.settings.plugin_directories.trash | The directory where old plugin versions and conflicting plugins should be moved
|
| fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.snapserver.settings.tcp-streaming.bind_to_address | Address to listen on for snapclient connections.
|
| virtualisation.xen.store.settings.ringScanInterval | Perodic scanning for all the rings as a safenet for lazy clients
|
| services.minio.configDir | The config directory, for the access keys and other settings.
|
| security.auditd.plugins.<name>.type | This tells the dispatcher how the plugin wants to be run
|
| services.matrix-tuwunel.settings.global.unix_socket_perms | The default permissions (in octal) to create the UNIX socket with.
|
| systemd.timers.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.slices.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| containers.<name>.flake | The Flake URI of the NixOS configuration to use for the container
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".socket_dir | Path to the postgres socket directory
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| virtualisation.containerd.settings | Verbatim lines to add to containerd.toml
|
| hardware.display.outputs.<name>.edid | An EDID filename to be used for configured display, as in edid/<filename>
|
| systemd.user.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.slices.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.timers.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.fedimintd.<name>.nginx.config.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.woodpecker-agents.agents.<name>.extraGroups | Additional groups for the systemd service.
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| services.buildkite-agents.<name>.privateSshKeyPath | OpenSSH private key
A run-time path to the key file, which is supposed to be provisioned
outside of Nix store.
|
| programs.ssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.etebase-server.settings.allowed_hosts.allowed_host1 | The main host that is allowed access.
|
| services.system76-scheduler.settings.cfsProfiles.responsive.wakeup-granularity | sched_wakeup_granularity_ns.
|
| services.fedimintd.<name>.nginx.config.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.operator | Grants all permissions in all organizations.
|
| security.acme.certs.<name>.dnsProvider | DNS Challenge provider
|
| services.woodpecker-agents.agents.<name>.enable | Whether to enable this Woodpecker-Agent
|
| services.bookstack.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| environment.etc.<name>.source | Path of the source file.
|
| services.invoiceplane.sites.<name>.cron.enable | Enable cron service which periodically runs Invoiceplane tasks
|
| services.mpdscribble.endpoints.<name>.url | The url endpoint where the scrobble API is listening.
|
| virtualisation.xen.store.settings.persistent | Whether to activate the filed base backend.
|
| services.jibri.xmppEnvironments.<name>.call.login.domain | The domain part of the JID for the recorder.
|
| documentation.man.mandoc.settings.output.fragment | Whether to omit the declaration and the , , and
elements and only emit the subtree below the element in HTML
output of mandoc(1)
|
| services.mediagoblin.settings.mediagoblin.email_debug_mode | Disable email debug mode to start sending outgoing mails
|
| boot.initrd.luks.devices.<name>.postOpenCommands | Commands that should be run right after we have mounted our LUKS device.
|
| services.dendrite.settings.mscs.database.connection_string | Database for exerimental MSC's.
|
| services.nitter.server.hostname | Hostname of the instance.
|
| virtualisation.docker.daemon.settings.live-restore | Allow dockerd to be restarted without affecting running container
|
| systemd.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.services.<name>.confinement.enable | If set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
|
| services.btrbk.instances.<name>.snapshotOnly | Whether to run in snapshot only mode
|
| services.mautrix-meta.instances.<name>.serviceUnit | The systemd unit (a service or a target) for other services to depend on if they
need to be started after matrix-synapse
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| systemd.network.networks.<name>.xfrm | A list of xfrm interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.bond | A list of bond interfaces to be added to the network section of the
unit
|
| systemd.user.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| systemd.network.networks.<name>.vlan | A list of vlan interfaces to be added to the network section of the
unit
|
| boot.initrd.luks.devices.<name>.yubikey.gracePeriod | Time in seconds to wait for the YubiKey.
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.dolibarr.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.agorakit.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.librenms.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.fediwall.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.pixelfed.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.mainsail.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.nextcloud.settings.mail_from_address | FROM address that overrides the built-in sharing-noreply and lostpassword-noreply FROM addresses
|
| services.libeufin.bank.settings.libeufin-bank.SUGGESTED_WITHDRAWAL_EXCHANGE | Exchange that is suggested to wallets when withdrawing
|
| systemd.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.autosuspend.wakeups.<name>.enabled | Whether to enable this wake-up check.
|
| services.consul-template.instances.<name>.package | The consul-template package to use.
|
| services.nginx.virtualHosts.<name>.sslCertificate | Path to server SSL certificate.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df | Whether to copy the DF bit to the outer IPv4 header in tunnel mode
|
| services.warpgate.settings.ssh.inactivity_timeout | How long can user be inactive until Warpgate terminates the connection.
|
| services.networkd-dispatcher.rules.<name>.script | Shell commands executed on specified operational states.
|
| boot.initrd.luks.devices.<name>.yubikey.storage.fsType | The filesystem of the unencrypted device.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writeBuckets | The organization's buckets which should be allowed to be written
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_client | Enable the built-in web client for this interface binding.
|
| systemd.user.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| networking.jool.nat64 | Definitions of NAT64 instances of Jool
|
| networking.bonds.<name>.mode | DEPRECATED, use driverOptions
|
| services.keepalived.vrrpScripts.<name>.interval | Seconds between script invocations.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_MONTHLY | Limits for timeline cleanup.
|
| programs.ssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| hardware.sane.brscan5.netDevices.<name>.ip | The ip address of the device
|
| hardware.sane.brscan4.netDevices.<name>.ip | The ip address of the device
|
| services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| virtualisation.docker.rootless.daemon.settings | Configuration for docker daemon
|