| systemd.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.jirafeau.nginxConfig.locations.<name>.tryFiles | Adds try_files directive.
|
| systemd.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.davis.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.slskd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.movim.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.nextcloud-spreed-signaling.settings.clients.internalsecretFile | The path to the file containing the value for clients.internalsecret
|
| services.livekit.ingress.settings.rtc_config.port_range_start | Start of UDP port range for WebRTC
|
| image.repart.partitions.<name>.storePaths | The store paths to include in the partition.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time | Maximum lifetime before CHILD_SA gets closed
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wordpress.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.warpgate.settings.http.sni_certificates.*.certificate | Path to certificate.
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| systemd.network.links.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.anuko-time-tracker.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.fedimintd.<name>.bitcoin.rpc.secretFile | If set the URL specified in bitcoin.rpc.url will get the content of this file added
as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com
|
| services.cjdns.UDPInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.cloudflared.tunnels.<name>.ingress | Ingress rules
|
| services.cjdns.ETHInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.cloudflared.tunnels.<name>.default | Catch-all service if no ingress matches
|
| services.mosquitto.bridges.<name>.addresses.*.port | Port of the remote MQTT broker.
|
| services.firewalld.zones.<name>.forwardPorts.*.protocol | |
| services.bcg.mqtt.username | MQTT server access username.
|
| systemd.shutdownRamfs.contents.<name>.text | Text of the file.
|
| systemd.timers.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.slices.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.jellyfin.forceEncodingConfig | Whether to overwrite Jellyfin's encoding.xml configuration file on each service start
|
| services.blockbook-frontend.<name>.extraConfig | Additional configurations to be appended to coin.conf
|
| services.wordpress.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| systemd.services.<name>.confinement.enable | If set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
|
| services.tor.relay.onionServices.<name>.authorizeClient | See torrc manual.
|
| services.github-runners.<name>.extraEnvironment | Extra environment variables to set for the runner, as an attrset.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.addressDescription | An optional description for resource address, usually a full link to the resource including a schema.
|
| services.borgbackup.repos.<name>.allowSubRepos | Allow clients to create repositories in subdirectories of the
specified path
|
| systemd.user.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytes | Byte range from which to choose a random value to subtract from
rekey_bytes
|
| services.lldap.settings.ldap_user_pass_file | Path to a file containing the default admin password
|
| security.acme.certs.<name>.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| services.fedimintd.<name>.api_iroh.openFirewall | Opens UDP port in firewall for fedimintd's API Iroh endpoint
|
| services.grafana.provision.datasources.settings.datasources.*.secureJsonData | Datasource specific secure configuration
|
| services.matrix-synapse.settings.enable_registration | Enable registration for new users.
|
| services.public-inbox.inboxes.<name>.description | User-visible description for the repository.
|
| services.snipe-it.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| systemd.services.<name>.confinement.binSh | The program to make available as /bin/sh inside
the chroot
|
| services.woodpecker-agents.agents.<name>.enable | Whether to enable this Woodpecker-Agent
|
| services.netbird.tunnels.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.netbird.clients.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.jitsi-videobridge.xmppConfigs.<name>.userName | User part of the JID.
|
| containers.<name>.restartIfChanged | Whether the container should be restarted during a NixOS
configuration switch if its definition has changed.
|
| systemd.paths.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.matrix-synapse.settings.trusted_key_servers | The trusted servers to download signing keys from.
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.fedimintd.<name>.nginx.config.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nagios.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.pools.<name>.dns | Address or CIDR subnets
StrongSwan default: []
|
| services.moodle.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.simplesamlphp.<name>.package | The simplesamlphp package to use.
|
| services.firewalld.zones.<name>.description | Description for the zone.
|
| systemd.network.netdevs.<name>.bondConfig | Each attribute in this set specifies an option in the
[Bond] section of the unit
|
| systemd.network.netdevs.<name>.xfrmConfig | Each attribute in this set specifies an option in the
[Xfrm] section of the unit
|
| systemd.network.netdevs.<name>.peerConfig | Each attribute in this set specifies an option in the
[Peer] section of the unit
|
| systemd.network.netdevs.<name>.wlanConfig | Each attribute in this set specifies an option in the [WLAN] section of the unit
|
| systemd.network.netdevs.<name>.l2tpConfig | Each attribute in this set specifies an option in the
[L2TP] section of the unit
|
| systemd.network.netdevs.<name>.vlanConfig | Each attribute in this set specifies an option in the
[VLAN] section of the unit
|
| services.fedimintd.<name>.nginx.config.reuseport | Create an individual listening socket
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.tryFiles | Adds try_files directive.
|
| containers.<name>.allowedDevices.*.node | Path to device node
|
| services.acme-dns.settings.api.disable_registration | Whether to disable the HTTP registration endpoint.
|
| containers.<name>.forwardPorts | List of forwarded ports from host to container
|
| services.tarsnap.archives.<name>.verylowmem | Reduce memory consumption by a factor of 2 beyond what
lowmem does, at the cost of significantly
slowing down the archiving process.
|
| services.wordpress.sites.<name>.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|
| containers.<name>.interfaces | The list of interfaces to be moved into the container.
|
| services.libeufin.bank.settings.libeufin-bank.SUGGESTED_WITHDRAWAL_EXCHANGE | Exchange that is suggested to wallets when withdrawing
|
| services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| services.matrix-synapse.settings.dynamic_thumbnails | Whether to generate new thumbnails on the fly to precisely match
the resolution requested by the client
|
| boot.initrd.luks.devices.<name>.yubikey.keyLength | Length of the LUKS slot key derived with PBKDF2 in byte.
|
| boot.initrd.luks.devices.<name>.yubikey.twoFactor | Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
|
| services.radicle.httpd.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.jibri.xmppEnvironments.<name>.xmppDomain | The base XMPP domain.
|
| services.neo4j.ssl.policies.<name>.trustedDir | Path to directory of X.509 certificates in PEM format for
trusted parties
|
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| services.postfix.settings.main.recipient_delimiter | Set of characters used as the delimiters for address extensions
|
| services.bookstack.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.bookstack.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.nice | Niceness.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.nice | Niceness.
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.grafana.settings.analytics.reporting_enabled | When enabled Grafana will send anonymous usage statistics to stats.grafana.org
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.description | Optional description for the bucket.
|