| services.bookstack.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.slskd.settings.remote_file_management | Whether to enable modification of share contents through the web ui.
|
| systemd.network.networks.<name>.addresses | A list of address sections to be added to the unit
|
| services.vikunja.frontendHostname | The Hostname under which the frontend is running.
|
| networking.wg-quick.interfaces.<name>.postUp | Commands called after the interface setup.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action | Action to perform after loading the configuration.
- The default of
none loads the connection only, which
then can be manually initiated or used as a responder configuration.
- The value
trap installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
- The value
start initiates the connection actively.
- Since version 5.9.6 two modes above can be combined with
trap|start,
to immediately initiate a connection for which trap policies have been installed
|
| services.gitlab-runner.services.<name>.environmentVariables | Custom environment variables injected to build environment
|
| networking.wlanInterfaces | Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)
|
| services.kubernetes.proxy.hostname | Kubernetes proxy hostname override.
|
| services.cloudflared.tunnels.<name>.credentialsFile | Credential file
|
| boot.binfmt.registrations.<name>.mask | A mask to be ANDed with the byte sequence of the file before matching
|
| networking.wg-quick.interfaces.<name>.type | The type of the interface
|
| services.borgbackup.jobs.<name>.encryption.passphrase | The passphrase the backups are encrypted with
|
| programs.openvpn3.log-service.settings.log_dbus_details | Add D-Bus details in log file/syslog
|
| services.cassandra.jmxRoles.*.username | Username for JMX
|
| boot.initrd.luks.devices.<name>.bypassWorkqueues | Whether to bypass dm-crypt's internal read and write workqueues
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| networking.wg-quick.interfaces.<name>.preDown | Command called before the interface is taken down.
|
| programs.xfs_quota.projects.<name>.sizeHardLimit | Hard limit of the project size.
|
| programs.proxychains.proxies.<name>.host | Proxy host or IP address.
|
| programs.xfs_quota.projects.<name>.sizeSoftLimit | Soft limit of the project size
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Web.Endpoint".has_reverse_proxy | Whether you use a reverse proxy
|
| services.keter.bundle.appName | The name keter assigns to this bundle
|
| services.guix.publish.user | Name of the user to change once the server is up.
|
| services.woodpecker-agents.agents.<name>.environmentFile | File to load environment variables
from
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| networking.wireguard.interfaces.<name>.listenPort | 16-bit port for listening
|
| networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| boot.zfs.devNodes | Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d option
|
| services.maubot.settings.server.override_resource_path | Override path from where to load UI resources.
|
| services.grav.systemSettings | Settings written to user/config/system.yaml.
|
| services.simplesamlphp.<name>.configureNginx | Configure nginx as a reverse proxy for SimpleSAMLphp.
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| services.biboumi.settings.persistent_by_default | Whether all rooms will be persistent by default:
the value of the “persistent” option in the global configuration of each
user will be “true”, but the value of each individual room will still
default to false
|
| services.invoiceplane.sites.<name>.invoiceTemplates | List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| services.keepalived.vrrpInstances.<name>.trackInterfaces | List of network interfaces to monitor for health tracking.
|
| programs.xfs_quota.projects.<name>.fileSystem | XFS filesystem hosting the xfs_quota project.
|
| services.mediagoblin.settings.mediagoblin.allow_registration | Whether to enable user self registration
|
| services.dendrite.settings.federation_api.database.connection_string | Database for the Federation API.
|
| services.sanoid.datasets.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| services.avahi.domainName | Domain name for all advertisements.
|
| services.longview.apiKeyFile | A file containing the Longview API key
|
| services.veilid.settings.core.network.detect_address_changes | Should veilid-core detect and notify on network address changes?
|
| boot.initrd.luks.devices.<name>.fido2.credentials | List of FIDO2 credential IDs
|
| services.taskserver.organisations.<name>.groups | A list of group names that belong to the organization.
|
| systemd.network.networks.<name>.ipv6PREF64Prefixes | A list of IPv6PREF64Prefix sections to be added to the unit
|
| services.strongswan-swanctl.swanctl.authorities.<name>.file | Absolute path to the certificate to load
|
| services.graphite.web.extraConfig | Graphite webapp settings
|
| openstack.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.baikal.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediated_by | The name of the connection to mediate this connection through
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| networking.wlanInterfaces.<name>.meshID | MeshID of interface with type mesh.
|
| services.patroni.scope | Cluster name.
|
| services.cyrus-imap.group | Cyrus IMAP group name
|
| services.mautrix-meta.instances.<name>.environmentFile | File containing environment variables to substitute when copying the configuration
out of Nix store to the services.mautrix-meta.dataDir
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.nextjs-ollama-llm-ui.hostname | The hostname under which the Ollama UI interface should be accessible
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| image.repart.partitions.<name>.stripNixStorePrefix | Whether to strip /nix/store/ from the store paths
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets | Number of packets processed before initiating CHILD_SA rekeying
|
| services.archisteamfarm.bots.<name>.passwordFile | Path to a file containing the password
|
| networking.wg-quick.interfaces.<name>.postDown | Command called after the interface is taken down.
|
| services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| services.tailscale.serve.services | Services to configure for Tailscale Serve
|
| security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| services.outline.smtp.host | Host name or IP address of the SMTP server.
|
| programs.schroot.profiles.<name>.copyfiles | A list of files to copy into the chroot from the host system.
|
| services.bonsaid.configFile | Path to a .json file specifying the state transitions
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.password | |
| services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| services.system76-scheduler.assignments.<name>.matchers | Process matchers.
|
| services.cloudflared.tunnels.<name>.originRequest.connectTimeout | Timeout for establishing a new TCP connection to your origin server
|
| services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| services.murmur.group | The name of an existing group to use to run the service
|
| services.buildkite-agents | Attribute set of buildkite agents
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.postgresqlWalReceiver.receivers.<name>.directory | Directory to write the output to.
|
| services.microsocks.authUsername | Optional username to use for authentication.
|
| systemd.network.networks.<name>.ipv6RoutePrefixes | A list of ipv6RoutePrefix sections to be added to the unit
|
| services.pantalaimon-headless.instances.<name>.listenPort | The port where the daemon will listen to client connections for
this homeserver
|
| services.davis.database.urlFile | A file containing the database connection url
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_id | String identifying the Postquantum Preshared Key (PPK) to be used.
|
| services.hardware.lcd.server.usbGroup | The group to use for settings permissions
|
| networking.wireless.networks.<name>.bssid | If set, this network block is used only when associating with
the AP using the configured BSSID.
|
| services.sanoid.templates.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress | mailserver name or address
|
| security.auditd.plugins.<name>.direction | The option is dictated by the plugin
|
| services.samba-wsdd.domain | Set domain name (disables workgroup).
|
| networking.wlanInterfaces.<name>.type | The type of the WLAN interface
|
| security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name | See this list
for the available filters.
|
| services.epmd.enable | Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),
which acts as a name server on all hosts involved in distributed
Erlang computations.
|
| networking.supplicant.<name>.driver | Force a specific wpa_supplicant driver.
|
| networking.wlanInterfaces.<name>.flags | Flags for interface of type monitor.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|