| hardware.fw-fanctrl.config.strategies.<name>.speedCurve | How should the speed curve look like
|
| services.gitea.dump.file | Filename to be used for the dump
|
| containers.<name>.allowedDevices.*.modifier | Device node access modifier
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| services.namecoind.rpc.password | Password for RPC connections.
|
| services.code-server.host | The host name or IP address the server should listen to.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.pantalaimon-headless.instances.<name>.listenAddress | The address where the daemon will listen to client connections
for this homeserver.
|
| services.dendrite.settings.user_api.account_database.connection_string | Database for the User API, accounts.
|
| services.borgbackup.jobs.<name>.encryption.passphrase | The passphrase the backups are encrypted with
|
| services.gitlab.databaseUsername | GitLab database user.
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The base64 public key to the peer.
|
| services.avahi.domainName | Domain name for all advertisements.
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| services.patroni.scope | Cluster name.
|
| networking.wireguard.interfaces.<name>.ips | The IP addresses of the interface.
|
| services.bitlbee.extraSettings | Will be inserted in the Settings section of the config file.
|
| systemd.sockets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.mail.sendmailSetuidWrapper.program | The name of the wrapper program
|
| programs.nix-required-mounts.allowedPatterns.<name>.paths | A list of glob patterns, indicating which paths to expose to the sandbox
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| systemd.user.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.avahi.hostName | Host name advertised on the LAN
|
| services.murmur.user | The name of an existing user to use to run the service
|
| services.nscd.config | Configuration to use for Name Service Cache Daemon
|
| services.filesender.settings.storage_filesystem_path | When using storage type filesystem this is the absolute path to the file system where uploaded files are stored until they expire
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| networking.interfaces.<name>.ipv4.routes.*.address | IPv4 address of the network.
|
| networking.interfaces.<name>.ipv6.routes.*.address | IPv6 address of the network.
|
| services.grafana.settings.security.csrf_additional_headers | List of allowed headers to be set by the user
|
| services.postgresqlWalReceiver.receivers.<name>.compress | Enables gzip compression of write-ahead logs, and specifies the compression level
(0 through 9, 0 being no compression and 9 being best compression)
|
| services.strongswan-swanctl.swanctl.authorities.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals | AH proposals to offer for the CHILD_SA
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| systemd.user.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.cloudlog.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| networking.sits.<name>.encapsulation | Configures the type of encapsulation.
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.nomad.extraSettingsPaths | Additional settings paths used to configure nomad
|
| services.namecoind.trustedNodes | List of the only peer IP addresses to connect to
|
| services.trilium-server.nginx.enable | Configure the nginx reverse proxy settings.
|
| services.postfix.settings.main.smtpd_tls_security_level | The server TLS security level
|
| programs.zsh.ohMyZsh.theme | Name of the theme to be used by oh-my-zsh.
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| services.sitespeed-io.runs | A list of run configurations
|
| services.pgbouncer.settings.pgbouncer.max_user_connections | Do not allow more than this many server connections per user (regardless of database)
|
| services.matrix-conduit.settings.global.allow_check_for_updates | Whether to allow Conduit to automatically contact
https://conduit.rs hourly to check for important Conduit news
|
| security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| services.pantalaimon-headless.instances.<name>.extraSettings | Extra configuration options
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_id | String identifying the Postquantum Preshared Key (PPK) to be used.
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.mattermost.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) which sets config options
for mattermost (see the Mattermost documentation)
|
| services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.freshrss.webserver | Whether to use nginx or caddy for virtual host management
|
| services.dokuwiki.webserver | Whether to use nginx or caddy for virtual host management
|
| security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| services.minetest-server.config | Settings to add to the minetest config file
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| services.doh-server.settings.ecs_allow_non_global_ip | By default, non global IP addresses are never forwarded to upstream servers
|
| services.tuned.settings.default_instance_priority | Default instance (unit) priority.
|
| services.cloudflared.tunnels.<name>.originRequest.connectTimeout | Timeout for establishing a new TCP connection to your origin server
|
| services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails | List of emails to allow access to this vhost, or null to allow all.
|
| services.grafana.settings.security.content_security_policy | Set to true to add the Content-Security-Policy header to your requests
|
| services.radicale.rights | Configuration for Radicale's rights file
|
| services.kanidm.unix.settings.kanidm.pam_allowed_login_groups | Kanidm groups that are allowed to login using PAM.
|
| users.users.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| services.syncplay.maxUsernameLength | Maximum number of characters in a username.
|
| services.icingaweb2.modules.monitoring.transports.<name>.type | Type of this transport
|
| services.samba-wsdd.domain | Set domain name (disables workgroup).
|
| virtualisation.fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.vault.address | The name of the ip interface to listen to
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| services.syncthing.configDir | The path where the settings and keys will exist.
|
| security.ipa.ipaHostname | Fully-qualified hostname used to identify this host in the IPA domain.
|
| boot.binfmt.registrations.<name>.fixBinary | Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked
|
| services.monica.mail.fromName | Mail "from" name.
|
| services.tmate-ssh-server.host | External host name
|
| services.zoneminder.hostname | The hostname on which to listen.
|
| services.kanidm.serverSettings | Settings for Kanidm, see
the documentation
and example configuration
for possible values.
|
| networking.interfaces.<name>.ipv6.addresses | List of IPv6 addresses that will be statically assigned to the interface.
|
| networking.interfaces.<name>.ipv4.addresses | List of IPv4 addresses that will be statically assigned to the interface.
|
| networking.wireguard.interfaces.<name>.type | The type of the interface
|
| services.icingaweb2.modules.monitoring.transports.<name>.host | Host for the api or remote transport
|
| services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| services.davis.database.urlFile | A file containing the database connection url
|
| networking.wireguard.interfaces.<name>.peers | Peers linked to the interface.
|
| services.postgresql.settings.shared_preload_libraries | List of libraries to be preloaded.
|