| services.pgadmin.emailServer.username | SMTP server username for email delivery
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails | List of emails to allow access to this vhost, or null to allow all.
|
| services.sitespeed-io.runs | A list of run configurations
|
| security.tpm2.tssUser | Name of the tpm device-owner and service user, set if applyUdevRules is
set.
|
| users.mysql.database | The name of the database containing the users
|
| fonts.fontconfig.localConf | System-wide customization file contents, has higher priority than
defaultFonts settings.
|
| boot.isNspawnContainer | Whether the machine is running in an nspawn container
|
| systemd.network.networks.<name>.tokenBucketFilterConfig | Each attribute in this set specifies an option in the
[TokenBucketFilter] section of the unit
|
| systemd.network.networks.<name>.heavyHitterFilterConfig | Each attribute in this set specifies an option in the
[HeavyHitterFilter] section of the unit
|
| systemd.user.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.trilium-server.nginx.enable | Configure the nginx reverse proxy settings.
|
| services.pgbouncer.settings.pgbouncer.max_user_connections | Do not allow more than this many server connections per user (regardless of database)
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| boot.initrd.systemd.contents.<name>.dlopen.usePriority | Priority of dlopen ELF notes to include. "required" is
minimal, "recommended" includes "required", and
"suggested" includes "recommended"
|
| services.postfix.settings.main.smtpd_tls_security_level | The server TLS security level
|
| services.icingaweb2.modules.monitoring.transports.<name>.type | Type of this transport
|
| services.discourse.admin.username | The admin user username.
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| services.matrix-conduit.settings.global.allow_check_for_updates | Whether to allow Conduit to automatically contact
https://conduit.rs hourly to check for important Conduit news
|
| networking.vswitches.<name>.interfaces | The physical network interfaces connected by the vSwitch.
|
| systemd.network.netdevs.<name>.wireguardConfig | Each attribute in this set specifies an option in the
[WireGuard] section of the unit
|
| services.vikunja.frontendHostname | The Hostname under which the frontend is running.
|
| services.radicale.rights | Configuration for Radicale's rights file
|
| networking.interfaces.<name>.virtualOwner | In case of a virtual device, the user who owns it.
null will not set owner, allowing access to any user.
|
| services.minetest-server.config | Settings to add to the minetest config file
|
| services.freshrss.webserver | Whether to use nginx or caddy for virtual host management
|
| services.dokuwiki.webserver | Whether to use nginx or caddy for virtual host management
|
| services.samba-wsdd.domain | Set domain name (disables workgroup).
|
| services.matrix-synapse.settings.app_service_config_files | A list of application service config file to use
|
| services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| services.doh-server.settings.ecs_allow_non_global_ip | By default, non global IP addresses are never forwarded to upstream servers
|
| services.vault.address | The name of the ip interface to listen to
|
| services.monica.mail.fromName | Mail "from" name.
|
| services.tmate-ssh-server.host | External host name
|
| services.icingaweb2.modules.monitoring.transports.<name>.host | Host for the api or remote transport
|
| services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| programs.starship.presets | Presets files to be merged with settings in order.
|
| services.skydns.nameservers | Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
|
| networking.supplicant.<name>.configFile.path | External wpa_supplicant.conf configuration file
|
| services.tuned.settings.default_instance_priority | Default instance (unit) priority.
|
| services.mattermost.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) which sets config options
for mattermost (see the Mattermost documentation)
|
| services.grafana.settings.security.content_security_policy | Set to true to add the Content-Security-Policy header to your requests
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve | How should the speed curve look like
|
| services.cassandra.jmxRoles.*.username | Username for JMX
|
| services.firezone.server.provision.accounts.<name>.features.rest_api | Whether to enable the rest_api feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.idp_sync | Whether to enable the idp_sync feature for this account.
|
| containers.<name>.allowedDevices.*.modifier | Device node access modifier
|
| services.kanidm.unix.settings.kanidm.pam_allowed_login_groups | Kanidm groups that are allowed to login using PAM.
|
| services.icingaweb2.modules.monitoring.transports.<name>.path | Path to the socket for local or remote transports
|
| services.icingaweb2.modules.monitoring.transports.<name>.port | Port to connect to for the api or remote transport
|
| services.cyrus-imap.group | Cyrus IMAP group name
|
| services.syncthing.configDir | The path where the settings and keys will exist.
|
| services.kanidm.serverSettings | Settings for Kanidm, see
the documentation
and example configuration
for possible values.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.strongswan-swanctl.swanctl.authorities.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.icingaweb2.modules.monitoring.backends.<name>.disabled | Disable this backend
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The base64 public key to the peer.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dscp | Differentiated Services Field Codepoint to set on outgoing IKE packets for
this connection
|
| services.davis.database.urlFile | A file containing the database connection url
|
| networking.wireless.networks.<name>.psk | The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw with an external
reference to keep it safe.
Mutually exclusive with pskRaw.
|
| networking.wireguard.interfaces.<name>.ips | The IP addresses of the interface.
|
| services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|
| networking.wireless.networks.<name>.ssid | You could use this field to override the network's ssid
|
| systemd.sockets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| programs.nix-required-mounts.allowedPatterns.<name>.paths | A list of glob patterns, indicating which paths to expose to the sandbox
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| services.davfs2.davUser | When invoked by root the mount.davfs daemon will run as this user
|
| services.dovecot2.user | Dovecot user name.
|
| systemd.user.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.password | |
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| networking.interfaces.<name>.ipv4.routes.*.address | IPv4 address of the network.
|
| networking.interfaces.<name>.ipv6.routes.*.address | IPv6 address of the network.
|
| services.tor.torsocks.socks5Username | SOCKS5 username
|
| services.cloudflared.tunnels.<name>.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| services.postgresql.settings.shared_preload_libraries | List of libraries to be preloaded.
|
| services.kismet.serverName | The name of the server.
|
| services.icecream.daemon.hostname | Hostname of the daemon in the icecream infrastructure
|
| systemd.network.networks.<name>.quickFairQueueingConfig | Each attribute in this set specifies an option in the
[QuickFairQueueing] section of the unit
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| systemd.user.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nextcloud.settings.mail_send_plaintext_only | Email will be sent by default with an HTML and a plain text body
|
| services.murmur.group | The name of an existing group to use to run the service
|
| networking.sits.<name>.encapsulation | Configures the type of encapsulation.
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| programs.zsh.ohMyZsh.theme | Name of the theme to be used by oh-my-zsh.
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| networking.wireless.networks.<name>.extraConfig | Extra configuration lines appended to the network block
|
| services.gdomap.enable | Whether to enable GNUstep Distributed Objects name server.
|
| services.firezone.server.smtp.username | Username to authenticate against the SMTP relay
|
| services.strongswan-swanctl.swanctl.connections.<name>.vips | List of virtual IPs to request in IKEv2 configuration payloads or IKEv1
Mode Config
|