| systemd.user.targets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.sockets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort | Target port of container
|
| systemd.services.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| containers.<name>.path | As an alternative to specifying
config, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
|
| systemd.services.<name>.postStop | Shell commands executed after the service's main process
has exited.
|
| users.extraUsers.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| users.extraUsers.<name>.description | A short description of the user account, typically the
user's full name
|
| security.acme.certs.<name>.validMinDays | Minimum remaining validity before renewal in days.
|
| boot.initrd.systemd.users.<name>.shell | The path to the user's shell in initrd.
|
| boot.initrd.systemd.users.<name>.group | Group the user belongs to in initrd.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.bitcoind.<name>.port | Override the default port on which to listen for connections.
|
| services.i2pd.inTunnels.<name>.keys | Keyset used for tunnel identity.
|
| services.phpfpm.pools.<name>.group | Group account under which this pool runs.
|
| systemd.nspawn.<name>.execConfig | Each attribute in this set specifies an option in the
[Exec] section of this unit
|
| systemd.timers.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.slices.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| networking.vswitches.<name>.interfaces.<name>.vlan | Vlan tag to apply to interface
|
| networking.vswitches.<name>.interfaces.<name>.type | Openvswitch type to assign to interface
|
| users.extraUsers.<name>.packages | The set of packages that should be made available to the user
|
| services.bitcoind.<name>.dataDir | The data directory for bitcoind.
|
| services.rsync.jobs.<name>.sources | Source directories.
|
| services.pgbackrest.stanzas.<name>.jobs.<name>.schedule | When or how often the backup should run
|
| users.users.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.quicktun.<name>.privateKeyFile | Path to file containing local secret key in binary or hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| programs.uwsm.waylandCompositors.<name>.extraArgs | Extra command-line arguments pass to to the compsitor.
|
| systemd.user.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.blockbook-frontend.<name>.user | The user as which to run blockbook-frontend-‹name›.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.alias | Alias directory for requests.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.index | Adds index directive.
|
| security.acme.certs.<name>.keyType | Key type to use for private keys
|
| power.ups.ups.<name>.maxStartDelay | This can be set as a global variable above your first UPS
definition and it can also be set in a UPS section
|
| services.geth.<name>.metrics.port | Port number of Go Ethereum metrics service.
|
| services.geth.<name>.http.address | Listen address of Go Ethereum HTTP API.
|
| systemd.services.<name>.preStart | Shell commands executed before the service's main process
is started.
|
| services.h2o.hosts.<name>.acme.root | Directory for the ACME challenge, which is public
|
| services.filebeat.modules.<name>.module | The name of the module
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.cgit.<name>.settings | cgit configuration, see cgitrc(5)
|
| services.uhub.<name>.settings | Configuration of uhub
|
| services.i2pd.outTunnels.<name>.keys | Keyset used for tunnel identity.
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|
| power.ups.ups.<name>.directives | List of configuration directives for this UPS.
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| services.bitcoind.<name>.pidFile | Location of bitcoind pid file.
|
| containers.<name>.extraVeths | Extra veth-pairs to be created for the container.
|
| services.jupyter.kernels.<name>.language | Language of the environment
|
| systemd.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.authelia.instances.<name>.user | The name of the user for this authelia instance.
|
| services.v4l2-relayd.instances.<name>.cardLabel | The name the camera will show up as.
|
| security.wrappers.<name>.group | The group of the wrapper program.
|
| services.bitcoind.<name>.group | The group as which to run bitcoind.
|
| security.wrappers.<name>.owner | The owner of the wrapper program.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.errbot.instances.<name>.backend | Errbot backend name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.pppd.peers.<name>.config | pppd configuration for this peer, see the pppd(8) man page.
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| environment.etc.<name>.text | Text of the file.
|
| services.nsd.keys.<name>.keyFile | Path to the file which contains the actual base64 encoded
key
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| services.pid-fan-controller.settings.heatSources.*.name | Name of the heat source.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.tryFiles | Adds try_files directive.
|
| services.pgbackrest.stanzas.<name>.instances.<name>.host | PostgreSQL host for operating remotely.
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| services.geth.<name>.authrpc.port | Port number of Go Ethereum Auth RPC API.
|
| services.tts.servers.<name>.useCuda | Whether to offload computation onto a CUDA compatible GPU.
|
| services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKey | Legacy RSA public key of the host in PEM format, including start and
end markers
|
| services.spiped.config.<name>.keyfile | Name of a file containing the spiped key
|
| boot.initrd.luks.devices.<name>.device | Path of the underlying encrypted block device.
|
| networking.sits.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| systemd.services.<name>.path | Packages added to the service's PATH
environment variable
|
| systemd.user.services.<name>.preStop | Shell commands executed to stop the service.
|
| systemd.services.<name>.script | Shell commands executed as the service's main process.
|
| systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.prometheus.exporters.rtl_433.ids.*.name | Name to match.
|
| services.drupal.sites.<name>.filesDir | The location of the Drupal files directory.
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.id | This is the name that will be displayed by NetworkManager and GUIs.
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| systemd.user.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| boot.specialFileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.nix-store-gcs-proxy.<name>.enable | Whether to enable proxy for this bucket
|
| containers.<name>.bindMounts | An extra list of directories that is bound to the container.
|
| systemd.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.rsync.jobs.<name>.timerConfig | When to run the job.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| programs.nix-required-mounts.allowedPatterns.<name>.paths | A list of glob patterns, indicating which paths to expose to the sandbox
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.i2pd.inTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|