| security.pam.services.<name>.showMotd | Whether to show the message of the day.
|
| services.blockbook-frontend.<name>.user | The user as which to run blockbook-frontend-‹name›.
|
| services.h2o.hosts.<name>.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| image.repart.partitions.<name>.contents.<name>.source | Path of the source file.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.i2pd.outTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| containers.<name>.extraVeths.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.quicktun.<name>.localPort | Local UDP port.
|
| nix.registry.<name>.exact | Whether the from reference needs to match exactly
|
| services.redis.servers.<name>.port | The TCP port to accept connections
|
| users.extraUsers.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.ax25.axports.<name>.enable | Whether to enable Enables the axport interface.
|
| services.ax25.axports.<name>.paclen | Default maximum packet size for this interface.
|
| services.cgit.<name>.nginx.location | Location to serve cgit under.
|
| services.rspamd.locals.<name>.source | Path of the source file.
|
| services.rauc.slots.<name>.*.settings | Settings for this slot.
|
| services.spiped.config.<name>.target | Address to which spiped should connect.
|
| services.geth.<name>.metrics.enable | Whether to enable Go Ethereum prometheus metrics.
|
| services.bitcoind.<name>.rpc.users | RPC user information for JSON-RPC connections.
|
| services.redis.servers.<name>.slaveOf | IP and port to which this redis instance acts as a slave.
|
| systemd.user.services.<name>.script | Shell commands executed as the service's main process.
|
| security.acme.certs.<name>.group | Group running the ACME client.
|
| services.tahoe.nodes.<name>.sftpd.enable | Whether to enable SFTP service.
|
| services.tahoe.nodes.<name>.sftpd.port | The port on which the SFTP server will listen
|
| services.nix-store-gcs-proxy.<name>.address | The address of the proxy.
|
| boot.initrd.systemd.users.<name>.uid | ID of the user in initrd.
|
| fileSystems.<name>.fsType | Type of the file system
|
| systemd.user.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.nginx.virtualHosts.<name>.http3 | Whether to enable the HTTP/3 protocol
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses | The external address where the host can be reached
|
| systemd.services.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| security.pam.services.<name>.oathAuth | If set, the OATH Toolkit will be used.
|
| containers.<name>.extraVeths.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses.*.port | The port where the host can be reached
|
| systemd.timers.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.slices.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.gitwatch.<name>.enable | Whether to enable watching for repo.
|
| services.gitwatch.<name>.remote | Optional url of remote repository
|
| services.gitwatch.<name>.branch | Optional branch in remote repository
|
| services.bitcoind.<name>.enable | Whether to enable Bitcoin daemon.
|
| services.mpd.settings | Configuration for MPD
|
| services.geth.<name>.authrpc.enable | Whether to enable Go Ethereum Auth RPC API.
|
| systemd.user.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.user.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| services.sourcehut.settings."sr.ht".site-name | The name of your network of sr.ht-based sites.
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| users.users.<name>.packages | The set of packages that should be made available to the user
|
| services.fedimintd.<name>.nginx.config.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| users.users.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| systemd.user.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.drupal.sites.<name>.package | The drupal package to use.
|
| boot.initrd.extraFiles.<name>.source | The object to make available inside the initrd.
|
| services.nbd.server.exports.<name>.path | File or block device to export.
|
| systemd.timers.<name>.aliases | Aliases of that unit.
|
| systemd.slices.<name>.aliases | Aliases of that unit.
|
| services.ndppd.proxies.<name>.interface | Listen for any Neighbor Solicitation messages on this interface,
and respond to them according to a set of rules
|
| services.rsync.jobs.<name>.inhibit | Run the rsync process with an inhibition lock taken;
see systemd-inhibit(1) for a list of possible operations.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| services.authelia.instances.<name>.group | The name of the group for this authelia instance.
|
| services.kimai.sites.<name>.poolConfig | Options for the Kimai PHP pool
|
| systemd.user.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.slices.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.timers.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.sourcehut.settings."sr.ht".owner-name | Owner's name.
|
| systemd.user.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.openvpn.servers.<name>.up | Shell commands executed when the instance is starting.
|
| services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| services.inadyn.settings.custom.<name>.hostname | Hostname alias(es).
|
| services.inadyn.settings.custom.<name>.username | Username for this DDNS provider.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.joinType | Determines how multiple values are joined to create the claim value
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.inadyn.settings.custom.<name>.ddns-server | DDNS server name.
|
| services.fedimintd.<name>.ui.bind | Address to bind on for UI connections
|
| services.jupyter.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.redis.servers.<name>.syslog | Enable logging to the system logger.
|
| services.redis.servers.<name>.enable | Whether to enable Redis server.
|
| services.rspamd.workers.<name>.count | Number of worker instances to run
|
| services.nginx.virtualHosts.<name>.root | The path of the web root directory.
|
| services.nebula.networks.<name>.ca | Path to the certificate authority certificate.
|
| fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.pid-fan-controller.settings.heatSources.*.name | Name of the heat source.
|
| services.h2o.hosts.<name>.tls.identity | Key / certificate pairs for the virtual host.
|
| services.nsd.zones.<name>.dnssecPolicy.zsk | Key policy for zone signing keys
|
| services.nsd.zones.<name>.dnssecPolicy.ksk | Key policy for key signing keys
|
| services.blockbook-frontend.<name>.dataDir | Location of blockbook-frontend-‹name› data directory.
|
| boot.initrd.luks.devices.<name>.preLVM | Whether the luksOpen will be attempted before LVM scan or after it.
|
| systemd.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.targets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.sockets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.units.<name>.aliases | Aliases of that unit.
|
| systemd.user.paths.<name>.aliases | Aliases of that unit.
|
| services.phpfpm.pools.<name>.socket | Path to the unix socket file on which to accept FastCGI requests.
This option is read-only and managed by NixOS.
|
| services.blockbook-frontend.<name>.group | The group as which to run blockbook-frontend-‹name›.
|