| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| networking.wg-quick.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| hardware.fw-fanctrl.config.strategies.<name>.fanSpeedUpdateFrequency | How often the fan speed should be updated in seconds
|
| virtualisation.fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| virtualisation.interfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| virtualisation.oci-containers.containers.<name>.dependsOn | Define which other containers this one depends on
|
| containers.<name>.allowedDevices | A list of device nodes to which the containers has access to.
|
| services.alerta.databaseName | Name of the database instance to connect to
|
| services.smokeping.user | User that runs smokeping and (optionally) thttpd
|
| services.gancio.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fluidd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.akkoma.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.monica.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.matomo.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.path | Unix domain socket path to bind this listener to.
|
| services.athens.storage.minio.bucket | Bucket name for the minio storage backend.
|
| networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| services.flexget.systemScheduler | When true, execute the runs via the flexget-runner.timer
|
| networking.wireguard.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| services.akkoma.initDb.enable | Whether to automatically initialise the database on startup
|
| services.prosody.httpFileShare.domain | Domain name for a http_file_share service.
|
| services.strongswan-swanctl.swanctl.connections.<name>.keyingtries | Number of retransmission sequences to perform during initial
connect
|
| networking.wireguard.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| containers.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| hardware.fw-fanctrl.config.strategies.<name>.movingAverageInterval | Interval (seconds) of the last temperatures to use to calculate the average temperature
|
| services.bird-lg.frontend.servers | Server name prefixes.
|
| services.librespeed.secrets | Attribute set of filesystem paths
|
| services.smokeping.hostName | DNS name for the urls generated in the cgi.
|
| services.firezone.server.provision.accounts.<name>.features.flow_activities | Whether to enable the flow_activities feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.traffic_filters | Whether to enable the traffic_filters feature for this account.
|
| services.multipath.overrides | This section defines values for attributes that should override the
device-specific settings for all devices.
|
| networking.interfaces.<name>.ipv6.routes.*.options | Other route options
|
| networking.interfaces.<name>.ipv4.routes.*.options | Other route options
|
| networking.openconnect.interfaces.<name>.autoStart | Whether this VPN connection should be started automatically.
|
| virtualisation.allInterfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| security.tpm2.tssUser | Name of the tpm device-owner and service user, set if applyUdevRules is
set.
|
| services.yggdrasil.configFile | A file which contains JSON or HJSON configuration for yggdrasil
|
| services.prosody.uploadHttp.domain | Domain name for the http-upload service
|
| virtualisation.fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| virtualisation.fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| services.ddclient.domains | Domain name(s) to synchronize.
|
| services.postgresql.ensureUsers.*.ensureClauses.login | Grants the user, created by the ensureUser attr, login permissions
|
| programs.starship.presets | Presets files to be merged with settings in order.
|
| services.outline.storage.region | AWS S3 region name.
|
| services.xserver.displayManager.lightdm.greeter.package | The LightDM greeter to login via
|
| services.athens.index.mysql.database | Database name for the MySQL database.
|
| services.borgmatic.configurations.<name>.repositories.*.path | Path to the repository
|
| services.rke2.autoDeployCharts | Auto deploying Helm charts that are installed by the rke2 Helm controller
|
| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| containers.<name>.timeoutStartSec | Time for the container to start
|
| boot.binfmt.registrations.<name>.recognitionType | Whether to recognize executables by magic number or extension.
|
| services.tomcat.virtualHosts | List consisting of a virtual host name and a list of web applications to deploy on each virtual host
|
| networking.sits.<name>.encapsulation.type | Select the encapsulation type:
-
6in4: the IPv6 packets are encapsulated using the
6in4 protocol (formerly known as SIT, RFC 4213);
-
gue: the IPv6 packets are encapsulated in UDP packets
using the Generic UDP Encapsulation (GUE) scheme;
-
foo: the IPv6 packets are encapsulated in UDP packets
using the Foo over UDP (FOU) scheme.
|
| services.stash.settings.video_file_naming_algorithm | Hash algorithm to use for generated file naming
|
| services.nextcloud.config.objectstore.s3.hostname | Required for some non-Amazon implementations.
|
| services.vault.storageBackend | The name of the type of storage backend
|
| virtualisation.fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| services.ncps.cache.lru.scheduleTimeZone | The name of the timezone to use for the cron schedule
|
| services.pangolin.baseDomain | Your base fully qualified domain name (without any subdomains).
|
| networking.wireguard.interfaces.<name>.allowedIPsAsRoutes | Determines whether to add allowed IPs as routes or not.
|
| services.synergy.client.screenName | Use the given name instead of the hostname to identify
ourselves to the server.
|
| services.discourse.admin.fullName | The admin user's full name.
|
| services.consul.interface.bind | The name of the interface to pull the bind_addr from.
|
| services.gitlab.registry.serviceName | GitLab container registry service name.
|
| boot.loader.systemd-boot.extraEntries | Any additional entries you want added to the systemd-boot menu
|
| services.avahi.nssmdns4 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
|
| services.xserver.videoDriver | The name of the video driver for your graphics card
|
| networking.vswitches.<name>.supportedOpenFlowVersions | Supported versions to enable on this switch.
|
| virtualisation.oci-containers.containers.<name>.imageFile | Path to an image file to load before running the image
|
| services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| services.matrix-synapse.settings.registration_shared_secret | If set, allows registration by anyone who also has the shared
secret, even if registration is otherwise disabled
|
| networking.openconnect.interfaces.<name>.gateway | Gateway server to connect to.
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| services.influxdb2.provision.initialSetup.username | Primary username
|
| services.zabbixWeb.nginx.virtualHost | Nginx configuration can be done by adapting services.nginx.virtualHosts.<name>
|
| services.zabbixWeb.httpd.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.<name>
|
| services.prometheus.exporters.pihole.piholeHostname | Hostname or address where to find the Pi-Hole webinterface
|
| services.factorio.stateDirName | Name of the directory under /var/lib holding the server's data
|
| services.factorio.extraSettingsFile | File, which is dynamically applied to server-settings.json before
startup
|
| services.httpd.extraModules | Additional Apache modules to be used
|
| services.synergy.server.screenName | Use the given name instead of the hostname to identify
this screen in the configuration.
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| containers.<name>.restartIfChanged | Whether the container should be restarted during a NixOS
configuration switch if its definition has changed.
|
| networking.ipips.<name>.encapsulation.type | Select the encapsulation type:
-
ipip to create an IPv4 within IPv4 tunnel (RFC 2003).
-
4in6 to create a 4in6 tunnel (RFC 2473);
-
ip6ip6 to create an IPv6 within IPv6 tunnel (RFC 2473);
For encapsulating IPv6 within IPv4 packets, see
the ad-hoc networking.sits option.
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| services.netbird.server.signal.domain | The domain name for the signal service.
|
| services.unpoller.influxdb.db | Database name
|
| containers.<name>.allowedDevices.*.node | Path to device node
|
| services.prometheus.remoteWrite.*.sigv4 | Configures AWS Signature Version 4 settings.
|
| containers.<name>.interfaces | The list of interfaces to be moved into the container.
|
| services.heisenbridge.namespaces | Configure the 'namespaces' section of the registration.yml for the bridge and the server
|
| services.slurm.dbdserver.dbdHost | Hostname of the machine where slurmdbd
is running (i.e. name returned by hostname -s).
|
| services.shairport-sync.user | User account name under which to run shairport-sync
|
| services.nix-serve.secretKeyFile | The path to the file used for signing derivation data
|
| networking.openconnect.interfaces.<name>.privateKey | Private key to authenticate with.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_addrs | Local address(es) to use for IKE communication
|