| services.factorio.extraSettingsFile | File, which is dynamically applied to server-settings.json before
startup
|
| networking.ipips.<name>.encapsulation.type | Select the encapsulation type:
-
ipip to create an IPv4 within IPv4 tunnel (RFC 2003).
-
4in6 to create a 4in6 tunnel (RFC 2473);
-
ip6ip6 to create an IPv6 within IPv6 tunnel (RFC 2473);
For encapsulating IPv6 within IPv4 packets, see
the ad-hoc networking.sits option.
|
| containers.<name>.restartIfChanged | Whether the container should be restarted during a NixOS
configuration switch if its definition has changed.
|
| services.netbird.server.signal.domain | The domain name for the signal service.
|
| services.unpoller.influxdb.db | Database name
|
| containers.<name>.allowedDevices.*.node | Path to device node
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| containers.<name>.interfaces | The list of interfaces to be moved into the container.
|
| services.heisenbridge.namespaces | Configure the 'namespaces' section of the registration.yml for the bridge and the server
|
| services.slurm.dbdserver.dbdHost | Hostname of the machine where slurmdbd
is running (i.e. name returned by hostname -s).
|
| services.prometheus.remoteWrite.*.sigv4 | Configures AWS Signature Version 4 settings.
|
| services.shairport-sync.user | User account name under which to run shairport-sync
|
| services.nix-serve.secretKeyFile | The path to the file used for signing derivation data
|
| networking.openconnect.interfaces.<name>.privateKey | Private key to authenticate with.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_addrs | Local address(es) to use for IKE communication
|
| containers.<name>.forwardPorts | List of forwarded ports from host to container
|
| services.samba-wsdd.workgroup | Set workgroup name (default WORKGROUP).
|
| services.smokeping.linkStyle | DNS name for the urls generated in the cgi.
|
| services.paperless.passwordFile | A file containing the superuser password
|
| services.keyd.keyboards | Configuration for one or more device IDs
|
| services.strongswan-swanctl.swanctl.connections.<name>.childless | Use childless IKE_SA initiation (allow, prefer, force or never)
|
| boot.isNspawnContainer | Whether the machine is running in an nspawn container
|
| virtualisation.fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.wgautomesh.settings.upnp_forward_external_port | Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD.
|
| networking.supplicant.<name>.userControlled.enable | Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli
|
| networking.interfaces.<name>.ipv4.addresses.*.address | IPv4 address of the interface
|
| networking.interfaces.<name>.ipv6.addresses.*.address | IPv6 address of the interface
|
| services.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.agorakit.config | Agorakit configuration options to set in the
.env file
|
| containers.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| services.corosync.clusterName | Name of the corosync cluster.
|
| services.prefect.databaseName | database name for postgres only
|
| services.autorandr.matchEdid | Match displays based on edid instead of name
|
| services.xserver.displayManager.session | List of sessions supported with the command used to start each
session
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| services.strongswan-swanctl.swanctl.connections.<name>.reauth_time | Time to schedule IKE reauthentication
|
| services.clamav.clamonacc.enable | Whether to enable ClamAV on-access scanner
|
| services.matrix-continuwuity.settings.global.allow_announcements_check | If enabled, continuwuity will send a simple GET request periodically to
https://continuwuity.org/.well-known/continuwuity/announcements for any new announcements made.
|
| services.prosody.muc.*.tombstoneExpiry | This settings controls how long a tombstone is considered
valid
|
| services.pgbouncer.settings.pgbouncer.ignore_startup_parameters | By default, PgBouncer allows only parameters it can keep track of in startup packets:
client_encoding, datestyle, timezone and standard_conforming_strings
|
| services.jigasi.defaultJvbRoomName | Name of the default JVB room that will be joined if no special header is included in SIP invite.
|
| services.dovecot2.imapsieve.mailbox.*.from | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when the message originates from the indicated mailbox
|
| services.mattermost.preferNixConfig | If both mutableConfig and this option are set, the Nix configuration
will take precedence over any settings configured in the server
console.
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.id | This is the name that will be displayed by NetworkManager and GUIs.
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| networking.openconnect.interfaces.<name>.protocol | Protocol to use.
|
| containers.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| boot.zfs.forceImportAll | Forcibly import all ZFS pool(s)
|
| services.strongswan-swanctl.swanctl.connections.<name>.proposals | A proposal is a set of algorithms
|
| services.cloudlog.database.user | MySQL user name.
|
| services.gammu-smsd.backend.sql.database | Database name to store sms data
|
| services.misskey.reverseProxy.host | The fully qualified domain name to bind to
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name | Name of the filter
|
| virtualisation.interfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| networking.vswitches | This option allows you to define Open vSwitches that connect
physical networks together
|
| services.grafana.settings.database.locking_attempt_timeout_sec | For mysql, if the migrationLocking feature toggle is set,
specify the time (in seconds) to wait before failing to lock the database for the migrations.
|
| services.dovecot2.imapsieve.mailbox.*.causes | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when one of the listed IMAPSIEVE causes apply
|
| services.supybot.plugins | Attribute set of additional plugins that will be symlinked to the
plugin subdirectory
|
| services.syncplay.useACMEHost | If set, use NixOS-generated ACME certificate with the specified name for TLS
|
| services.asterisk.useTheseDefaultConfFiles | Sets these config files to the default content
|
| virtualisation.fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.mastodon.user | User under which mastodon runs
|
| services.bacula-fd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.usbrelayd.clientName | Name, your client connects as.
|
| services.k3s.charts | Packaged Helm charts that are linked to /var/lib/rancher/k3s/server/static/charts before k3s starts
|
| services.freshrss.virtualHost | Name of the caddy/nginx virtualhost to use and setup.
|
| services.bookstack.config | BookStack configuration options to set in the
.env file
|
| services.shairport-sync.group | Group account name under which to run shairport-sync
|
| services.rspamd.overrides | Overridden configuration files, written into /etc/rspamd/override.d/{name}.
|
| services.resolved.llmnr | Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host
|
| users.mysql.pam.logging.msgColumn | The name of the column in the log table to which the description
of the performed operation is stored.
|
| services.prometheus.exporters.py-air-control.deviceHostname | The hostname of the air purification device from which to scrape the metrics.
|
| boot.binfmt.registrations.<name>.wrapInterpreterInShell | Whether to wrap the interpreter in a shell script
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base | Defines the base URI for the Hash and URL feature supported by
IKEv2
|
| virtualisation.allInterfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| services.radicle.httpd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.mqtt2influxdb.influxdb.username | Username for InfluxDB login.
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| hardware.cpu.amd.ryzen-smu.enable | Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors
|
| networking.interfaces.<name>.ipv6.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (64).
|
| networking.interfaces.<name>.ipv4.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (24).
|
| services.miredo.interfaceName | Name of the network tunneling interface.
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.autossh.sessions.*.user | Name of the user the AutoSSH session should run as
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| services.prometheus.remoteRead.*.basic_auth.username | HTTP username
|
| services.nullmailer.config.defaulthost | The content of this attribute is appended to any address that
is missing a host name
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| services.restic.server.privateRepos | Enable private repos
|
| boot.initrd.luks.devices | The encrypted disk that should be opened before the root
filesystem is mounted
|
| services.bacula-dir.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.mattermost.siteName | Name of this Mattermost site.
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.jibri.xmppEnvironments.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.coder.database.database | Name of database.
|
| services.komodo-periphery.extraSettings | Extra settings to add to the generated TOML config.
|