| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| services.apache-kafka.configFiles.serverProperties | Kafka server.properties configuration file path
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| hardware.nvidia.nvidiaSettings | Whether to enable nvidia-settings, NVIDIA's GUI configuration tool
.
|
| services.sanoid.datasets.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| services.zabbixWeb.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.firezone.server.provision.accounts.<name>.features.self_hosted_relays | Whether to enable the self_hosted_relays feature for this account.
|
| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| services.znc.useLegacyConfig | Whether to propagate the legacy options under
services.znc.confOptions.* to the znc config
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| services.vikunja.database.database | Database name.
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.openvscode-server.host | The host name or IP address the server should listen to.
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| networking.dhcpcd.setHostname | Whether to set the machine hostname based on the information
received from the DHCP server.
The hostname will be changed only if the current one is
the empty string, localhost or nixos
|
| services.karakeep.extraEnvironment | Environment variables to pass to Karakaeep
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.listmonk.database.mutableSettings | Database settings will be reset to the value set in this module if this is not enabled
|
| services.bookstack.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.discourse.backendSettings | Additional settings to put in the
discourse.conf file
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.veilid.settings.core.protected_store.always_use_insecure_storage | Should we bypass any attempt to use system-provided secure storage?
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.nginx.recommendedGzipSettings | Enable recommended gzip settings
|
| services.lasuite-meet.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.fluidd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.matomo.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.sanoid.templates.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| i18n.inputMethod.fcitx5.plasma6Support | Use qt6 versions of fcitx5 packages
|
| services.sunshine.applications | Configuration for applications to be exposed to Moonlight
|
| networking.wireguard.interfaces.<name>.socketNamespace | The pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the
interface is moved via interfaceNamespace
|
| services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| services.stargazer.routes | Routes that Stargazer should server
|
| services.nextcloud.configureRedis | Whether to configure Nextcloud to use the recommended Redis settings for small instances.
The Nextcloud system check recommends to configure either Redis or Memcache for file lock caching.
The notify_push app requires Redis to be configured
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.cassandra.clusterName | The name of the cluster
|
| services.nagios.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.moodle.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.radicle.httpd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.lavalink.plugins.*.configName | The name of the plugin to use as the key for the plugin configuration.
|
| services.rke2.charts | Packaged Helm charts that are linked to /var/lib/rancher/rke2/server/static/charts before rke2 starts
|
| containers.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| services.nginx.recommendedZstdSettings | Enable recommended zstd settings
|
| security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| virtualisation.oci-containers.containers.<name>.cmd | Commandline arguments to pass to the image's entrypoint.
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| console.font | The font used for the virtual consoles
|
| services.nginx.recommendedUwsgiSettings | Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
|
| services.nginx.recommendedProxySettings | Whether to enable recommended proxy settings if a vhost does not specify the option manually.
|
| services.dependency-track.nginx.domain | The domain name under which to set up the virtual host.
|
| services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| programs.captive-browser.enable | Whether to enable captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| services.dendrite.settings.global.trusted_third_party_id_servers | Lists of domains that the server will trust as identity
servers to verify third party identifiers such as phone
numbers and email addresses
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| services.cloudflare-ddns.wafLists | List of WAF IP Lists to manage, in the format account-id/list-name.
(Experimental feature as of cloudflare-ddns 1.14.0).
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| services.rosenpass.defaultDevice | Name of the network interface to use for all peers by default.
|
| services.mattermost.mutableConfig | Whether the Mattermost config.json is writeable by Mattermost
|
| services.libreswan.policies | A set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.printing.cups-pdf.instances | Permits to raise one or more cups-pdf instances
|
| services.jirafeau.nginxConfig.http3 | Whether to enable the HTTP/3 protocol
|
| services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.prometheus.alertmanagerGotify.metrics.namespace | The namescape of the metrics.
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| services.zabbixWeb.httpd.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.matrix-synapse.settings.url_preview_ip_range_blacklist | List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
|
| services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|