| containers.<name>.forwardPorts.*.containerPort | Target port of container
|
| services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| virtualisation.oci-containers.containers.<name>.workdir | Override the default working directory for the container.
|
| networking.nameservers | The list of nameservers
|
| services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| virtualisation.oci-containers.containers.<name>.autoStart | When enabled, the container is automatically started on boot
|
| services.mattermost.mutableConfig | Whether the Mattermost config.json is writeable by Mattermost
|
| virtualisation.oci-containers.containers.<name>.login.registry | Registry where to login to.
|
| boot.initrd.secrets | Secrets to append to the initrd
|
| services.rosenpass.defaultDevice | Name of the network interface to use for all peers by default.
|
| services.cloudflare-ddns.wafLists | List of WAF IP Lists to manage, in the format account-id/list-name.
(Experimental feature as of cloudflare-ddns 1.14.0).
|
| services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| services.printing.cups-pdf.instances | Permits to raise one or more cups-pdf instances
|
| services.sanoid.datasets.<name>.process_children_only | Whether to only snapshot child datasets if recursing.
|
| services.libreswan.policies | A set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_email_domains | List of email domains to allow access to this vhost, or null to allow all.
|
| environment.wvdial.pppDefaults | Default ppp settings for wvdial.
|
| services.xserver.displayManager.lightdm.greeters.gtk.indicators | List of allowed indicator modules to use for the lightdm gtk
greeter panel
|
| services.prometheus.alertmanagerGotify.metrics.namespace | The namescape of the metrics.
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| services.jirafeau.nginxConfig.http3 | Whether to enable the HTTP/3 protocol
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| services.opencloud.environment | Extra environment variables to set for the service
|
| services.zabbixWeb.httpd.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.rke2.charts | Packaged Helm charts that are linked to /var/lib/rancher/rke2/server/static/charts before rke2 starts
|
| virtualisation.oci-containers.containers.<name>.autoRemoveOnStop | Automatically remove the container when it is stopped or killed
|
| boot.kernelPatches | A list of additional patches to apply to the kernel
|
| programs.chromium.initialPrefs | Initial preferences are used to configure the browser for the first run
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.bind_addresses | IP addresses to bind the listener to.
|
| services.victoriametrics.basicAuthUsername | Basic Auth username used to protect VictoriaMetrics instance by authorization
|
| services.opencloud.environmentFile | An environment file as defined in systemd.exec(5)
|
| virtualisation.oci-containers.containers.<name>.login.passwordFile | Path to file containing password.
|
| services.prometheus.remoteWrite.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.calibre-web.options.reverseProxyAuth.header | Auth proxy header name.
|
| services.lldap.environment | Environment variables passed to the service
|
| virtualisation.oci-containers.containers.<name>.extraOptions | Extra options for podman run.
|
| services.librenms.database.database | Name of the database on the MySQL/MariaDB server.
|
| hardware.nvidia-container-toolkit.enable-hooks | List of hooks to enable when generating the CDI specification
|
| hardware.display.edid.linuxhw | Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID
Attribute names will be mapped to EDID filenames <NAME>.bin
|
| services.radicle.httpd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.dolibarr.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.kanboard.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.fediwall.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.agorakit.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.librenms.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.mainsail.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.pixelfed.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.nginx.recommendedBrotliSettings | Enable recommended brotli settings
|
| boot.zfs.extraPools | Name or GUID of extra ZFS pools that you wish to import during boot
|
| services.prometheus.remoteRead.*.tls_config | Configures the remote read request's TLS settings.
|
| services.pgbackrest.repos | An attribute set of repositories as described in:
https://pgbackrest.org/configuration.html#section-repository
Each repository defaults to set repo-host to the attribute's name
|
| programs.regreet.font.package | The package that provides the font given in the name option.
|
| services.prometheus.exporters.sql.user | User name under which the sql exporter shall be run.
|
| services.prometheus.exporters.lnd.user | User name under which the lnd exporter shall be run.
|
| services.prometheus.exporters.nut.user | User name under which the nut exporter shall be run.
|
| services.prometheus.exporters.kea.user | User name under which the kea exporter shall be run.
|
| services.prometheus.exporters.pve.user | User name under which the pve exporter shall be run.
|
| services.prometheus.exporters.zfs.user | User name under which the zfs exporter shall be run.
|
| services.firezone.server.provision.accounts.<name>.features.multi_site_resources | Whether to enable the multi_site_resources feature for this account.
|
| services.stash.settings.show_one_time_moved_notification | Whether a small notification to inform the user that Stash will no longer show a terminal window, and instead will be available in the tray
|
| services.subsonic.listenAddress | The host name or IP address on which to bind Subsonic
|
| services.limesurvey.nginx.virtualHost | Nginx configuration can be done by adapting services.nginx.virtualHosts.<name>
|
| services.limesurvey.httpd.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.<name>
|
| services.limesurvey.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.<name>
|
| services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|
| services.consul.interface.advertise | The name of the interface to pull the advertise_addr from.
|
| services.librenms.distributedPoller.enable | Configure this LibreNMS instance as a distributed poller
|
| services.mastodon.configureNginx | Configure nginx as a reverse proxy for mastodon
|
| virtualisation.oci-containers.containers.<name>.preRunExtraOptions | Extra options for podman that go before the run argument.
|
| services.prometheus.exporters.knot.user | User name under which the knot exporter shall be run.
|
| services.prometheus.exporters.json.user | User name under which the json exporter shall be run.
|
| services.prometheus.exporters.mqtt.user | User name under which the mqtt exporter shall be run.
|
| services.prometheus.exporters.ping.user | User name under which the ping exporter shall be run.
|
| services.prometheus.exporters.bird.user | User name under which the bird exporter shall be run.
|
| services.prometheus.exporters.ebpf.user | User name under which the ebpf exporter shall be run.
|
| services.prometheus.exporters.bind.user | User name under which the bind exporter shall be run.
|
| services.prometheus.exporters.node.user | User name under which the node exporter shall be run.
|
| services.prometheus.exporters.mail.user | User name under which the mail exporter shall be run.
|
| services.prometheus.exporters.ipmi.user | User name under which the ipmi exporter shall be run.
|
| services.prometheus.exporters.flow.user | User name under which the flow exporter shall be run.
|
| services.prometheus.exporters.nats.user | User name under which the nats exporter shall be run.
|
| services.prometheus.exporters.snmp.user | User name under which the snmp exporter shall be run.
|
| services.prometheus.remoteWrite.*.tls_config | Configures the remote write request's TLS settings.
|
| services.datadog-agent.checks | Configuration for all Datadog checks
|
| networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| services.thinkfan.sensors.*.query | The query string used to match one or more sensors: can be
a fullpath to the temperature file (single sensor) or a fullpath
to a driver directory (multiple sensors).
When multiple sensors match, the query can be restricted using the
name or indices options.
|
| services.onlyoffice.postgresName | The name of database OnlyOffice should use.
|
| services.multipath.devices.*.product | Regular expression to match the product name
|
| services.prometheus.exporters.php-fpm.user | User name under which the php-fpm exporter shall be run.
|
| services.tailscale.useRoutingFeatures | Enables settings required for Tailscale's routing features like subnet routers and exit nodes
|
| services.rsnapshot.extraConfig | rsnapshot configuration option in addition to the defaults from
rsnapshot and this module
|
| hardware.nvidia-container-toolkit.disable-hooks | List of hooks to disable when generating the CDI specification
|
| services.maubot.settings.plugin_databases.postgres_max_conns_per_plugin | Maximum number of connections per plugin instance.
|
| networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds | Periodically refresh the endpoint hostname or address for all peers
|
| virtualisation.fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| services.athens.singleFlight.redisSentinel.masterName | Name of the sentinel master server.
|
| services.nginx.experimentalZstdSettings | Enable alpha quality zstd module with recommended settings
|
| services.athens.storage.azureblob.accountName | Account name for the Azure Blob storage backend.
|