| services.prometheus.exporters.surfboard.user | User name under which the surfboard exporter shall be run.
|
| services.prometheus.exporters.pgbouncer.user | User name under which the pgbouncer exporter shall be run.
|
| services.prometheus.exporters.wireguard.user | User name under which the wireguard exporter shall be run.
|
| services.prometheus.exporters.tailscale.user | User name under which the tailscale exporter shall be run.
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| services.prometheus.exporters.mongodb.collectAll | Enable all collectors
|
| services.home-assistant.extraComponents | List of components that have their dependencies included in the package
|
| services.prometheus.exporters.junos-czerwonk.user | User name under which the junos-czerwonk exporter shall be run.
|
| containers | A set of NixOS system configurations to be run as lightweight
containers
|
| containers.<name>.networkNamespace | Takes the path to a file representing a kernel network namespace that the container
shall run in
|
| services.prometheus.exporters.mailman3.user | User name under which the mailman3 exporter shall be run.
|
| services.limesurvey.nginx.virtualHost.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.sourcehut.builds.postgresql.database | PostgreSQL database name for the builds.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
|
| hardware.display.edid.modelines | Attribute set of XFree86 Modelines automatically converted
and exposed as edid/<name>.bin files in initrd
|
| boot.loader.systemd-boot.windows | Make Windows bootable from systemd-boot
|
| services.pgmanage.connections | pgmanage requires at least one PostgreSQL server be defined
|
| services.umami.createPostgresqlDatabase | Whether to automatically create the database for Umami using PostgreSQL
|
| hardware.firmware | List of packages containing firmware files
|
| services.misskey.reverseProxy.webserver.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| system.nixos.label | NixOS version name to be used in the names of generated
outputs and boot labels
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.journaldriver.logStream | Configures the name of the Stackdriver Logging log stream into
which to write journald entries
|
| services.foundationdb.tls.allowedPeers | "Peer verification string"
|
| services.nullmailer.config.adminaddr | If set, all recipients to users at either "localhost" (the literal string)
or the canonical host name (from the me control attribute) are remapped to this address
|
| services.zfs.autoReplication.localFilesystem | Local ZFS filesystem from which snapshots should be sent
|
| services.limesurvey.nginx.virtualHost.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| programs.kubeswitch.commandName | The name of the command to use
|
| services.prometheus.exporters.buildkite-agent.user | User name under which the buildkite-agent exporter shall be run.
|
| services.prometheus.exporters.storagebox.user | User name under which the storagebox exporter shall be run.
|
| services.prometheus.exporters.scaphandre.user | User name under which the scaphandre exporter shall be run.
|
| hardware.trackpoint.device | The device name of the trackpoint
|
| programs.captive-browser.browser | The shell (/bin/sh) command executed once the proxy starts
|
| services.crowdsec-firewall-bouncer.secrets.apiKeyPath | Path to the API key to authenticate with a local CrowdSec API
|
| services.icingaweb2.modulePackages | Name-package attrset of Icingaweb 2 modules packages to enable
|
| image.repart.verityStore.partitionIds.store-verity | Specify the attribute name of the store's dm-verity hash partition.
|
| services.misskey.reverseProxy.webserver.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| services.rutorrent.nginx.exposeInsecureRPC2mount | If you do not enable one of the rpc or httprpc plugins you need to expose an RPC mount through scgi using this option
|
| services.desktopManager.gnome.flashback.customSessions.*.wmLabel | The name of the window manager to show in the session chooser.
|
| services.prometheus.exporters.exportarr-lidarr.user | User name under which the exportarr-lidarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-radarr.user | User name under which the exportarr-radarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-bazarr.user | User name under which the exportarr-bazarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-sonarr.user | User name under which the exportarr-sonarr exporter shall be run.
|
| containers.<name>.additionalCapabilities | Grant additional capabilities to the container
|
| boot.loader.grub.fsIdentifier | Determines how GRUB will identify devices when generating the
configuration file
|
| services.dependency-track.database.databaseName | Database name to use when connecting to an external or
manually provisioned database; has no effect when a local
database is automatically provisioned
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| virtualisation.graphics | Whether to run QEMU with a graphics window, or in nographic mode
|
| services.pufferpanel.enable | Whether to enable PufferPanel game management server
|
| services.sanoid.datasets.<name>.force_post_snapshot_script | Whether to run the post script if the pre script fails
|
| services.yggdrasil.denyDhcpcdInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.sanoid.templates.<name>.force_post_snapshot_script | Whether to run the post script if the pre script fails
|
| services.mosquitto.listeners.*.omitPasswordAuth | Omits password checking, allowing anyone to log in with any user name unless
other mandatory authentication methods (eg TLS client certificates) are configured.
|
| services.prometheus.exporters.exportarr-readarr.user | User name under which the exportarr-readarr exporter shall be run.
|
| services.prometheus.exporters.artifactory.user | User name under which the artifactory exporter shall be run.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.username | Credentials are used to authenticate the requests to Uyuni API.
|
| services.grafana.settings.security.strict_transport_security_max_age_seconds | Sets how long a browser should cache HSTS in seconds
|
| services.bluesky-pds.environmentFiles | File to load environment variables from
|
| programs.msmtp.accounts | Named accounts and their respective configurations
|
| services.matrix-alertmanager.matrixRooms | Combination of Alertmanager receiver(s) and rooms for the bot to join
|
| services.prometheus.exporters.mqtt.prometheusPrefix | Prefix added to the metric name.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowCN | Allow client if common name appears in the list.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.username | HTTP username
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowOU | Allow client if organizational unit name appears in the list.
|
| services.mqtt2influxdb.influxdb.database | Name of the InfluxDB database.
|
| services.xserver.desktopManager.gnome.flashback.customSessions.*.wmLabel | The name of the window manager to show in the session chooser.
|
| users.ldap.bind.distinguishedName | The distinguished name to bind to the LDAP server with
|
| boot.loader.grub.configurationName | GRUB entry name instead of default.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowURI | Allow client if URI subject alternative name appears in the list.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.postgresql.ensureUsers.*.ensureDBOwnership | Grants the user ownership to a database with the same name
|
| services.datadog-agent.extraIntegrations | Extra integrations from the Datadog core-integrations
repository that should be built and included
|
| networking.wireless.userControlled.enable | Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli
|
| networking.wireless.userControlled | Allow users of the wpa_supplicant group to control wpa_supplicant
through wpa_gui or wpa_cli
|
| services.prometheus.exporters.exportarr-prowlarr.user | User name under which the exportarr-prowlarr exporter shall be run.
|
| networking.ucarp.downscript | Command to run after become backup, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| virtualisation.rosetta.enable | Whether to enable Rosetta support
|
| services.chatgpt-retrieval-plugin.qdrantCollection | name of the qdrant collection used to store documents.
|
| virtualisation.libvirtd.onBoot | Specifies the action to be done to / on the guests when the host boots
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.username | Consul username
|
| hardware.nvidia.prime.offload.offloadCmdMainProgram | Specifies the CLI name of the hardware.nvidia.prime.offload.enableOffloadCmd
convenience script for offloading programs to an nvidia device.
|
| networking.nat.externalInterface | The name of the external network interface.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.exporters.modemmanager.user | User name under which the modemmanager exporter shall be run.
|
| programs.pay-respects.runtimeRules | List of rules to be added to /etc/xdg/pay-respects/rules.
pay-respects will read the contents of these generated rules to recommend command corrections
|
| services.crowdsec-firewall-bouncer.registerBouncer.bouncerName | Name to register the bouncer as to the CrowdSec API
|
| services.outline.oidcAuthentication.displayName | Display name for OIDC authentication.
|
| services.strongswan-swanctl.swanctl.connections | Section defining IKE connection configurations, each in its own subsection
with an arbitrary yet unique name
|
| services.multipath.devices.*.user_friendly_names | If set to "yes", using the bindings file /etc/multipath/bindings
to assign a persistent and unique alias to the multipath, in the
form of mpath
|
| services.strongswan-swanctl.swanctl.authorities | Section defining complementary attributes of certification authorities, each
in its own subsection with an arbitrary yet unique name
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.mosquitto.listeners.*.authPlugins.*.denySpecialChars | Automatically disallow all clients using #
or + in their name/id.
|
| services.journaldriver.googleCloudProject | Configures the name of the Google Cloud project to which to
forward journald logs
|
| boot.loader.grub.mirroredBoots.*.efiBootloaderId | The id of the bootloader to store in efi nvram
|
| services.taskserver.organisations | An attribute set where the keys name the organisation and the values
are a set of lists of users and
groups.
|
| services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|