| services.redis.servers.<name>.port | The TCP port to accept connections
|
| services.nginx.proxyCachePath.<name>.maxSize | Set maximum cache size
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| security.pam.services.<name>.rootOK | If set, root doesn't need to authenticate (e.g. for the
useradd service).
|
| programs.neovim.runtime.<name>.target | Name of symlink
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| users.users.<name>.shell | The path to the user's shell
|
| services.grafana.provision.datasources.settings.datasources.*.name | Name of the datasource
|
| services.redis.servers.<name>.slaveOf.port | port of the Redis master
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceSingleHopMode | See torrc manual.
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| systemd.user.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.geth.<name>.authrpc.vhosts | List of virtual hostnames from which to accept requests.
|
| services.hans.clients.<name>.server | IP address of server running hans
|
| services.drupal.sites.<name>.themesDir | The location for users to install Drupal themes.
|
| services.nsd.zones.<name>.minRefreshSecs | Limit refresh time for secondary zones.
|
| services.spiped.config.<name>.maxConns | Limit on the number of simultaneous connections allowed.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| systemd.automounts.*.name | The name of this systemd unit, including its extension
|
| services.bitcoind.<name>.dataDir | The data directory for bitcoind.
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| services.fedimintd.<name>.nginx.config.locations.<name>.root | Root directory for requests.
|
| services.autorandr.profiles.<name>.config.<name>.scale.method | Output scaling method.
|
| environment.corePackages | Set of core packages for a normal interactive system
|
| services.zeronsd.servedNetworks.<name>.settings.log_level | Log Level.
|
| services.znapzend.zetup.<name>.destinations.<name>.label | Label for this destination
|
| users.extraGroups.<name>.gid | The group GID
|
| boot.initrd.luks.devices.<name>.keyFile | The name of the file (can be a raw device or a partition) that
should be used as the decryption key for the encrypted device
|
| services.angrr.settings.profile-policies.<name>.keep-current-system | Whether to keep the current system generation
|
| boot.initrd.luks.devices.<name>.header | The name of the file or block device that
should be used as header for the encrypted device.
|
| services.rsync.jobs.<name>.inhibit | Run the rsync process with an inhibition lock taken;
see systemd-inhibit(1) for a list of possible operations.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams | See torrc manual.
|
| security.pam.services.<name>.showMotd | Whether to show the message of the day.
|
| systemd.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.geth.<name>.metrics.enable | Whether to enable Go Ethereum prometheus metrics.
|
| services.bitcoind.<name>.rpc.users | RPC user information for JSON-RPC connections.
|
| services.redis.servers.<name>.slaveOf | IP and port to which this redis instance acts as a slave.
|
| systemd.user.services.<name>.script | Shell commands executed as the service's main process.
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|
| services.bitcoind.<name>.pidFile | Location of bitcoind pid file.
|
| services.sabnzbd.settings.servers.<name>.connections | Number of parallel connections permitted by
the server.
|
| services.authelia.instances.<name>.settings.log.file_path | File path where the logs will be written
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| systemd.services.<name>.script | Shell commands executed as the service's main process.
|
| services.cgit.<name>.nginx.location | Location to serve cgit under.
|
| services.rspamd.locals.<name>.source | Path of the source file.
|
| services.spiped.config.<name>.target | Address to which spiped should connect.
|
| nix.registry.<name>.to | The flake reference from is rewritten to
|
| users.users.<name>.enable | If set to false, the user account will not be created
|
| security.pam.services.<name>.oathAuth | If set, the OATH Toolkit will be used.
|
| services.kimai.sites.<name>.poolConfig | Options for the Kimai PHP pool
|
| services.geth.<name>.authrpc.enable | Whether to enable Go Ethereum Auth RPC API.
|
| systemd.user.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.user.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| services.i2pd.inTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.keySize | Key size in bits
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.keySize | Key size in bits
|
| services.awstats.configs.<name>.extraConfig | Extra configuration to be appended to awstats.${name}.conf.
|
| services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| services.bitcoind.<name>.group | The group as which to run bitcoind.
|
| users.users.<name>.pamMount | Attributes for user's entry in
pam_mount.conf.xml
|
| services.phpfpm.pools.<name>.socket | Path to the unix socket file on which to accept FastCGI requests.
This option is read-only and managed by NixOS.
|
| systemd.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| systemd.user.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| networking.wireguard.interfaces.<name>.peers.*.name | Name used to derive peer unit name.
|
| services.anubis.instances.<name>.settings.DIFFICULTY | The difficulty required for clients to solve the challenge
|
| services.httpd.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.nginx.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.i2pd.outTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.nsd.zones.<name>.provideXFR | Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
|
| services.fedimintd.<name>.nginx.config.locations.<name>.alias | Alias directory for requests.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.index | Adds index directive.
|
| services.syncthing.settings.folders.<name>.versioning.type | The type of versioning
|
| services.nix-store-gcs-proxy.<name>.enable | Whether to enable proxy for this bucket
|
| services.jupyter.kernels.<name>.displayName | Name that will be shown to the user.
|
| systemd.paths.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.drupal.sites.<name>.package | The drupal package to use.
|
| services.autorandr.profiles.<name>.config.<name>.primary | Whether output should be marked as primary
|
| services.openvpn.servers.<name>.up | Shell commands executed when the instance is starting.
|
| services.easytier.instances.<name>.settings.instance_name | Identify different instances on same host
|
| services.nginx.virtualHosts.<name>.http3 | Whether to enable the HTTP/3 protocol
|
| systemd.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.paths.<name>.wants | Start the specified units when this unit is started.
|
| services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| services.autosuspend.checks.<name>.class | Name of the class implementing the check
|
| services.filebeat.modules.<name>.module | The name of the module
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| services.fedimintd.<name>.ui.bind | Address to bind on for UI connections
|
| services.jupyter.kernels.<name>.env | Environment variables to set for the kernel.
|
| services.redis.servers.<name>.syslog | Enable logging to the system logger.
|
| services.redis.servers.<name>.enable | Whether to enable Redis server.
|