| services.h2o.hosts.<name>.acme.useHost | An existing Let’s Encrypt certificate to use for this virtual
host
|
| services.asusd.auraConfigs.<name>.text | Text of the file.
|
| services.nbd.server.exports.<name>.path | File or block device to export.
|
| systemd.user.units.<name>.text | Text of this systemd unit.
|
| services.gitwatch.<name>.path | The path to repo in local machine
|
| hardware.sheep_net.enable | Enables sheep_net udev rules, ensures 'sheep_net' group exists, and adds
sheep-net to boot.kernelModules and boot.extraModulePackages
|
| power.ups.users.<name>.upsmon | Add the necessary actions for a upsmon process to work
|
| services.autorandr.profiles.<name>.config.<name>.rotate | Output rotate configuration.
|
| services.autorandr.profiles.<name>.config.<name>.enable | Whether to enable the output.
|
| services.k3s.autoDeployCharts.<name>.package | The packaged Helm chart
|
| security.acme.certs.<name>.domain | Domain to fetch certificate for (defaults to the entry name).
|
| services.h2o.hosts.<name>.tls.identity | Key / certificate pairs for the virtual host.
|
| services.nsd.zones.<name>.dnssecPolicy.zsk | Key policy for zone signing keys
|
| services.nsd.zones.<name>.dnssecPolicy.ksk | Key policy for key signing keys
|
| services.restic.backups.<name>.user | As which user the backup should run.
|
| services.bind.zones.<name>.extraConfig | Extra zone config to be appended at the end of the zone section.
|
| systemd.user.services.<name>.preStart | Shell commands executed before the service's main process
is started.
|
| services.nginx.virtualHosts.<name>.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.nginx.virtualHosts.<name>.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.nextcloud.webfinger | Enable this option if you plan on using the webfinger plugin
|
| services.postfix.settings.master.<name>.command | A program name specifying a Postfix service/daemon process
|
| services.bitcoind.<name>.port | Override the default port on which to listen for connections.
|
| services.shorewall6.enable | Whether to enable Shorewall IPv6 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| systemd.services.<name>.preStart | Shell commands executed before the service's main process
is started.
|
| services.spiped.config.<name>.keyfile | Name of a file containing the spiped key
|
| programs.feedbackd.enable | Whether to enable the feedbackd D-BUS service and udev rules
|
| services.prosody.virtualHosts.<name>.domain | Domain name
|
| services.redis.servers.<name>.port | The TCP port to accept connections
|
| services.nginx.proxyCachePath.<name>.maxSize | Set maximum cache size
|
| security.pam.services.<name>.rootOK | If set, root doesn't need to authenticate (e.g. for the
useradd service).
|
| services.mirakurun.allowSmartCardAccess | Install polkit rules to allow Mirakurun to access smart card readers
which is commonly used along with tuner devices.
|
| programs.neovim.runtime.<name>.target | Name of symlink
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.cgit.<name>.settings | cgit configuration, see cgitrc(5)
|
| services.uhub.<name>.settings | Configuration of uhub
|
| users.users.<name>.shell | The path to the user's shell
|
| services.redis.servers.<name>.slaveOf.port | port of the Redis master
|
| systemd.user.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.geth.<name>.authrpc.vhosts | List of virtual hostnames from which to accept requests.
|
| services.hans.clients.<name>.server | IP address of server running hans
|
| services.drupal.sites.<name>.themesDir | The location for users to install Drupal themes.
|
| services.spiped.config.<name>.maxConns | Limit on the number of simultaneous connections allowed.
|
| services.nsd.zones.<name>.minRefreshSecs | Limit refresh time for secondary zones.
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| systemd.automounts.*.name | The name of this systemd unit, including its extension
|
| services.bitcoind.<name>.dataDir | The data directory for bitcoind.
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| services.fedimintd.<name>.nginx.config.locations.<name>.root | Root directory for requests.
|
| services.autorandr.profiles.<name>.config.<name>.scale.method | Output scaling method.
|
| hardware.kryoflux.enable | Enables kryoflux udev rules, ensures 'floppy' group exists
|
| services.tinc.networks.<name>.hostSettings.<name>.settings | Configuration for this host
|
| services.znapzend.zetup.<name>.destinations.<name>.label | Label for this destination
|
| users.extraGroups.<name>.gid | The group GID
|
| services.rsync.jobs.<name>.inhibit | Run the rsync process with an inhibition lock taken;
see systemd-inhibit(1) for a list of possible operations.
|
| boot.initrd.luks.devices.<name>.keyFile | The name of the file (can be a raw device or a partition) that
should be used as the decryption key for the encrypted device
|
| boot.initrd.luks.devices.<name>.header | The name of the file or block device that
should be used as header for the encrypted device.
|
| security.pam.services.<name>.showMotd | Whether to show the message of the day.
|
| systemd.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.bitcoind.<name>.rpc.users | RPC user information for JSON-RPC connections.
|
| services.geth.<name>.metrics.enable | Whether to enable Go Ethereum prometheus metrics.
|
| services.redis.servers.<name>.slaveOf | IP and port to which this redis instance acts as a slave.
|
| systemd.user.services.<name>.script | Shell commands executed as the service's main process.
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.suricata.settings.default-rule-path | Path in which suricata-update managed rules are stored by default.
|
| services.bitcoind.<name>.pidFile | Location of bitcoind pid file.
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| systemd.services.<name>.script | Shell commands executed as the service's main process.
|
| services.cgit.<name>.nginx.location | Location to serve cgit under.
|
| services.rspamd.locals.<name>.source | Path of the source file.
|
| services.rauc.slots.<name>.*.settings | Settings for this slot.
|
| services.spiped.config.<name>.target | Address to which spiped should connect.
|
| security.pam.services.<name>.oathAuth | If set, the OATH Toolkit will be used.
|
| services.kimai.sites.<name>.poolConfig | Options for the Kimai PHP pool
|
| services.geth.<name>.authrpc.enable | Whether to enable Go Ethereum Auth RPC API.
|
| systemd.user.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| systemd.user.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| nix.registry.<name>.to | The flake reference from is rewritten to
|
| users.users.<name>.enable | If set to false, the user account will not be created
|
| services.i2pd.inTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.keySize | Key size in bits
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.keySize | Key size in bits
|
| services.awstats.configs.<name>.extraConfig | Extra configuration to be appended to awstats.${name}.conf.
|
| services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| services.bitcoind.<name>.group | The group as which to run bitcoind.
|
| users.users.<name>.pamMount | Attributes for user's entry in
pam_mount.conf.xml
|
| services.phpfpm.pools.<name>.socket | Path to the unix socket file on which to accept FastCGI requests.
This option is read-only and managed by NixOS.
|
| systemd.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| systemd.user.services.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| networking.wireguard.interfaces.<name>.peers.*.name | Name used to derive peer unit name.
|
| services.httpd.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.nginx.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.i2pd.outTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.dovecot2.imapsieve.mailbox | Configure Sieve filtering rules on IMAP actions
|
| services.nsd.zones.<name>.provideXFR | Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
|