| services.webhook.hooksTemplated | Same as hooks, but these hooks are specified as literal strings instead of Nix values,
and hence can include template syntax
which might not be representable as JSON
|
| services.beesd.filesystems.<name>.workDir | Name (relative to the root of the filesystem) of the subvolume where
the hash table will be stored.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.valuesByGroup | Maps kanidm groups to values for the claim.
|
| services.fedimintd.<name>.p2p.port | Port to bind on for p2p connections from peers (both TCP and UDP)
|
| services.fedimintd.<name>.p2p.bind | Address to bind on for p2p connections from peers (both TCP and UDP)
|
| systemd.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.httpd.virtualHosts.<name>.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| systemd.user.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.sockets.<name>.wants | Start the specified units when this unit is started.
|
| systemd.user.targets.<name>.wants | Start the specified units when this unit is started.
|
| services.r53-ddns.hostname | Manually specify the hostname
|
| services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| services.httpd.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.asusd.auraConfigs.<name>.source | Path of the source file.
|
| services.caddy.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.rss2email.feeds.<name>.url | The URL at which to fetch the feed.
|
| services.redis.servers.<name>.unixSocket | The path to the socket to bind to.
|
| services.bitcoind.<name>.package | The bitcoind package to use.
|
| networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| users.extraUsers.<name>.subUidRanges.*.count | Count of subordinate user ids
|
| services.geth.<name>.metrics.address | Listen address of Go Ethereum metrics service.
|
| services.drupal.sites.<name>.phpOptions | Options for PHP's php.ini file for this Drupal site.
|
| services.nginx.proxyCachePath.<name>.enable | Whether to enable this proxy cache path entry.
|
| systemd.user.targets.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.user.sockets.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.ghostunnel.servers.<name>.allowOU | Allow client if organizational unit name appears in the list.
|
| boot.initrd.systemd.groups.<name>.gid | ID of the group in initrd.
|
| services.dovecot2.imapsieve.mailbox.*.name | This setting configures the name of a mailbox for which administrator scripts are configured
|
| power.ups.ups.<name>.maxStartDelay | This can be set as a global variable above your first UPS
definition and it can also be set in a UPS section
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.fedimintd.<name>.api.url | Public URL of the API address of the reverse proxy/tls terminator
|
| services.drupal.sites.<name>.poolConfig | Options for the Drupal PHP pool
|
| systemd.user.units.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.paths.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.timers.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.slices.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.openafsServer.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.openafsClient.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.nginx.proxyCachePath.<name>.keysZoneSize | Set size to shared memory zone.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets.*.prefixLength | The prefix length of the subnet
|
| services.bitcoind.<name>.configFile | The configuration file path to supply bitcoind.
|
| security.pam.services.<name>.p11Auth | If set, keys listed in
~/.ssh/authorized_keys and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
|
| services.ndppd.proxies.<name>.rules | This is a rule that the target address is to match against
|
| services.hostapd.radios.<name>.noScan | Disables scan for overlapping BSSs in HT40+/- mode
|
| services.cjdns.ETHInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| services.cjdns.UDPInterface.connectTo.<name>.peerName | (optional) human-readable name for peer
|
| services.hans.clients.<name>.extraConfig | Additional command line parameters
|
| services.dokuwiki.sites.<name>.stateDir | Location of the DokuWiki state directory.
|
| services.iodine.clients.<name>.server | Hostname of server running iodined
|
| services.restic.backups.<name>.checkOpts | A list of options for 'restic check'.
|
| services.rspamd.workers.<name>.enable | Whether to run the rspamd worker.
|
| services.kimai.sites.<name>.settings | Structural Kimai's local.yaml configuration
|
| services.geth.<name>.authrpc.address | Listen address of Go Ethereum Auth RPC API.
|
| services.restic.backups.<name>.runCheck | Whether to run the check command with the provided checkOpts options.
|
| services.phpfpm.pools.<name>.phpPackage | The PHP package to use for running this PHP-FPM pool.
|
| environment.etc.<name>.group | Group name of file owner
|
| services.h2o.hosts.<name>.settings | Attrset to be transformed into YAML for host config
|
| services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| services.rsync.jobs.<name>.settings | Settings that should be passed to rsync via long options
|
| systemd.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.fedimintd.<name>.api.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.fedimintd.<name>.api.port | Port to bind on for API connections relied by the reverse proxy/tls terminator.
|
| users.users.<name>.description | A short description of the user account, typically the
user's full name
|
| services.geth.<name>.websocket.port | Port number of Go Ethereum WebSocket API.
|
| systemd.services.<name>.scriptArgs | Arguments passed to the main process script
|
| services.anubis.instances.<name>.settings.BIND | The address that Anubis listens to
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses.*.address | The external IP address or hostname where the host can be reached.
|
| services.namecoind.rpc.user | User name for RPC connections.
|
| services.znapzend.zetup.<name>.destinations.<name>.plan | The znapzend backup plan to use for the source
|
| systemd.user.timers.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.slices.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.nylon.<name>.deniedIPRanges | Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:
[ "0.0.0.0/0" ]
To block all other access than the allowed.
|
| services.dokuwiki.sites.<name>.acl.*.actor | User or group to restrict
|
| services.bepasty.servers.<name>.dataDir | Path to the directory where the pastes will be saved to
|
| services.h2o.hosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host
configuration.
|
| systemd.user.services.<name>.upholds | Keeps the specified running while this unit is running
|
| services.ghostunnel.servers.<name>.allowURI | Allow client if URI subject alternative name appears in the list.
|
| services.ghostunnel.servers.<name>.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| services.bitcoind.<name>.testnet | Whether to use the testnet instead of mainnet.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.i2pd.inTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.kimai.sites.<name>.database.user | Database user.
|
| services.bird-lg.frontend.nameFilter | Protocol names to hide in summary tables (RE2 syntax),
|
| security.pam.services.<name>.limits.*.type | Type of this limit
|
| security.pam.services.<name>.mysqlAuth | If set, the pam_mysql module will be used to
authenticate users against a MySQL/MariaDB database.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.keySize | Key size in bits
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.keySize | Key size in bits
|
| services.h2o.hosts.<name>.acme.useHost | An existing Let’s Encrypt certificate to use for this virtual
host
|
| services.k3s.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| systemd.user.slices.<name>.aliases | Aliases of that unit.
|
| systemd.user.timers.<name>.aliases | Aliases of that unit.
|
| systemd.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.logcheck.ignore.<name>.level | Set the logcheck level.
|