| services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.hostapd.radios.<name>.networks.<name>.macAllowFile | Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| services.openvpn.servers.<name>.authUserPass.username | The username to store inside the credentials file.
|
| services.bacula-sd.autochanger.<name>.changerDevice | The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource
|
| services.ax25.axports.<name>.window | Default window size for this interface.
|
| services.uhub.<name>.plugins.*.plugin | Path to plugin file.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| systemd.user.paths.<name>.wants | Start the specified units when this unit is started.
|
| services.xserver.xkb.extraLayouts.<name>.typesFile | The path to the xkb types file
|
| services.autorandr.profiles.<name>.config.<name>.position | Output position
|
| ec2.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| systemd.services.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| nix.registry.<name>.from | The flake reference to be rewritten
|
| services.redis.servers.<name>.user | User account under which this instance of redis-server runs.
If left as the default value this user will automatically be
created on system activation, otherwise you are responsible for
ensuring the user exists before the redis service starts.
|
| services.h2o.hosts.<name>.settings | Attrset to be transformed into YAML for host config
|
| services.geth.<name>.websocket.apis | APIs to enable over WebSocket
|
| services.nebula.networks.<name>.cert | Path to the host certificate.
|
| security.acme.certs.<name>.s3Bucket | S3 bucket name to use for HTTP-01 based challenges
|
| services.hostapd.radios.<name>.noScan | Disables scan for overlapping BSSs in HT40+/- mode
|
| services.i2pd.inTunnels.<name>.accessList | I2P nodes that are allowed to connect to this service.
|
| services.drupal.sites.<name>.modulesDir | The location for users to install Drupal modules.
|
| services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| services.public-inbox.inboxes.<name>.url | URL where this inbox can be accessed over HTTP.
|
| services.tor.relay.onionServices.<name>.map | See torrc manual.
|
| services.fedimintd.<name>.api.url | Public URL of the API address of the reverse proxy/tls terminator
|
| services.drupal.sites.<name>.poolConfig | Options for the Drupal PHP pool
|
| services.fedimintd.<name>.p2p.port | Port to bind on for p2p connections from peers (both TCP and UDP)
|
| services.fedimintd.<name>.p2p.bind | Address to bind on for p2p connections from peers (both TCP and UDP)
|
| services.i2pd.outTunnels.<name>.inbound.quantity | Number of simultaneous ‹name› tunnels.
|
| hardware.keyboard.zsa.enable | Whether to enable udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I
|
| systemd.user.services.<name>.startAt | Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7)
|
| programs.dmrconfig.enable | Whether to configure system to enable use of dmrconfig
|
| systemd.paths.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.rke2.autoDeployCharts.<name>.package | The packaged Helm chart
|
| services.openssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| services.ax25.axports.<name>.paclen | Default maximum packet size for this interface.
|
| services.ax25.axports.<name>.enable | Whether to enable Enables the axport interface.
|
| power.ups.users.<name>.actions | Allow the user to do certain things with upsd
|
| services.h2o.hosts.<name>.tls.identity.*.key-file | Path to key file
|
| services.autosuspend.wakeups.<name>.class | Name of the class implementing the check
|
| services.drupal.sites.<name>.phpOptions | Options for PHP's php.ini file for this Drupal site.
|
| services.geth.<name>.metrics.address | Listen address of Go Ethereum metrics service.
|
| services.nginx.proxyCachePath.<name>.enable | Whether to enable this proxy cache path entry.
|
| services.rsync.jobs.<name>.settings | Settings that should be passed to rsync via long options
|
| users.users.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.autorandr.profiles.<name>.config.<name>.scale | Output scale configuration
|
| services.tahoe.nodes.<name>.client.shares.total | The number of shares required to store a file.
|
| services.quicktun.<name>.localPort | Local UDP port.
|
| hardware.libjaylink.enable | Whether to enable udev rules for devices supported by libjaylink
|
| services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.bacula-sd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.bacula-fd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.quicktun.<name>.privateKeyFile | Path to file containing local secret key in binary or hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.httpd.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.asusd.auraConfigs.<name>.source | Path of the source file.
|
| services.caddy.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.redis.servers.<name>.unixSocket | The path to the socket to bind to.
|
| services.rss2email.feeds.<name>.url | The URL at which to fetch the feed.
|
| services.k3s.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| services.tahoe.nodes.<name>.storage.enable | Whether to enable storage service.
|
| services.wyoming.piper.servers.<name>.uri | URI to bind the wyoming server to.
|
| services.openafsClient.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.nginx.proxyCachePath.<name>.keysZoneSize | Set size to shared memory zone.
|
| services.openafsServer.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.kimai.sites.<name>.settings | Structural Kimai's local.yaml configuration
|
| services.geth.<name>.authrpc.address | Listen address of Go Ethereum Auth RPC API.
|
| services.phpfpm.pools.<name>.phpPackage | The PHP package to use for running this PHP-FPM pool.
|
| services.restic.backups.<name>.runCheck | Whether to run the check command with the provided checkOpts options.
|
| services.fedimintd.<name>.api.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.fedimintd.<name>.api.port | Port to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.cjdns.ETHInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.cjdns.UDPInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.nix-store-gcs-proxy.<name>.address | The address of the proxy.
|
| services.redis.servers.<name>.save | The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes
|
| services.gitwatch.<name>.enable | Whether to enable watching for repo.
|
| services.bitcoind.<name>.enable | Whether to enable Bitcoin daemon.
|
| services.gitwatch.<name>.branch | Optional branch in remote repository
|
| services.gitwatch.<name>.remote | Optional url of remote repository
|
| systemd.services.<name>.startAt | Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7)
|
| services.hostapd.radios.<name>.band | Specifies the frequency band to use, possible values are 2g for 2.4 GHz,
5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz.
|
| services.httpd.virtualHosts.<name>.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nginx.virtualHosts.<name>.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.i2pd.ifname | Network interface to bind to.
|
| security.pam.services.<name>.rssh | If set, the calling user's SSH agent is used to authenticate
against the configured keys
|
| services.nsd.zones.<name>.dnssecPolicy.keyttl | TTL for dnssec records
|
| services.k3s.autoDeployCharts.<name>.hash | The hash of the packaged Helm chart
|
| services.i2pd.inTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| services.hans.clients.<name>.extraConfig | Additional command line parameters
|
| services.iodine.clients.<name>.server | Hostname of server running iodined
|
| services.dokuwiki.sites.<name>.stateDir | Location of the DokuWiki state directory.
|
| services.rspamd.workers.<name>.enable | Whether to run the rspamd worker.
|
| services.restic.backups.<name>.checkOpts | A list of options for 'restic check'.
|
| services.tahoe.nodes.<name>.client.shares.happy | The number of distinct storage nodes required to store
a file.
|
| services.geth.<name>.websocket.port | Port number of Go Ethereum WebSocket API.
|
| services.tahoe.nodes.<name>.sftpd.accounts.url | URL of the accounts server.
|
| services.h2o.hosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host
configuration.
|