| services.prometheus.exporters.flow.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.flow.openFirewall is true.
|
| services.prometheus.exporters.ebpf.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.ebpf.openFirewall is true.
|
| services.prometheus.exporters.json.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.json.openFirewall is true.
|
| services.prometheus.exporters.bind.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.bind.openFirewall is true.
|
| services.prometheus.exporters.mail.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.mail.openFirewall is true.
|
| services.prometheus.exporters.mqtt.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.mqtt.openFirewall is true.
|
| services.prometheus.exporters.bird.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.bird.openFirewall is true.
|
| services.prometheus.exporters.nats.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nats.openFirewall is true.
|
| services.bacula-sd.director.<name>.tls | TLS Options for the Director in this Configuration.
|
| services.bacula-fd.director.<name>.tls | TLS Options for the Director in this Configuration.
|
| services.jupyter.kernels.<name>.argv | Command and arguments to start the kernel.
|
| services.bepasty.servers.<name>.bind | Bind address to be used for this server.
|
| services.bitcoind.<name>.configFile | The configuration file path to supply bitcoind.
|
| services.netbird.clients.<name>.port | Port the NetBird client listens on.
|
| services.netbird.tunnels.<name>.port | Port the NetBird client listens on.
|
| services.redis.servers.<name>.slaveOf.port | port of the Redis master
|
| services.ghostunnel.servers.<name>.allowCN | Allow client if common name appears in the list.
|
| services.homebridge.settings.platforms.*.name | Name of the platform
|
| services.fedimintd.<name>.nginx.config.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.iodine.clients.<name>.relay | DNS server to use as an intermediate relay to the iodined server
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.beesd.filesystems.<name>.workDir | Name (relative to the root of the filesystem) of the subvolume where
the hash table will be stored.
|
| services.geth.<name>.websocket.apis | APIs to enable over WebSocket
|
| services.nebula.networks.<name>.cert | Path to the host certificate.
|
| services.r53-ddns.hostname | Manually specify the hostname
|
| services.prometheus.exporters.php-fpm.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.php-fpm.openFirewall is true.
|
| services.keyd.keyboards.<name>.ids | Device identifiers, as shown by keyd(1).
|
| services.udp-over-tcp.tcp2udp.<name>.fwmark | If given, sets the SO_MARK option on the TCP socket.
|
| services.udp-over-tcp.udp2tcp.<name>.fwmark | If given, sets the SO_MARK option on the TCP socket.
|
| services.cjdns.ETHInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.cjdns.UDPInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| security.pam.services.<name>.pamMount | Enable PAM mount (pam_mount) system to mount filesystems on user login.
|
| services.dovecot2.imapsieve.mailbox.*.name | This setting configures the name of a mailbox for which administrator scripts are configured
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.ghostunnel.servers.<name>.allowOU | Allow client if organizational unit name appears in the list.
|
| services.httpd.virtualHosts.<name>.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| systemd.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.paths.<name>.wants | Start the specified units when this unit is started.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets.*.weight | Indicates the priority over identical Subnets owned by different nodes
|
| services.i2pd.inTunnels.<name>.accessList | I2P nodes that are allowed to connect to this service.
|
| services.drupal.sites.<name>.modulesDir | The location for users to install Drupal modules.
|
| services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| services.public-inbox.inboxes.<name>.url | URL where this inbox can be accessed over HTTP.
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| systemd.user.services.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| hardware.alsa.cardAliases.<name>.driver | Name of the kernel module that provides the card.
|
| systemd.services.<name>.scriptArgs | Arguments passed to the main process script
|
| services.bitcoind.<name>.testnet | Whether to use the testnet instead of mainnet.
|
| systemd.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.fedimintd.<name>.p2p.port | Port to bind on for p2p connections from peers (both TCP and UDP)
|
| services.fedimintd.<name>.p2p.bind | Address to bind on for p2p connections from peers (both TCP and UDP)
|
| services.rspamd.locals.<name>.enable | Whether this file locals should be generated
|
| services.nylon.<name>.deniedIPRanges | Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:
[ "0.0.0.0/0" ]
To block all other access than the allowed.
|
| services.sympa.domains.<name>.webHost | Domain part of the web interface URL (no web interface for this domain if null)
|
| services.xserver.xkb.extraLayouts.<name>.typesFile | The path to the xkb types file
|
| services.httpd.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.asusd.auraConfigs.<name>.source | Path of the source file.
|
| services.caddy.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.redis.servers.<name>.unixSocket | The path to the socket to bind to.
|
| services.rss2email.feeds.<name>.url | The URL at which to fetch the feed.
|
| systemd.paths.<name>.aliases | Aliases of that unit.
|
| systemd.units.<name>.aliases | Aliases of that unit.
|
| services.drupal.sites.<name>.phpOptions | Options for PHP's php.ini file for this Drupal site.
|
| services.geth.<name>.metrics.address | Listen address of Go Ethereum metrics service.
|
| services.nginx.proxyCachePath.<name>.enable | Whether to enable this proxy cache path entry.
|
| systemd.user.paths.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.prometheus.exporters.redis.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.redis.openFirewall is true.
|
| services.prometheus.exporters.fritz.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.fritz.openFirewall is true.
|
| services.prometheus.exporters.idrac.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.idrac.openFirewall is true.
|
| services.prometheus.exporters.dmarc.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.dmarc.openFirewall is true.
|
| services.prometheus.exporters.v2ray.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.v2ray.openFirewall is true.
|
| services.prometheus.exporters.kafka.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.kafka.openFirewall is true.
|
| services.prometheus.exporters.jitsi.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.jitsi.openFirewall is true.
|
| services.prometheus.exporters.nginx.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nginx.openFirewall is true.
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.authelia.instances.<name>.settings.default_2fa_method | Default 2FA method for new users and fallback for preferred but disabled methods.
|
| services.fedimintd.<name>.enable | Whether to enable fedimintd.
|
| users.groups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| systemd.slices.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.timers.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.firewalld.settings.FirewallBackend | The firewall backend implementation
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets.*.prefixLength | The prefix length of the subnet
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| services.openafsClient.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| services.nginx.proxyCachePath.<name>.keysZoneSize | Set size to shared memory zone.
|
| services.openafsServer.cellServDB.<name>.*.ip | IP Address of a database server
|
| users.users.<name>.subUidRanges | Subordinate user ids that user is allowed to use
|
| users.users.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| services.fedimintd.<name>.api.url | Public URL of the API address of the reverse proxy/tls terminator
|
| services.drupal.sites.<name>.poolConfig | Options for the Drupal PHP pool
|
| services.ghostunnel.servers.<name>.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| services.ghostunnel.servers.<name>.allowURI | Allow client if URI subject alternative name appears in the list.
|
| services.hans.clients.<name>.extraConfig | Additional command line parameters
|
| services.iodine.clients.<name>.server | Hostname of server running iodined
|
| services.dokuwiki.sites.<name>.stateDir | Location of the DokuWiki state directory.
|
| services.rspamd.workers.<name>.enable | Whether to run the rspamd worker.
|