| systemd.services.<name>.path | Packages added to the service's PATH
environment variable
|
| services.librespeed.frontend.servers.*.name | Name shown in the server list.
|
| services.sshguard.blacklist_file | Blacklist an attacker when its score exceeds threshold
|
| services.awstats.configs.<name>.extraConfig | Extra configuration to be appended to awstats.${name}.conf.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| systemd.services.<name>.preStart | Shell commands executed before the service's main process
is started.
|
| containers.<name>.extraVeths.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| power.ups.upsmon.monitor.<name>.system | Identifier of the UPS to monitor, in this form: <upsname>[@<hostname>[:<port>]]
See upsmon.conf for details.
|
| services.bind.zones.<name>.masters | List of servers for inclusion in stub and secondary zones.
|
| services.bluemap.maps.<name>.world | Path to world folder containing the dimension to render
|
| services.redis.servers.<name>.bind | The IP interface to bind to.
null means "all interfaces".
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKey | Legacy RSA public key of the host in PEM format, including start and
end markers
|
| services.autorandr.profiles.<name>.config.<name>.position | Output position
|
| services.bitcoind.<name>.dataDir | The data directory for bitcoind.
|
| services.pgbackrest.stanzas.<name>.jobs.<name>.schedule | When or how often the backup should run
|
| systemd.user.targets.<name>.aliases | Aliases of that unit.
|
| systemd.user.sockets.<name>.aliases | Aliases of that unit.
|
| services.jupyter.kernels.<name>.displayName | Name that will be shown to the user.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.tryFiles | Adds try_files directive.
|
| services.cgit.<name>.settings | cgit configuration, see cgitrc(5)
|
| services.uhub.<name>.settings | Configuration of uhub
|
| services.udp-over-tcp.tcp2udp.<name>.bind | Which local IP to bind the UDP socket to.
|
| security.pam.services.<name>.zfs | Enable unlocking and mounting of encrypted ZFS home dataset at login.
|
| systemd.user.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| services.spiped.config.<name>.keyfile | Name of a file containing the spiped key
|
| virtualisation.qemu.drives.*.name | A name for the drive
|
| services.phpfpm.pools.<name>.listen | The address on which to accept FastCGI requests.
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.librenms.distributedPoller.name | Custom name of this poller.
|
| systemd.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| services.bitcoind.<name>.pidFile | Location of bitcoind pid file.
|
| systemd.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.kimai.sites.<name>.package | The kimai package to use.
|
| services.tahoe.nodes.<name>.package | The tahoelafs package to use.
|
| services.archisteamfarm.bots.<name>.username | Name of the user to log in
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| systemd.user.slices.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.timers.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.yggdrasil-jumper.retrieveListenAddresses | Automatically retrieve listen addresses from the Yggdrasil router configuration
|
| security.wrappers.<name>.group | The group of the wrapper program.
|
| security.wrappers.<name>.owner | The owner of the wrapper program.
|
| services.bitcoind.<name>.group | The group as which to run bitcoind.
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| programs.neovim.runtime.<name>.text | Text of the file.
|
| services.asusd.auraConfigs.<name>.text | Text of the file.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.filebeat.modules.<name>.module | The name of the module
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| systemd.services.<name>.script | Shell commands executed as the service's main process.
|
| services.drupal.sites.<name>.enable | Whether to enable Drupal web application.
|
| services.tts.servers.<name>.enable | Whether to enable Coqui TTS server.
|
| services.tts.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.nsd.zones.<name>.notifyRetry | Specifies the number of retries for failed notifies
|
| systemd.user.services.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.yggdrasil-jumper.appendListenAddresses | Append Yggdrasil router configuration with listeners on loopback
addresses (127.0.0.1) and preselected ports to support peering
using client-server protocols like quic and tls
|
| services.autosuspend.wakeups.<name>.class | Name of the class implementing the check
|
| environment.etc.<name>.text | Text of the file.
|
| systemd.nspawn.<name>.filesConfig | Each attribute in this set specifies an option in the
[Files] section of this unit
|
| systemd.slices.<name>.sliceConfig | Each attribute in this set specifies an option in the
[Slice] section of the unit
|
| services.rke2.autoDeployCharts.<name>.package | The packaged Helm chart
|
| services.i2pd.inTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| fileSystems.<name>.fsType | Type of the file system
|
| services.bitcoind.<name>.rpc.port | Override the default port on which to listen for JSON-RPC connections.
|
| systemd.user.services.<name>.postStop | Shell commands executed after the service's main process
has exited.
|
| systemd.targets.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.sockets.<name>.upholds | Keeps the specified running while this unit is running
|
| containers.<name>.extraVeths.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| systemd.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.pgbackrest.stanzas.<name>.instances.<name>.host | PostgreSQL host for operating remotely.
|
| services.mpd.settings | Configuration for MPD
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| boot.specialFileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.nix-store-gcs-proxy.<name>.enable | Whether to enable proxy for this bucket
|
| services.restic.backups.<name>.user | As which user the backup should run.
|
| boot.initrd.luks.devices.<name>.gpgCard.publicKey | Path to the Public Key.
|
| services.h2o.hosts.<name>.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets | The subnets which this tinc daemon will serve
|
| security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| systemd.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| services.jupyter.kernels.<name>.language | Language of the environment
|
| services.i2pd.outTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.redis.servers.<name>.slaveOf.ip | IP of the Redis master
|
| services.httpd.virtualHosts.<name>.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nginx.virtualHosts.<name>.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| power.ups.upsmon.monitor.<name>.powerValue | Number of power supplies that the UPS feeds on this system
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.type | The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.
|