| users.users.<name>.packages | The set of packages that should be made available to the user
|
| virtualisation.containers.registries.search | List of repositories to search.
|
| services.zammad.secretKeyBaseFile | The path to a file containing the
secret_key_base secret
|
| services.zabbixProxy.package | The Zabbix package to use.
|
| services.github-runners.<name>.replace | Replace any existing runner with the same name
|
| services.github-runners.<name>.serviceOverrides | Modify the systemd service
|
| services.vsftpd.userDbPath | Only applies if enableVirtualUsers is true
|
| services.nghttpx.backends.*.params.redirect-if-not-tls | If true, a backend match requires the frontend connection be
TLS encrypted
|
| services.xinetd.services.*.extraConfig | Extra configuration-lines added to the section of the service.
|
| systemd.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.matrix-synapse.settings.enable_metrics | Enable collection and rendering of performance metrics
|
| services.xserver.desktopManager.mate.extraPanelApplets | Extra applets to add to mate-panel.
|
| services.vsftpd.localUsers | Whether to enable FTP for local users.
|
| virtualisation.libvirtd.qemu | QEMU related options.
|
| systemd.services.<name>.confinement.mode | The value full-apivfs (the default) sets up
private /dev, /proc,
/sys, /tmp and /var/tmp file systems
in a separate user name space
|
| virtualisation.oci-containers.containers.<name>.imageStream | Path to a script that streams the desired image on standard output
|
| services.vdr.extraArguments | Additional command line arguments to pass to VDR.
|
| services.frr.config | FRR configuration statements.
|
| services.archisteamfarm.dataDir | The ASF home directory used to store all data
|
| services.hercules-ci-agent.settings.secretsJsonPath | Path to a JSON file containing secrets for effects
|
| services.music-assistant.providers | List of provider names for which dependencies will be installed.
|
| virtualisation.waydroid.enable | Whether to enable Waydroid.
|
| services.usbguard.presentDevicePolicy | How to treat USB devices that are already connected when the daemon
starts
|
| services.zabbixProxy.database.createLocally | Whether to create a local database automatically.
|
| services.zfs.autoSnapshot.weekly | Number of weekly auto-snapshots that you wish to keep.
|
| containers.<name>.extraVeths.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| services.kubernetes.caFile | Default kubernetes certificate authority
|
| services.unpoller.loki.user | Username for Loki.
|
| services.xserver.desktopManager.mate.extraCajaExtensions | Extra extensions to add to caja.
|
| virtualisation.podman.networkSocket.enable | Make the Podman and Docker compatibility API available over the network
with TLS client certificate authentication
|
| services.matrix-synapse.settings.turn_shared_secret | The shared secret used to compute passwords for the TURN server
|
| services.zabbixWeb.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.stash.settings.plugins_path | Path to scrapers
|
| services.kubernetes.apiserver.apiAudiences | Kubernetes apiserver ServiceAccount issuer.
|
| services.zitadel.settings.TLS.KeyPath | Path to the TLS certificate private key.
|
| systemd.paths.<name>.requisite | Similar to requires
|
| services.gerrit.jvmOpts | A list of JVM options to start gerrit with.
|
| systemd.user.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.woodpecker-agents.agents.<name>.environmentFile | File to load environment variables
from
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.znapzend.zetup.<name>.mbuffer.enable | Whether to use mbuffer.
|
| services.matrix-appservice-irc.needBindingCap | Whether the daemon needs to bind to ports below 1024 (e.g. for the ident service)
|
| services.ytdl-sub.instances.<name>.config | Configuration for ytdl-sub
|
| services.xonotic.enable | Whether to enable Xonotic dedicated server.
|
| systemd.user.slices | Definition of systemd per-user slice units.
|
| services.hylafax.faxcron.enable.spoolInit | Whether to enable purging old files from the spooling area with
faxcron
each time the spooling area is initialized
.
|
| virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| services.lasuite-meet.settings.DB_USER | User of the database
|
| systemd.mounts.*.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.services.<name>.path | Packages added to the service's PATH
environment variable
|
| services.wakapi.settings | Settings for Wakapi
|
| services.ympd.mpd.port | The port where MPD is listening.
|
| virtualisation.xen.store.settings.perms.enableWatch | Whether to enable the watch permission system
|
| services.vwifi.module.enable | Whether to enable mac80211_hwsim module.
|
| services.warpgate.settings.mysql.key | Path to MySQL listener private key.
|
| systemd.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| system.nssDatabases.hosts | List of hosts entries to configure in /etc/nsswitch.conf
|
| services.stash.settings.ui.frontPageContent | Search filters to display on the front page.
|
| services.weblate.extraConfig | Text to append to settings.py Weblate configuration file.
|
| services.weechat.root | Weechat state directory.
|
| services.vikunja.database.type | Database engine to use.
|
| systemd.network.netdevs.<name>.l2tpSessions | Each item in this array specifies an option in the
[L2TPSession] section of the unit
|
| services.zabbixWeb.nginx.virtualHost.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.nghttpx.backlog | Listen backlog size
|
| services.kubernetes.kubelet.kubeconfig.server | Kubelet kube-apiserver server address.
|
| services.wyoming.satellite.name | Name of the satellite.
|
| services.matrix-synapse.withJemalloc | Whether to preload jemalloc to reduce memory fragmentation and overall usage.
|
| services.upower.criticalPowerAction | The action to take when timeAction or
percentageAction has been reached for the batteries
(UPS or laptop batteries) supplying the computer
|
| virtualisation.containers.enable | This option enables the common /etc/containers configuration module.
|
| virtualisation.fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| system.etc.overlay.enable | Mount /etc as an overlayfs instead of generating it via a perl script
|
| virtualisation.libvirtd.parallelShutdown | Number of guests that will be shutdown concurrently, taking effect when onShutdown
is set to "shutdown"
|
| virtualisation.podman.package | The podman package to use
|
| services.veilid.settings.core.network.routing_table.node_id | Base64-encoded public key for the node, used as the node's ID.
|
| services.zitadel.settings.TLS.CertPath | Path to the TLS certificate.
|
| services.matrix-appservice-irc.settings.database.engine | Which database engine to use
|
| services.unpoller.unifi.controllers.*.save_events | Collect and save data from UniFi events to influxdb and Loki.
|
| i18n.inputMethod.kime.extraConfig | extra kime configuration
|
| services.frigate.settings.mqtt.enabled | Whether to enable MQTT support.
|
| services.webhook.urlPrefix | The URL path prefix to use for served hooks (protocol://yourserver:port/${prefix}/hook-id).
|
| services.zabbixServer.database.port | Database host port.
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.jirafeau.nginxConfig.locations.<name>.tryFiles | Adds try_files directive.
|
| services.unpoller.unifi.controllers.*.save_ids | Collect and save data from the intrusion detection system to influxdb and Loki.
|
| i18n.inputMethod.kime.iconColor | Color of the indicator icon
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cacert | Path to CA bundle file (PEM/X509)
|
| services.zabbixWeb.httpd.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.kanidm.provision.groups | Provisioning of kanidm groups
|
| systemd.network.wait-online.enable | Whether to enable the systemd-networkd-wait-online service.
systemd-networkd-wait-online can timeout and fail if there are no network interfaces
available for it to manage
|
| services.xserver.synaptics.vertTwoFingerScroll | Whether to enable vertical two-finger drag-scrolling.
|
| services.zookeeper.servers | All Zookeeper Servers.
|
| services.hylafax.faxqclean.archiving | Enable or suppress job archiving:
never disables job archiving,
as-flagged archives jobs that
have been flagged for archiving by sendfax,
always forces archiving of all jobs
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.vwifi.server.ports.spy | The spy interface port
|
| services.vmalert.instances.<name>.settings."notifier.url" | Prometheus Alertmanager URL
|
| services.zoneminder.extraConfig | Additional configuration added verbatim to the configuration file.
|
| services.xserver.displayManager.lightdm.greeters.slick.font.name | Name of the font to use.
|
| systemd.user.targets.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.kanidm.client.settings | Configure Kanidm clients, needed for the PAM daemon
|
| virtualisation.incus.clientPackage | The incus client package to use
|