| services.github-runners.<name>.package | The github-runner package to use.
|
| services.openafsServer.roles.backup.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.errbot.instances.<name>.logLevel | Errbot log level
|
| services.sanoid.datasets.<name>.monthly | Number of monthly snapshots.
|
| services.fedimintd.<name>.dataDir | Path to the data dir fedimintd will use to store its data
|
| services.prometheus.exporters.fritz.settings.devices.*.name | Name to use for the device.
|
| services.snipe-it.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.wyoming.piper.servers.<name>.noiseScale | Generator noise value.
|
| power.ups.ups.<name>.directives | List of configuration directives for this UPS.
|
| services.nginx.virtualHosts.<name>.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| security.pam.services.<name>.requireWheel | Whether to permit root access only to members of group wheel.
|
| services.i2pd.ifname4 | IPv4 interface to bind to.
|
| services.i2pd.ifname6 | IPv6 interface to bind to.
|
| systemd.services.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.quicktun.<name>.remoteFloat | Whether to allow the remote address and port to change when properly encrypted packets are received.
|
| services.prometheus.exporters.rtl_433.channels.*.name | Name to match.
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| services.rspamd.workers.<name>.includes | List of files to include in configuration
|
| services.tarsnap.archives.<name>.nodump | Exclude files with the nodump flag.
|
| services.syncoid.commands.<name>.extraArgs | Extra syncoid arguments for this command.
|
| services.mailpit.instances.<name>.smtp | SMTP bind interface and port.
|
| services.wstunnel.servers.<name>.enable | Whether to enable this wstunnel instance.
|
| services.wstunnel.clients.<name>.enable | Whether to enable this wstunnel instance.
|
| services.nylon.<name>.allowedIPRanges | Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges:
[ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
|
| services.drupal.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.wyoming.piper.servers.<name>.noiseWidth | Phoneme width noise value.
|
| services.easytier.instances.<name>.settings | Settings to generate easytier-‹name›.toml
|
| services.homebridge.settings.accessories.*.name | Name of the accessory
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| services.httpd.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| services.phpfpm.pools.<name>.settings | PHP-FPM pool directives
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| systemd.user.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| power.ups.users.<name>.instcmds | Let the user initiate specific instant commands
|
| services.vault-agent.instances.<name>.group | Group under which this instance runs.
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.gancio.nginx.locations.<name>.index | Adds index directive.
|
| services.fluidd.nginx.locations.<name>.index | Adds index directive.
|
| services.akkoma.nginx.locations.<name>.index | Adds index directive.
|
| services.gancio.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.fluidd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.matomo.nginx.locations.<name>.index | Adds index directive.
|
| services.matomo.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.monica.nginx.locations.<name>.index | Adds index directive.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.gitlab-runner.services.<name>.tagList | Tag list
|
| systemd.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| services.netbird.clients.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.netbird.tunnels.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.nextcloud.config.dbname | Database name.
|
| security.pam.services.<name>.forwardXAuth | Whether X authentication keys should be passed from the
calling user to the target user (e.g. for
su)
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| services.nginx.virtualHosts.<name>.listen.*.port | Port number to listen on
|
| services.sympa.domains.<name>.settings | The robot.conf configuration file as key value set
|
| services.drupal.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.restic.backups.<name>.extraBackupArgs | Extra arguments passed to restic backup.
|
| services.redis.servers.<name>.openFirewall | Whether to open ports in the firewall for the server.
|
| power.ups.upsmon.monitor.<name>.system | Identifier of the UPS to monitor, in this form: <upsname>[@<hostname>[:<port>]]
See upsmon.conf for details.
|
| environment.etc.<name>.group | Group name of file owner
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers | Ensure that only the given members are part of this group at every server start.
|
| systemd.user.services.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.borgbackup.jobs.<name>.paths | Path(s) to back up
|
| services.fedimintd.<name>.package | The fedimint package to use.
|
| services.kmonad.keyboards.<name>.config | Keyboard configuration.
|
| services.opkssh.providers.<name>.issuer | Issuer URI
|
| services.postgresql.systemCallFilter.<name>.enable | Whether to enable ‹name› in postgresql's syscall filter.
|
| programs.dms-shell.plugins.<name>.src | Source of the plugin package or path
|
| services.tor.relay.onionServices.<name>.version | See torrc manual.
|
| security.pam.services.<name>.sssdStrictAccess | enforce sssd access control
|
| services.udp-over-tcp.tcp2udp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.udp-over-tcp.udp2tcp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.public-inbox.inboxes.<name>.address | The email addresses of the public-inbox.
|
| services.rke2.manifests.<name>.source | Path of the source .yaml file.
|
| services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| users.users.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| services.httpd.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nginx.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.jupyterhub.kernels.<name>.language | Language of the environment
|
| services.geth.<name>.authrpc.jwtsecret | Path to a JWT secret for authenticated RPC endpoint.
|
| services.geth.<name>.websocket.address | Listen address of Go Ethereum WebSocket API.
|
| services.borgbackup.jobs.<name>.postInit | Shell commands to run after borg init.
|
| services.wstunnel.servers.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.wstunnel.clients.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.anubis.instances.<name>.user | The user under which Anubis is run
|
| services.k3s.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.nbd.server.exports.<name>.extraOptions | Extra options for this export
|
| services.buildkite-agents.<name>.dataDir | The workdir for the agent
|
| services.wstunnel.clients.<name>.soMark | Mark network packets with the SO_MARK sockoption with the specified value
|
| services.udp-over-tcp.tcp2udp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.udp-over-tcp.udp2tcp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|