| services.wyoming.piper.servers.<name>.noiseScale | Generator noise value.
|
| users.extraUsers.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.suricata.settings.outputs.*.<name>.enabled | Whether to enable .
|
| boot.initrd.systemd.users.<name>.group | Group the user belongs to in initrd.
|
| boot.initrd.systemd.users.<name>.shell | The path to the user's shell in initrd.
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| services.gitlab-runner.services.<name>.limit | Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit.
|
| services.errbot.instances.<name>.logLevel | Errbot log level
|
| services.sanoid.datasets.<name>.monthly | Number of monthly snapshots.
|
| services.nebula.networks.<name>.package | The nebula package to use.
|
| services.httpd.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.nginx.virtualHosts.<name>.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.buildkite-agents.<name>.tags | Tags for the agent.
|
| services.quicktun.<name>.protocol | Which protocol to use.
|
| services.nylon.<name>.allowedIPRanges | Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges:
[ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
|
| systemd.services.<name>.startLimitBurst | Configure unit start rate limiting
|
| security.pam.services.<name>.requireWheel | Whether to permit root access only to members of group wheel.
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| services.github-runners.<name>.package | The github-runner package to use.
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| services.drupal.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.wyoming.piper.servers.<name>.noiseWidth | Phoneme width noise value.
|
| services.nginx.virtualHosts.<name>.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.postfix-tlspol.settings.server.address | Path or address/port where postfix-tlspol binds its socket to.
|
| services.netbird.clients.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.netbird.tunnels.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| systemd.user.paths.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.timers.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.slices.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.units.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.rspamd.workers.<name>.includes | List of files to include in configuration
|
| services.tarsnap.archives.<name>.nodump | Exclude files with the nodump flag.
|
| services.syncoid.commands.<name>.extraArgs | Extra syncoid arguments for this command.
|
| services.mailpit.instances.<name>.smtp | SMTP bind interface and port.
|
| services.wstunnel.servers.<name>.enable | Whether to enable this wstunnel instance.
|
| services.wstunnel.clients.<name>.enable | Whether to enable this wstunnel instance.
|
| services.quicktun.<name>.remoteFloat | Whether to allow the remote address and port to change when properly encrypted packets are received.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.type | The resource type
|
| systemd.user.services.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| security.pam.services.<name>.forwardXAuth | Whether X authentication keys should be passed from the
calling user to the target user (e.g. for
su)
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| services.sympa.domains.<name>.settings | The robot.conf configuration file as key value set
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.gancio.nginx.locations.<name>.index | Adds index directive.
|
| services.fluidd.nginx.locations.<name>.index | Adds index directive.
|
| services.akkoma.nginx.locations.<name>.index | Adds index directive.
|
| services.gancio.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.fluidd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.matomo.nginx.locations.<name>.index | Adds index directive.
|
| services.matomo.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.monica.nginx.locations.<name>.index | Adds index directive.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| systemd.user.targets.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.drupal.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| hardware.printers.ensurePrinters.*.name | Name of the printer / printer queue
|
| services.firefox-syncserver.database.name | Database to use for storage
|
| users.users.<name>.packages | The set of packages that should be made available to the user
|
| services.drupal.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| systemd.user.targets.<name>.wants | Start the specified units when this unit is started.
|
| systemd.slices.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.timers.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.vault-agent.instances.<name>.group | Group under which this instance runs.
|
| services.restic.backups.<name>.extraBackupArgs | Extra arguments passed to restic backup.
|
| services.redis.servers.<name>.openFirewall | Whether to open ports in the firewall for the server.
|
| services.bitmagnet.settings.postgres.host | Address, hostname or Unix socket path of the database server
|
| services.wstunnel.clients.<name>.soMark | Mark network packets with the SO_MARK sockoption with the specified value
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.borgbackup.jobs.<name>.paths | Path(s) to back up
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.anubis.instances.<name>.user | The user under which Anubis is run
|
| services.k3s.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.httpd.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nginx.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| image.repart.partitions.<name>.contents.<name>.source | Path of the source file.
|
| services.tor.relay.onionServices.<name>.version | See torrc manual.
|
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.nbd.server.exports.<name>.extraOptions | Extra options for this export
|
| services.jupyterhub.kernels.<name>.displayName | Name that will be shown to the user.
|
| services.nextcloud.config.dbname | Database name.
|
| services.github-runners.<name>.url | Repository to add the runner to
|
| services.kmonad.keyboards.<name>.config | Keyboard configuration.
|
| services.opkssh.providers.<name>.issuer | Issuer URI
|
| security.pam.services.<name>.sssdStrictAccess | enforce sssd access control
|
| services.tinc.networks.<name>.rsaPrivateKeyFile | Path of the private RSA keyfile.
|
| services.udp-over-tcp.tcp2udp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.udp-over-tcp.udp2tcp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.public-inbox.inboxes.<name>.address | The email addresses of the public-inbox.
|
| users.users.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| services.suricata.settings.unix-command.enabled | Enable unix-command socket.
|
| services.geth.<name>.authrpc.jwtsecret | Path to a JWT secret for authenticated RPC endpoint.
|
| services.borgbackup.jobs.<name>.postInit | Shell commands to run after borg init.
|
| services.wstunnel.servers.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.wstunnel.clients.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|