| services.wordpress.sites.<name>.database.user | Database user.
|
| services.sanoid.datasets.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.wyoming.faster-whisper.servers.<name>.uri | URI to bind the wyoming server to.
|
| environment.etc.<name>.target | Name of symlink (relative to
/etc)
|
| services.prefect.workerPools.<name>.installPolicy | install policy for the worker (always, if-not-present, never, prompt)
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id | IKE identity to use for authentication round
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.printing.cups-pdf.instances.<name>.settings.Out | output directory;
${HOME} will be expanded to the user's home directory,
${USER} will be expanded to the user name.
|
| programs.neovim.runtime.<name>.target | Name of symlink
|
| services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.name | Name of the cursor theme to use for the lightdm-gtk-greeter.
|
| containers.<name>.bindMounts.<name>.isReadOnly | Determine whether the mounted path will be accessed in read-only mode.
|
| services.firewalld.zones.<name>.forwardPorts.*.to-port | |
| services.restic.backups.<name>.repository | repository to backup to.
|
| services.dolibarr.nginx.locations.<name>.root | Root directory for requests.
|
| services.agorakit.nginx.locations.<name>.root | Root directory for requests.
|
| services.librenms.nginx.locations.<name>.root | Root directory for requests.
|
| services.kanboard.nginx.locations.<name>.root | Root directory for requests.
|
| services.fediwall.nginx.locations.<name>.root | Root directory for requests.
|
| services.mainsail.nginx.locations.<name>.root | Root directory for requests.
|
| services.pixelfed.nginx.locations.<name>.root | Root directory for requests.
|
| services.wordpress.sites.<name>.database.host | Database host address.
|
| services.wordpress.sites.<name>.database.port | Database host port.
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.easytier.instances.<name>.extraArgs | Extra args append to the easytier command-line.
|
| services.davis.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.awstats.configs.<name>.webService.enable | Whether to enable awstats web service.
|
| services.movim.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.slskd.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.logrotate.settings.<name>.enable | Whether to enable setting individual kill switch.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.tor.relay.onionServices.<name>.settings | Settings of the onion service
|
| services.netbird.clients.<name>.dns-resolver.port | A port to serve DNS entries on when dns-resolver.address is enabled.
|
| services.netbird.tunnels.<name>.dns-resolver.port | A port to serve DNS entries on when dns-resolver.address is enabled.
|
| services.prometheus.exporters.fritz.settings.devices.*.name | Name to use for the device.
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| services.maddy.hostname | Hostname to use
|
| services.borgbackup.jobs.<name>.privateTmp | Set the PrivateTmp option for
the systemd-service
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| security.pam.services.<name>.kwallet.enable | If enabled, pam_wallet will attempt to automatically unlock the
user's default KDE wallet upon login
|
| services.anubis.instances.<name>.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| services.restic.backups.<name>.initialize | Create the repository if it doesn't exist.
|
| services.fedimintd.<name>.nginx.config.listen.*.addr | Listen address.
|
| services.v4l2-relayd.instances.<name>.input.height | The height to read from input-stream.
|
| services.fedimintd.<name>.nginx.config.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gancio.settings.hostname | The domain name under which the server is reachable.
|
| users.extraUsers.<name>.group | The user's primary group.
|
| services.ghostunnel.servers.<name>.allowAll | If true, allow all clients, do not check client cert subject.
|
| services.sabnzbd.settings.servers.<name>.displayname | Human-friendly description of the server
|
| services.bitcoind.<name>.extraCmdlineOptions | Extra command line options to pass to bitcoind
|
| services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| systemd.user.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.firewalld.zones.<name>.ports.*.protocol | |
| services.jupyterhub.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyterhub.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.fedimintd.<name>.nginx.config.default | Makes this vhost the default.
|
| services.tinc.networks.<name>.ed25519PrivateKeyFile | Path of the private ed25519 keyfile.
|
| services.bacula-fd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.bacula-sd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.snipe-it.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.v4l2-relayd.instances.<name>.input.format | The video-format to read from input-stream.
|
| services.nebula.networks.<name>.enableReload | Enable automatic config reload on config change
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| services.borgbackup.jobs.<name>.dumpCommand | Backup the stdout of this program instead of filesystem paths
|
| services.tarsnap.archives.<name>.includes | Include only files and directories matching these
patterns (the empty list includes everything)
|
| services.mautrix-meta.instances.<name>.enable | Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| services.hostapd.radios.<name>.settings | Extra configuration options to put at the end of global initialization, before defining BSSs
|
| services.drupal.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters | A list of filter to restrict traffic
|
| services.anubis.instances.<name>.botPolicy | Anubis policy configuration in Nix syntax
|
| services.wstunnel.servers.<name>.restrictTo.*.port | The port.
|
| services.wstunnel.servers.<name>.restrictTo.*.host | The hostname.
|
| services.blockbook-frontend.<name>.configFile | Location of the blockbook configuration file.
|
| services.firewalld.zones.<name>.protocols | Protocols to allow in the zone.
|
| services.zeronsd.servedNetworks.<name>.package | The zeronsd package to use.
|
| services.restic.backups.<name>.rcloneOptions | Options to pass to rclone to control its behavior
|
| services.firewalld.zones.<name>.forwardPorts.*.to-addr | Destination IP address.
|
| services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.name | Name of the cursor theme to use for the lightdm-enso-os-greeter
|
| services.httpd.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.kimai.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.borgbackup.jobs.<name>.exclude | Exclude paths matching any of the given patterns
|
| services.acme-dns.settings.general.nsname | Zone name server.
|
| security.pam.services.<name>.ttyAudit.enablePattern | For each user matching one of comma-separated
glob patterns, enable TTY auditing
|
| services.netbird.clients.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.netbird.tunnels.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.jibri.xmppEnvironments.<name>.call.login.username | User part of the JID for the recorder.
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucNickname | Videobridges use the same XMPP account and need to be distinguished by the
nickname (aka resource part of the JID)
|
| services.bcg.mqtt.username | MQTT server access username.
|
| services.easytier.instances.<name>.settings.network_name | EasyTier network name.
|
| services.blockbook-frontend.<name>.package | The blockbook package to use.
|
| services.ax25.axports.<name>.description | Free format description of this interface.
|
| services.openbao.settings.listener.<name>.type | The listener type to enable.
|
| services.public-inbox.settings.coderepo.<name>.dir | Path to a git repository
|