| services.netbird.tunnels.<name>.dir.runtime | A runtime directory used by NetBird client.
|
| services.netbird.clients.<name>.dir.runtime | A runtime directory used by NetBird client.
|
| services.wyoming.piper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.wyoming.piper.servers.<name>.enable | Whether to enable Wyoming Piper server.
|
| services.restic.backups.<name>.timerConfig | When to run the backup
|
| services.rke2.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.hostapd.radios.<name>.networks.<name>.ignoreBroadcastSsid | Send empty SSID in beacons and ignore probe request frames that do not
specify full SSID, i.e., require stations to know SSID
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| services.hostapd.radios.<name>.networks | This defines a BSS, colloquially known as a WiFi network
|
| programs.ssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.drupal.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| security.pam.services.<name>.failDelay.enable | If enabled, this will replace the FAIL_DELAY setting from login.defs
|
| systemd.network.networks.<name>.linkConfig | Each attribute in this set specifies an option in the
[Link] section of the unit
|
| systemd.network.networks.<name>.cakeConfig | Each attribute in this set specifies an option in the
[CAKE] section of the unit
|
| systemd.network.networks.<name>.lldpConfig | Each attribute in this set specifies an option in the
[LLDP] section of the unit
|
| systemd.user.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.rke2.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.wstunnel.servers.<name>.listen.host | The hostname.
|
| services.wstunnel.servers.<name>.listen.port | The port.
|
| systemd.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| services.fedimintd.<name>.nginx.config.root | The path of the web root directory.
|
| services.bacula-sd.device.<name>.extraDeviceConfig | Extra configuration to be passed in Device directive.
|
| services.fedimintd.<name>.bitcoin.rpc.url | Bitcoin node (bitcoind/electrum/esplora) address to connect to
|
| services.hostapd.radios.<name>.wifi6.require | Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't.
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| services.httpd.virtualHosts.<name>.extraConfig | These lines go to httpd.conf verbatim
|
| systemd.network.networks.<name>.gateway | A list of gateways to be added to the network section of the
unit
|
| systemd.network.networks.<name>.address | A list of addresses to be added to the network section of the
unit
|
| services.vmalert.instances.<name>.settings.rule | Path to the files with alerting and/or recording rules.
|
| services.akkoma.initDb.username | Name of the database user to initialise the database with
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.nghttpx.backends.*.params.dns | Name resolution of a backends host name is done at start up,
or configuration reload
|
| services.netbird.clients.<name>.autoStart | Start the service with the system
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.openvpn.servers.<name>.config | Configuration of this OpenVPN instance
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| services.davis.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.slskd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.movim.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.easytier.instances.<name>.settings.network_name | EasyTier network name.
|
| services.jitsi-videobridge.xmppConfigs.<name>.hostName | Hostname of the XMPP server to connect to
|
| programs.schroot.profiles.<name>.fstab | A file in the format described in fstab(5), used to mount filesystems inside the chroot
|
| networking.jool.nat64.<name>.global.pool6 | The prefix used for embedding IPv4 into IPv6 addresses
|
| services.drupal.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.dokuwiki.sites.<name>.plugins | List of path(s) to respective plugin(s) which are copied into the 'plugin' directory.
These plugins need to be packaged before use, see example.
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| services.anubis.instances.<name>.policy | Anubis policy configuration
|
| services.geoclue2.appConfig.<name>.isAllowed | Whether the application will be allowed access to location information.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.netbird.tunnels.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| services.netbird.clients.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| systemd.user.paths.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.spiped.config.<name>.source | Address on which spiped should listen for incoming
connections
|
| services.easytier.instances.<name>.settings.hostname | Hostname shown in peer list and web console.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| services.prometheus.exporters.fritz.settings.devices.*.name | Name to use for the device.
|
| systemd.user.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.user.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.name | Name of the cursor theme to use for the lightdm-gtk-greeter.
|
| services.postfix.settings.master.<name>.type | The type of the service
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| systemd.network.netdevs.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| services.bepasty.servers.<name>.extraConfig | Extra configuration for bepasty server to be appended on the
configuration.
see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
for all options.
|
| services.hostapd.radios.<name>.wifi5.require | Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.
|
| systemd.network.netdevs.<name>.bridgeConfig | Each attribute in this set specifies an option in the
[Bridge] section of the unit
|
| systemd.network.netdevs.<name>.ipvtapConfig | Each attribute in this set specifies an option in the [IPVTAP] section of the unit
|
| systemd.network.netdevs.<name>.netdevConfig | Each attribute in this set specifies an option in the
[Netdev] section of the unit
|
| systemd.network.networks.<name>.macvlan | A list of macvlan interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.ipvlanConfig | Each attribute in this set specifies an option in the [IPVLAN] section of the unit
|
| systemd.network.networks.<name>.macvtap | A list of macvtap interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.tunnelConfig | Each attribute in this set specifies an option in the
[Tunnel] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| programs.xfs_quota.projects.<name>.path | Project directory.
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| networking.jool.nat64 | Definitions of NAT64 instances of Jool
|
| services.tinc.networks.<name>.listenAddress | The ip address to listen on for incoming connections.
|
| services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| services.snapper.configs.<name>.ALLOW_USERS | List of users allowed to operate with the config. "root" is always
implicitly included
|
| systemd.targets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| systemd.user.services.<name>.requisite | Similar to requires
|
| systemd.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.snipe-it.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.wyoming.piper.servers.<name>.noiseScale | Generator noise value.
|
| services.fedimintd.<name>.nginx.path_ws | Path to host the API on and forward to the daemon's api port
|
| services.drupal.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.znapzend.zetup.<name>.mbuffer.size | The size for mbuffer
|