| services.wyoming.piper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.wyoming.piper.servers.<name>.enable | Whether to enable Wyoming Piper server.
|
| services.pgbackrest.repos.<name>.host | Repository host when operating remotely
|
| services.drupal.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| security.pam.services.<name>.failDelay.enable | If enabled, this will replace the FAIL_DELAY setting from login.defs
|
| systemd.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.requisite | Similar to requires
|
| systemd.sockets.<name>.requisite | Similar to requires
|
| security.pam.services.<name>.limits.*.domain | Username, groupname, or wildcard this limit applies to
|
| services.k3s.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| services.wstunnel.servers.<name>.listen.host | The hostname.
|
| services.wstunnel.servers.<name>.listen.port | The port.
|
| systemd.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| containers.<name>.extraVeths.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| services.fedimintd.<name>.package | The fedimint package to use.
|
| services.nginx.proxyCachePath.<name>.levels | The levels parameter defines structure of subdirectories in cache: from
1 to 3, each level accepts values 1 or 2
|
| services.fedimintd.<name>.api_ws.port | TCP Port to bind on for API connections relayed by the reverse proxy/tls terminator.
|
| services.fedimintd.<name>.nginx.config.root | The path of the web root directory.
|
| services.vmalert.instances.<name>.settings.rule | Path to the files with alerting and/or recording rules.
|
| services.errbot.instances.<name>.logLevel | Errbot log level
|
| services.sanoid.datasets.<name>.monthly | Number of monthly snapshots.
|
| services.nebula.networks.<name>.package | The nebula package to use.
|
| services.fedimintd.<name>.bitcoin.rpc.url | Bitcoin node (bitcoind/electrum/esplora) address to connect to
|
| services.quicktun.<name>.remoteFloat | Whether to allow the remote address and port to change when properly encrypted packets are received.
|
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.kanidm.provision.systems.oauth2.<name>.displayName | Display name
|
| services.dokuwiki.sites.<name>.phpOptions | Options for PHP's php.ini file for this dokuwiki site.
|
| services.httpd.virtualHosts.<name>.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.rspamd.workers.<name>.bindSockets | List of sockets to listen, in format acceptable by rspamd
|
| services.tinc.networks.<name>.bindToAddress | The ip address to bind to (both listen on and send packets from).
|
| services.anubis.instances | An attribute set of Anubis instances
|
| services.buildkite-agents.<name>.dataDir | The workdir for the agent
|
| services.hostapd.radios.<name>.networks.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the bss segment was generated and may dynamically
append bss options to the generated configuration file
|
| security.pam.services.<name>.setLoginUid | Set the login uid of the process
(/proc/self/loginuid) for auditing
purposes
|
| services.nextcloud.config.dbname | Database name.
|
| services.davis.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.slskd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.movim.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| programs.tsmClient.servers.<name>.tcpport | TCP port of the IBM TSM server
|
| services.rspamd.workers.<name>.extraConfig | Additional entries to put verbatim into worker section of rspamd config file.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.netbird.tunnels.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| services.netbird.clients.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| systemd.network.networks.<name>.tunnel | A list of tunnel interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.enable | Whether to manage network configuration using systemd-network
|
| systemd.network.networks.<name>.bridge | A list of bridge interfaces to be added to the network section of the
unit
|
| services.drupal.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| systemd.user.services.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.postPublish | How long after deactivation to keep a key in the zone
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish | How long after deactivation to keep a key in the zone
|
| services.rke2.manifests.<name>.source | Path of the source .yaml file.
|
| services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.nginx.virtualHosts.<name>.extraConfig | These lines go to the end of the vhost verbatim.
|
| systemd.network.networks.<name>.domains | A list of domains to pass to the network config.
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes.*.name | Name of the mute time interval, must be unique
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.postfix.settings.master.<name>.type | The type of the service
|
| services.redis.servers.<name>.slowLogLogSlowerThan | Log queries whose execution take longer than X in milliseconds.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets.*.address | The subnet of this host
|
| services.borgbackup.jobs.<name>.appendFailedSuffix | Append a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
|
| services.dokuwiki.sites.<name>.poolConfig | Options for the DokuWiki PHP pool
|
| services.nntp-proxy.users.<name>.passwordHash | SHA-512 password hash (can be generated by
mkpasswd -m sha-512 <password>)
|
| systemd.services.<name>.startLimitBurst | Configure unit start rate limiting
|
| containers.<name>.extraVeths.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| services.rspamd.workers.<name>.includes | List of files to include in configuration
|
| services.tarsnap.archives.<name>.nodump | Exclude files with the nodump flag.
|
| services.syncoid.commands.<name>.extraArgs | Extra syncoid arguments for this command.
|
| services.mailpit.instances.<name>.smtp | SMTP bind interface and port.
|
| services.wstunnel.servers.<name>.enable | Whether to enable this wstunnel instance.
|
| services.wstunnel.clients.<name>.enable | Whether to enable this wstunnel instance.
|
| services.fedimintd.<name>.dataDir | Path to the data dir fedimintd will use to store its data
|
| security.pam.services.<name>.requireWheel | Whether to permit root access only to members of group wheel.
|
| systemd.network.networks.<name>.bridgeMDBs | A list of BridgeMDB sections to be added to the unit
|
| systemd.network.networks.<name>.bridgeFDBs | A list of BridgeFDB sections to be added to the unit
|
| services.httpd.virtualHosts.<name>.http2 | Whether to enable HTTP 2
|
| services.vault-agent.instances.<name>.group | Group under which this instance runs.
|
| security.apparmor.policies.<name>.path | A path of a profile file to include
|
| services.snipe-it.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.wyoming.piper.servers.<name>.noiseScale | Generator noise value.
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.label | Each address may be tagged with a label string
|
| services.drupal.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.kmonad.keyboards.<name>.config | Keyboard configuration.
|
| services.opkssh.providers.<name>.issuer | Issuer URI
|
| services.pingvin-share.hostname | The domain name of your instance
|
| systemd.user.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.znapzend.zetup.<name>.mbuffer.size | The size for mbuffer
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| systemd.network.netdevs.<name>.vxlanConfig | Each attribute in this set specifies an option in the
[VXLAN] section of the unit
|
| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| services.restic.backups.<name>.extraBackupArgs | Extra arguments passed to restic backup.
|
| services.redis.servers.<name>.openFirewall | Whether to open ports in the firewall for the server.
|
| services.printing.cups-pdf.instances.<name>.settings.Out | output directory;
${HOME} will be expanded to the user's home directory,
${USER} will be expanded to the user name.
|
| services.nginx.proxyCachePath.<name>.useTempPath | Nginx first writes files that are destined for the cache to a temporary
storage area, and the use_temp_path=off directive instructs Nginx to
write them to the same directories where they will be cached
|
| users.users.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.quicktun.<name>.localAddress | IP address or hostname of the local end.
|
| services.tor.relay.onionServices.<name>.path | Path where to store the data files of the hidden service
|
| services.headscale.settings.dns.extra_records.*.name | DNS record name.
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| security.pam.services.<name>.sssdStrictAccess | enforce sssd access control
|