| services.anubis.instances.<name>.group | The group under which Anubis is run
|
| services.wordpress.sites.<name>.themes | Path(s) to respective theme(s) which are copied from the 'theme' directory.
These themes need to be packaged before use, see example.
|
| services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| systemd.user.services.<name>.requisite | Similar to requires
|
| services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| services.hostapd.radios.<name>.networks.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the bss segment was generated and may dynamically
append bss options to the generated configuration file
|
| systemd.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.suwayomi-server.settings.server.basicAuthUsername | The username value that you have to provide when authenticating.
|
| services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.borgbackup.jobs.<name>.prune.keep | Prune a repository by deleting all archives not matching any of the
specified retention options
|
| services.home-assistant.config.homeassistant.name | Name of the location where Home Assistant is running.
|
| services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.snipe-it.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.mailpit.instances.<name>.max | Maximum number of emails to keep
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| hardware.alsa.cardAliases.<name>.id | The ID of the sound card
|
| services.nsd.zones.<name>.dnssecPolicy.coverage | The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
| programs.tsmClient.servers.<name>.servername | Local name of the IBM TSM server,
must not contain space or more than 64 chars.
|
| services.v4l2-relayd.instances.<name>.input.width | The width to read from input-stream.
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| systemd.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| systemd.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| services.geoclue2.appConfig.<name>.users | List of UIDs of all users for which this application is allowed location
info access, Defaults to an empty string to allow it for all users.
|
| services.tinc.networks.<name>.listenAddress | The ip address to listen on for incoming connections.
|
| services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| services.tinc.networks.<name>.chroot | Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security
|
| services.fedimintd.<name>.nginx.path_ws | Path to host the API on and forward to the daemon's api port
|
| systemd.user.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|
| services.nvme-rs.settings.email.smtp_username | SMTP username
|
| services.geoclue2.appConfig.<name>.isSystem | Whether the application is a system component or not.
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| security.acme.certs.<name>.validMinDays | Minimum remaining validity before renewal in days.
|
| services.fedimintd.<name>.nginx.config.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.vdirsyncer.jobs.<name>.config.pairs | vdirsyncer pair configurations
|
| services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| services.gancio.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.monica.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.matomo.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fedimintd.<name>.nginx.config.acmeRoot | Directory for the ACME challenge, which is public
|
| services.firewalld.services.<name>.ports.*.port | |
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.cgit.<name>.gitHttpBackend.enable | Whether to bypass cgit and use git-http-backend for HTTP clones
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.gitlab-runner.services.<name>.buildsDir | Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
|
| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|
| services.radicle.httpd.nginx.locations.<name>.root | Root directory for requests.
|
| systemd.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.dokuwiki.sites.<name>.extraConfigs | Path(s) to additional configuration files that are then linked to the 'conf' directory.
|
| services.firewalld.zones.<name>.sources | Source addresses, address ranges, MAC addresses or ipsets to bind.
|
| services.fedimintd.<name>.nginx.path_ui | Path to host the built-in UI on and forward to the daemon's api port
|
| services.borgbackup.jobs.<name>.extraArgs | Additional arguments for all borg calls the
service has
|
| services.openssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.snapper.configs.<name>.ALLOW_GROUPS | List of groups allowed to operate with the config
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.wstunnel.servers.<name>.listen | Address and port to listen on
|
| networking.vlans.<name>.id | The vlan identifier
|
| users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| services.borgbackup.jobs.<name>.appendFailedSuffix | Append a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
|
| networking.sits.<name>.dev | The underlying network device on which the tunnel resides.
|
| systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| users.users.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.tahoe.introducers.<name>.tub.port | The port on which the introducer will listen.
|
| programs.ssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.gitlab-runner.services.<name>.dockerImage | Docker image to be used.
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.fedimintd.<name>.nginx.config.kTLS | Whether to enable kTLS support
|
| services.drupal.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.anubis.instances.<name>.extraFlags | A list of extra flags to be passed to Anubis.
|
| services.syncoid.commands.<name>.service | Systemd configuration specific to this syncoid service.
|
| services.nginx.upstreams.<name>.extraConfig | These lines go to the end of the upstream verbatim.
|
| services.tarsnap.archives.<name>.verbose | Whether to produce verbose logging output.
|
| services.vault-agent.instances.<name>.enable | Whether to enable this vault-agent instance.
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.kanata.keyboards.<name>.config | Configuration other than defcfg
|