| services.restic.backups.<name>.extraOptions | Extra extended options to be passed to the restic --option flag.
|
| services.vdirsyncer.jobs.<name>.enable | Whether to enable this vdirsyncer job.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| services.drupal.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.wyoming.piper.servers.<name>.noiseWidth | Phoneme width noise value.
|
| services.restic.backups.<name>.timerConfig | When to run the backup
|
| services.gitlab-runner.services.<name>.cloneUrl | Overwrite the URL for the GitLab instance
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.postPublish | How long after deactivation to keep a key in the zone
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish | How long after deactivation to keep a key in the zone
|
| services.easytier.instances.<name>.extraSettings | Extra settings to add to easytier-‹name›.toml.
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| users.extraUsers.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| services.hostapd.radios.<name>.networks | This defines a BSS, colloquially known as a WiFi network
|
| services.kanata.keyboards.<name>.extraArgs | Extra command line arguments passed to kanata.
|
| services.rke2.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| services.gitlab-runner.services.<name>.description | Name/description of the runner.
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.gancio.nginx.locations.<name>.index | Adds index directive.
|
| services.fluidd.nginx.locations.<name>.index | Adds index directive.
|
| services.akkoma.nginx.locations.<name>.index | Adds index directive.
|
| services.gancio.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.fluidd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.matomo.nginx.locations.<name>.index | Adds index directive.
|
| services.matomo.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.monica.nginx.locations.<name>.index | Adds index directive.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| users.extraUsers.<name>.packages | The set of packages that should be made available to the user
|
| services.netbird.clients.<name>.autoStart | Start the service with the system
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.openvpn.servers.<name>.config | Configuration of this OpenVPN instance
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| services.httpd.virtualHosts.<name>.extraConfig | These lines go to httpd.conf verbatim
|
| services.hostapd.radios.<name>.wifi6.require | Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't.
|
| services.buildkite-agents.<name>.enable | Whether to enable this buildkite agent
|
| services.bacula-sd.device.<name>.extraDeviceConfig | Extra configuration to be passed in Device directive.
|
| services.drupal.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.dokuwiki.sites.<name>.plugins | List of path(s) to respective plugin(s) which are copied into the 'plugin' directory.
These plugins need to be packaged before use, see example.
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.znapzend.zetup.<name>.destinations.<name>.postsend | Command to run after sending the snapshot to the destination
|
| programs.dms-shell.plugins.<name>.src | Source of the plugin package or path
|
| networking.jool.siit | Definitions of SIIT instances of Jool
|
| services.anubis.instances.<name>.policy | Anubis policy configuration
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.tor.relay.onionServices.<name>.version | See torrc manual.
|
| services.kanidm.provision.systems.oauth2.<name>.displayName | Display name
|
| services.i2pd.ifname4 | IPv4 interface to bind to.
|
| services.i2pd.ifname6 | IPv6 interface to bind to.
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| services.bepasty.servers.<name>.extraConfig | Extra configuration for bepasty server to be appended on the
configuration.
see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
for all options.
|
| services.hostapd.radios.<name>.wifi5.require | Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.github-runners.<name>.extraLabels | Extra labels in addition to the default (unless disabled through the noDefaultLabels option)
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.znc.confOptions.networks.<name>.server | IRC server address.
|
| systemd.network.networks.<name>.hierarchyTokenBucketClassConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucketClass] section of the unit
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| users.users.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| services.snapper.configs.<name>.ALLOW_USERS | List of users allowed to operate with the config. "root" is always
implicitly included
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| services.nginx.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host
|
| services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.nbd.server.exports.<name>.extraOptions | Extra options for this export
|
| services.anki-sync-server.users.*.username | User name accepted by anki-sync-server.
|
| services.tinc.networks.<name>.listenAddress | The ip address to listen on for incoming connections.
|
| services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| services.davis.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.slskd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.movim.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.geoclue2.appConfig.<name>.desktopID | Desktop ID of the application.
|
| services.lemmy.settings.hostname | The domain name of your instance (eg 'lemmy.ml').
|
| services.spiped.config.<name>.source | Address on which spiped should listen for incoming
connections
|
| services.k3s.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| services.jitsi-videobridge.xmppConfigs.<name>.hostName | Hostname of the XMPP server to connect to
|
| services.logcheck.ignoreCron.<name>.timeArgs | "min hr dom mon dow" crontab time args, to auto-create a cronjob too
|
| services.drupal.sites.<name>.virtualHost.servedDirs | This option provides a simple way to serve static directories.
|
| services.fedimintd.<name>.nginx.path_ws | Path to host the API on and forward to the daemon's api port
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.drupal.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.openafsServer.roles.backup.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| services.anubis.instances.<name>.group | The group under which Anubis is run
|
| services.wordpress.sites.<name>.themes | Path(s) to respective theme(s) which are copied from the 'theme' directory.
These themes need to be packaged before use, see example.
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| services.printing.cups-pdf.instances.<name>.settings.Out | output directory;
${HOME} will be expanded to the user's home directory,
${USER} will be expanded to the user name.
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|