| services.tinc.networks.<name>.settings | Configuration of the Tinc daemon for this network
|
| services.easytier.instances.<name>.settings.network_name | EasyTier network name.
|
| services.restic.backups.<name>.pruneOpts | A list of options (--keep-* et al.) for 'restic forget
--prune', to automatically prune old snapshots
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| systemd.user.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.bluemap.storage.<name>.storage-type | Type of storage config
|
| services.awstats.configs.<name>.hostAliases | List of aliases the site has.
|
| services.opkssh.providers.<name>.clientId | OAuth client ID
|
| services.pgbackrest.repos.<name>.sftp-host | SFTP repository host
|
| services.redis.servers.<name>.databases | Set the number of databases.
|
| services.wordpress.sites.<name>.package | The wordpress package to use.
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes.*.name | Name of the mute time interval, must be unique
|
| systemd.user.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.h2o.hosts.<name>.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| networking.jool.nat64.<name>.global.pool6 | The prefix used for embedding IPv4 into IPv6 addresses
|
| services.drupal.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.buildkite-agents.<name>.shell | Command that buildkite-agent 3 will execute when it spawns a shell.
|
| services.nylon.<name>.acceptInterface | Tell nylon which interface to listen for client requests on, default is "lo".
|
| systemd.network.netdevs.<name>.vrfConfig | Each attribute in this set specifies an option in the
[VRF] section of the unit
|
| services.borgbackup.jobs.<name>.preHook | Shell commands to run before the backup
|
| services.snipe-it.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.wyoming.piper.servers.<name>.noiseScale | Generator noise value.
|
| fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.netbird.clients.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.netbird.tunnels.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.anubis.instances.<name>.settings.POLICY_FNAME | The policy file to use
|
| services.rshim.device | Specify the device name to attach
|
| services.printing.cups-pdf.instances.<name>.settings.Out | output directory;
${HOME} will be expanded to the user's home directory,
${USER} will be expanded to the user name.
|
| services.httpd.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nginx.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.caddy.virtualHosts.<name>.extraConfig | Additional lines of configuration appended to this virtual host in the
automatically generated Caddyfile.
|
| systemd.services.<name>.requisite | Similar to requires
|
| services.drupal.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters | A list of filter to restrict traffic
|
| security.auditd.plugins.<name>.format | Binary passes the data exactly as the audit event dispatcher gets it from
the audit daemon
|
| systemd.user.services.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.vdirsyncer.jobs.<name>.enable | Whether to enable this vdirsyncer job.
|
| services.znapzend.zetup.<name>.mbuffer.size | The size for mbuffer
|
| systemd.network.networks.<name>.ipoIBConfig | Each attribute in this set specifies an option in the
[IPoIB] section of the unit
|
| services.wstunnel.clients.<name>.addNetBind | Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.
|
| services.tarsnap.archives.<name>.period | Create archive at this interval
|
| services.httpd.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| systemd.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.anubis.instances.<name>.user | The user under which Anubis is run
|
| services.k3s.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.drupal.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.wyoming.piper.servers.<name>.noiseWidth | Phoneme width noise value.
|
| services.nginx.proxyCachePath.<name>.inactive | Cached data that has not been accessed for the time specified by
the inactive parameter is removed from the cache, regardless of
its freshness.
|
| systemd.user.timers.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.slices.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.nsd.zones.<name>.children | Children zones inherit all options of their parents
|
| services.restic.backups.<name>.extraOptions | Extra extended options to be passed to the restic --option flag.
|
| fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.buildkite-agents.<name>.enable | Whether to enable this buildkite agent
|
| services.awstats.configs.<name>.logFormat | The log format being used
|
| services.znapzend.zetup.<name>.presnap | Command to run before snapshots are taken on the source dataset,
e.g. for database locking/flushing
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id | IKE identity to use for authentication round
|
| services.phpfpm.pools.<name>.settings | PHP-FPM pool directives
|
| services.drupal.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.gancio.nginx.locations.<name>.index | Adds index directive.
|
| services.fluidd.nginx.locations.<name>.index | Adds index directive.
|
| services.akkoma.nginx.locations.<name>.index | Adds index directive.
|
| services.gancio.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.fluidd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.matomo.nginx.locations.<name>.index | Adds index directive.
|
| services.matomo.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.monica.nginx.locations.<name>.index | Adds index directive.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.rke2.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| services.kanata.keyboards.<name>.extraArgs | Extra command line arguments passed to kanata.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.postPublish | How long after deactivation to keep a key in the zone
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish | How long after deactivation to keep a key in the zone
|
| services.wstunnel.clients.<name>.soMark | Mark network packets with the SO_MARK sockoption with the specified value
|
| services.udp-over-tcp.tcp2udp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.udp-over-tcp.udp2tcp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.tcp2udp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.udp2tcp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| networking.bonds.<name>.driverOptions | Options for the bonding driver
|
| services.bacula-sd.device.<name>.extraDeviceConfig | Extra configuration to be passed in Device directive.
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| services.hostapd.radios.<name>.networks | This defines a BSS, colloquially known as a WiFi network
|
| programs.ssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| systemd.slices.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.timers.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.tor.relay.onionServices.<name>.path | Path where to store the data files of the hidden service
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.github-runners.<name>.workDir | Working directory, available as $GITHUB_WORKSPACE during workflow runs
and used as a default for repository checkouts
|
| services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.github-runners.<name>.url | Repository to add the runner to
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.drupal.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|