| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| services.firewalld.zones.<name>.sources.*.ipset | An ipset.
|
| services.nginx.virtualHosts.<name>.locations | Declarative location config
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| services.vault-agent.instances.<name>.package | The vault package to use.
|
| services.vdirsyncer.jobs.<name>.config.pairs | vdirsyncer pair configurations
|
| services.postfix.settings.master.<name>.args | Arguments to pass to the command
|
| services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.snipe-it.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fedimintd.<name>.api.openFirewall | Opens port in firewall for fedimintd's api port
|
| services.pgbackrest.stanzas.<name>.jobs | Backups jobs to schedule for this stanza as described in:
https://pgbackrest.org/user-guide.html#quickstart/schedule-backup
|
| services.fedimintd.<name>.nginx.config.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gitlab-runner.services.<name>.buildsDir | Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
|
| services.tarsnap.archives.<name>.keyfile | Set a specific keyfile for this archive
|
| systemd.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| security.acme.certs.<name>.extraDomainNames | A list of extra domain names, which are included in the one certificate to be issued.
|
| services.gancio.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.monica.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.matomo.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| boot.initrd.luks.devices.<name>.gpgCard.gracePeriod | Time in seconds to wait for the GPG Smartcard.
|
| systemd.slices.<name>.requisite | Similar to requires
|
| systemd.timers.<name>.requisite | Similar to requires
|
| systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.klipper.firmwares.<name>.serial | Path to serial port this printer is connected to
|
| services.wordpress.sites.<name>.uploadsDir | This directory is used for uploads of pictures
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| services.drupal.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file | File name in the rsa folder for which this passphrase
should be used.
|
| services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.tahoe.introducers.<name>.tub.port | The port on which the introducer will listen.
|
| systemd.user.paths.<name>.requisite | Similar to requires
|
| services.atalkd.interfaces.<name>.config | Optional configuration string for this interface.
|
| containers.<name>.extraVeths | Extra veth-pairs to be created for the container.
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.wstunnel.clients.<name>.remoteToLocal | Listen on remote and forwards traffic from local
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.ghostunnel.servers.<name>.key | Path to certificate private key (PEM with private key)
|
| services.borgbackup.jobs.<name>.prune.keep | Prune a repository by deleting all archives not matching any of the
specified retention options
|
| services.github-runners.<name>.extraPackages | Extra packages to add to PATH of the service to make them available to workflows.
|
| services.nsd.zones.<name>.dnssecPolicy.algorithm | Which algorithm to use for DNSSEC
|
| security.acme.certs.<name>.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| services.firezone.server.provision.accounts.<name>.auth | All authentication providers to provision
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| systemd.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.tinc.networks.<name>.chroot | Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security
|
| services.wordpress.sites.<name>.plugins | Path(s) to respective plugin(s) which are copied from the 'plugins' directory.
These plugins need to be packaged before use, see example.
|
| systemd.user.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| services.k3s.manifests.<name>.content | Content of the manifest file
|
| services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nsd.zones.<name>.dnssecPolicy.coverage | The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.tahoe.nodes.<name>.storage.reservedSpace | The amount of filesystem space to not use for storage.
|
| services.fedimintd.<name>.nginx.config.acmeRoot | Directory for the ACME challenge, which is public
|
| services.fedimintd.<name>.p2p.openFirewall | Opens port in firewall for fedimintd's p2p port (both TCP and UDP)
|
| services.caddy.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.httpd.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.ghostunnel.servers.<name>.cert | Path to certificate (PEM with certificate chain)
|
| services.httpd.virtualHosts.<name>.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.nginx.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| virtualisation.emptyDiskImages.*.driveConfig.name | A name for the drive
|
| services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| security.acme.certs.<name>.directory | Directory where certificate and other state is stored.
|
| security.dhparams.params.<name>.bits | The bit size for the prime that is used during a Diffie-Hellman
key exchange.
|
| systemd.network.networks.<name>.vrf | A list of vrf interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.dns | A list of dns servers to be added to the network section of the
unit
|
| systemd.network.networks.<name>.ntp | A list of ntp servers to be added to the network section of the
unit
|
| services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.cgit.<name>.gitHttpBackend.enable | Whether to bypass cgit and use git-http-backend for HTTP clones
|
| boot.initrd.luks.devices.<name>.fido2.gracePeriod | Time in seconds to wait for the FIDO2 key.
|
| services.fedimintd.<name>.nginx.config.listen.*.ssl | Enable SSL.
|
| services.znc.confOptions.networks.<name>.modules | ZNC network modules to load.
|
| services.snapserver.streams.<name>.codec | Default audio compression method.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.id | A unique identifier for this authentication token
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.acme-dns.settings.general.nsname | Zone name server.
|
| services.btrbk.instances.<name>.settings | configuration options for btrbk
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from | The start of the port range, inclusive.
|
| systemd.user.slices.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.timers.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.tarsnap.archives.<name>.lowmem | Reduce memory consumption by not caching small files
|
| services.fedimintd.<name>.nginx.config.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.fedimintd.<name>.bitcoin.network | Bitcoin network to participate in.
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.blockbook-frontend.<name>.cssDir | Location of the dir with main.css CSS file
|
| services.httpd.virtualHosts.<name>.locations | Declarative location config
|
| services.tinc.networks.<name>.interfaceType | The type of virtual interface used for the network connection.
|
| services.ytdl-sub.instances.<name>.schedule | How often to run ytdl-sub
|