| services.public-inbox.imap.cert | Path to TLS certificate to use for connections to public-inbox-imapd(1).
|
| services.rspamd.localLuaRules | Path of file to link to /etc/rspamd/rspamd.local.lua for local
rules written in Lua
|
| services.rke2.agentTokenFile | File path containing the rke2 token agents can use to connect to the server
|
| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.i2pd.inTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| services.httpd.virtualHosts.<name>.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.nginx.virtualHosts.<name>.acmeRoot | Directory for the ACME challenge, which is public
|
| systemd.user.timers.<name>.requisite | Similar to requires
|
| systemd.user.slices.<name>.requisite | Similar to requires
|
| services.nginx.virtualHosts.<name>.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| systemd.user.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.services.<name>.scriptArgs | Arguments passed to the main process script
|
| security.pam.services.<name>.failDelay.delay | The delay time (in microseconds) on failure.
|
| services.drupal.sites.<name>.privateFilesDir | The location of the Drupal private files directory.
|
| services.openvpn.servers.<name>.autoStart | Whether this OpenVPN instance should be started automatically.
|
| services.hostapd.radios.<name>.networks.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the bss segment was generated and may dynamically
append bss options to the generated configuration file
|
| services.graylog.rootUsername | Name of the default administrator user
|
| programs.ssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.suricata.settings.outputs.*.<name>.enabled | Whether to enable .
|
| services.quicktun.<name>.localAddress | IP address or hostname of the local end.
|
| systemd.network.netdevs.<name>.extraConfig | Extra configuration append to unit
|
| systemd.services.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.matrix-synapse.settings.signing_key_path | Path to the signing key to sign messages with.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.maubot.settings.server.plugin_base_path | The base path for plugin endpoints
|
| services.multipath.devices.*.prio_args | Arguments to pass to to the prio function
|
| services.dokuwiki.sites.<name>.package | The dokuwiki package to use.
|
| services.drupal.sites.<name>.database.user | Database user.
|
| services.znapzend.zetup.<name>.dataset | The dataset to use for this source.
|
| services.ddclient.username | User name.
|
| services.grafana.settings.database.client_key_path | The path to the client key
|
| systemd.user.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| systemd.user.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| security.pam.services.<name>.rssh | If set, the calling user's SSH agent is used to authenticate
against the configured keys
|
| services.spiped.config.<name>.timeout | Timeout, in seconds, after which an attempt to connect to
the target or a protocol handshake will be aborted (and the
connection dropped) if not completed
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| services.xserver.displayManager.lightdm.greeters.enso.iconTheme.name | Name of the icon theme to use for the lightdm-enso-os-greeter
|
| services.grafana.settings.server.static_root_path | Root path for static assets.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| systemd.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.i2pd.outTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| services.swapspace.settings.swappath | Location where swapspace may create and delete swapfiles
|
| services.httpd.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.nginx.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.kanboard.nginx.root | The path of the web root directory.
|
| programs.command-not-found.dbPath | Absolute path to programs.sqlite
|
| services.dolibarr.nginx.root | The path of the web root directory.
|
| services.athens.unixSocket | Path to the unix socket file
|
| services.librenms.nginx.root | The path of the web root directory.
|
| services.fediwall.nginx.root | The path of the web root directory.
|
| services.disnix.profiles | Names of the Disnix profiles to expose in the system's PATH
|
| services.ceph.global.mgrModulePath | Path at which to find ceph-mgr modules.
|
| services.gocd-agent.packages | Packages to add to PATH for the Go
|
| services.agorakit.nginx.root | The path of the web root directory.
|
| services.ceph.global.rgwMimeTypesFile | Path to mime types used by radosgw.
|
| services.cyrus-imap.imapdConfigFile | Path to the configuration file used for cyrus-imap.
|
| services.mainsail.nginx.root | The path of the web root directory.
|
| services.syncplay.motdFile | Path to text to display when users join
|
| services.sickbeard.dataDir | Path where to store data files.
|
| services.monero.banlist | Path to a text file containing IPs to block
|
| services.pixelfed.nginx.root | The path of the web root directory.
|
| services.xserver.modules | Packages to be added to the module search path of the X server.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets.*.address | The subnet of this host
|
| services.redis.servers.<name>.save | The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.label | Each address may be tagged with a label string
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| services.httpd.virtualHosts.<name>.listen.*.port | Port to listen on
|
| services.drupal.sites.<name>.database.host | Database host address.
|
| services.borgbackup.jobs.<name>.repo | Remote or local repository to back up to.
|
| services.iodine.clients.<name>.extraConfig | Additional command line parameters
|
| services.drupal.sites.<name>.database.port | Database host port.
|
| hardware.sane.brscan5.netDevices.<name>.model | The model of the network device.
|
| services.nginx.virtualHosts.<name>.listen.*.addr | Listen address.
|
| services.h2o.hosts.<name>.tls.extraSettings | Additional TLS/SSL-related configuration options
|
| services.public-inbox.inboxes.<name>.watch | Paths for public-inbox-watch(1) to monitor for new mail.
|
| services.nylon.<name>.allowedIPRanges | Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges:
[ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
|
| services.nsd.zones.<name>.multiMasterCheck | If enabled, checks all masters for the last zone version
|
| services.hans.clients.<name>.passwordFile | File that contains password
|
| services.nginx.virtualHosts.<name>.default | Makes this vhost the default.
|
| services.fedimintd.<name>.nginx.config.http3 | Whether to enable the HTTP/3 protocol
|
| services.firewalld.zones.<name>.ports.*.port | |
| systemd.user.tmpfiles.users.<name>.rules | Per-user rules for creation, deletion and cleaning of volatile and
temporary files automatically
|
| systemd.shutdown | Definition of systemd shutdown executables
|
| services.home-assistant.config.homeassistant.name | Name of the location where Home Assistant is running.
|
| networking.bonds.<name>.miimon | DEPRECATED, use driverOptions
|
| users.users.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.httpd.virtualHosts.<name>.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.restic.backups.<name>.exclude | Patterns to exclude when backing up
|
| systemd.user.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.network.netdevs.<name>.tapConfig | Each attribute in this set specifies an option in the
[Tap] section of the unit
|
| systemd.network.networks.<name>.vxlan | A list of vxlan interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.tunConfig | Each attribute in this set specifies an option in the
[Tun] section of the unit
|