| services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| services.rke2.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.firewalld.settings.StrictForwardPorts | If enabled, the generated destination NAT (DNAT) rules will NOT accept traffic that was DNAT'd by other entities, e.g. docker
|
| services.wordpress.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| systemd.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| systemd.user.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| services.fedimintd.<name>.api.openFirewall | Opens port in firewall for fedimintd's api port
|
| services.pgbackrest.stanzas.<name>.jobs | Backups jobs to schedule for this stanza as described in:
https://pgbackrest.org/user-guide.html#quickstart/schedule-backup
|
| services.klipper.firmwares.<name>.serial | Path to serial port this printer is connected to
|
| services.kimai.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.ghostunnel.servers.<name>.key | Path to certificate private key (PEM with private key)
|
| security.pam.services.<name>.ttyAudit.enablePattern | For each user matching one of comma-separated
glob patterns, enable TTY auditing
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.label | Each address may be tagged with a label string
|
| services.headscale.settings.dns.extra_records.*.name | DNS record name.
|
| environment.etc.<name>.group | Group name of file owner
|
| services.jitsi-videobridge.xmppConfigs.<name>.hostName | Hostname of the XMPP server to connect to
|
| systemd.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| services.firewalld.zones.<name>.sources.*.ipset | An ipset.
|
| services.nginx.virtualHosts.<name>.locations | Declarative location config
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| services.radicle.httpd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.geoclue2.appConfig.<name>.desktopID | Desktop ID of the application.
|
| services.openbao.settings.listener.<name>.type | The listener type to enable.
|
| services.public-inbox.settings.coderepo.<name>.dir | Path to a git repository
|
| services.wordpress.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|
| services.firewalld.services.<name>.version | Version of the service.
|
| services.firewalld.services.<name>.helpers | Helpers for the service.
|
| services.wstunnel.clients.<name>.remoteToLocal | Listen on remote and forwards traffic from local
|
| services.awstats.configs.<name>.webService.urlPrefix | The URL prefix under which the awstats pages appear.
|
| services.kimai.sites.<name>.database.createLocally | Create the database and database user locally.
|
| security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|
| services.postfix.settings.master.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| security.pam.services.<name>.startSession | If set, the service will register a new session with
systemd's login manager
|
| security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| services.prometheus.exporters.systemd.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.systemd.openFirewall is true.
|
| services.prometheus.exporters.ecoflow.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.ecoflow.openFirewall is true.
|
| services.prometheus.exporters.unbound.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.unbound.openFirewall is true.
|
| services.prometheus.exporters.klipper.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.klipper.openFirewall is true.
|
| services.prometheus.exporters.varnish.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.varnish.openFirewall is true.
|
| services.prometheus.exporters.sabnzbd.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.sabnzbd.openFirewall is true.
|
| services.prometheus.exporters.dovecot.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.dovecot.openFirewall is true.
|
| services.prometheus.exporters.postfix.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.postfix.openFirewall is true.
|
| services.prometheus.exporters.process.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.process.openFirewall is true.
|
| services.prometheus.exporters.libvirt.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.libvirt.openFirewall is true.
|
| services.prometheus.exporters.bitcoin.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.bitcoin.openFirewall is true.
|
| services.prometheus.exporters.mongodb.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.mongodb.openFirewall is true.
|
| services.prometheus.exporters.dnsmasq.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.dnsmasq.openFirewall is true.
|
| services.prometheus.exporters.apcupsd.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.apcupsd.openFirewall is true.
|
| systemd.user.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| systemd.sockets.<name>.aliases | Aliases of that unit.
|
| systemd.targets.<name>.aliases | Aliases of that unit.
|
| systemd.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| services.atalkd.interfaces.<name>.config | Optional configuration string for this interface.
|
| networking.ipips.<name>.dev | The underlying network device on which the tunnel resides.
|
| services.prosody.virtualHosts.<name>.ssl.extraOptions | Extra SSL configuration options.
|
| services.rke2.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.bitcoind.<name>.prune | Reduce storage requirements by enabling pruning (deleting) of old
blocks
|
| services.fedimintd.<name>.p2p.openFirewall | Opens port in firewall for fedimintd's p2p port (both TCP and UDP)
|
| services.caddy.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.httpd.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.ghostunnel.servers.<name>.cert | Path to certificate (PEM with certificate chain)
|
| services.httpd.virtualHosts.<name>.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.nginx.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.firewalld.zones.<name>.forward | Whether to enable intra-zone forwarding
|
| services.sabnzbd.settings.servers.<name>.displayname | Human-friendly description of the server
|
| services.postfix.masterConfig.<name>.maxproc | The maximum number of processes to spawn for this service
|
| users.users.<name>.description | A short description of the user account, typically the
user's full name
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id | IKE identity to use for authentication round
|
| services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| systemd.user.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| services.dolibarr.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.kanboard.nginx.locations.<name>.index | Adds index directive.
|
| services.fediwall.nginx.locations.<name>.index | Adds index directive.
|
| services.agorakit.nginx.locations.<name>.index | Adds index directive.
|
| services.librenms.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.kanboard.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.dolibarr.nginx.locations.<name>.index | Adds index directive.
|
| services.agorakit.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.librenms.nginx.locations.<name>.index | Adds index directive.
|
| services.fediwall.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.pixelfed.nginx.locations.<name>.index | Adds index directive.
|
| services.sabnzbd.settings.servers.<name>.enable | Enable this server by default
|
| services.mainsail.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.mainsail.nginx.locations.<name>.index | Adds index directive.
|
| services.pixelfed.nginx.locations.<name>.alias | Alias directory for requests.
|
| power.ups.upsmon.monitor.<name>.powerValue | Number of power supplies that the UPS feeds on this system
|
| services.borgbackup.jobs.<name>.prune.prefix | Only consider archive names starting with this prefix for pruning
|
| services.nebula.networks.<name>.staticHostMap | The static host map defines a set of hosts with fixed IP addresses on the internet (or any network)
|
| services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|