| systemd.user.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| power.ups.ups.<name>.shutdownOrder | When you have multiple UPSes on your system, you usually need to
turn them off in a certain order. upsdrvctl shuts down all the
0s, then the 1s, 2s, and so on
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| services.snipe-it.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.postfix.settings.master.<name>.maxproc | The maximum number of processes to spawn for this service
|
| services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| systemd.user.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.wordpress.sites.<name>.languages | List of path(s) to respective language(s) which are copied from the 'languages' directory.
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.kimai.sites.<name>.environmentFile | Securely pass environment variabels to Kimai
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.grafana.provision.dashboards.settings.providers.*.name | A unique provider name.
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.wyoming.faster-whisper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.radicle.httpd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| systemd.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.radicle.ci.broker.settings.adapters.<name>.env | Environment variables to add when running the adapter.
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.nebula.networks.<name>.firewall.inbound | Firewall rules for inbound traffic.
|
| services.orangefs.server.fileSystems.<name>.extraConfig | Extra config for <FileSystem> section.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.wyoming.faster-whisper.servers.<name>.enable | Whether to enable Wyoming faster-whisper server.
|
| services.consul-template.instances.<name>.group | Group under which this instance runs.
|
| services.tahoe.introducers.<name>.package | The tahoelafs package to use.
|
| containers.<name>.extraVeths.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.description | The description of this policy
|
| power.ups.upsmon.monitor.<name>.system | Identifier of the UPS to monitor, in this form: <upsname>[@<hostname>[:<port>]]
See upsmon.conf for details.
|
| services.pgbackrest.stanzas.<name>.instances | An attribute set of database instances as described in:
https://pgbackrest.org/configuration.html#section-stanza
Each instance defaults to set pg-host to the attribute's name
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| services.keepalived.vrrpScripts.<name>.weight | Following a failure, adjust the priority by this weight.
|
| services.k3s.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.k3s.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| services.wyoming.faster-whisper.servers.<name>.beamSize | The number of beams to use in beam search
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| services.postfix.settings.master.<name>.private | Whether the service's sockets and storage directory is restricted to
be only available via the mail system
|
| services.stash.username | Username for login.
|
| services.i2pd.inTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.mosquitto.listeners.*.users.<name>.acl | Control client access to topics on the broker.
|
| services.bookstack.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.anuko-time-tracker.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.bookstack.nginx.locations.<name>.index | Adds index directive.
|
| systemd.user.sockets.<name>.aliases | Aliases of that unit.
|
| systemd.user.targets.<name>.aliases | Aliases of that unit.
|
| services.inadyn.settings.provider.<name>.include | File to include additional settings for this provider from.
|
| services.wordpress.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.gitlab-runner.services.<name>.postGetSourcesScript | Runner-specific command script executed after code is pulled.
|
| services.xonotic.settings.hostname | The name that will appear in the server list. $g_xonoticversion
gets replaced with the current version.
|
| services.sabnzbd.settings.servers.<name>.timeout | Time, in seconds, to wait for a response before
attempting error recovery.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updown | Updown script to invoke on CHILD_SA up and down events.
|
| services.kanboard.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fediwall.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.agorakit.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.dolibarr.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.librenms.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.agorakit.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.librenms.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.dolibarr.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.kanboard.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.fediwall.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.mainsail.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.pixelfed.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.mainsail.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.pixelfed.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| systemd.user.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.restic.backups.<name>.repositoryFile | Path to the file containing the repository location to backup to.
|
| services.firewalld.services.<name>.protocols | Protocols for the service.
|
| services.firewalld.services.<name>.ports.*.protocol | |
| virtualisation.qemu.drives.*.name | A name for the drive
|
| services.bitcoind.<name>.extraCmdlineOptions | Extra command line options to pass to bitcoind
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.moodle.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.syncthing.settings.folders.<name>.type | Controls how the folder is handled by Syncthing
|
| services.nagios.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|
| services.fedimintd.<name>.nginx.config.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_DAILY | Limits for timeline cleanup.
|
| services.wordpress.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.allAccess | Grants all permissions in the associated organization.
|
| services.sanoid.templates.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.inadyn.settings.custom.<name>.password | Password for this DDNS provider
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.i2pd.outTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| systemd.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.tokenFile | The token value
|