| services.ghostunnel.servers.<name>.cert | Path to certificate (PEM with certificate chain)
|
| services.fedimintd.<name>.p2p.openFirewall | Opens port in firewall for fedimintd's p2p port (both TCP and UDP)
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| services.vdirsyncer.jobs.<name>.config.statusPath | vdirsyncer's status path
|
| users.users.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| services.spiped.config.<name>.weakHandshake | Use fast/weak handshaking: This reduces the CPU time spent
in the initial connection setup, at the expense of losing
perfect forward secrecy.
|
| services.kmonad.keyboards.<name>.defcfg.compose.delay | The delay (in milliseconds) between compose key sequences.
|
| services.ytdl-sub.instances.<name>.schedule | How often to run ytdl-sub
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.wstunnel.servers.<name>.listen.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| services.easytier.instances.<name>.settings.hostname | Hostname shown in peer list and web console.
|
| services.fcgiwrap.instances.<name>.socket.mode | Mode to be set on the UNIX socket
|
| services.firewalld.zones.<name>.sources.*.ipset | An ipset.
|
| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| services.vault-agent.instances.<name>.package | The vault package to use.
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.buildkite-agents.<name>.hooks | "Agent" hooks to install
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| services.jupyterhub.kernels.<name>.displayName | Name that will be shown to the user.
|
| services.rke2.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| power.ups.upsmon.monitor.<name>.user | Username from upsd.users for accessing this UPS
|
| services.firezone.server.provision.accounts.<name>.auth | All authentication providers to provision
|
| users.users.<name>.extraGroups | The user's auxiliary groups.
|
| services.github-runners.<name>.extraLabels | Extra labels in addition to the default (unless disabled through the noDefaultLabels option)
|
| services.orangefs.server.fileSystems.<name>.troveSyncData | Sync data.
|
| services.vdirsyncer.jobs.<name>.config.general | general configuration
|
| services.kanata.keyboards.<name>.devices | Paths to keyboard devices
|
| services.btrbk.instances.<name>.settings | configuration options for btrbk
|
| systemd.paths.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| services.atalkd.interfaces.<name>.config | Optional configuration string for this interface.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| virtualisation.fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.gitlab-runner.services.<name>.dockerPullPolicy | Default pull-policy for Docker images
|
| services.samba-wsdd.hostname | Override (NetBIOS) hostname to be used (default hostname).
|
| services.buildkite-agents.<name>.shell | Command that buildkite-agent 3 will execute when it spawns a shell.
|
| services.nylon.<name>.acceptInterface | Tell nylon which interface to listen for client requests on, default is "lo".
|
| services.orangefs.server.fileSystems.<name>.troveSyncMeta | Sync meta data.
|
| services.public-inbox.settings.coderepo.<name>.cgitUrl | URL of a cgit instance
|
| virtualisation.interfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| services.fedimintd.<name>.bitcoin.rpc.secretFile | If set the URL specified in bitcoin.rpc.url will get the content of this file added
as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com
|
| services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.postfix.settings.master.<name>.maxproc | The maximum number of processes to spawn for this service
|
| services.wordpress.sites.<name>.settings | Structural Wordpress configuration
|
| services.anubis.instances.<name>.botPolicy | Anubis policy configuration in Nix syntax
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.orangefs.server.fileSystems.<name>.rootHandle | File system root ID.
|
| services.syncthing.settings.folders.<name>.id | The ID of the folder
|
| services.syncthing.settings.devices.<name>.id | The device ID
|
| services.easytier.instances.<name>.settings | Settings to generate easytier-‹name›.toml
|
| services.tinc.networks.<name>.interfaceType | The type of virtual interface used for the network connection.
|
| services.anki-sync-server.users.*.username | User name accepted by anki-sync-server.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs | List of inputs for this camera.
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.printing.cups-pdf.instances.<name>.enable | Whether to enable this cups-pdf instance.
|
| services.postfix.settings.master.<name>.private | Whether the service's sockets and storage directory is restricted to
be only available via the mail system
|
| services.restic.backups.<name>.rcloneOptions | Options to pass to rclone to control its behavior
|
| services.biboumi.settings.db_name | The name of the database to use
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file | File name in the rsa folder for which this passphrase
should be used.
|
| systemd.user.timers.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.user.slices.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.anubis.instances.<name>.settings.POLICY_FNAME | The policy file to use
|
| services.wyoming.piper.servers.<name>.streaming | Whether to enable audio streaming on sentence boundaries.
|
| services.snapserver.streams.<name>.codec | Default audio compression method.
|
| services.nebula.networks.<name>.enableReload | Enable automatic config reload on config change
|
| systemd.user.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| services.github-runners.<name>.tokenType | Type of token to use for runner registration
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes.*.name | Name of the mute time interval, must be unique
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters | A list of filter to restrict traffic
|
| services.rke2.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| services.postgresql.systemCallFilter.<name>.enable | Whether to enable ‹name› in postgresql's syscall filter.
|
| services.tarsnap.archives.<name>.excludes | Exclude files and directories matching these patterns.
|
| services.nebula.networks.<name>.lighthouse.dns.port | UDP port number for lighthouse DNS server.
|
| services.syncoid.commands.<name>.sendOptions | Advanced options to pass to zfs send
|
| services.syncoid.commands.<name>.recvOptions | Advanced options to pass to zfs recv
|
| services.prometheus.exporters.script.settings.scripts.*.name | Name of the script.
|
| services.gitlab-runner.services.<name>.runUntagged | Register to run untagged builds; defaults to
true when tagList is empty
|
| hardware.deviceTree.overlays.*.name | Name of this overlay
|
| services.gitlab-runner.services.<name>.dockerVolumes | Bind-mount a volume and create it
if it doesn't exist prior to mounting.
|
| services.jibri.xmppEnvironments.<name>.control.muc.nickname | The nickname for this Jibri instance in the MUC.
|
| services.wyoming.faster-whisper.servers.<name>.beamSize | The number of beams to use in beam search
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| services.fcgiwrap.instances.<name>.socket.group | Group to be set as owner of the UNIX socket.
|
| services.invoiceplane.sites.<name>.cron.key | Cron key taken from the administration page.
|
| services.inadyn.settings.custom.<name>.password | Password for this DDNS provider
|
| virtualisation.allInterfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| services.redis.servers.<name>.maxclients | Set the max number of connected clients at the same time.
|
| services.outline.smtp.username | Username to authenticate with.
|
| services.rke2.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.fedimintd.<name>.bitcoin.network | Bitcoin network to participate in.
|