| systemd.network.netdevs.<name>.peerConfig | Each attribute in this set specifies an option in the
[Peer] section of the unit
|
| systemd.network.netdevs.<name>.l2tpConfig | Each attribute in this set specifies an option in the
[L2TP] section of the unit
|
| systemd.network.netdevs.<name>.vlanConfig | Each attribute in this set specifies an option in the
[VLAN] section of the unit
|
| systemd.network.netdevs.<name>.wlanConfig | Each attribute in this set specifies an option in the [WLAN] section of the unit
|
| systemd.network.netdevs.<name>.bondConfig | Each attribute in this set specifies an option in the
[Bond] section of the unit
|
| services.buildkite-agents.<name>.hooks | "Agent" hooks to install
|
| services.ytdl-sub.instances.<name>.config | Configuration for ytdl-sub
|
| services.wstunnel.servers.<name>.tlsKey | TLS key to use instead of the hardcoded on in case of HTTPS connections
|
| services.fedimintd.<name>.api_ws.url | Public URL of the API address of the reverse proxy/tls terminator
|
| systemd.user.services.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.wyoming.piper.servers.<name>.piper | The piper-tts package to use.
|
| services.fedimintd.<name>.nginx.config | Overrides to the nginx vhost section for api
|
| services.tahoe.nodes.<name>.sftpd.accounts.url | URL of the accounts server.
|
| services.neo4j.ssl.policies.<name>.clientAuth | The client authentication stance for this policy.
|
| systemd.network.networks.<name>.routes | A list of route sections to be added to the unit
|
| services.nginx.virtualHosts.<name>.kTLS | Whether to enable kTLS support
|
| services.davis.nginx.locations.<name>.root | Root directory for requests.
|
| services.pgbackrest.repos.<name>.host | Repository host when operating remotely
|
| services.movim.nginx.locations.<name>.root | Root directory for requests.
|
| services.slskd.nginx.locations.<name>.root | Root directory for requests.
|
| services.fedimintd.<name>.api_ws.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|
| boot.initrd.luks.devices.<name>.yubikey.twoFactor | Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
|
| boot.initrd.luks.devices.<name>.yubikey.keyLength | Length of the LUKS slot key derived with PBKDF2 in byte.
|
| services.prometheus.exporters.script.settings.scripts.*.name | Name of the script.
|
| boot.loader.grub.extraFiles | A set of files to be copied to /boot
|
| services.rshim.device | Specify the device name to attach
|
| services.github-runners.<name>.enable | Whether to enable GitHub Actions runner
|
| services.errbot.instances.<name>.logLevel | Errbot log level
|
| services.sanoid.datasets.<name>.monthly | Number of monthly snapshots.
|
| services.nebula.networks.<name>.package | The nebula package to use.
|
| boot.initrd.luks.devices.<name>.keyFileOffset | The offset of the key file
|
| services.hostapd.radios.<name>.wifi5.enable | Enables support for IEEE 802.11ac (WiFi 5, VHT)
|
| services.netbird.clients.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.netbird.tunnels.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.tarsnap.archives.<name>.maxbw | Abort archival if upstream bandwidth usage in bytes
exceeds this threshold.
|
| services.vdirsyncer.jobs.<name>.user | User account to run vdirsyncer as, otherwise as a systemd
dynamic user
|
| services.geoclue2.appConfig.<name>.users | List of UIDs of all users for which this application is allowed location
info access, Defaults to an empty string to allow it for all users.
|
| services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.name | Name of the cursor theme to use for the lightdm-enso-os-greeter
|
| services.hadoop.hdfs.httpfs.tempPath | HTTPFS_TEMP path used by HTTPFS
|
| services.harmonia.signKeyPath | DEPRECATED: Use services.harmonia.signKeyPaths instead
|
| services.dendrite.tlsKey | The path to the TLS key.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
|
| security.tpm2.pkcs11.enable | Whether to enable TPM2 PKCS#11 tool and shared library in system path
(/run/current-system/sw/lib/libtpm2_pkcs11.so)
.
|
| services.dovecot2.sslServerCert | Path to the server's public key.
|
| hardware.deviceTree.dtbSource | Path to dtb directory that overlays and other processing will be applied to
|
| services.libinput.mouse.dev | Path for mouse device
|
| services.ncps.cache.secretKeyPath | The path to load the secretKey for signing narinfos
|
| services.outline.sslCertFile | File path that contains the Base64-encoded certificate for HTTPS
termination
|
| services.radicle.httpd.nginx.root | The path of the web root directory.
|
| services.syncthing.cert | Path to the cert.pem file, which will be copied into Syncthing's
configDir.
|
| services.routedns.configFile | Path to RouteDNS TOML configuration file.
|
| services.lk-jwt-service.keyFile | Path to a file containing the credential mapping (<keyname>: <secret>) to access LiveKit
|
| services.oauth2-proxy.keyFile | oauth2-proxy allows passing sensitive configuration via environment variables
|
| services.stash.sessionStoreKeyFile | Path to file containing a secret for session store.
|
| services.buildkite-agents.<name>.shell | Command that buildkite-agent 3 will execute when it spawns a shell.
|
| security.pam.services.<name>.limits.*.domain | Username, groupname, or wildcard this limit applies to
|
| services.nylon.<name>.acceptInterface | Tell nylon which interface to listen for client requests on, default is "lo".
|
| services.wyoming.piper.servers.<name>.useCUDA | Whether to accelerate the underlying onnxruntime library with CUDA.
|
| services.k3s.autoDeployCharts.<name>.extraDeploy | List of extra Kubernetes manifests to deploy with this Helm chart.
|
| services.postfix.masterConfig.<name>.args | Arguments to pass to the command
|
| services.syncoid.commands.<name>.sshKey | SSH private key file to use to login to the remote system
|
| services.dokuwiki.sites.<name>.phpOptions | Options for PHP's php.ini file for this dokuwiki site.
|
| services.inadyn.settings.custom.<name>.ssl | Whether to use HTTPS for this DDNS provider.
|
| services.httpd.virtualHosts.<name>.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.rspamd.workers.<name>.bindSockets | List of sockets to listen, in format acceptable by rspamd
|
| services.tinc.networks.<name>.bindToAddress | The ip address to bind to (both listen on and send packets from).
|
| services.httpd.virtualHosts.<name>.logFormat | Log format for Apache's log files
|
| services.caddy.virtualHosts.<name>.logFormat | Configuration for HTTP request logging (also known as access logs)
|
| systemd.user.sockets.<name>.requisite | Similar to requires
|
| systemd.user.targets.<name>.requisite | Similar to requires
|
| services.nginx.virtualHosts.<name>.extraConfig | These lines go to the end of the vhost verbatim.
|
| systemd.network.networks.<name>.domains | A list of domains to pass to the network config.
|
| services.tinc.networks.<name>.debugLevel | The amount of debugging information to add to the log. 0 means little
logging while 5 is the most logging. man tincd for
more details.
|
| services.fedimintd.<name>.api_ws.port | TCP Port to bind on for API connections relayed by the reverse proxy/tls terminator.
|
| systemd.services.<name>.requisite | Similar to requires
|
| services.rspamd.workers.<name>.includes | List of files to include in configuration
|
| services.tarsnap.archives.<name>.nodump | Exclude files with the nodump flag.
|
| services.syncoid.commands.<name>.extraArgs | Extra syncoid arguments for this command.
|
| services.snipe-it.nginx.locations.<name>.root | Root directory for requests.
|
| services.nebula.networks.<name>.listen.host | IP address to listen on.
|
| services.mailpit.instances.<name>.smtp | SMTP bind interface and port.
|
| services.nebula.networks.<name>.listen.port | Port number to listen on.
|
| services.wstunnel.servers.<name>.enable | Whether to enable this wstunnel instance.
|
| services.znc.confOptions.networks.<name>.port | IRC server port.
|
| services.wstunnel.clients.<name>.enable | Whether to enable this wstunnel instance.
|
| services.dokuwiki.sites.<name>.acl | Access Control Lists: see https://www.dokuwiki.org/acl
Mutually exclusive with services.dokuwiki.aclFile
Set this to a value other than null to take precedence over aclFile option
|
| programs.tsmClient.servers.<name>.tcpport | TCP port of the IBM TSM server
|
| services.tahoe.nodes.<name>.client.shares.happy | The number of distinct storage nodes required to store
a file.
|
| services.rspamd.workers.<name>.extraConfig | Additional entries to put verbatim into worker section of rspamd config file.
|
| services.jitsi-videobridge.xmppConfigs.<name>.hostName | Hostname of the XMPP server to connect to
|
| services.buildkite-agents.<name>.enable | Whether to enable this buildkite agent
|
| services.vault-agent.instances.<name>.group | Group under which this instance runs.
|
| services.awstats.configs.<name>.logFile | The log file to be scanned
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| services.redis.servers.<name>.slowLogLogSlowerThan | Log queries whose execution take longer than X in milliseconds.
|
| services.netbird.tunnels.<name>.dir.state | A state directory used by NetBird client to store config.json, state.json & resolv.conf.
|
| services.netbird.clients.<name>.dir.state | A state directory used by NetBird client to store config.json, state.json & resolv.conf.
|
| services.kmonad.keyboards.<name>.config | Keyboard configuration.
|
| services.opkssh.providers.<name>.issuer | Issuer URI
|