| systemd.targets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.nginx.upstreams.<name>.servers | Defines the address and other parameters of the upstream servers
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups | A list of gateway groups (sites) which can reach the resource and may be used to connect to it.
|
| services.fedimintd.<name>.nginx.config.listen.*.addr | Listen address.
|
| services.v4l2-relayd.instances.<name>.input.height | The height to read from input-stream.
|
| services.netbird.clients.<name>.dns-resolver.port | A port to serve DNS entries on when dns-resolver.address is enabled.
|
| services.netbird.tunnels.<name>.dns-resolver.port | A port to serve DNS entries on when dns-resolver.address is enabled.
|
| services.tor.relay.onionServices.<name>.settings | Settings of the onion service
|
| systemd.slices.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.timers.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.firewalld.zones.<name>.sources.*.ipset | An ipset.
|
| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| services.nginx.virtualHosts.<name>.locations | Declarative location config
|
| services.vault-agent.instances.<name>.package | The vault package to use.
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| services.firezone.server.provision.accounts.<name>.actors | All actors (users) to provision
|
| services.fedimintd.<name>.api.openFirewall | Opens port in firewall for fedimintd's api port
|
| services.pgbackrest.stanzas.<name>.jobs | Backups jobs to schedule for this stanza as described in:
https://pgbackrest.org/user-guide.html#quickstart/schedule-backup
|
| services.fedimintd.<name>.nginx.config.kTLS | Whether to enable kTLS support
|
| services.gitlab-runner.services.<name>.cloneUrl | Overwrite the URL for the GitLab instance
|
| systemd.network.netdevs.<name>.macvlanConfig | Each attribute in this set specifies an option in the
[MACVLAN] section of the unit
|
| systemd.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.tarsnap.archives.<name>.keyfile | Set a specific keyfile for this archive
|
| services.radicle.httpd.nginx.locations.<name>.index | Adds index directive.
|
| services.radicle.httpd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.fedimintd.<name>.nginx.config.default | Makes this vhost the default.
|
| services.openafsServer.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.openafsClient.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.klipper.firmwares.<name>.serial | Path to serial port this printer is connected to
|
| services.wordpress.sites.<name>.uploadsDir | This directory is used for uploads of pictures
|
| services.github-runners.<name>.nodeRuntimes | List of Node.js runtimes the runner should support.
|
| services.snipe-it.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.v4l2-relayd.instances.<name>.input.format | The video-format to read from input-stream.
|
| services.atalkd.interfaces.<name>.config | Optional configuration string for this interface.
|
| services.wstunnel.clients.<name>.remoteToLocal | Listen on remote and forwards traffic from local
|
| networking.wlanInterfaces | Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.ghostunnel.servers.<name>.key | Path to certificate private key (PEM with private key)
|
| services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| services.znapzend.zetup.<name>.mbuffer.port | Port to use for mbuffer
|
| services.matomo.webServerUser | Name of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used
|
| networking.fooOverUDP.<name>.protocol | Protocol number of the encapsulated packets
|
| services.davis.nginx.serverName | Name of this virtual host
|
| services.movim.nginx.serverName | Name of this virtual host
|
| services.slskd.nginx.serverName | Name of this virtual host
|
| boot.specialFileSystems.<name>.device | The device as passed to mount
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file | File name in the pkcs12 folder for which this
passphrase should be used.
|
| services.tor.relay.onionServices.<name>.secretKey | Secret key of the onion service
|
| systemd.network.networks.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.wordpress.sites.<name>.plugins | Path(s) to respective plugin(s) which are copied from the 'plugins' directory.
These plugins need to be packaged before use, see example.
|
| systemd.network.networks.<name>.pfifoFastConfig | Each attribute in this set specifies an option in the
[PFIFOFast] section of the unit
|
| systemd.network.networks.<name>.bridgeConfig | Each attribute in this set specifies an option in the
[Bridge] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.fluidd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.drupal.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.openbao.settings.listener.<name>.type | The listener type to enable.
|
| services.public-inbox.settings.coderepo.<name>.dir | Path to a git repository
|
| services.wordpress.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|
| services.tinc.networks.<name>.chroot | Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security
|
| services.kimai.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.k3s.manifests.<name>.content | Content of the manifest file
|
| programs.regreet.font.package | The package that provides the font given in the name option.
|
| services.rke2.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.caddy.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.httpd.virtualHosts.<name>.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.ghostunnel.servers.<name>.cert | Path to certificate (PEM with certificate chain)
|
| services.fedimintd.<name>.p2p.openFirewall | Opens port in firewall for fedimintd's p2p port (both TCP and UDP)
|
| services.httpd.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.nginx.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.name | Name of the contact point
|
| services.awstats.configs.<name>.webService.urlPrefix | The URL prefix under which the awstats pages appear.
|
| services.kimai.sites.<name>.database.createLocally | Create the database and database user locally.
|
| networking.wireless.networks.<name>.pskRaw | Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
networking.wireless.secretsFile and prefixed
with ext:) containing the network pre-shared key.
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
Mutually exclusive with psk and auth.
|
| services.rke2.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.snapserver.streams.<name>.codec | Default audio compression method.
|
| systemd.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| services.btrbk.instances.<name>.settings | configuration options for btrbk
|
| networking.jool.siit.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.cgit.<name>.gitHttpBackend.enable | Whether to bypass cgit and use git-http-backend for HTTP clones
|
| services.geoclue2.appConfig.<name>.isAllowed | Whether the application will be allowed access to location information.
|
| fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| security.pam.services.<name>.ttyAudit.enablePattern | For each user matching one of comma-separated
glob patterns, enable TTY auditing
|
| services.prosody.virtualHosts.<name>.ssl.extraOptions | Extra SSL configuration options.
|
| services.hostapd.radios.<name>.networks.<name>.ignoreBroadcastSsid | Send empty SSID in beacons and ignore probe request frames that do not
specify full SSID, i.e., require stations to know SSID
|
| services.fedimintd.<name>.bitcoin.network | Bitcoin network to participate in.
|
| services.tarsnap.archives.<name>.lowmem | Reduce memory consumption by not caching small files
|
| services.httpd.virtualHosts.<name>.locations | Declarative location config
|
| services.tinc.networks.<name>.interfaceType | The type of virtual interface used for the network connection.
|
| services.radicle.httpd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|