| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file | File name in the pkcs12 folder for which this
passphrase should be used.
|
| services.slurm.nodeName | Name that SLURM uses to refer to a node (or base partition for BlueGene
systems)
|
| services.authelia.instances.<name>.enable | Whether to enable Authelia instance.
|
| services.autorandr.profiles.<name>.config | Per output profile configuration.
|
| services.sanoid.templates.<name>.autosnap | Whether to automatically take snapshots.
|
| systemd.user.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.dokuwiki.sites.<name>.settings | Structural DokuWiki configuration
|
| systemd.user.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.orangefs.server.fileSystems.<name>.troveSyncData | Sync data.
|
| services.vdirsyncer.jobs.<name>.config.general | general configuration
|
| services.displayManager.dms-greeter.compositor.name | The Wayland compositor to run the greeter in
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| services.fedimintd.<name>.nginx.config.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.wstunnel.servers.<name>.listen.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.gitlab-runner.services.<name>.preBuildScript | Runner-specific command script executed after code is pulled,
just before build executes.
|
| services.drupal.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.radicle.ci.broker.settings.adapters.<name>.env | Environment variables to add when running the adapter.
|
| services.snipe-it.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.neo4j.ssl.policies.<name>.revokedDir | Path to directory of CRLs (Certificate Revocation Lists) in
PEM format
|
| services.drupal.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| services.jibri.xmppEnvironments.<name>.control.login.username | User part of the JID.
|
| services.drupal.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.drupal.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| systemd.user.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| networking.fooOverUDP.<name>.local | Local address (and optionally device) to bind to using the given port.
|
| services.sanoid.datasets.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.syncoid.commands.<name>.sendOptions | Advanced options to pass to zfs send
|
| services.syncoid.commands.<name>.recvOptions | Advanced options to pass to zfs recv
|
| services.orangefs.server.fileSystems.<name>.troveSyncMeta | Sync meta data.
|
| services.public-inbox.settings.coderepo.<name>.cgitUrl | URL of a cgit instance
|
| services.bitwarden-directory-connector-cli.ldap.hostname | The host the LDAP is accessible on.
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.nagios.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.nagios.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.moodle.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.wordpress.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| services.prefect.workerPools.<name>.installPolicy | install policy for the worker (always, if-not-present, never, prompt)
|
| openstack.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| services.firewalld.zones.<name>.forwardPorts.*.to-port | |
| services.restic.backups.<name>.repository | repository to backup to.
|
| security.wrappers.<name>.source | The absolute path to the program to be wrapped.
|
| security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| boot.initrd.luks.devices.<name>.fido2.gracePeriod | Time in seconds to wait for the FIDO2 key.
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.wordpress.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| virtualisation.oci-containers.containers.<name>.hostname | The hostname of the container.
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.wyoming.piper.servers.<name>.zeroconf.enable | Whether to enable zeroconf discovery.
|
| services.orangefs.server.fileSystems.<name>.rootHandle | File system root ID.
|
| services.syncthing.settings.folders.<name>.id | The ID of the folder
|
| services.syncthing.settings.devices.<name>.id | The device ID
|
| services.easytier.instances.<name>.extraArgs | Extra args append to the easytier command-line.
|
| services.logrotate.settings.<name>.enable | Whether to enable setting individual kill switch.
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| security.auditd.plugins.<name>.args | This allows you to pass arguments to the child program
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.traefik.dynamic.files.<name>.settings | Dynamic configuration for Traefik, written in Nix.
This will be serialized to JSON (which is considered valid YAML) at build, and passed as part of the static file.
|
| networking.fooOverUDP.<name>.local.address | Local address to bind to
|
| services.drupal.sites.<name>.virtualHost.locations | Declarative location config
|
| services.firewalld.services.<name>.sourcePorts | Source ports for the service.
|
| services.blockbook-frontend.<name>.sync | Synchronizes until tip, if together with zeromq, keeps index synchronized.
|
| services.dovecot2.mailboxes.<name>.auto | Whether to automatically create or create and subscribe to the mailbox or not.
|
| services.fcgiwrap.instances.<name>.socket.mode | Mode to be set on the UNIX socket
|
| services.restic.backups.<name>.initialize | Create the repository if it doesn't exist.
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.bookstack.nginx.locations.<name>.root | Root directory for requests.
|
| services.borgbackup.jobs.<name>.privateTmp | Set the PrivateTmp option for
the systemd-service
|
| systemd.user.slices.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.timers.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.slices.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.timers.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.printing.cups-pdf.instances.<name>.enable | Whether to enable this cups-pdf instance.
|
| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| services.anubis.instances.<name>.policy.extraBots | Additional bot rules appended to the policy
|
| programs.neovim.runtime.<name>.source | Path of the source file.
|
| systemd.network.links.<name>.linkConfig | Each attribute in this set specifies an option in the
[Link] section of the unit
|
| services.radicle.httpd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| services.firewalld.zones.<name>.ports.*.protocol | |
| services.fedimintd.<name>.nginx.config.listen | Listen addresses and ports for this virtual host
|
| networking.ipips.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| containers.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|