| services.roundcube.database.dbname | Name of the postgresql database
|
| services.nominatim.database.dbname | Name of the postgresql database.
|
| services.wstunnel.servers.<name>.listen.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| services.firewalld.zones.<name>.forwardPorts.*.port | |
| services.drupal.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.gitlab-runner.services.<name>.dockerExtraHosts | Add a custom host-to-IP mapping.
|
| services.drupal.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.drupal.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.autorandr.profiles.<name>.config | Per output profile configuration.
|
| services.sanoid.templates.<name>.autosnap | Whether to automatically take snapshots.
|
| services.prometheus.exporters.rtl_433.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.rtl_433.openFirewall is true.
|
| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| services.github-runners.<name>.group | Group under which to run the service
|
| systemd.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.syncoid.commands.<name>.sendOptions | Advanced options to pass to zfs send
|
| services.syncoid.commands.<name>.recvOptions | Advanced options to pass to zfs recv
|
| systemd.user.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.orangefs.server.fileSystems.<name>.troveSyncMeta | Sync meta data.
|
| services.public-inbox.settings.coderepo.<name>.cgitUrl | URL of a cgit instance
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.traefik.dynamic.files.<name>.settings | Dynamic configuration for Traefik, written in Nix.
This will be serialized to JSON (which is considered valid YAML) at build, and passed as part of the static file.
|
| services.hostapd.radios.<name>.networks.<name>.ignoreBroadcastSsid | Send empty SSID in beacons and ignore probe request frames that do not
specify full SSID, i.e., require stations to know SSID
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.nagios.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.nagios.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.moodle.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.wordpress.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.wordpress.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.gitlab-runner.services.<name>.executor | Select executor, eg. shell, docker, etc
|
| services.wyoming.piper.servers.<name>.zeroconf.enable | Whether to enable zeroconf discovery.
|
| services.sanoid.datasets.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.fedimintd.<name>.nginx.config.listen | Listen addresses and ports for this virtual host
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.rshim.device | Specify the device name to attach
|
| services.prometheus.exporters.opnsense.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.opnsense.openFirewall is true.
|
| services.prometheus.exporters.graphite.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.graphite.openFirewall is true.
|
| services.prometheus.exporters.influxdb.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.influxdb.openFirewall is true.
|
| services.prometheus.exporters.postgres.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.postgres.openFirewall is true.
|
| services.prometheus.exporters.unpoller.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.unpoller.openFirewall is true.
|
| services.prometheus.exporters.keylight.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.keylight.openFirewall is true.
|
| services.prometheus.exporters.smartctl.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.smartctl.openFirewall is true.
|
| services.prometheus.exporters.fritzbox.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.fritzbox.openFirewall is true.
|
| services.prometheus.exporters.collectd.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.collectd.openFirewall is true.
|
| services.prometheus.exporters.blackbox.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.blackbox.openFirewall is true.
|
| services.prometheus.exporters.nginxlog.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nginxlog.openFirewall is true.
|
| services.prometheus.exporters.mikrotik.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.mikrotik.openFirewall is true.
|
| services.prefect.workerPools.<name>.installPolicy | install policy for the worker (always, if-not-present, never, prompt)
|
| services.displayManager.dms-greeter.compositor.name | The Wayland compositor to run the greeter in
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| systemd.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.orangefs.server.fileSystems.<name>.rootHandle | File system root ID.
|
| services.syncthing.settings.folders.<name>.id | The ID of the folder
|
| services.syncthing.settings.devices.<name>.id | The device ID
|
| virtualisation.qemu.drives.*.name | A name for the drive
|
| services.drupal.sites.<name>.virtualHost.locations | Declarative location config
|
| services.gitlab-runner.services.<name>.dockerPullPolicy | Default pull-policy for Docker images
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| services.firewalld.zones.<name>.forwardPorts.*.to-port | |
| services.restic.backups.<name>.repository | repository to backup to.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from | The start of the port range, inclusive.
|
| services.i2pd.proto.http.hostname | Expected hostname for WebUI.
|
| services.radicle.httpd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.movim.h2o.serverName | Server name to be used for this virtual host
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.namecoind.rpc.key | Key file for securing RPC connections.
|
| networking.firewall.extraReversePathFilterRules | Additional nftables rules to be appended to the rpfilter-allow
chain
|
| services.grafana.provision.dashboards.settings.providers.*.name | A unique provider name.
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.logrotate.settings.<name>.enable | Whether to enable setting individual kill switch.
|
| hardware.digitalbitbox.package | The digitalbitbox package to use
|
| programs.digitalbitbox.package | The digitalbitbox package to use
|
| security.auditd.plugins.<name>.path | This is the absolute path to the plugin executable.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file | File name in the pkcs12 folder for which this
passphrase should be used.
|
| services.borgbackup.jobs.<name>.privateTmp | Set the PrivateTmp option for
the systemd-service
|
| boot.initrd.systemd.contents.<name>.text | Text of the file.
|
| services.bookstack.nginx.locations.<name>.root | Root directory for requests.
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|