| services.postfix.settings.master.<name>.args | Arguments to pass to the command
|
| services.blockbook-frontend.<name>.rpc.user | Username for JSON-RPC connections.
|
| services.blockbook-frontend.<name>.rpc.port | Port for JSON-RPC connections.
|
| services.jupyterhub.kernels.<name>.argv | Command and arguments to start the kernel.
|
| services.sanoid.datasets.<name>.useTemplate | Names of the templates to use for this dataset.
|
| services.fedimintd.<name>.api_iroh.port | UDP Port to bind Iroh endpoint for API connections
|
| services.nebula.networks.<name>.settings | Nebula configuration
|
| systemd.user.slices.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.user.timers.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.gancio.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.monica.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.matomo.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.logcheck.ignoreCron.<name>.cmdline | Command line for the cron job
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| services.borgbackup.repos.<name>.group | The group borg serve is run as
|
| systemd.user.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.znapzend.zetup.<name>.postsnap | Command to run after snapshots are taken on the source dataset,
e.g. for database unlocking
|
| services.autorandr.profiles.<name>.hooks | Profile hook scripts.
|
| services.firewalld.services.<name>.short | Short description for the service.
|
| services.firewalld.zones.<name>.services | Services to allow in the zone.
|
| services.znapzend.zetup.<name>.recursive | Whether to do recursive snapshots.
|
| services.rke2.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.geoclue2.appConfig.<name>.isAllowed | Whether the application will be allowed access to location information.
|
| systemd.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.fedimintd.<name>.ui.openFirewall | Opens TCP port in firewall for built-in UI
|
| services.klipper.firmwares.<name>.enable | Whether to enable building of firmware for manual flashing
.
|
| services.public-inbox.inboxes.<name>.inboxdir | The absolute path to the directory which hosts the public-inbox.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from | The start of the port range, inclusive.
|
| services.nginx.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.tahoe.introducers.<name>.tub.port | The port on which the introducer will listen.
|
| services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| systemd.network.networks.<name>.ipv6SendRAConfig | Each attribute in this set specifies an option in the
[IPv6SendRA] section of the unit
|
| systemd.network.netdevs.<name>.l2tpSessions | Each item in this array specifies an option in the
[L2TPSession] section of the unit
|
| services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.hostapd.radios.<name>.networks.<name>.ignoreBroadcastSsid | Send empty SSID in beacons and ignore probe request frames that do not
specify full SSID, i.e., require stations to know SSID
|
| services.wstunnel.clients.<name>.localToRemote | Listen on local and forwards traffic from remote.
|
| services.prosody.virtualHosts.<name>.extraConfig | Additional virtual host specific configuration
|
| services.nsd.zones.<name>.dnssecPolicy.algorithm | Which algorithm to use for DNSSEC
|
| services.anubis.instances | An attribute set of Anubis instances
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| programs.ssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.frp.instances.<name>.settings | Frp configuration, for configuration options
see the example of client
or server on github.
|
| services.borgbackup.jobs.<name>.prune.keep | Prune a repository by deleting all archives not matching any of the
specified retention options
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.borgbackup.repos.<name>.quota | Storage quota for the repository
|
| services.wstunnel.clients.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.borgbackup.jobs.<name>.postHook | Shell commands to run just before exit
|
| services.errbot.instances.<name>.extraConfig | String to be appended to the config verbatim
|
| services.wordpress.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| networking.dhcpcd.denyInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.wordpress.sites.<name>.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.
|
| services.tahoe.nodes.<name>.storage.reservedSpace | The amount of filesystem space to not use for storage.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups | A list of gateway groups (sites) which can reach the resource and may be used to connect to it.
|
| services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.fedimintd.<name>.nginx.config.acmeRoot | Directory for the ACME challenge, which is public
|
| services.nsd.zones.<name>.dnssecPolicy.coverage | The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
| services.nginx.upstreams.<name>.servers | Defines the address and other parameters of the upstream servers
|
| services.firewalld.zones.<name>.sources.*.ipset | An ipset.
|
| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| services.nginx.virtualHosts.<name>.locations | Declarative location config
|
| services.vault-agent.instances.<name>.package | The vault package to use.
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| systemd.sockets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.targets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.i2pd.ifname6 | IPv6 interface to bind to.
|
| services.gancio.settings.hostname | The domain name under which the server is reachable.
|
| services.fedimintd.<name>.api.openFirewall | Opens port in firewall for fedimintd's api port
|
| services.pgbackrest.stanzas.<name>.jobs | Backups jobs to schedule for this stanza as described in:
https://pgbackrest.org/user-guide.html#quickstart/schedule-backup
|
| services.fedimintd.<name>.nginx.config.listen.*.ssl | Enable SSL.
|
| services.znc.confOptions.networks.<name>.modules | ZNC network modules to load.
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| boot.loader.grub.extraFiles | A set of files to be copied to /boot
|
| services.gitlab-runner.services.<name>.cloneUrl | Overwrite the URL for the GitLab instance
|
| systemd.network.netdevs.<name>.macvlanConfig | Each attribute in this set specifies an option in the
[MACVLAN] section of the unit
|
| systemd.user.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.user.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.name | Name of the mute time interval, must be unique
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.tarsnap.archives.<name>.keyfile | Set a specific keyfile for this archive
|
| services.grafana.provision.dashboards.settings.providers.*.name | A unique provider name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| services.klipper.firmwares.<name>.serial | Path to serial port this printer is connected to
|
| services.fedimintd.<name>.nginx.config.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wordpress.sites.<name>.uploadsDir | This directory is used for uploads of pictures
|
| services.wordpress.sites.<name>.database.user | Database user.
|
| services.jibri.xmppEnvironments.<name>.control.muc.nickname | The nickname for this Jibri instance in the MUC.
|
| services.inadyn.settings.custom.<name>.include | File to include additional settings for this provider from.
|
| services.wstunnel.clients.<name>.remoteToLocal | Listen on remote and forwards traffic from local
|
| systemd.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|