| services.hostapd.radios.<name>.networks | This defines a BSS, colloquially known as a WiFi network
|
| services.awstats.configs.<name>.logFormat | The log format being used
|
| services.znapzend.zetup.<name>.presnap | Command to run before snapshots are taken on the source dataset,
e.g. for database locking/flushing
|
| services.multipath.devices.*.vpd_vendor | The vendor specific vpd page information, using the vpd page abbreviation
|
| services.postfix.settings.master.<name>.type | The type of the service
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| services.bookstack.nginx.root | The path of the web root directory.
|
| services.gitea.captcha.secretFile | Path to a file containing the CAPTCHA secret key.
|
| services.ddclient.configFile | Path to configuration file
|
| services.syncplay.roomsDBFile | Path to SQLite database file to store room states
|
| services.openssh.moduliFile | Path to moduli file to install in
/etc/ssh/moduli
|
| services.rutorrent.rpcSocket | Path to rtorrent rpc socket.
|
| services.fedimintd.<name>.bitcoin.rpc.url | Bitcoin node (bitcoind/electrum/esplora) address to connect to
|
| services.hostapd.radios.<name>.wifi6.require | Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| systemd.services.<name>.confinement.mode | The value full-apivfs (the default) sets up
private /dev, /proc,
/sys, /tmp and /var/tmp file systems
in a separate user name space
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.wstunnel.clients.<name>.soMark | Mark network packets with the SO_MARK sockoption with the specified value
|
| services.udp-over-tcp.udp2tcp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.tcp2udp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.udp-over-tcp.tcp2udp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.udp2tcp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| services.anubis.instances.<name>.policy | Anubis policy configuration
|
| services.geoclue2.appConfig.<name>.isAllowed | Whether the application will be allowed access to location information.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.netbird.tunnels.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| services.netbird.clients.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| security.pam.services.<name>.failDelay.enable | If enabled, this will replace the FAIL_DELAY setting from login.defs
|
| services.drupal.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| systemd.network.networks.<name>.cakeConfig | Each attribute in this set specifies an option in the
[CAKE] section of the unit
|
| systemd.network.networks.<name>.lldpConfig | Each attribute in this set specifies an option in the
[LLDP] section of the unit
|
| systemd.network.networks.<name>.linkConfig | Each attribute in this set specifies an option in the
[Link] section of the unit
|
| systemd.user.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| services.phpfpm.pools.<name>.settings | PHP-FPM pool directives
|
| services.matrix-continuwuity.settings.global.database_path | Path to the continuwuity database, the directory where continuwuity will save its data
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| networking.fooOverUDP.<name>.protocol | Protocol number of the encapsulated packets
|
| services.httpd.virtualHosts.<name>.extraConfig | These lines go to httpd.conf verbatim
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| systemd.network.networks.<name>.gateway | A list of gateways to be added to the network section of the
unit
|
| systemd.network.networks.<name>.address | A list of addresses to be added to the network section of the
unit
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| services.slurm.nodeName | Name that SLURM uses to refer to a node (or base partition for BlueGene
systems)
|
| services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| services.tinc.networks.<name>.listenAddress | The ip address to listen on for incoming connections.
|
| services.restic.backups.<name>.timerConfig | When to run the backup
|
| services.rke2.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.nextcloud.config.dbname | Database name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.snipe-it.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.wyoming.piper.servers.<name>.noiseScale | Generator noise value.
|
| security.pam.services.<name>.ttyAudit.openOnly | Set the TTY audit flag when opening the session,
but do not restore it when closing the session
|
| services.headscale.settings.derp.server.private_key_path | Path to derp private key file, generated automatically if it does not exist.
|
| services.bepasty.servers.<name>.extraConfig | Extra configuration for bepasty server to be appended on the
configuration.
see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
for all options.
|
| services.hostapd.radios.<name>.wifi5.require | Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.
|
| services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.printing.cups-pdf.instances.<name>.settings.Out | output directory;
${HOME} will be expanded to the user's home directory,
${USER} will be expanded to the user name.
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| security.pam.services.<name>.howdy.enable | Whether to enable the Howdy PAM module
|
| services.drupal.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nsd.zones.<name>.children | Children zones inherit all options of their parents
|
| services.anki-sync-server.users.*.username | User name accepted by anki-sync-server.
|
| services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes.*.name | Name of the mute time interval, must be unique
|
| services.anubis.instances.<name>.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| services.siproxd.passwordFile | Path to per-user password file.
|
| services.chisel-server.authfile | Path to auth.json file
|
| services.headphones.dataDir | Path where to store data files.
|
| services.coturn.static-auth-secret-file | Path to the file containing the static authentication secret.
|
| services.asusd.userLedModesConfig.source | Path of the source file.
|
| services.gitlab.registry.keyFile | Path to GitLab container registry certificate-key.
|
| services.asusd.fanCurvesConfig.source | Path of the source file.
|
| services.opengfw.settingsFile | Path to file containing OpenGFW settings.
|
| services.sickbeard.configFile | Path to config file.
|
| services.promtail.configFile | Config file path for Promtail
|
| services.pixiecore.kernel | Kernel path
|
| services.suwayomi-server.dataDir | The path to the data directory in which Suwayomi-Server will download scans.
|
| services.pixiecore.initrd | Initrd path
|
| services.trickster.configFile | Path to configuration file.
|
| services.prosody.extraPluginPaths | Additional path in which to look find plugins/modules
|
| systemd.automounts.*.where | Absolute path of a directory of the mount point
|
| services.xandikos.routePrefix | Path to Xandikos
|
| systemd.network.networks.<name>.macvtap | A list of macvtap interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.bridgeConfig | Each attribute in this set specifies an option in the
[Bridge] section of the unit
|
| systemd.network.netdevs.<name>.tunnelConfig | Each attribute in this set specifies an option in the
[Tunnel] section of the unit
|
| systemd.network.netdevs.<name>.netdevConfig | Each attribute in this set specifies an option in the
[Netdev] section of the unit
|
| systemd.network.netdevs.<name>.ipvlanConfig | Each attribute in this set specifies an option in the [IPVLAN] section of the unit
|
| systemd.network.networks.<name>.macvlan | A list of macvlan interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.ipvtapConfig | Each attribute in this set specifies an option in the [IPVTAP] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| boot.initrd.luks.devices.<name>.yubikey.storage.fsType | The filesystem of the unencrypted device.
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|