| services.kanidm.provision.systems.oauth2.<name>.originUrl | The redirect URL of the service
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df | Whether to copy the DF bit to the outer IPv4 header in tunnel mode
|
| services.strongswan-swanctl.swanctl.pools.<name>.dhcp | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.nbns | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.wstunnel.clients.<name>.settings.http-headers | Custom headers to send in the upgrade request
|
| services.mpdscribble.endpoints.<name>.url | The url endpoint where the scrobble API is listening.
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.dovecot2.mailboxes.<name>.specialUse | Null if no special use flag is set
|
| boot.initrd.luks.devices.<name>.yubikey | The options to use for this LUKS device in YubiKey-PBA
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| systemd.services.<name>.confinement.enable | If set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
|
| networking.fooOverUDP.<name>.local | Local address (and optionally device) to bind to using the given port.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| services.maubot.settings.homeservers.<name>.url | Client-server API URL
|
| services.mautrix-meta.instances.<name>.serviceUnit | The systemd unit (a service or a target) for other services to depend on if they
need to be started after matrix-synapse
|
| services.autosuspend.wakeups.<name>.enabled | Whether to enable this wake-up check.
|
| services.consul-template.instances.<name>.package | The consul-template package to use.
|
| services.nginx.virtualHosts.<name>.sslCertificate | Path to server SSL certificate.
|
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| systemd.user.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| services.networkd-dispatcher.rules.<name>.script | Shell commands executed on specified operational states.
|
| services.btrbk.instances.<name>.snapshotOnly | Whether to run in snapshot only mode
|
| services.nebula.networks.<name>.lighthouse.dns.enable | Whether this lighthouse node should serve DNS.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles | List of roles for this stream
|
| services.firezone.server.provision.accounts.<name>.gatewayGroups | All gateway groups (sites) to provision
|
| services.anubis.instances | An attribute set of Anubis instances
|
| systemd.user.sockets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| security.wrappers.<name>.source | The absolute path to the program to be wrapped.
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.firezone.server.provision.accounts.<name>.resources | All resources to provision
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.description | Optional description for the API token
|
| services.blockbook-frontend.<name>.internal | Internal http server binding [address]:port.
|
| services.keepalived.vrrpScripts.<name>.interval | Seconds between script invocations.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_MONTHLY | Limits for timeline cleanup.
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| services.anuko-time-tracker.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.wyoming.faster-whisper.servers.<name>.language | The language used to to parse words and sentences.
|
| security.acme.certs.<name>.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.drupal.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id | If this attribute is given with non-zero length, it will set the password identifier
for this entry
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.anubis.instances.<name>.policy.settings | Additional policy settings merged into the policy file
|
| services.movim.h2o.serverName | Server name to be used for this virtual host
|
| systemd.user.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| services.matrix-synapse.workers.<name>.worker_app | Type of this worker
|
| services.firewalld.zones.<name>.sources.*.address | An IP address or a network IP address with a mask for IPv4 or IPv6
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile | Sets the password for WPA-PSK
|
| systemd.network.links.<name>.extraConfig | Extra configuration append to unit
|
| services.easytier.instances.<name>.settings.peers | Peers to connect initially
|
| services.cloudflared.tunnels.<name>.ingress | Ingress rules
|
| services.cloudflared.tunnels.<name>.default | Catch-all service if no ingress matches
|
| services.mosquitto.bridges.<name>.addresses.*.port | Port of the remote MQTT broker.
|
| services.kanidm.provision.systems.oauth2.<name>.present | Whether to ensure that this oauth2 resource server is present or absent.
|
| services.fedimintd.<name>.api_iroh.openFirewall | Opens UDP port in firewall for fedimintd's API Iroh endpoint
|
| systemd.slices.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.timers.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.firewalld.services.<name>.sourcePorts.*.protocol | |
| boot.loader.systemd-boot.windows.<name>.title | The title of the boot menu entry.
|
| services.slurm.nodeName | Name that SLURM uses to refer to a node (or base partition for BlueGene
systems)
|
| services.tarsnap.archives.<name>.verylowmem | Reduce memory consumption by a factor of 2 beyond what
lowmem does, at the cost of significantly
slowing down the archiving process.
|
| networking.ipips.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.fcgiwrap.instances.<name>.process.prefork | Number of processes to prefork.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies | Whether to install IPsec policies or not
|
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.printing.cups-pdf.instances.<name>.settings.Spool | spool directory
|
| services.zeronsd.servedNetworks.<name>.settings.domain | Domain under which ZeroTier records will be available.
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| services.matomo.hostname | URL of the host, without https prefix
|
| services.jirafeau.nginxConfig.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.jirafeau.nginxConfig.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.netbird.clients.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.netbird.tunnels.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.radicle.httpd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.easytier.instances.<name>.settings.ipv4 | IPv4 cidr address of this peer in the virtual network
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| services.firewalld.zones.<name>.forwardPorts.*.protocol | |
| services.radicle.ci.broker.settings.adapters.<name>.command | Adapter command to run.
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| services.fedimintd.<name>.environment | Extra Environment variables to pass to the fedimintd.
|
| services.authelia.instances.<name>.settings.log.format | Format the logs are written as.
|
| services.authelia.instances.<name>.settings | Your Authelia config.yml as a Nix attribute set
|
| services.public-inbox.inboxes.<name>.description | User-visible description for the repository.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecn | Whether to copy the ECN (Explicit Congestion Notification) header field
to/from the outer IP header in tunnel mode
|