| systemd.network.networks.<name>.bridgeVLANs | A list of BridgeVLAN sections to be added to the unit
|
| services.bookstack.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.vdirsyncer.jobs.<name>.config.storages | vdirsyncer storage configurations
|
| services.snapper.configs.<name>.TIMELINE_CLEANUP | Defines whether the timeline cleanup algorithm should be run for the config.
|
| services.radicle.httpd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| systemd.user.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| containers.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.nsd.zones.<name>.outgoingInterface | This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_HOURLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_YEARLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_WEEKLY | Limits for timeline cleanup.
|
| services.mosquitto.bridges.<name>.addresses | Remote endpoints for the bridge.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id | If this attribute is given with non-zero length, it will set the password identifier
for this entry
|
| services.kubernetes.kubelet.taints.<name>.effect | Effect of taint.
|
| systemd.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.v4l2-relayd.instances.<name>.input.pipeline | The gstreamer-pipeline to use for the input-stream.
|
| services.wordpress.sites.<name>.virtualHost.logFormat | Log format for Apache's log files
|
| boot.initrd.luks.devices.<name>.yubikey.storage.fsType | The filesystem of the unencrypted device.
|
| fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| systemd.network.networks.<name>.canConfig | Each attribute in this set specifies an option in the
[CAN] section of the unit
|
| systemd.network.networks.<name>.pieConfig | Each attribute in this set specifies an option in the
[PIE] section of the unit
|
| systemd.network.netdevs.<name>.fooOverUDPConfig | Each attribute in this set specifies an option in the
[FooOverUDP] section of the unit
|
| services.consul-template.instances.<name>.enable | Whether to enable this consul-template instance.
|
| services.fedimintd.<name>.nginx.config.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.inadyn.settings.custom.<name>.password | Password for this DDNS provider
|
| systemd.shutdown | Definition of systemd shutdown executables
|
| fileSystems.<name>.device | The device as passed to mount
|
| services.bcg.mqtt.username | MQTT server access username.
|
| networking.bonds.<name>.driverOptions | Options for the bonding driver
|
| systemd.user.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.user.services.<name>.notSocketActivated | If set, a changed unit is never assumed to be
socket-activated on configuration switch, even if
it might have associated socket units
|
| systemd.timers.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.slices.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.wordpress.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.pgbackrest.repos.<name>.sftp-private-key-file | SFTP private key file
|
| services.firewalld.services.<name>.protocols | Protocols for the service.
|
| services.firewalld.services.<name>.ports.*.protocol | |
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.gancio.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile | Sets the password for WPA-PSK
|
| services.maddy.hostname | Hostname to use
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies | Whether to install IPsec policies or not
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| services.snapserver.streams.<name>.sampleFormat | Default sample format.
|
| services.v4l2-relayd.instances.<name>.extraPackages | Extra packages to add to GST_PLUGIN_PATH for the instance.
|
| networking.vlans.<name>.interface | The interface the vlan will transmit packets through.
|
| services.kmonad.keyboards.<name>.defcfg.compose.delay | The delay (in milliseconds) between compose key sequences.
|
| services.anuko-time-tracker.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fcgiwrap.instances.<name>.process.group | Group as which this instance of fcgiwrap will be run.
|
| systemd.network.netdevs.<name>.vrfConfig | Each attribute in this set specifies an option in the
[VRF] section of the unit
|
| services.gitlab-runner.services.<name>.postGetSourcesScript | Runner-specific command script executed after code is pulled.
|
| services.radicle.ci.broker.settings.adapters.<name>.env | Environment variables to add when running the adapter.
|
| services.firewalld.zones.<name>.sourcePorts.*.protocol | |
| services.wordpress.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.strongswan-swanctl.swanctl.connections.<name>.children | CHILD_SA configuration sub-section
|
| services.armagetronad.servers.<name>.dns | DNS address to use for this server
|
| services.invoiceplane.sites.<name>.enable | Whether to enable InvoicePlane web application.
|
| services.httpd.virtualHosts.<name>.listenAddresses | Listen addresses for this virtual host
|
| systemd.network.networks.<name>.ipoIBConfig | Each attribute in this set specifies an option in the
[IPoIB] section of the unit
|
| services.davis.nginx.serverName | Name of this virtual host
|
| services.movim.nginx.serverName | Name of this virtual host
|
| services.slskd.nginx.serverName | Name of this virtual host
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecn | Whether to copy the ECN (Explicit Congestion Notification) header field
to/from the outer IP header in tunnel mode
|
| security.auditd.plugins.<name>.format | Binary passes the data exactly as the audit event dispatcher gets it from
the audit daemon
|
| services.fedimintd.<name>.nginx.config.locations | Declarative location config
|
| services.jirafeau.nginxConfig.locations.<name>.alias | Alias directory for requests.
|
| services.jirafeau.nginxConfig.locations.<name>.index | Adds index directive.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs | List of inputs for this camera.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.index | Adds index directive.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.alias | Alias directory for requests.
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.xserver.xkb.extraLayouts.<name>.languages | A list of languages provided by the layout.
(Use ISO 639-2 codes, for example: "eng" for english)
|
| systemd.user.timers.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.slices.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.blockbook-frontend.<name>.internal | Internal http server binding [address]:port.
|
| services.reposilite.database.dbname | Database name.
|
| services.gitea-actions-runner.instances.<name>.enable | Whether to enable Gitea Actions Runner instance.
|
| services.dovecot2.mailboxes.<name>.specialUse | Null if no special use flag is set
|
| boot.loader.grub.extraFiles | A set of files to be copied to /boot
|
| services.borgbackup.jobs.<name>.failOnWarnings | Fail the whole backup job if any borg command returns a warning
(exit code 1), for example because a file changed during backup.
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| networking.jool.nat64.<name>.global.pool6 | The prefix used for embedding IPv4 into IPv6 addresses
|
| services.kmonad.keyboards.<name>.extraGroups | Extra permission groups to attach to the KMonad instance for
this keyboard
|
| services.sanoid.datasets.<name>.processChildrenOnly | Whether to only snapshot child datasets if recursing.
|
| services.spiped.config.<name>.disableKeepalives | Disable transport layer keep-alives.
|