| boot.initrd.luks.devices.<name>.keyFileSize | The size of the key file
|
| services.fedimintd.<name>.bitcoin.rpc.secretFile | If set the URL specified in bitcoin.rpc.url will get the content of this file added
as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com
|
| services.borgbackup.jobs.<name>.readWritePaths | By default, borg cannot write anywhere on the system but
$HOME/.config/borg and $HOME/.cache/borg
|
| services.anubis.instances.<name>.settings | Freeform configuration via environment variables for Anubis
|
| systemd.user.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| services.wstunnel.servers.<name>.loggingLevel | Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct
|
| services.wstunnel.clients.<name>.loggingLevel | Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct
|
| systemd.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.murmur.registerHostname | DNS hostname where your server can be reached
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.tryFiles | Adds try_files directive.
|
| services.radicle.httpd.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.syncthing.settings.folders.<name>.label | The label of the folder.
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.description | The description of this policy
|
| services.wordpress.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| security.acme.certs.<name>.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| services.blockbook-frontend.<name>.debug | Debug mode, return more verbose errors, reload templates on each request.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| systemd.user.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| users.extraUsers.<name>.description | A short description of the user account, typically the
user's full name
|
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.gancio.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| systemd.user.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.wordpress.sites.<name>.languages | List of path(s) to respective language(s) which are copied from the 'languages' directory.
|
| boot.specialFileSystems.<name>.fsType | Type of the file system
|
| systemd.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.kimai.sites.<name>.environmentFile | Securely pass environment variabels to Kimai
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id | Client XAuth username used in the XAuth exchange.
|
| services.github-runners.<name>.noDefaultLabels | Disables adding the default labels
|
| services.monica.hostname | The hostname to serve monica on.
|
| systemd.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.misskey.reverseProxy.webserver.nginx.reuseport | Create an individual listening socket
|
| services.bookstack.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.vdirsyncer.jobs.<name>.config.storages | vdirsyncer storage configurations
|
| services.v4l2-relayd.instances.<name>.input.pipeline | The gstreamer-pipeline to use for the input-stream.
|
| services.davis.hostname | Domain of the host to serve davis under
|
| services.prometheus.exporters.unbound.unbound.host | Path to the unbound control socket
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| systemd.user.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| boot.initrd.luks.devices.<name>.keyFileTimeout | The amount of time in seconds for a keyFile to appear before
timing out and trying passwords.
|
| services.kubernetes.kubelet.taints.<name>.effect | Effect of taint.
|
| services.consul-template.instances.<name>.group | Group under which this instance runs.
|
| services.tahoe.introducers.<name>.package | The tahoelafs package to use.
|
| services.gitlab.smtp.username | Username of the SMTP server for GitLab.
|
| services.gitlab-runner.services.<name>.preGetSourcesScript | Runner-specific command script executed before code is pulled.
|
| services.wordpress.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| networking.sits.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.xserver.xkb.extraLayouts.<name>.languages | A list of languages provided by the layout.
(Use ISO 639-2 codes, for example: "eng" for english)
|
| services.keepalived.vrrpScripts.<name>.weight | Following a failure, adjust the priority by this weight.
|
| services.k3s.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.k3s.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| services.i2pd.inTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.mosquitto.listeners.*.users.<name>.acl | Control client access to topics on the broker.
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| users.extraUsers.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| services.pgbackrest.stanzas.<name>.instances | An attribute set of database instances as described in:
https://pgbackrest.org/configuration.html#section-stanza
Each instance defaults to set pg-host to the attribute's name
|
| services.tor.relay.onionServices.<name>.settings.RendPostPeriod | See torrc manual.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.help | A human-readable description of this metric.
|
| services.wordpress.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.anuko-time-tracker.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fcgiwrap.instances.<name>.process.group | Group as which this instance of fcgiwrap will be run.
|
| systemd.network.links.<name>.extraConfig | Extra configuration append to unit
|
| services.davis.nginx.serverName | Name of this virtual host
|
| services.movim.nginx.serverName | Name of this virtual host
|
| services.slskd.nginx.serverName | Name of this virtual host
|
| services.grafana.settings.smtp.from_name | Name to be used as client identity for EHLO in SMTP dialog.
|
| services.wyoming.faster-whisper.servers.<name>.device | Determines the platform faster-whisper is run on
|
| fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| services.firezone.server.provision.accounts.<name>.policies | All policies to provision
|
| fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| services.grafana.provision.alerting.templates.settings.templates.*.name | Name of the template, must be unique
|
| services.openafsServer.roles.backup.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| networking.ipips.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.restic.backups.<name>.repositoryFile | Path to the file containing the repository location to backup to.
|
| services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.id | A unique identifier for this authentication token
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_DAILY | Limits for timeline cleanup.
|
| services.davis.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|