| services.pixelfed.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.mainsail.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_email_domains | List of email domains to allow access to this vhost, or null to allow all.
|
| security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saeAddToMacAllow | If set, all sae password entries that have a non-wildcard MAC associated to
them will additionally be used to populate the MAC allow list
|
| services.traefik.dynamic.files.<name>.settings | Dynamic configuration for Traefik, written in Nix.
This will be serialized to JSON (which is considered valid YAML) at build, and passed as part of the static file.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id | Identity in CA certificate to accept for authentication
|
| services.authelia.instances.<name>.package | The authelia package to use.
|
| services.mosquitto.bridges.<name>.settings | Additional settings for this bridge.
|
| systemd.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqid | Fixed reqid to use for this CHILD_SA
|
| services.honk.username | The admin account username.
|
| services.wstunnel.clients.<name>.customHeaders | Custom HTTP headers to send during the upgrade request.
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.anubis.instances.<name>.policy.extraBots | Additional bot rules appended to the policy
|
| services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.woodpecker-agents.agents.<name>.path | Additional packages that should be added to the agent's PATH
|
| containers.<name>.bindMounts | An extra list of directories that is bound to the container.
|
| services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| boot.initrd.systemd.contents.<name>.dlopen.usePriority | Priority of dlopen ELF notes to include. "required" is
minimal, "recommended" includes "required", and
"suggested" includes "recommended"
|
| services.wordpress.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| programs.xfs_quota.projects.<name>.fileSystem | XFS filesystem hosting the xfs_quota project.
|
| services.snapper.configs.<name>.TIMELINE_CREATE | Defines whether hourly snapshots should be created.
|
| systemd.user.services.<name>.environment | Environment variables passed to the service's processes.
|
| services.radicle.httpd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.davis.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.slskd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.movim.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.murmur.registerHostname | DNS hostname where your server can be reached
|
| services.bcg.mqtt.username | MQTT server access username.
|
| services.logrotate.settings.<name>.global | Whether this setting is a global option or not: set to have these
settings apply to all files settings with a higher priority.
|
| services.wyoming.faster-whisper.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| services.netbird.tunnels.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.netbird.clients.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| system.nixos.codeName | The NixOS release code name (e.g. Emu).
|
| services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| services.drupal.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| systemd.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| openstack.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.nginx.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| systemd.network.networks.<name>.ipv6PREF64Prefixes | A list of IPv6PREF64Prefix sections to be added to the unit
|
| services.orangefs.server.fileSystems.<name>.extraConfig | Extra config for <FileSystem> section.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readBuckets | The organization's buckets which should be allowed to be read
|
| services.wordpress.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.nntp-proxy.users.<name>.maxConnections | Maximum number of concurrent connections to the proxy for this user
|
| boot.initrd.luks.devices.<name>.bypassWorkqueues | Whether to bypass dm-crypt's internal read and write workqueues
|
| services.borgbackup.jobs.<name>.exclude | Exclude paths matching any of the given patterns
|
| services.nebula.networks.<name>.enableReload | Enable automatic config reload on config change
|
| services.github-runners.<name>.noDefaultLabels | Disables adding the default labels
|
| services.stargazer.certOrg | The name of the organization responsible for the X.509
certificate's /O name.
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.name | Name of the template, must be unique
|
| boot.loader.systemd-boot.extraFiles | A set of files to be copied to $BOOT
|
| services.bookstack.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.anuko-time-tracker.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.bookstack.nginx.locations.<name>.index | Adds index directive.
|
| services.ttyd.username | Username for basic http authentication.
|
| services.wyoming.faster-whisper.servers.<name>.enable | Whether to enable Wyoming faster-whisper server.
|
| services.fedimintd.<name>.nginx.config.listen | Listen addresses and ports for this virtual host
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.values | A set of columns that will be used as values of this metric.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.labels | A set of columns that will be used as Prometheus labels.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp | Enable IPComp compression before encryption
|
| services.snipe-it.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.openvpn.servers.<name>.updateResolvConf | Use the script from the update-resolv-conf package to automatically
update resolv.conf with the DNS information provided by openvpn
|
| services.blockbook-frontend.<name>.enable | Whether to enable blockbook-frontend application.
|
| systemd.services.<name>.environment | Environment variables passed to the service's processes.
|
| services.kmonad.keyboards.<name>.defcfg.compose.delay | The delay (in milliseconds) between compose key sequences.
|
| services.inadyn.settings.provider.<name>.include | File to include additional settings for this provider from.
|
| services.wordpress.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.borgbackup.jobs.<name>.extraCreateArgs | Additional arguments for borg create
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id | Server side EAP-Identity to expect in the EAP method
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.operator | Grants all permissions in all organizations.
|
| services.reposilite.database.dbname | Database name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys | List of raw public key candidates to use for
authentication
|
| services.kimai.sites.<name>.database.serverVersion | MySQL exact version string
|
| services.postfix.settings.master.<name>.maxproc | The maximum number of processes to spawn for this service
|
| services.warpgate.settings.sso_providers.*.name | Internal identifier of SSO provider.
|
| services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| systemd.user.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.bitcoind.<name>.prune | Reduce storage requirements by enabling pruning (deleting) of old
blocks
|
| services.consul-template.instances.<name>.group | Group under which this instance runs.
|
| services.tahoe.introducers.<name>.package | The tahoelafs package to use.
|
| services.gitlab-runner.services.<name>.preBuildScript | Runner-specific command script executed after code is pulled,
just before build executes.
|
| services.sabnzbd.settings.servers.<name>.timeout | Time, in seconds, to wait for a response before
attempting error recovery.
|
| services.neo4j.ssl.policies.<name>.revokedDir | Path to directory of CRLs (Certificate Revocation Lists) in
PEM format
|
| services.fedimintd.<name>.nginx.config.basicAuthFile | Basic Auth password file for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.matomo.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.monica.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| boot.initrd.luks.devices.<name>.fido2.credentials | List of FIDO2 credential IDs
|
| programs.schroot.profiles.<name>.copyfiles | A list of files to copy into the chroot from the host system.
|