| services.wyoming.faster-whisper.servers.<name>.language | The language used to to parse words and sentences.
|
| services.jibri.xmppEnvironments.<name>.xmppDomain | The base XMPP domain.
|
| boot.specialFileSystems.<name>.device | The device as passed to mount
|
| systemd.user.slices.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.user.timers.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| boot.initrd.luks.devices.<name>.fido2.credential | The FIDO2 credential ID.
|
| systemd.user.sockets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.targets.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| networking.nftables.tables.<name>.family | Table family.
|
| networking.nftables.tables.<name>.enable | Enable this table.
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|
| services.wordpress.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.parsedmarc.provision.localMail.hostname | The hostname to use when configuring Postfix
|
| services.monica.hostname | The hostname to serve monica on.
|
| services.fluidd.nginx.serverName | Name of this virtual host
|
| services.akkoma.nginx.serverName | Name of this virtual host
|
| services.gancio.nginx.serverName | Name of this virtual host
|
| services.monica.nginx.serverName | Name of this virtual host
|
| services.matomo.nginx.serverName | Name of this virtual host
|
| services.blockbook-frontend.<name>.extraConfig | Additional configurations to be appended to coin.conf
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucJids | JID of the MUC to join
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode | IPsec Mode to establish CHILD_SA with.
tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,- whereas
transport uses IPsec Transport Mode.
transport_proxy signifying the special Mobile IPv6
Transport Proxy Mode.beet is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.- Both
transport and beet modes are
subject to mode negotiation; tunnel mode is
negotiated if the preferred mode is not available.
pass and drop are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| services.authelia.instances.<name>.settings | Your Authelia config.yml as a Nix attribute set
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.fcgiwrap.instances.<name>.process.prefork | Number of processes to prefork.
|
| services.firewalld.zones.<name>.sources.*.address | An IP address or a network IP address with a mask for IPv4 or IPv6
|
| services.netbird.clients.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.netbird.tunnels.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| services.networkd-dispatcher.rules.<name>.onState | List of names of the systemd-networkd operational states which
should trigger the script
|
| networking.interfaces.<name>.mtu | MTU size for packets leaving the interface
|
| services.kanidm.provision.systems.oauth2.<name>.scopeMaps | Maps kanidm groups to returned oauth scopes
|
| containers.<name>.macvlans | The list of host interfaces from which macvlans will be
created
|
| services.zeronsd.servedNetworks.<name>.settings.domain | Domain under which ZeroTier records will be available.
|
| services.armagetronad.servers.<name>.enable | Whether to enable armagetronad.
|
| services.easytier.instances.<name>.settings.peers | Peers to connect initially
|
| services.drupal.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.borgbackup.jobs.<name>.removableDevice | Whether the repo (which must be local) is a removable device.
|
| services.influxdb2.provision.users.<name>.present | Whether to ensure that this user is present or absent.
|
| systemd.network.networks.<name>.ipv6SendRAConfig | Each attribute in this set specifies an option in the
[IPv6SendRA] section of the unit
|
| systemd.network.netdevs.<name>.l2tpSessions | Each item in this array specifies an option in the
[L2TPSession] section of the unit
|
| services.github-runners.<name>.extraEnvironment | Extra environment variables to set for the runner, as an attrset.
|
| services.ghostunnel.servers.<name>.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| networking.bonds.<name>.interfaces | The interfaces to bond together
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| services.xserver.cmt.models | Which models to enable cmt for
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.hostapd.radios.<name>.wifi6.multiUserBeamformer | HE multi user beamformee support
|
| services.beesd.filesystems.<name>.verbosity | Log verbosity (syslog keyword/level).
|
| services.tarsnap.archives.<name>.explicitSymlinks | Whether to follow symlinks specified as archives.
|
| systemd.sockets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.targets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.postfix.settings.master.<name>.privileged | |
| services.invoiceplane.sites.<name>.poolConfig | Options for the InvoicePlane PHP pool
|
| services.btrbk.instances.<name>.snapshotOnly | Whether to run in snapshot only mode
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanidm.provision.systems.oauth2.<name>.originUrl | The redirect URL of the service
|
| services.jirafeau.nginxConfig.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.jirafeau.nginxConfig.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| services.nebula.networks.<name>.lighthouse.dns.enable | Whether this lighthouse node should serve DNS.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles | List of roles for this stream
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| services.dovecot2.mailPlugins.perProtocol.<name>.enable | mail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.bookstack.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| networking.bonds.<name>.lacp_rate | DEPRECATED, use driverOptions
|
| services.simplesamlphp.<name>.package | The simplesamlphp package to use.
|
| services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| services.radicle.httpd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.hostapd.radios.<name>.wifi7.multiUserBeamformer | EHT multi user beamformee support
|
| services.znapzend.zetup.<name>.destinations | Additional destinations.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96 | HMAC-SHA-256 is used with 128-bit truncation with IPsec
|
| systemd.network.netdevs.<name>.macvlanConfig | Each attribute in this set specifies an option in the
[MACVLAN] section of the unit
|
| services.fedimintd.<name>.nginx.config.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts | List of local traffic selectors to include in CHILD_SA
|
| services.strongswan-swanctl.swanctl.authorities.<name>.module | Optional PKCS#11 module name.
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.description | Optional description for the bucket.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity | Timeout before closing CHILD_SA after inactivity
|
| services.anubis.instances.<name>.policy.settings | Additional policy settings merged into the policy file
|
| services.angrr.settings.profile-policies.<name>.keep-latest-n | Keep the latest N GC roots in this profile.
|
| services.easytier.instances.<name>.settings.ipv4 | IPv4 cidr address of this peer in the virtual network
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.printing.cups-pdf.instances.<name>.settings.Spool | spool directory
|
| systemd.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|