| services.snapper.configs.<name>.TIMELINE_LIMIT_MONTHLY | Limits for timeline cleanup.
|
| systemd.sockets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.targets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| boot.initrd.luks.devices.<name>.keyFileSize | The size of the key file
|
| services.netbird.clients.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.netbird.tunnels.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp | Enable IPComp compression before encryption
|
| services.plausible.database.postgres.dbname | Name of the database to use.
|
| services.gitlab-runner.services.<name>.dockerAllowedServices | Whitelist allowed services.
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.easytier.instances.<name>.configServer | Configure the instance from config server
|
| services.matrix-synapse.workers.<name>.worker_app | Type of this worker
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.authelia.instances.<name>.settings.server.address | The address to listen on.
|
| services.kanidm.provision.persons.<name>.mailAddresses | Mail addresses
|
| services.blockbook-frontend.<name>.configFile | Location of the blockbook configuration file.
|
| services.hadoop.hdfs.namenode.openFirewall | Open firewall ports for HDFS NameNode.
|
| services.roundcube.database.username | Username for the postgresql connection
|
| virtualisation.oci-containers.containers.<name>.labels | Labels to attach to the container at runtime.
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| power.ups.ups.<name>.directives | List of configuration directives for this UPS.
|
| services.dovecot2.mailPlugins.perProtocol.<name>.enable | mail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable
|
| services.ax25.axports.<name>.description | Free format description of this interface.
|
| systemd.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| services.public-inbox.inboxes.<name>.description | User-visible description for the repository.
|
| services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| services.invoiceplane.sites.<name>.poolConfig | Options for the InvoicePlane PHP pool
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.pgadmin.emailServer.username | SMTP server username for email delivery
|
| services.blockbook-frontend.<name>.package | The blockbook package to use.
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucJids | JID of the MUC to join
|
| services.gitea-actions-runner.instances.<name>.labels | Labels used to map jobs to their runtime environment
|
| services.firewalld.zones.<name>.forwardPorts.*.protocol | |
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.buildkite-agents.<name>.privateSshKeyPath | OpenSSH private key
A run-time path to the key file, which is supposed to be provisioned
outside of Nix store.
|
| virtualisation.oci-containers.containers.<name>.podman | Podman-specific settings in OCI containers
|
| services.jitsi-videobridge.xmppConfigs.<name>.userName | User part of the JID.
|
| services.icecream.daemon.hostname | Hostname of the daemon in the icecream infrastructure
|
| systemd.user.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| systemd.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| image.repart.partitions.<name>.contents.<name>.source | Path of the source file.
|
| services.netbird.clients.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.netbird.tunnels.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.jibri.xmppEnvironments.<name>.control.login.domain | The domain part of the JID for this Jibri instance.
|
| virtualisation.oci-containers.containers.<name>.autoStart | When enabled, the container is automatically started on boot
|
| boot.initrd.luks.devices.<name>.yubikey | The options to use for this LUKS device in YubiKey-PBA
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| hardware.sane.brscan4.netDevices.<name>.nodename | The node name of the device
|
| hardware.sane.brscan5.netDevices.<name>.nodename | The node name of the device
|
| services.kanidm.provision.systems.oauth2.<name>.enableLegacyCrypto | Enable legacy crypto on this client
|
| services.wyoming.faster-whisper.servers.<name>.initialPrompt | Optional text to provide as a prompt for the first window
|
| systemd.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.firewalld.zones.<name>.description | Description for the zone.
|
| services.strongswan-swanctl.swanctl.pools.<name>.netmask | Address or CIDR subnets
StrongSwan default: []
|
| services.warpgate.settings.sso_providers.*.name | Internal identifier of SSO provider.
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| services.mpd.settings | Configuration for MPD
|
| programs.dms-shell.plugins.<name>.src | Source of the plugin package or path
|
| services.strongswan-swanctl.swanctl.connections.<name>.pools | List of named IP pools to allocate virtual IP addresses
and other configuration attributes from
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret | Value of the EAP/XAuth secret
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| services.autorandr.profiles.<name>.fingerprint | Output name to EDID mapping
|
| services.borgbackup.jobs.<name>.removableDevice | Whether the repo (which must be local) is a removable device.
|
| services.influxdb2.provision.users.<name>.present | Whether to ensure that this user is present or absent.
|
| services.hqplayerd.auth.username | Username used for HQPlayer's WebUI
|
| services.printing.cups-pdf.instances.<name>.settings.Anonuser | User for anonymous PDF creation
|
| services.jibri.xmppEnvironments.<name>.xmppDomain | The base XMPP domain.
|
| systemd.user.timers.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.slices.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.slices.<name>.aliases | Aliases of that unit.
|
| systemd.timers.<name>.aliases | Aliases of that unit.
|
| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.name | Name of the template, must be unique
|
| virtualisation.oci-containers.containers.<name>.login.registry | Registry where to login to.
|
| services.bcg.automaticRenameNodes | Automatically rename all nodes.
|
| services.ncdns.identity.hostname | The hostname of this ncdns instance, which defaults to the machine
hostname
|
| boot.initrd.luks.devices.<name>.gpgCard.gracePeriod | Time in seconds to wait for the GPG Smartcard.
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.discourse.admin.username | The admin user username.
|
| services.maubot.settings.server.hostname | The IP to listen on
|
| services.vmalert.instances.<name>.settings."notifier.url" | Prometheus Alertmanager URL
|
| services.firewalld.services.<name>.destination | Destinations for the service.
|
| services.firewalld.services.<name>.description | Description for the service.
|
| services.hostapd.radios.<name>.wifi6.multiUserBeamformer | HE multi user beamformee support
|
| services.beesd.filesystems.<name>.verbosity | Log verbosity (syslog keyword/level).
|
| services.tarsnap.archives.<name>.explicitSymlinks | Whether to follow symlinks specified as archives.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.tokenFile | The token value
|