| services.prometheus.exporters.exportarr-sonarr.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.exportarr-sonarr.openFirewall is true.
|
| services.prometheus.exporters.exportarr-bazarr.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.exportarr-bazarr.openFirewall is true.
|
| services.prometheus.exporters.exportarr-radarr.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.exportarr-radarr.openFirewall is true.
|
| services.prometheus.exporters.exportarr-lidarr.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.exportarr-lidarr.openFirewall is true.
|
| security.wrappers.<name>.setgid | Whether to add the setgid bit the wrapper program.
|
| security.wrappers.<name>.setuid | Whether to add the setuid bit the wrapper program.
|
| services.xserver.cmt.models | Which models to enable cmt for
|
| services.ax25.axports.<name>.description | Free format description of this interface.
|
| services.snapserver.streams.<name>.sampleFormat | Default sample format.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| services.armagetronad.servers.<name>.dns | DNS address to use for this server
|
| services.invoiceplane.sites.<name>.enable | Whether to enable InvoicePlane web application.
|
| services.strongswan-swanctl.swanctl.pools.<name>.dhcp | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.nbns | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.wstunnel.clients.<name>.settings.http-headers | Custom headers to send in the upgrade request
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.outline.smtp.username | Username to authenticate with.
|
| services.gerrit.plugins | List of plugins to add to Gerrit
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| environment.etc.<name>.mode | If set to something else than symlink,
the file is copied instead of symlinked, with the given
file mode.
|
| systemd.paths.<name>.requisite | Similar to requires
|
| services.firewalld.zones.<name>.sourcePorts.*.protocol | |
| systemd.network.networks.<name>.dns | A list of dns servers to be added to the network section of the
unit
|
| systemd.network.networks.<name>.vrf | A list of vrf interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.ntp | A list of ntp servers to be added to the network section of the
unit
|
| boot.initrd.luks.devices.<name>.keyFileOffset | The offset of the key file
|
| services.woodpecker-agents.agents.<name>.package | The woodpecker-agent package to use.
|
| services.maubot.settings.homeservers.<name>.url | Client-server API URL
|
| services.nebula.networks.<name>.lighthouse.dns.host | IP address on which nebula lighthouse should serve DNS.
'localhost' is a good default to ensure the service does not listen on public interfaces;
use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.
|
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.name | Name of the template, must be unique
|
| networking.jool.siit | Definitions of SIIT instances of Jool
|
| security.pam.services.<name>.setEnvironment | Whether the service should set the environment variables
listed in environment.sessionVariables
using pam_env.so.
|
| services.matomo.hostname | URL of the host, without https prefix
|
| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.fluidd.nginx.serverName | Name of this virtual host
|
| services.akkoma.nginx.serverName | Name of this virtual host
|
| services.gancio.nginx.serverName | Name of this virtual host
|
| services.monica.nginx.serverName | Name of this virtual host
|
| services.matomo.nginx.serverName | Name of this virtual host
|
| services.anuko-time-tracker.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.wyoming.faster-whisper.servers.<name>.language | The language used to to parse words and sentences.
|
| systemd.user.timers.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.slices.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.sanoid.datasets.<name>.processChildrenOnly | Whether to only snapshot child datasets if recursing.
|
| services.spiped.config.<name>.disableKeepalives | Disable transport layer keep-alives.
|
| services.drupal.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.firewalld.zones.<name>.ingressPriority | Priority for inbound traffic
|
| security.dhparams.params.<name>.bits | The bit size for the prime that is used during a Diffie-Hellman
key exchange.
|
| systemd.services.<name>.notSocketActivated | If set, a changed unit is never assumed to be
socket-activated on configuration switch, even if
it might have associated socket units
|
| systemd.services.<name>.confinement.binSh | The program to make available as /bin/sh inside
the chroot
|
| services.nginx.virtualHosts.<name>.listenAddresses | Listen addresses for this virtual host
|
| services.wstunnel.clients.<name>.upgradePathPrefix | Use a specific HTTP path prefix that will show up in the upgrade
request to the wstunnel server
|
| systemd.user.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.armagetronad.servers.<name>.host | Host to listen on
|
| services.keepalived.vrrpInstances.<name>.useVmac | Use VRRP Virtual MAC.
|
| services.armagetronad.servers.<name>.port | Port to listen on
|
| services.parsedmarc.provision.localMail.hostname | The hostname to use when configuring Postfix
|
| services.keepalived.vrrpScripts.<name>.extraConfig | Extra lines to be added verbatim to the vrrp_script section.
|
| systemd.user.slices.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.timers.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| security.acme.certs.<name>.directory | Directory where certificate and other state is stored.
|
| services.invoiceplane.sites.<name>.stateDir | This directory is used for uploads of attachments and cache
|
| services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| boot.initrd.luks.devices.<name>.yubikey.saltLength | Length of the new salt in byte (64 is the effective maximum).
|
| networking.bridges.<name>.rstp | Whether the bridge interface should enable rstp.
|
| networking.greTunnels.<name>.dev | The underlying network device on which the tunnel resides.
|
| services.zeronsd.servedNetworks.<name>.settings.domain | Domain under which ZeroTier records will be available.
|
| services.kanidm.provision.systems.oauth2.<name>.imageFile | Application image to display in the WebUI
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readBuckets | The organization's buckets which should be allowed to be read
|
| services.jirafeau.nginxConfig.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.jirafeau.nginxConfig.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| security.auditd.plugins.<name>.type | This tells the dispatcher how the plugin wants to be run
|
| systemd.timers.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.slices.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.logrotate.settings.<name>.priority | Order of this logrotate block in relation to the others
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| containers.<name>.flake | The Flake URI of the NixOS configuration to use for the container
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| hardware.display.outputs.<name>.edid | An EDID filename to be used for configured display, as in edid/<filename>
|
| systemd.user.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.timers.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.slices.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.inadyn.settings.provider.<name>.password | Password for this DDNS provider
|
| services.fedimintd.<name>.nginx.config.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.syncthing.settings.folders.<name>.enable | Whether to share this folder
|
| services.woodpecker-agents.agents.<name>.extraGroups | Additional groups for the systemd service.
|