| services.tinc.networks.<name>.interfaceType | The type of virtual interface used for the network connection.
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.uwsgi.instance | uWSGI configuration
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| services.suricata.settings.stats | Engine statistics such as packet counters, memory use counters and others can be logged in several ways
|
| nixpkgs.localSystem | Systems with a recently generated hardware-configuration.nix
do not need to specify this option, unless cross-compiling, in which case
you should set only nixpkgs.buildPlatform
|
| services.veilid.settings.logging.api.enabled | Events of type 'api' will be logged.
|
| services.avahi.publish.workstation | Whether to register a service of type "_workstation._tcp" on the local LAN.
|
| services.bonsaid.settings.*.command | Command to run when this transition is taken
|
| networking.dhcpcd.wait | This option specifies when the dhcpcd service will fork to background
|
| services.libvirtd.autoSnapshot.snapshotType | Type of snapshot to create (internal or external).
|
| services.minidlna.settings.log_level | Defines the type of messages that should be logged and down to which level of importance.
|
| swapDevices.*.randomEncryption.sectorSize | Set the sector size for the plain encrypted device type
|
| services.biboumi.settings.log_level | Indicate what type of log messages to write in the logs.
0 is debug, 1 is info, 2 is warning, 3 is error.
|
| networking.interfaces.<name>.virtualType | The type of interface to create
|
| services.veilid.settings.logging.system.enabled | Events of type 'system' will be logged.
|
| services.taskserver.config | Configuration options to pass to Taskserver
|
| services.homebridge.uiSettings.platform | Type of the homebridge UI platform
|
| services.matrix-synapse.workers.<name>.worker_app | Type of this worker
|
| services.ollama.package | The ollama package to use
|
| services.firewalld.settings.LogDenied | Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.
|
| services.firefly-iii.settings.DB_CONNECTION | The type of database you wish to use
|
| services.gemstash.settings.db_adapter | Which database type to use
|
| services.gotosocial.setupPostgresqlDB | Whether to setup a local postgres database and populate the
db-type fields in services.gotosocial.settings.
|
| services.mediawiki.database.createLocally | Create the database and database user locally
|
| networking.sits.<name>.encapsulation | Configures the type of encapsulation.
|
| services.bonsaid.settings.*.event_name | Name of the event which should trigger this transition when received by bonsaid
|
| services.znc.config | Configuration for ZNC, see
https://wiki.znc.in/Configuration for details
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts | List of local traffic selectors to include in CHILD_SA
|
| services.networkd-dispatcher.rules.<name>.onState | List of names of the systemd-networkd operational states which
should trigger the script
|
| services._3proxy.services.*.auth | Authentication type
|
| services.veilid.settings.logging.terminal.enabled | Events of type 'terminal' will be logged.
|
| services.limesurvey.database.createLocally | Create the database and database user locally
|
| virtualisation.nixStore9pCache | Type of 9p cache to use when mounting host nix store. "none" provides
no caching. "loose" enables Linux's local VFS cache. "fscache" uses Linux's
fscache subsystem
|
| services.postgresqlBackup.compression | The type of compression to use on the generated database dump.
|
| services.gitlab.smtp.authentication | Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
|
| virtualisation.fileSystems.<name>.fsType | Type of the file system
|
| virtualisation.xen.enable | Whether to enable the Xen Project Hypervisor, a virtualisation technology defined as a type-1 hypervisor, which allows multiple virtual machines, known as domains, to run concurrently on the physical machine
|
| services.doh-server.settings.upstream | Upstream DNS resolver
|
| services.coturn.tls-listening-port | TURN listener port for TLS
|
| services.waagent.settings.ResourceDisk.FileSystem | The file system type for the resource disk
|
| services.znapzend.features.zfsGetType | Whether to enable using zfsGetType if your zfs get supports a
-t argument for filtering by dataset type at all AND
lists properties for snapshots by default when recursing, so that there
is too much data to process while searching for backup plans
|
| services.matrix-synapse.settings.listeners.*.path | Unix domain socket path to bind this listener to.
|
| services.headscale.settings.tls_letsencrypt_challenge_type | Type of ACME challenge to use, currently supported types:
HTTP-01 or TLS-ALPN-01.
|
| services.multipath.devices.*.alias_prefix | The user_friendly_names prefix to use for this device type, instead of the default mpath
|
| virtualisation.fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| services.homebridge.settings.platforms.*.platform | Platform type
|
| services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| services.waagent.settings.ResourceDisk.Format | If set to true, waagent formats and mounts the resource disk that the platform provides,
unless the file system type in `ResourceDisk
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas | Enable per-CPU CHILD_SAs
|
| services.jitsi-meet.secureDomain.authentication | The authentication type to be used by jitsi
|
| services.ollama.acceleration | What interface to use for hardware acceleration
|
| services.suricata.settings.outputs | Configure the type of alert (and other) logging you would like
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter | The auth adapter type
|
| services.nextcloud-spreed-signaling.settings.grpc.targets | For target type static: List of GRPC targets to connect to for clustering mode.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth | Authentication to expect from remote
|
| virtualisation.fileSystems | The file systems to be mounted
|
| services.homebridge.settings.accessories.*.accessory | Accessory type
|
| services.cloudflared.tunnels.<name>.originRequest.proxyType | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.discourse.mail.outgoing.authentication | Authentication type to use, see https://api.rubyonrails.org/classes/ActionMailer/Base.html
|
| services.prometheus.exporters.ecoflow.exporterType | The type of exporter you'd like to use
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| services.prometheus.scrapeConfigs.*.dns_sd_configs.*.port | The port number used if the query type is not SRV.
|
| services.multipath.devices.*.hardware_handler | The hardware handler to use for this device type
|
| services.bacula-sd.autochanger.<name>.changerDevice | The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource
|
| services.healthchecks.settings | Environment variables which are read by healthchecks (local)_settings.py
|
| services.grafana.provision.dashboards.settings.providers.*.options.path | Path grafana will watch for dashboards
|
| services.healthchecks.settingsFile | Environment variables which are read by healthchecks (local)_settings.py
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.path | Unix domain socket path to bind this listener to.
|
| services.prometheus.exporters.mail.configuration.servers | List of servers that should be probed.
Note: if your mailserver has rspamd(8) configured,
it can happen that emails from this exporter are marked as spam
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchType | NetworkManager connection type
The NetworkManager configuration settings reference roughly corresponds to connection types
|
| services.pipewire.wireplumber.extraScripts | Additional scripts for WirePlumber to be used by configuration files
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.role | The type of targets to discover, can be set to:
- "container" to discover virtual machines (SmartOS zones, lx/KVM/bhyve branded zones) running on Triton
- "cn" to discover compute nodes (servers/global zones) making up the Triton infrastructure
Defaults to container in prometheus
when set to null.
|
| services.filesender.settings.storage_filesystem_path | When using storage type filesystem this is the absolute path to the file system where uploaded files are stored until they expire
|
| services.prometheus.scrapeConfigs.*.fallback_scrape_protocol | Fallback protocol to use if a scrape returns blank, unparseable, or otherwise
invalid Content-Type.
|
| services.lighttpd.enableUpstreamMimeTypes | Whether to include the list of mime types bundled with lighttpd
(upstream)
|
| services.nginx.defaultMimeTypes | Default MIME types for NGINX, as MIME types definitions from NGINX are very incomplete,
we use by default the ones bundled in the mailcap package, used by most of the other
Linux distributions.
|
| services.kismet.logTypes | The log types.
|
| services.locate.pruneFS | Which filesystem types to exclude from indexing
|
| boot.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| boot.initrd.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.ananicy.extraTypes | Types to write in 'nixTypes.types'
|
| services.mosquitto.logType | Types of messages to log.
|
| services.siproxd.sipDscp | DSCP (differentiated services) value to be assigned
to SIP packets
|
| services.siproxd.rtpDscp | DSCP (differentiated services) value to be assigned
to RTP packets
|
| services.ceph.global.rgwMimeTypesFile | Path to mime types used by radosgw.
|
| services.bluemap.maps | Settings for files in maps/
|
| nix.buildMachines.*.systems | The system types the build machine can execute derivations on
|
| services.nsd.zones.<name>.rrlWhitelist | Whitelists the given rrl-types.
|
| services.ananicy.rulesProvider | Which package to copy default rules,types,cgroups from.
|
| security.pam.services.<name>.rssh | If set, the calling user's SSH agent is used to authenticate
against the configured keys
|
| services.firewalld.zones.<name>.icmpBlocks | ICMP types to block in the zone.
|
| services.peertube-runner.enabledJobTypes | Job types that this runner will execute.
|
| services.go2rtc.settings.streams | Stream source configuration
|
| services.keycloak.themes | Additional theme packages for Keycloak
|
| services.movim.minifyStaticFiles | Do minification on public static files which reduces the size of
assets — saving data for the server & users as well as offering a
performance improvement
|
| services.diod.exports | List the file systems that clients will be allowed to mount
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|