| services.snapper.configs.<name>.TIMELINE_LIMIT_MONTHLY | Limits for timeline cleanup.
|
| networking.interfaces.<name>.useDHCP | Whether this interface should be configured with DHCP
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecn | Whether to copy the ECN (Explicit Congestion Notification) header field
to/from the outer IP header in tunnel mode
|
| services.fedimintd.<name>.nginx.config.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| systemd.sockets.<name>.requisite | Similar to requires
|
| systemd.targets.<name>.requisite | Similar to requires
|
| systemd.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| programs.tsmClient.servers.<name>.tcpport | TCP port of the IBM TSM server
|
| services.fediwall.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.dolibarr.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.agorakit.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.librenms.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.mainsail.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.pixelfed.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.simplesamlphp.<name>.libDir | Path to the SimpleSAMLphp library directory.
|
| services.matrix-synapse.workers.<name>.worker_app | Type of this worker
|
| services.printing.cups-pdf.instances.<name>.settings.AnonDirName | path for anonymously created PDF files
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| services.rke2.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.rke2.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| services.cloudflared.tunnels.<name>.ingress | Ingress rules
|
| services.cloudflared.tunnels.<name>.default | Catch-all service if no ingress matches
|
| services.mosquitto.bridges.<name>.addresses.*.port | Port of the remote MQTT broker.
|
| services.roundcube.database.username | Username for the postgresql connection
|
| services.authelia.instances.<name>.secrets.jwtSecretFile | Path to your JWT secret used during identity verificaton.
|
| services.wordpress.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| services.fedimintd.<name>.api_iroh.openFirewall | Opens UDP port in firewall for fedimintd's API Iroh endpoint
|
| services.wordpress.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.wordpress.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.btrbk.instances.<name>.snapshotOnly | Whether to run in snapshot only mode
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority | Optional fixed priority for IPsec policies
|
| systemd.user.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.stargazer.certOrg | The name of the organization responsible for the X.509
certificate's /O name.
|
| services.tarsnap.archives.<name>.verylowmem | Reduce memory consumption by a factor of 2 beyond what
lowmem does, at the cost of significantly
slowing down the archiving process.
|
| services.wordpress.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.plausible.database.postgres.dbname | Name of the database to use.
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.netbird.clients.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.netbird.tunnels.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.firewalld.zones.<name>.forwardPorts.*.protocol | |
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.addressDescription | An optional description for resource address, usually a full link to the resource including a schema.
|
| services.firewalld.zones.<name>.sources.*.address | An IP address or a network IP address with a mask for IPv4 or IPv6
|
| security.apparmor.policies.<name>.path | A path of a profile file to include
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| systemd.network.netdevs.<name>.vxlanConfig | Each attribute in this set specifies an option in the
[VXLAN] section of the unit
|
| services.public-inbox.inboxes.<name>.description | User-visible description for the repository.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts | List of remote selectors to include in CHILD_SA
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey_time
|
| services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| services.wordpress.sites.<name>.virtualHost.locations | Declarative location config
|
| systemd.user.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.radicle.ci.adapters.native.instances.<name>.package | The radicle-native-ci package to use.
|
| services.icecream.daemon.netName | Network name to connect to
|
| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.jitsi-videobridge.xmppConfigs.<name>.userName | User part of the JID.
|
| services.wordpress.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.port | The port.
|
| services.xserver.xkb.extraLayouts.<name>.description | A short description of the layout.
|
| networking.wg-quick.interfaces.<name>.listenPort | 16-bit port for listening
|
| services.authelia.instances.<name>.settings | Your Authelia config.yml as a Nix attribute set
|
| networking.bonds.<name>.miimon | DEPRECATED, use driverOptions
|
| users.users.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.borgbackup.jobs.<name>.encryption.mode | Encryption mode to use
|
| services.moodle.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nagios.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.nextcloud-spreed-signaling.backends.<name>.secretFile | The path to the file containing the value for backends.<name>.secret
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|
| services.firewalld.zones.<name>.description | Description for the zone.
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.networkd-dispatcher.rules.<name>.onState | List of names of the systemd-networkd operational states which
should trigger the script
|
| systemd.network.netdevs.<name>.vrfConfig | Each attribute in this set specifies an option in the
[VRF] section of the unit
|
| services.vault-agent.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| systemd.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.name | Name of the datasource to delete.
|
| boot.loader.grub.users.<name>.hashedPasswordFile | Specifies the path to a file containing the password hash
for the account, generated with grub-mkpasswd-pbkdf2
|
| security.apparmor.policies.<name>.state | How strictly this policy should be enforced
|
| systemd.user.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| security.auditd.plugins.<name>.format | Binary passes the data exactly as the audit event dispatcher gets it from
the audit daemon
|
| systemd.network.netdevs.<name>.fooOverUDPConfig | Each attribute in this set specifies an option in the
[FooOverUDP] section of the unit
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucJids | JID of the MUC to join
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| services.jibri.xmppEnvironments.<name>.xmppDomain | The base XMPP domain.
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.mediawiki.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|