| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| networking.wireless.networks.<name>.pskRaw | Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
networking.wireless.secretsFile and prefixed
with ext:) containing the network pre-shared key.
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
Mutually exclusive with psk and auth.
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.name | Name of the datasource to delete.
|
| services.namecoind.rpc.key | Key file for securing RPC connections.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes | Maximum bytes processed before CHILD_SA gets closed
|
| services.syncthing.settings.folders.<name>.enable | Whether to share this folder
|
| services.easytier.instances.<name>.settings.instance_name | Identify different instances on same host
|
| users.mysql.pam.logging.userColumn | The name of the column in the log table to which the name of the
user being authenticated is stored.
|
| users.mysql.pam.logging.hostColumn | The name of the column in the log table to which the name of the user
being authenticated is stored.
|
| systemd.user.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.kanidm.provision.systems.oauth2.<name>.present | Whether to ensure that this oauth2 resource server is present or absent.
|
| services.simplesamlphp.<name>.phpfpmPool | The PHP-FPM pool that serves SimpleSAMLphp instance.
|
| systemd.user.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.user.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| services.inadyn.settings.provider.<name>.password | Password for this DDNS provider
|
| services.klipper.firmwares.<name>.klipperFlashPackage | Path to the built klipper-flash package.
|
| services.firewalld.services.<name>.sourcePorts.*.protocol | |
| services.authelia.instances.<name>.settings.log.format | Format the logs are written as.
|
| services.stargazer.certOrg | The name of the organization responsible for the X.509
certificate's /O name.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.davis.hostname | Domain of the host to serve davis under
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords | Sets allowed passwords for WPA3-SAE
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| systemd.network.networks.<name>.pfifoFastConfig | Each attribute in this set specifies an option in the
[PFIFOFast] section of the unit
|
| systemd.network.networks.<name>.bridgeConfig | Each attribute in this set specifies an option in the
[Bridge] section of the unit
|
| programs.tsmClient.servers.<name>.inclexcl | Text lines with include.* and exclude.* directives
to be used when sending files to the IBM TSM server,
or an absolute path pointing to a file with such lines.
|
| services.authelia.instances.<name>.secrets.jwtSecretFile | Path to your JWT secret used during identity verificaton.
|
| services.wordpress.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.invoiceplane.sites.<name>.cron.enable | Enable cron service which periodically runs Invoiceplane tasks
|
| services.fediwall.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.dolibarr.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.agorakit.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.librenms.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.mainsail.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.pixelfed.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.wordpress.sites.<name>.database.createLocally | Create the database and database user locally.
|
| systemd.user.targets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.user.sockets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.wordpress.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.wordpress.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.samba-wsdd.hostname | Override (NetBIOS) hostname to be used (default hostname).
|
| services.hostapd.radios.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the global segment was generated and may dynamically
append global options the generated configuration file
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.keepalived.vrrpInstances.<name>.vmacXmitBase | Send/Recv VRRP messages from base interface instead of VMAC interface.
|
| systemd.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.public-inbox.inboxes.<name>.watchheader | If specified, public-inbox-watch(1) will only process
mail containing a matching header.
|
| systemd.network.networks.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| security.apparmor.policies.<name>.profile | The profile file contents
|
| containers.<name>.allowedDevices | A list of device nodes to which the containers has access to.
|
| services.radicle.httpd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.host | The hostname.
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.port | The port.
|
| services.xserver.xkb.extraLayouts.<name>.description | A short description of the layout.
|
| services.wordpress.sites.<name>.virtualHost.locations | Declarative location config
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation | Certificate revocation policy for CRL or OCSP revocation.
- A
strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.- The default revocation policy
relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad
|
| programs.ssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| networking.wlanInterfaces.<name>.meshID | MeshID of interface with type mesh.
|
| services.jitsi-videobridge.xmppConfigs.<name>.domain | Domain part of JID of the XMPP user, if it is different from hostName.
|
| image.repart.partitions.<name>.repartConfig | Specify the repart options for a partiton as a structural setting
|
| networking.jool.siit.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| boot.specialFileSystems.<name>.options | Options used to mount the file system
|
| boot.specialFileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.peertube-runner.instancesToRegister.<name>.url | URL of the PeerTube instance.
|
| services.nginx.virtualHosts.<name>.listen.*.extraParameters | Extra parameters of this listen directive.
|
| services.fedimintd.<name>.nginx.config.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.vault-agent.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| services.zabbixWeb.hostname | Hostname for either nginx or httpd.
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformee | HE single user beamformee support
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformer | HE single user beamformer support
|
| services.radicle.ci.broker.settings.adapters.<name>.command | Adapter command to run.
|
| services.blockbook-frontend.<name>.extraCmdLineOptions | Extra command line options to pass to Blockbook
|
| systemd.user.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| containers.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.znapzend.zetup.<name>.timestampFormat | The timestamp format to use for constructing snapshot names
|
| services.borgbackup.jobs.<name>.encryption.mode | Encryption mode to use
|
| services.moodle.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nagios.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.fedimintd.<name>.consensus.finalityDelay | Consensus peg-in finality delay.
|
| services.gitlab-runner.services.<name>.dockerPrivileged | Give extended privileges to container.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.invoiceplane.sites.<name>.database.user | Database user.
|
| services.dawarich.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| services.mastodon.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.strongswan-swanctl.swanctl.pools.<name>.p_cscf | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.server | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.subnet | Address or CIDR subnets
StrongSwan default: []
|