| systemd.services.<name>.confinement.binSh | The program to make available as /bin/sh inside
the chroot
|
| services.tarsnap.archives | Tarsnap archive configurations
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.fedimintd.<name>.nginx.config.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.fedimintd.<name>.api_iroh.openFirewall | Opens UDP port in firewall for fedimintd's API Iroh endpoint
|
| services.plausible.database.postgres.dbname | Name of the database to use.
|
| services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| services.woodpecker-agents.agents.<name>.enable | Whether to enable this Woodpecker-Agent
|
| systemd.generators | Definition of systemd generators; see systemd.generator(5)
|
| services.public-inbox.inboxes.<name>.description | User-visible description for the repository.
|
| services.namecoind.rpc.port | Port the RPC server will bind to.
|
| services.angrr.settings.profile-policies.<name>.keep-latest-n | Keep the latest N GC roots in this profile.
|
| services.netbird.clients.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.netbird.tunnels.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.easytier.instances.<name>.settings.ipv4 | IPv4 cidr address of this peer in the virtual network
|
| services.anubis.instances.<name>.policy.settings | Additional policy settings merged into the policy file
|
| services.neo4j.ssl.policies | Defines the SSL policies for use with Neo4j connectors
|
| services.jitsi-videobridge.xmppConfigs.<name>.userName | User part of the JID.
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| containers.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.radicle.ci.adapters.native.instances.<name>.enable | Whether to enable this radicle-native-ci instance.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| services.blockbook-frontend.<name>.internal | Internal http server binding [address]:port.
|
| services.syncthing.settings.folders.<name>.enable | Whether to share this folder
|
| systemd.shutdownRamfs.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.tarsnap.archives.<name>.verylowmem | Reduce memory consumption by a factor of 2 beyond what
lowmem does, at the cost of significantly
slowing down the archiving process.
|
| services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.temp | Temperature in °C at which the fan speed should be changed
|
| services.murmur.registerName | Public server registration name, and also the name of the
Root channel
|
| services.inadyn.settings.provider.<name>.password | Password for this DDNS provider
|
| services.dovecot2.mailboxes.<name>.specialUse | Null if no special use flag is set
|
| services.mautrix-meta.instances.<name>.serviceUnit | The systemd unit (a service or a target) for other services to depend on if they
need to be started after matrix-synapse
|
| services.authelia.instances.<name>.secrets.jwtSecretFile | Path to your JWT secret used during identity verificaton.
|
| services.wordpress.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.jibri.xmppEnvironments.<name>.call.login.domain | The domain part of the JID for the recorder.
|
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.fediwall.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.dolibarr.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.agorakit.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.librenms.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.mainsail.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.pixelfed.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.invoiceplane.sites.<name>.cron.enable | Enable cron service which periodically runs Invoiceplane tasks
|
| services.jibri.xmppEnvironments.<name>.xmppDomain | The base XMPP domain.
|
| services.gitlab-runner.services.<name>.dockerAllowedImages | Whitelist allowed images.
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| services.wordpress.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.wordpress.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.wordpress.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| systemd.user.generators | Definition of systemd generators; see systemd.generator(5)
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode | IPsec Mode to establish CHILD_SA with.
tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,- whereas
transport uses IPsec Transport Mode.
transport_proxy signifying the special Mobile IPv6
Transport Proxy Mode.beet is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.- Both
transport and beet modes are
subject to mode negotiation; tunnel mode is
negotiated if the preferred mode is not available.
pass and drop are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively
|
| services.crowdsec-firewall-bouncer.secrets.apiKeyPath | Path to the API key to authenticate with a local CrowdSec API
|
| systemd.user.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.sockets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.printing.cups-pdf.instances.<name>.settings.AnonDirName | path for anonymously created PDF files
|
| systemd.network.networks.<name>.quickFairQueueingConfig | Each attribute in this set specifies an option in the
[QuickFairQueueing] section of the unit
|
| services.fedimintd.<name>.environment | Extra Environment variables to pass to the fedimintd.
|
| services.nebula.networks.<name>.lighthouse.dns.host | IP address on which nebula lighthouse should serve DNS.
'localhost' is a good default to ensure the service does not listen on public interfaces;
use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.host | The hostname.
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.port | The port.
|
| services.xserver.xkb.extraLayouts.<name>.description | A short description of the layout.
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucJids | JID of the MUC to join
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.sslh.settings.protocols | List of protocols sslh will probe for and redirect
|
| services.wordpress.sites.<name>.virtualHost.locations | Declarative location config
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.easytier.instances.<name>.settings.instance_name | Identify different instances on same host
|
| services.netbird.clients.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.netbird.tunnels.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.authelia.instances.<name>.settings | Your Authelia config.yml as a Nix attribute set
|
| services.armagetronad.servers.<name>.enable | Whether to enable armagetronad.
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter_config.clientSecretFile | A file containing a the client secret for an openid_connect adapter
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| services.gitlab.smtp.username | Username of the SMTP server for GitLab.
|
| services.borgbackup.jobs.<name>.removableDevice | Whether the repo (which must be local) is a removable device.
|
| services.influxdb2.provision.users.<name>.present | Whether to ensure that this user is present or absent.
|
| systemd.user.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.vault-agent.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| services.networkd-dispatcher.rules.<name>.onState | List of names of the systemd-networkd operational states which
should trigger the script
|
| services.gitea.appName | Application name.
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| services.hostapd.radios.<name>.wifi6.multiUserBeamformer | HE multi user beamformee support
|
| services.beesd.filesystems.<name>.verbosity | Log verbosity (syslog keyword/level).
|
| services.tarsnap.archives.<name>.explicitSymlinks | Whether to follow symlinks specified as archives.
|
| services.fedimintd.<name>.nginx.config.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.davis.hostname | Domain of the host to serve davis under
|
| services.ghostunnel.servers.<name>.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| services.gitlab-runner.services.<name>.protected | When set to true Runner will only run on pipelines
triggered on protected branches
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.speed | Percent how fast the fan should run at
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96 | HMAC-SHA-256 is used with 128-bit truncation with IPsec
|
| services.samba-wsdd.hostname | Override (NetBIOS) hostname to be used (default hostname).
|