| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| programs.xfs_quota.projects.<name>.path | Project directory.
|
| services.keepalived.vrrpInstances.<name>.extraConfig | Extra lines to be added verbatim to the vrrp_instance section.
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter_config.clientSecretFile | A file containing a the client secret for an openid_connect adapter
|
| services.outline.smtp.username | Username to authenticate with.
|
| services.prometheus.exporters.systemd.user | User name under which the systemd exporter shall be run.
|
| services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| services.librenms.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.agorakit.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dolibarr.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.kanboard.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fediwall.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.pixelfed.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.mainsail.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.neo4j.ssl.policies | Defines the SSL policies for use with Neo4j connectors
|
| services.ghostunnel.servers.<name>.extraArguments | Extra arguments to pass to ghostunnel server
|
| services.vdirsyncer.jobs.<name>.additionalGroups | additional groups to add the dynamic user to
|
| services.kanidm.provision.persons.<name>.mailAddresses | Mail addresses
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| services.authelia.instances.<name>.secrets.manual | Configuring authelia's secret files via the secrets attribute set
is intended to be convenient and help catch cases where values are required
to run at all
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| services.bookstack.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.dawarich.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process.
If left empty, all job classes will be executed by this process.
|
| services.strongswan-swanctl.swanctl.pools.<name>.netmask | Address or CIDR subnets
StrongSwan default: []
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.brd | The broadcast address on the interface.
|
| services.simplesamlphp.<name>.authSources | Auth sources options used by SimpleSAMLphp.
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| programs.schroot.profiles.<name>.fstab | A file in the format described in fstab(5), used to mount filesystems inside the chroot
|
| services.simplesamlphp.<name>.localDomain | The domain serving your SimpleSAMLphp instance
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action | Action to perform for this CHILD_SA on DPD timeout
|
| services.fluidd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.akkoma.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.gancio.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.monica.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.matomo.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.radicle.ci.adapters.native.instances.<name>.package | The radicle-native-ci package to use.
|
| services.borgbackup.jobs.<name>.compression | Compression method to use
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_QUARTERLY | Limits for timeline cleanup.
|
| services.syncthing.settings.folders.<name>.devices | The devices this folder should be shared with
|
| services.mosquitto.bridges.<name>.addresses.*.address | Address of the remote MQTT broker.
|
| services.wstunnel.servers.<name>.tlsCertificate | TLS certificate to use instead of the hardcoded one in case of HTTPS connections
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| image.repart.partitions.<name>.contents | The contents to end up in the filesystem image.
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id | PPK identity the PPK belongs to
|
| containers.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.bonsaid.settings.*.event_name | Name of the event which should trigger this transition when received by bonsaid
|
| services.limesurvey.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.limesurvey.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.borgbackup.jobs.<name>.environment | Environment variables passed to the backup script
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| users.extraUsers.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out | Netfilter mark and mask for output traffic
|
| services.postfix.hostname | Hostname to use
|
| services.znc.user | The name of an existing user account to use to own the ZNC server
process
|
| services.fedimintd.<name>.nginx.config.listenAddresses | Listen addresses for this virtual host
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.zeronsd.servedNetworks.<name>.settings.wildcard | Whether to serve a wildcard record for ZeroTier Nodes.
|
| services.borgbackup.jobs.<name>.persistentTimer | Set the Persistent option for the
systemd.timer(5)
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
|
| services.gitea-actions-runner.instances.<name>.hostPackages | List of packages, that are available to actions, when the runner is configured
with a host execution label.
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| services.kanidm.provision.systems.oauth2.<name>.basicSecretFile | The basic secret to use for this service
|
| services.sslh.settings.protocols | List of protocols sslh will probe for and redirect
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| services.mautrix-meta.instances.<name>.registerToSynapse | Whether to add registration file to services.matrix-synapse.settings.app_service_config_files and
make Synapse wait for registration service.
|
| services.jibri.xmppEnvironments.<name>.usageTimeout | The duration that the Jibri session can be
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.postfixadmin.database.dbname | Name of the postgresql database
|
| boot.loader.grub.users.<name>.hashedPasswordFile | Specifies the path to a file containing the password hash
for the account, generated with grub-mkpasswd-pbkdf2
|
| services.limesurvey.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.printing.cups-pdf.instances.<name>.settings.GhostScript | location of GhostScript binary
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.id | IKE identity the IKE preshared secret belongs to
|
| services.nitter.server.hostname | Hostname of the instance.
|
| services.angrr.settings.temporary-root-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.fedimintd.<name>.nginx.config.sslCertificate | Path to server SSL certificate.
|
| services.jibri.xmppEnvironments.<name>.control.muc.domain | The domain part of the MUC to connect to for control.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.slot | Optional slot number to access the token.
|
| services.frigate.hostname | Hostname of the nginx vhost to configure
|
| boot.initrd.luks.devices.<name>.allowDiscards | Whether to allow TRIM requests to the underlying device
|
| services.blockbook-frontend.<name>.messageQueueBinding | Message Queue Binding address:port.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dscp | Whether to copy the DSCP (Differentiated Services Field Codepoint)
header field to/from the outer IP header in tunnel mode
|
| services.znc.confOptions.networks.<name>.hasBitlbeeControlChannel | Whether to add the special Bitlbee operations channel.
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packets | Packet range from which to choose a random value to subtract from
rekey_packets
|
| containers.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.armagetronad.servers.<name>.package | The armagetronad-dedicated package to use
|
| networking.fooOverUDP.<name>.protocol | Protocol number of the encapsulated packets
|
| services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id | Identity the NTLM secret belongs to
|