| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity | Timeout before closing CHILD_SA after inactivity
|
| services.invoiceplane.sites.<name>.poolConfig | Options for the InvoicePlane PHP pool
|
| services.borgbackup.jobs.<name>.encryption.mode | Encryption mode to use
|
| services.moodle.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nagios.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.invoiceplane.sites.<name>.database.user | Database user.
|
| services.kanidm.provision.systems.oauth2.<name>.imageFile | Application image to display in the WebUI
|
| systemd.shutdownRamfs.contents.<name>.dlopen.usePriority | Priority of dlopen ELF notes to include. "required" is
minimal, "recommended" includes "required", and
"suggested" includes "recommended"
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts | List of local traffic selectors to include in CHILD_SA
|
| services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.autorandr.profiles.<name>.hooks.preswitch | Preswitch hook executed before mode switch.
|
| services.strongswan-swanctl.swanctl.pools.<name>.p_cscf | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.server | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.subnet | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes | Maximum bytes processed before CHILD_SA gets closed
|
| services.dovecot2.mailPlugins.perProtocol.<name>.enable | mail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable
|
| services.hostapd.radios.<name>.wifi7.multiUserBeamformer | EHT multi user beamformee support
|
| services.mysql.galeraCluster.localName | The unique name that identifies this particular node within the cluster
|
| services.znapzend.zetup.<name>.destinations | Additional destinations.
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.gitlab-runner.services.<name>.debugTraceDisabled | When set to true Runner will disable the possibility of
using the CI_DEBUG_TRACE feature.
|
| boot.binfmt.registrations.<name>.fixBinary | Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked
|
| services.invoiceplane.sites.<name>.database.host | Database host address.
|
| services.invoiceplane.sites.<name>.database.port | Database host port.
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.btrbk.instances.<name>.snapshotOnly | Whether to run in snapshot only mode
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.zabbixWeb.hostname | Hostname for either nginx or httpd.
|
| services.blockbook-frontend.<name>.templateDir | Location of the HTML templates
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.anuko-time-tracker.nginx.serverName | Name of this virtual host
|
| services.radicle.ci.adapters.native.instances.<name>.package | The radicle-native-ci package to use.
|
| services.icingaweb2.modules.monitoring.backends.<name>.resource | Name of the IDO resource
|
| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords | Sets allowed passwords for WPA3-SAE
|
| services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.wordpress.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.mediawiki.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.mediawiki.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.autorandr.profiles.<name>.hooks.predetect | Predetect hook executed before autorandr attempts to run xrandr.
|
| services.davis.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.movim.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.slskd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.nextcloud.notify_push.dbname | Database name.
|
| services.klipper.firmwares.<name>.klipperFlashPackage | Path to the built klipper-flash package.
|
| systemd.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| users.users.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| systemd.sockets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.buildkite-agents.<name>.runtimePackages | Add programs to the buildkite-agent environment
|
| services.vault-agent.instances.<name>.settings.template | Template section of vault-agent
|
| services.anubis.instances.<name>.settings.BIND_NETWORK | The network family that Anubis should bind to
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation | Certificate revocation policy for CRL or OCSP revocation.
- A
strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.- The default revocation policy
relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad
|
| services.snipe-it.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.keepalived.vrrpInstances.<name>.vmacXmitBase | Send/Recv VRRP messages from base interface instead of VMAC interface.
|
| systemd.user.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.description | Optional description for the bucket.
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.anubis.instances.<name>.policy.useDefaultBotRules | Whether to include Anubis's default bot detection rules via the
(data)/meta/default-config.yaml import
|
| services.bookstack.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| services.github-runners.<name>.serviceOverrides | Modify the systemd service
|
| services.public-inbox.inboxes.<name>.watchheader | If specified, public-inbox-watch(1) will only process
mail containing a matching header.
|
| services.anuko-time-tracker.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.hostapd.radios.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the global segment was generated and may dynamically
append global options the generated configuration file
|
| containers.<name>.specialArgs | A set of special arguments to be passed to NixOS modules
|
| services.jitsi-videobridge.xmppConfigs.<name>.domain | Domain part of JID of the XMPP user, if it is different from hostName.
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| services.peertube-runner.instancesToRegister.<name>.url | URL of the PeerTube instance.
|
| programs.foot.theme | Theme name
|
| services.simplesamlphp.<name>.configDir | Path to the SimpleSAMLphp config directory.
|
| services.rke2.nodeName | Node name.
|
| services.wordpress.sites.<name>.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.nginx.virtualHosts.<name>.listen.*.extraParameters | Extra parameters of this listen directive.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| fileSystems.<name>.device | The device as passed to mount
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformee | HE single user beamformee support
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformer | HE single user beamformer support
|
| systemd.network.networks.<name>.networkEmulatorConfig | Each attribute in this set specifies an option in the
[NetworkEmulator] section of the unit
|
| programs.zsh.ohMyZsh.theme | Name of the theme to be used by oh-my-zsh.
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id | PPK identity the PPK belongs to
|
| services.fedimintd.<name>.consensus.finalityDelay | Consensus peg-in finality delay.
|
| services.bookstack.nginx.serverName | Name of this virtual host
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action | Action to perform for this CHILD_SA on DPD timeout
|
| services.kanidm.provision.persons.<name>.mailAddresses | Mail addresses
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.librenms.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.agorakit.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dolibarr.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.kanboard.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|