| services.snapserver.streams.<name>.location | For type pipe or file, the path to the pipe or file
|
| services.bacula-sd.autochanger.<name>.changerCommand | The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.angrr.settings.temporary-root-policies.<name>.period | Retention period for the GC roots matched by this policy.
|
| services.angrr.settings.temporary-root-policies.<name>.path-regex | Regex pattern to match the GC root path.
|
| services.jibri.xmppEnvironments.<name>.control.muc.domain | The domain part of the MUC to connect to for control.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.slot | Optional slot number to access the token.
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.id | IKE identity the IKE preshared secret belongs to
|
| services.jibri.xmppEnvironments.<name>.stripFromRoomDomain | The prefix to strip from the room's JID domain to derive the call URL.
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| services.jirafeau.nginxConfig.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.vmalert.instances.<name>.settings."notifier.url" | Prometheus Alertmanager URL
|
| networking.vlans | This option allows you to define vlan devices that tag packets
on top of a physical interface
|
| networking.bridges.<name>.interfaces | The physical network interfaces connected by the bridge.
|
| services.nginx.virtualHosts.<name>.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| image.repart.partitions.<name>.stripNixStorePrefix | Whether to strip /nix/store/ from the store paths
|
| services.slurm.partitionName | Name by which the partition may be referenced
|
| services.postgresqlWalReceiver.receivers.<name>.connection | Specifies parameters used to connect to the server, as a connection string
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.scope | The scope of the area where this address is valid.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id | Identity the NTLM secret belongs to
|
| services.k3s.nodeName | Node name.
|
| systemd.network.networks.<name>.ipv6RoutePrefixes | A list of ipv6RoutePrefix sections to be added to the unit
|
| services.printing.cups-pdf.instances.<name>.settings | Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package
|
| systemd.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| networking.wireless.networks.<name>.bssid | If set, this network block is used only when associating with
the AP using the configured BSSID.
|
| services.postfixadmin.database.dbname | Name of the postgresql database
|
| services.fedimintd.<name>.nginx.config.sslCertificateKey | Path to server SSL certificate key.
|
| services.outline.smtp.username | Username to authenticate with.
|
| services.angrr.settings.temporary-root-policies.<name>.filter | External filter program to further filter GC roots matched by this policy.
|
| networking.interfaces.<name>.wakeOnLan.enable | Whether to enable wol on this interface.
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.consul-template.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| services.authelia.instances.<name>.settings.server.address | The address to listen on.
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.limesurvey.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| networking.domain | The system domain name
|
| services.postfix.masterConfig.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.keepalived.vrrpInstances.<name>.unicastSrcIp | Default IP for binding vrrpd is the primary IP on interface
|
| services.zeronsd.servedNetworks.<name>.settings.log_level | Log Level.
|
| services.taskserver.fqdn | The fully qualified domain name of this server, which is also used
as the common name in the certificates.
|
| networking.wireless.networks.<name>.hidden | Set this to true if the SSID of the network is hidden.
|
| services.cloudflared.tunnels.<name>.originRequest.caPool | Path to the certificate authority (CA) for the certificate of your origin
|
| services.bookstack.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.postfix.hostname | Hostname to use
|
| services.limesurvey.nginx.virtualHost.locations.<name>.alias | Alias directory for requests.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.index | Adds index directive.
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.prometheus.scrapeConfigs.*.job_name | The job name assigned to scraped metrics by default.
|
| services.kmonad.keyboards.<name>.defcfg.fallthrough | Whether to enable re-emitting unhandled key events.
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| networking.interfaces.<name>.ipv6.routes | List of extra IPv6 static routes that will be assigned to the interface.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.replay_window | IPsec replay window to configure for this CHILD_SA
|
| services.system76-scheduler.assignments.<name>.nice | Niceness.
|
| systemd.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.firefox-syncserver.singleNode.hostname | Host name to use for this service.
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.keepalived.vrrpInstances.<name>.interface | Interface for inside_network, bound by vrrp.
|
| services.archisteamfarm.bots.<name>.enabled | Whether to enable the bot on startup.
|
| services.tor.relay.onionServices.<name>.authorizedClients | Authorized clients for a v3 onion service,
as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
See torrc manual.
|
| services.tarsnap.archives | Tarsnap archive configurations
|
| services.borgbackup.repos.<name>.authorizedKeys | Public SSH keys that are given full write access to this repository
|
| networking.interfaces.<name>.ipv6.routes.*.via | IPv6 address of the next hop.
|
| networking.interfaces.<name>.ipv4.routes.*.via | IPv4 address of the next hop.
|
| services.frigate.hostname | Hostname of the nginx vhost to configure
|
| security.auditd.plugins.<name>.direction | The option is dictated by the plugin
|
| services.evremap.settings.device_name | The name of the device that should be remapped
|
| services.k3s.autoDeployCharts.<name>.extraFieldDefinitions | Extra HelmChart field definitions that are merged with the rest of the HelmChart
custom resource
|
| services.limesurvey.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.limesurvey.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| boot.initrd.systemd.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| programs.proxychains.proxies.<name>.enable | Whether to enable this proxy.
|
| systemd.network.networks.<name>.routingPolicyRules | A list of routing policy rules sections to be added to the unit
|
| networking.vswitches.<name>.openFlowVersion | Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with openFlowRules).
|
| services.fediwall.nginx.serverName | Name of this virtual host
|
| services.librenms.nginx.serverName | Name of this virtual host
|
| services.kanboard.nginx.serverName | Name of this virtual host
|
| services.dolibarr.nginx.serverName | Name of this virtual host
|
| services.agorakit.nginx.serverName | Name of this virtual host
|
| services.mainsail.nginx.serverName | Name of this virtual host
|
| services.pixelfed.nginx.serverName | Name of this virtual host
|
| services.sabnzbd.settings.servers.<name>.connections | Number of parallel connections permitted by
the server.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| containers.<name>.nixpkgs | A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.borgbackup.jobs.<name>.encryption.passCommand | A command which prints the passphrase to stdout
|
| services.angrr.settings.profile-policies.<name>.keep-current-system | Whether to keep the current system generation
|
| services.authelia.instances.<name>.secrets.sessionSecretFile | Path to your session secret
|
| security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| services.wordpress.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.botamusique.settings.bot.username | Name the bot should appear with.
|