| services.autorandr.profiles.<name>.hooks.postswitch | Postswitch hook executed after mode switch.
|
| services.mastodon.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class
|
| services.mediawiki.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.mysql.galeraCluster.localName | The unique name that identifies this particular node within the cluster
|
| boot.initrd.luks.devices.<name>.fido2.credential | The FIDO2 credential ID.
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| services.bepasty.servers.<name>.defaultPermissions | default permissions for all unauthenticated accesses.
|
| services.jirafeau.nginxConfig.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.vmalert.instances.<name>.settings."notifier.url" | Prometheus Alertmanager URL
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| services.angrr.settings.temporary-root-policies.<name>.period | Retention period for the GC roots matched by this policy.
|
| services.angrr.settings.temporary-root-policies.<name>.path-regex | Regex pattern to match the GC root path.
|
| services.keepalived.vrrpInstances.<name>.trackScripts | List of script names to invoke for health tracking.
|
| services.botamusique.settings.bot.username | Name the bot should appear with.
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.tarsnap.archives.<name>.checkpointBytes | Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|
| services.namecoind.wallet | Wallet file
|
| services.firefox-syncserver.singleNode.hostname | Host name to use for this service.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.passwordFile | The password for this entry, read from the given file when starting hostapd
|
| services.klipper.firmwares.<name>.enableKlipperFlash | Whether to enable flashings scripts for firmware
|
| services.printing.cups-pdf.instances.<name>.settings | Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package
|
| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| services.bcg.device | Device name to configure gateway to use.
|
| services.spiped.config.<name>.disableReresolution | Disable target address re-resolution.
|
| services.anuko-time-tracker.nginx.serverName | Name of this virtual host
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.addr | IP address, optionally with a netmask: IPADDR[/MASK]
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload | Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation
|
| services.evremap.settings.device_name | The name of the device that should be remapped
|
| services.snapserver.streams.<name>.location | For type pipe or file, the path to the pipe or file
|
| networking.nftables.tables.<name>.family | Table family.
|
| networking.nftables.tables.<name>.enable | Enable this table.
|
| services.simplesamlphp.<name>.settings | Configuration options used by SimpleSAMLphp
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| services.authelia.instances.<name>.settings.server.address | The address to listen on.
|
| services.nextcloud-spreed-signaling.backends.<name>.urls | List of URLs of the Nextcloud instance
|
| services.wstunnel.servers.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.wstunnel.clients.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa | Whether to set mark_in on the inbound SA
|
| services.prometheus.scrapeConfigs.*.job_name | The job name assigned to scraped metrics by default.
|
| services.bacula-sd.autochanger.<name>.changerCommand | The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula
|
| services.keepalived.vrrpInstances.<name>.priority | For electing MASTER, highest priority wins
|
| services.angrr.settings.temporary-root-policies.<name>.filter | External filter program to further filter GC roots matched by this policy.
|
| services.fedimintd.<name>.nginx.config.sslCertificateKey | Path to server SSL certificate key.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.alias | Alias directory for requests.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.index | Adds index directive.
|
| services.jibri.xmppEnvironments.<name>.stripFromRoomDomain | The prefix to strip from the room's JID domain to derive the call URL.
|
| services.artalk.user | Artalk user name.
|
| services.sogo.vhostName | Name of the nginx vhost
|
| services.zammad.user | Name of the Zammad user.
|
| services.nginx.virtualHosts.<name>.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| services.librenms.hostname | The hostname to serve LibreNMS on.
|
| services.limesurvey.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| systemd.network.config.routeTables | Defines route table names as an attrset of name to number
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.scope | The scope of the area where this address is valid.
|
| services.bookstack.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.cloudflared.tunnels.<name>.originRequest.caPool | Path to the certificate authority (CA) for the certificate of your origin
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_time | Time to schedule CHILD_SA rekeying
|
| services.zeronsd.servedNetworks.<name>.settings.log_level | Log Level.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| services.kmonad.keyboards.<name>.defcfg.fallthrough | Whether to enable re-emitting unhandled key events.
|
| services.limesurvey.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.limesurvey.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| services.consul-template.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| services.postgresqlWalReceiver.receivers.<name>.connection | Specifies parameters used to connect to the server, as a connection string
|
| networking.interfaces.<name>.mtu | MTU size for packets leaving the interface
|
| services.tor.relay.onionServices.<name>.authorizedClients | Authorized clients for a v3 onion service,
as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
See torrc manual.
|
| networking.bonds.<name>.interfaces | The interfaces to bond together
|
| services.limesurvey.nginx.virtualHost.locations.<name>.tryFiles | Adds try_files directive.
|
| services.postfix.masterConfig.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.keepalived.vrrpInstances.<name>.unicastSrcIp | Default IP for binding vrrpd is the primary IP on interface
|
| services.namecoind.extraNodes | List of additional peer IP addresses to connect to.
|
| networking.wireless.networks.<name>.pskRaw | Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
networking.wireless.secretsFile and prefixed
with ext:) containing the network pre-shared key.
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
Mutually exclusive with psk and auth.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets | Maximum number of packets processed before CHILD_SA gets closed
|
| services.bookstack.nginx.serverName | Name of this virtual host
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.radicle.ci.adapters.native.instances.<name>.settings | Configuration of radicle-native-ci
|
| services.jibri.xmppEnvironments.<name>.control.login.domain | The domain part of the JID for this Jibri instance.
|
| services.kanidm.provision.systems.oauth2.<name>.originLanding | When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| boot.specialFileSystems.<name>.device | The device as passed to mount
|
| services.shorewall.configs | This option defines the Shorewall configs
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.wordpress.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.borgbackup.jobs.<name>.encryption.passCommand | A command which prints the passphrase to stdout
|
| services.angrr.settings.profile-policies.<name>.keep-current-system | Whether to keep the current system generation
|
| services.authelia.instances.<name>.secrets.sessionSecretFile | Path to your session secret
|
| services.sabnzbd.settings.servers.<name>.connections | Number of parallel connections permitted by
the server.
|
| services.tor.settings.Nickname | See torrc manual.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding | Pads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.wyoming.faster-whisper.servers.<name>.initialPrompt | Optional text to provide as a prompt for the first window
|
| services.nullmailer.config.me | The fully-qualifiled host name of the computer running nullmailer
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.buildkite-agents | Attribute set of buildkite agents
|
| networking.bonds.<name>.lacp_rate | DEPRECATED, use driverOptions
|