| networking.wg-quick.interfaces.<name>.mtu | If not specified, the MTU is automatically determined
from the endpoint addresses or the system default route, which is usually
a sane choice
|
| services.simplesamlphp.<name>.configureNginx | Configure nginx as a reverse proxy for SimpleSAMLphp.
|
| programs.tsmClient.servers.<name>.passworddir | Directory that holds the TSM
node's password information.
|
| services.hostapd.radios.<name>.wifi6.operatingChannelWidth | Determines the operating channel width for HE.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.neo4j.ssl.policies | Defines the SSL policies for use with Neo4j connectors
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.root | Root directory for requests.
|
| networking.interfaces.<name>.virtual | Whether this interface is virtual and should be created by tunctl
|
| services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| services.pantalaimon-headless.instances.<name>.logLevel | Set the log level of the daemon.
|
| services.hostapd.radios.<name>.wifi5.operatingChannelWidth | Determines the operating channel width for VHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.hostapd.radios.<name>.wifi7.operatingChannelWidth | Determines the operating channel width for EHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| users.mysql.pam.table | The name of table that maps unique login names to the passwords.
|
| services.gitea.appName | Application name.
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| services.authelia.instances.<name>.settings.log.file_path | File path where the logs will be written
|
| services.limesurvey.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.pantalaimon-headless.instances.<name>.dataPath | The directory where pantalaimon should store its state such as the database file.
|
| services.datadog-agent.hostname | The hostname to show in the Datadog dashboard (optional)
|
| systemd.user.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| services.syncthing.settings.folders.<name>.versioning.type | The type of versioning
|
| services.tor.settings.Nickname | See torrc manual.
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret | Value of the EAP/XAuth secret
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_out | Netfilter mark applied to packets after the outbound IPsec SA processed
them
|
| programs.ssh.knownHosts | The set of system-wide known SSH hosts
|
| services.cloudflared.tunnels.<name>.originRequest.noTLSVerify | Disables TLS verification of the certificate presented by your origin
|
| services.keepalived.vrrpInstances.<name>.noPreempt | VRRP will normally preempt a lower priority machine when a higher
priority machine comes online. "nopreempt" allows the lower priority
machine to maintain the master role, even when a higher priority machine
comes back online
|
| systemd.generators | Definition of systemd generators; see systemd.generator(5)
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret | Value of decryption passphrase for PKCS#12 container.
|
| services.radicle.ci.adapters.native.instances.<name>.settings.state | Directory where per-run directories are stored.
|
| networking.vswitches.<name>.extraOvsctlCmds | Commands to manipulate the Open vSwitch database
|
| virtualisation.kvmgt.vgpus.<name>.uuid | UUID(s) of VGPU device
|
| systemd.network.networks.<name>.tokenBucketFilterConfig | Each attribute in this set specifies an option in the
[TokenBucketFilter] section of the unit
|
| systemd.network.networks.<name>.heavyHitterFilterConfig | Each attribute in this set specifies an option in the
[HeavyHitterFilter] section of the unit
|
| systemd.network.netdevs.<name>.wireguardConfig | Each attribute in this set specifies an option in the
[WireGuard] section of the unit
|
| services.easytier.instances.<name>.environmentFiles | Environment files for this instance
|
| system.nixos.codeName | The NixOS release code name (e.g. Emu).
|
| programs.uwsm.waylandCompositors.<name>.extraArgs | Extra command-line arguments pass to to the compsitor.
|
| services.mysql.galeraCluster.localName | The unique name that identifies this particular node within the cluster
|
| services.consul-template.instances.<name>.settings.template | Template section of consul-template
|
| services.invoiceplane.sites.<name>.quoteTemplates | List of path(s) to respective template(s) which are copied from the 'quote_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| networking.supplicant.<name>.extraConf | Configuration options for wpa_supplicant.conf
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| systemd.user.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.anuko-time-tracker.nginx.serverName | Name of this virtual host
|
| systemd.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve | How should the speed curve look like
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.mailaddress | Your email address (at the moment used as login name)
|
| networking.wireless.networks.<name>.psk | The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw with an external
reference to keep it safe.
Mutually exclusive with pskRaw.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action | Action to perform after loading the configuration.
- The default of
none loads the connection only, which
then can be manually initiated or used as a responder configuration.
- The value
trap installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
- The value
start initiates the connection actively.
- Since version 5.9.6 two modes above can be combined with
trap|start,
to immediately initiate a connection for which trap policies have been installed
|
| services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.index | Adds index directive.
|
| containers.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| networking.supplicant.<name>.configFile.path | External wpa_supplicant.conf configuration file
|
| services.paretosecurity.users.<name>.inviteId | A unique ID that links the agent to Pareto Cloud
|
| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| services.hddfancontrol.settings.<drive-bay-name>.extraArgs | Extra commandline arguments for hddfancontrol
|
| networking.wireless.networks.<name>.ssid | You could use this field to override the network's ssid
|
| services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| services.gitlab-runner.services.<name>.registrationFlags | Extra command-line flags passed to
gitlab-runner register
|
| services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|
| boot.zfs.devNodes | Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d option
|
| services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration with runner registration
tokens
|
| services.strongswan-swanctl.swanctl.pools.<name>.addrs | Addresses allocated in pool
|
| services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| services.cloudflared.tunnels.<name>.originRequest.httpHostHeader | Sets the HTTP Host header on requests sent to the local service.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name | Name of the filter
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret | Value of the PPK
|
| services.bookstack.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| systemd.services.<name>.confinement.packages | Additional packages or strings with context to add to the closure of
the chroot
|
| services.limesurvey.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.limesurvey.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.hadoop.hdfs.namenode.enable | Whether to enable HDFS NameNode.
|
| systemd.sockets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.easytier.instances.<name>.settings.listeners | Listener addresses to accept connections from other peers
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.armagetronad.servers.<name>.roundSettings | Armagetron Advanced server per-round configuration
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name | See this list
for the available filters.
|
| services.cloudflared.tunnels.<name>.originRequest.tlsTimeout | Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
|
| services.namecoind.rpc.address | IP address the RPC server will bind to.
|
| services.shorewall.configs | This option defines the Shorewall configs
|
| security.ipa.ipaHostname | Fully-qualified hostname used to identify this host in the IPA domain.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|