| services.misskey.reverseProxy.webserver.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| services.biboumi.settings.hostname | The hostname served by the XMPP gateway
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name | See this list
for the available filters.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.sanoid.templates.<name>.pruning_script | Script to run after pruning snapshot.
|
| boot.initrd.luks.devices.<name>.tryEmptyPassphrase | If keyFile fails then try an empty passphrase first before
prompting for password.
|
| networking.interfaces.<name>.mtu | MTU size for packets leaving the interface
|
| networking.jool.siit.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediated_by | The name of the connection to mediate this connection through
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit | See torrc manual.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.file | Absolute path to the certificate to load
|
| image.repart.partitions.<name>.repartConfig | Specify the repart options for a partiton as a structural setting
|
| security.apparmor.policies.<name>.profile | The profile file contents
|
| networking.bonds.<name>.lacp_rate | DEPRECATED, use driverOptions
|
| systemd.sockets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.targets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| networking.bonds.<name>.interfaces | The interfaces to bond together
|
| services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in)
|
| boot.specialFileSystems.<name>.options | Options used to mount the file system
|
| boot.specialFileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.mysql.galeraCluster.localName | The unique name that identifies this particular node within the cluster
|
| boot.initrd.luks.devices.<name>.yubikey.iterationStep | How much the iteration count for PBKDF2 is increased at each successful authentication.
|
| services.grav.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| services.sslh.settings.protocols | List of protocols sslh will probe for and redirect
|
| services.authelia.instances.<name>.settings.telemetry.metrics.enabled | Enable Metrics.
|
| networking.wlanInterfaces | Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)
|
| services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| services.tarsnap.archives.<name>.aggressiveNetworking | Upload data over multiple TCP connections, potentially
increasing tarsnap's bandwidth utilisation at the cost
of slowing down all other network traffic
|
| services.ncdns.identity.hostname | The hostname of this ncdns instance, which defaults to the machine
hostname
|
| systemd.network.networks.<name>.flowQueuePIEConfig | Each attribute in this set specifies an option in the
[FlowQueuePIE] section of the unit
|
| services.castopod.database.hostname | Database hostname.
|
| systemd.shutdown | Definition of systemd shutdown executables
|
| security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes-in-home | Path prefixes to ignore under home directory
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.kerberos_server.settings.realms.<name>.acl | The privileges granted to a user.
|
| services.sftpgo.user | User account name under which SFTPGo runs.
|
| systemd.user.targets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.user.sockets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.cloudflared.tunnels.<name>.originRequest.connectTimeout | Timeout for establishing a new TCP connection to your origin server
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.sanoid.templates.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| systemd.network.networks.<name>.ipv6Prefixes | A list of ipv6Prefix sections to be added to the unit
|
| services.anuko-time-tracker.nginx.serverName | Name of this virtual host
|
| services.bacula-sd.autochanger.<name>.extraAutochangerConfig | Extra configuration to be passed in Autochanger directive.
|
| services.syncthing.settings.folders.<name>.ignorePatterns | Syncthing can be configured to ignore certain files in a folder using ignore patterns
|
| services.nextjs-ollama-llm-ui.hostname | The hostname under which the Ollama UI interface should be accessible
|
| fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_id | String identifying the Postquantum Preshared Key (PPK) to be used.
|
| networking.nftables.tables.<name>.content | The table content.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name | Name of the filter
|
| services.kubernetes.proxy.hostname | Kubernetes proxy hostname override.
|
| networking.wg-quick.interfaces.<name>.dns | The IP addresses of DNS servers to configure.
|
| services.mautrix-meta.instances.<name>.serviceDependencies | List of Systemd services to require and wait for when starting the application service.
|
| services.microsocks.authUsername | Optional username to use for authentication.
|
| boot.initrd.luks.devices.<name>.fallbackToPassword | Whether to fallback to interactive passphrase prompt if the keyfile
cannot be found
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails | List of emails to allow access to this vhost, or null to allow all.
|
| services.postgresqlWalReceiver.receivers.<name>.compress | Enables gzip compression of write-ahead logs, and specifies the compression level
(0 through 9, 0 being no compression and 9 being best compression)
|
| services.monero.rpc.user | User name for RPC connections.
|
| services.authelia.instances.<name>.settings.telemetry.metrics.address | The address to listen on for metrics
|
| services.r53-ddns.domain | The name of your domain in Route53
|
| networking.jool.nat64.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.bind.enable | Whether to enable BIND domain name server.
|
| systemd.network.networks.<name>.dhcpServerConfig | Each attribute in this set specifies an option in the
[DHCPServer] section of the unit
|
| systemd.network.networks.<name>.pfifoHeadDropConfig | Each attribute in this set specifies an option in the
[PFIFOHeadDrop] section of the unit
|
| networking.wlanInterfaces.<name>.meshID | MeshID of interface with type mesh.
|
| networking.wg-quick.interfaces.<name>.preUp | Commands called at the start of the interface setup.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dscp | Differentiated Services Field Codepoint to set on outgoing IKE packets for
this connection
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.password | |
| containers.<name>.extraFlags | Extra flags passed to the systemd-nspawn command
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress | mailserver name or address
|
| services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers | Additionally enable the recommended set of pairwise ciphers
|
| services.radicle.httpd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.radicle.httpd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| containers.<name>.privateNetwork | Whether to give the container its own private virtual
Ethernet interface
|
| services.icingaweb2.modules.monitoring.transports.<name>.type | Type of this transport
|
| services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| programs.tsmClient.servers.<name>.genPasswd | Whether to enable automatic client password generation
|
| services.pantalaimon-headless.instances.<name>.listenAddress | The address where the daemon will listen to client connections
for this homeserver.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out | Whether to install outbound FWD IPsec policies or not
|
| programs.proxychains.proxies.<name>.port | Proxy port
|
| programs.proxychains.proxies.<name>.type | Proxy type.
|
| services.gitea.dump.file | Filename to be used for the dump
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals | AH proposals to offer for the CHILD_SA
|
| services.bookstack.nginx.serverName | Name of this virtual host
|
| systemd.network.networks.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of the unit
|
| systemd.network.networks.<name>.ipv6AcceptRAConfig | Each attribute in this set specifies an option in the
[IPv6AcceptRA] section of the unit
|
| networking.wireguard.interfaces.<name>.listenPort | 16-bit port for listening
|
| security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| services.strongswan-swanctl.swanctl.authorities.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| containers.<name>.enableTun | Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN capability and
enabling access to /dev/net/tun.
|
| services.icingaweb2.modules.monitoring.transports.<name>.host | Host for the api or remote transport
|
| services.nullmailer.config.me | The fully-qualifiled host name of the computer running nullmailer
|
| networking.wg-quick.interfaces.<name>.postUp | Commands called after the interface setup.
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|