| services.cloudflared.tunnels.<name>.originRequest.proxyType | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.cloudflared.tunnels.<name>.edgeIPVersion | Specifies the IP address version (IPv4 or IPv6) used to establish a connection between cloudflared and the Cloudflare global network
|
| services.namecoind.rpc.password | Password for RPC connections.
|
| services.keycloak.themes | Additional theme packages for Keycloak
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| networking.wireguard.interfaces.<name>.peers | Peers linked to the interface.
|
| systemd.network.networks.<name>.networkEmulatorConfig | Each attribute in this set specifies an option in the
[NetworkEmulator] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out | Whether to install outbound FWD IPsec policies or not
|
| services.limesurvey.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.limesurvey.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.speed | Percent how fast the fan should run at
|
| services.sanoid.templates.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.cloudflared.tunnels.<name>.originRequest.proxyAddress | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.matrix-tuwunel.settings.global.server_name | The server_name is the name of this server
|
| services.matrix-conduit.settings.global.server_name | The server_name is the name of this server
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.archisteamfarm.bots.<name>.passwordFile | Path to a file containing the password
|
| services.strongswan-swanctl.swanctl.authorities.<name>.slot | Optional slot number of the token that stores the certificate.
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| services.gitlab-runner.services.<name>.environmentVariables | Custom environment variables injected to build environment
|
| services.pretix.settings.pretix.instance_name | The name of this installation.
|
| services.zabbixWeb.nginx.virtualHost.serverName | Name of this virtual host
|
| systemd.shutdownRamfs.contents.<name>.dlopen.usePriority | Priority of dlopen ELF notes to include. "required" is
minimal, "recommended" includes "required", and
"suggested" includes "recommended"
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| networking.wg-quick.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers | Additionally enable the recommended set of pairwise ciphers
|
| security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| virtualisation.fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| services.pantalaimon-headless.instances.<name>.listenPort | The port where the daemon will listen to client connections for
this homeserver
|
| fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| networking.interfaces.<name>.ipv6.addresses | List of IPv6 addresses that will be statically assigned to the interface.
|
| networking.interfaces.<name>.ipv4.addresses | List of IPv4 addresses that will be statically assigned to the interface.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.authelia.instances.<name>.settings.log.keep_stdout | Whether to also log to stdout when a file_path is defined.
|
| services.hddfancontrol.settings.<drive-bay-name>.pwmPaths | PWM filepath(s) to control fan speed (under /sys), followed by initial and fan-stop PWM values
Can also use command substitution to ensure the correct hwmonX is selected on every boot
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes | List of path prefixes to ignore
|
| services.actual.settings.hostname | The address to listen on
|
| services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.gancio.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.gancio.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.akkoma.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.monica.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.matomo.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.monica.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.matomo.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| systemd.network.networks.<name>.quickFairQueueingConfigClass | Each attribute in this set specifies an option in the
[QuickFairQueueingClass] section of the unit
|
| containers.<name>.forwardPorts.*.containerPort | Target port of container
|
| services.sftpgo.user | User account name under which SFTPGo runs.
|
| networking.wg-quick.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| networking.wg-quick.interfaces.<name>.autostart | Whether to bring up this interface automatically during boot.
|
| services.mautrix-meta.instances.<name>.environmentFile | File containing environment variables to substitute when copying the configuration
out of Nix store to the services.mautrix-meta.dataDir
|
| services.r53-ddns.domain | The name of your domain in Route53
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress | mailserver name or address
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| programs.uwsm.waylandCompositors.<name>.binPath | The wayland-compositor binary path that will be called by UWSM
|
| services.evremap.settings.phys | The physical device name to listen on
|
| networking.interfaces.<name>.wakeOnLan.policy | The Wake-on-LAN policy
to set for the device
|
| networking.supplicant.<name>.configFile.writable | Whether the configuration file at configFile.path should be written to by
wpa_supplicant.
|
| services.bacula-sd.autochanger.<name>.extraAutochangerConfig | Extra configuration to be passed in Autochanger directive.
|
| services.gitlab.databaseUsername | GitLab database user.
|
| services.borgbackup.jobs.<name>.encryption.passphrase | The passphrase the backups are encrypted with
|
| services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| networking.wireguard.interfaces.<name>.preSetup | Commands called at the start of the interface setup.
|
| networking.sits.<name>.encapsulation.port | Destination port when using UDP encapsulation.
|
| programs.tsmClient.defaultServername | If multiple server stanzas are declared with
programs.tsmClient.servers,
this option may be used to name a default
server stanza that IBM TSM uses in the absence of
a user-defined dsm.opt file
|
| services.sanoid.templates.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| virtualisation.oci-containers.containers.<name>.hostname | The hostname of the container.
|
| virtualisation.fileSystems.<name>.fsType | Type of the file system
|
| services.tarsnap.archives.<name>.aggressiveNetworking | Upload data over multiple TCP connections, potentially
increasing tarsnap's bandwidth utilisation at the cost
of slowing down all other network traffic
|
| services.mautrix-meta.instances.<name>.serviceDependencies | List of Systemd services to require and wait for when starting the application service.
|
| services.tt-rss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.radicle.ci.adapters.native.instances.<name>.settings.base_url | Base URL for build logs (mandatory for access from CI broker page).
|
| services.bind.enable | Whether to enable BIND domain name server.
|
| services.namecoind.trustedNodes | List of the only peer IP addresses to connect to
|
| users.extraUsers.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.file | Absolute path to the certificate to load
|
| services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| services.angrr.settings.temporary-root-policies.<name>.filter.arguments | Extra command-line arguments pass to the external filter program.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.interfaces.<name>.ipv4.routes.*.type | Type of the route
|
| services.kerberos_server.settings.realms.<name>.acl | The privileges granted to a user.
|
| services.artalk.group | Artalk group name.
|
| services.zammad.group | Name of the Zammad group.
|
| networking.wg-quick.interfaces.<name>.configFile | wg-quick .conf file, describing the interface
|
| services.shorewall6.configs | This option defines the Shorewall configs
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals | AH proposals to offer for the CHILD_SA
|
| systemd.network.networks.<name>.controlledDelayConfig | Each attribute in this set specifies an option in the
[ControlledDelay] section of the unit
|
| services.pantalaimon-headless.instances.<name>.listenAddress | The address where the daemon will listen to client connections
for this homeserver.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit | See torrc manual.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| services.pgadmin.emailServer.username | SMTP server username for email delivery
|