| services.postfixadmin.database.username | Username for the postgresql connection
|
| services.fedimintd.<name>.nginx.config.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.cloudflared.tunnels.<name>.originRequest.proxyPort | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name | Name of the filter
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable | See torrc manual.
|
| services.easytier.instances.<name>.environmentFiles | Environment files for this instance
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| virtualisation.allInterfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| services.dovecot2.mailboxes.<name>.autoexpunge | To automatically remove all email from the mailbox which is older than the
specified time.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| systemd.network.networks.<name>.deficitRoundRobinSchedulerConfig | Each attribute in this set specifies an option in the
[DeficitRoundRobinScheduler] section of the unit
|
| services.limesurvey.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.keepalived.vrrpInstances.<name>.noPreempt | VRRP will normally preempt a lower priority machine when a higher
priority machine comes online. "nopreempt" allows the lower priority
machine to maintain the master role, even when a higher priority machine
comes back online
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action | Action to perform after loading the configuration.
- The default of
none loads the connection only, which
then can be manually initiated or used as a responder configuration.
- The value
trap installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
- The value
start initiates the connection actively.
- Since version 5.9.6 two modes above can be combined with
trap|start,
to immediately initiate a connection for which trap policies have been installed
|
| services.code-server.host | The host name or IP address the server should listen to.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.radicle.ci.adapters.native.instances.<name>.settings.base_url | Base URL for build logs (mandatory for access from CI broker page).
|
| services.gitlab-runner.services.<name>.requestConcurrency | Limit number of concurrent requests for new jobs from GitLab.
|
| services.invoiceplane.sites.<name>.quoteTemplates | List of path(s) to respective template(s) which are copied from the 'quote_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| services.shorewall6.configs | This option defines the Shorewall configs
|
| services.avahi.hostName | Host name advertised on the LAN
|
| services.murmur.user | The name of an existing user to use to run the service
|
| services.nscd.config | Configuration to use for Name Service Cache Daemon
|
| services.bcg.automaticRenameNodes | Automatically rename all nodes.
|
| services.angrr.settings.temporary-root-policies.<name>.priority | Priority of this policy
|
| services.woodpecker-agents.agents.<name>.environment | woodpecker-agent config environment variables, for other options read the documentation
|
| services.patroni.namespace | Path within the configuration store where Patroni will keep information about the cluster.
|
| services.namecoind.rpc.password | Password for RPC connections.
|
| virtualisation.fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| hardware.fw-fanctrl.config.strategies.<name>.fanSpeedUpdateFrequency | How often the fan speed should be updated in seconds
|
| services.hddfancontrol.settings.<drive-bay-name>.extraArgs | Extra commandline arguments for hddfancontrol
|
| services.jirafeau.nginxConfig.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.avahi.domainName | Domain name for all advertisements.
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name | See this list
for the available filters.
|
| services.netbird.tunnels.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.netbird.clients.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.paretosecurity.users.<name>.inviteId | A unique ID that links the agent to Pareto Cloud
|
| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediated_by | The name of the connection to mediate this connection through
|
| services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| services.patroni.scope | Cluster name.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.limesurvey.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| virtualisation.fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| services.factorio.username | Your factorio.com login credentials
|
| services.cloudflared.tunnels.<name>.originRequest.originServerName | Hostname that cloudflared should expect from your origin server certificate.
|
| hardware.fw-fanctrl.config.strategies.<name>.movingAverageInterval | Interval (seconds) of the last temperatures to use to calculate the average temperature
|
| services.actual.settings.hostname | The address to listen on
|
| services.armagetronad.servers.<name>.roundSettings | Armagetron Advanced server per-round configuration
|
| virtualisation.fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| virtualisation.oci-containers.containers.<name>.imageFile | Path to an image file to load before running the image
|
| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| services.mail.sendmailSetuidWrapper.program | The name of the wrapper program
|
| services.weblate.smtp.user | SMTP login name.
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| services.rke2.autoDeployCharts.<name>.extraFieldDefinitions | Extra HelmChart field definitions that are merged with the rest of the HelmChart
custom resource
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets | Number of packets processed before initiating CHILD_SA rekeying
|
| services.tailscale.serve.services | Services to configure for Tailscale Serve
|
| boot.binfmt.registrations.<name>.recognitionType | Whether to recognize executables by magic number or extension.
|
| systemd.services.<name>.confinement.packages | Additional packages or strings with context to add to the closure of
the chroot
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeout | Timeout after which an idle keepalive connection can be discarded.
|
| services.authelia.instances.<name>.settings.log.keep_stdout | Whether to also log to stdout when a file_path is defined.
|
| services.simplesamlphp.<name>.configureNginx | Configure nginx as a reverse proxy for SimpleSAMLphp.
|
| services.taskserver.organisations.<name>.users | A list of user names that belong to the organization.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| systemd.network.networks.<name>.genericRandomEarlyDetectionConfig | Each attribute in this set specifies an option in the
[GenericRandomEarlyDetection] section of the unit
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| boot.zfs.forceImportAll | Forcibly import all ZFS pool(s)
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.sanoid.datasets.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.davis.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.davis.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.slskd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.slskd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.tt-rss.email.fromName | Name for sending outgoing mail
|
| services.discourse.hostname | The hostname to serve Discourse on.
|
| services.bookstack.hostname | The hostname to serve BookStack on.
|
| containers.<name>.nixpkgs | A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container
|
| services.anubis.instances.<name>.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress | mailserver name or address
|
| services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| services.snipe-it.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.snipe-it.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.wyoming.faster-whisper.servers.<name>.useTransformers | Whether to provide the dependencies to allow using transformer models.
|
| services.keter.bundle.appName | The name keter assigns to this bundle
|
| services.guix.publish.user | Name of the user to change once the server is up.
|
| services.firezone.server.provision.accounts.<name>.features.idp_sync | Whether to enable the idp_sync feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.rest_api | Whether to enable the rest_api feature for this account.
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| services.cloudflared.tunnels.<name>.credentialsFile | Credential file
|
| services.bcg.automaticRenameKitNodes | Automatically rename kit's nodes.
|
| services.namecoind.generate | Whether to generate (mine) Namecoins.
|
| services.hddfancontrol.settings.<drive-bay-name>.disks | Drive(s) to get temperature from
Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|