| services.echoip.virtualHost | Name of the nginx virtual host to use and setup
|
| hardware.display.outputs.<name>.mode | A video kernel parameter (framebuffer mode) configuration for the specific output:
<xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m][eDd]
See for more information:
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| services.strongswan-swanctl.swanctl.pools.<name>.split_include | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.split_exclude | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out | Whether to install outbound FWD IPsec policies or not
|
| services.openafsClient.cellName | Cell name.
|
| services.gancio.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.akkoma.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fluidd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.matomo.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.monica.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| systemd.shutdownRamfs.contents.<name>.text | Text of the file.
|
| services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| services.bird-lg.frontend.domain | Server name domain suffixes.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serverport | imap port number (at the moment only tls connection is supported)
|
| services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris | List of OCSP URIs
|
| services.netbird.enable | Enables backward-compatible NetBird client service
|
| services.postgresqlWalReceiver.receivers.<name>.statusInterval | Specifies the number of seconds between status packets sent back to the server
|
| services.tlsrpt.collectd.settings.socketname | Path at which the UNIX socket will be created.
|
| services.powerdns.enable | Whether to enable PowerDNS domain name server.
|
| systemd.user.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.sockets.<name>.requisite | Similar to requires
|
| systemd.user.targets.<name>.requisite | Similar to requires
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding | Disables chunked transfer encoding
|
| services.prometheus.exporters.wireguard.wireguardConfig | Path to the Wireguard Config to
add the peer's name to the stats of a peer
|
| services.dovecot2.group | Dovecot group name.
|
| networking.interfaces.<name>.useDHCP | Whether this interface should be configured with DHCP
|
| services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|
| networking.jool.nat64.<name>.global.pool6 | The prefix used for embedding IPv4 into IPv6 addresses
|
| services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| systemd.sockets.<name>.requisite | Similar to requires
|
| systemd.targets.<name>.requisite | Similar to requires
|
| systemd.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.mautrix-meta.instances.<name>.registrationServiceUnit | The registration service that generates the registration file
|
| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| services.weblate.localDomain | The domain name serving your Weblate instance.
|
| programs.tsmClient.servers.<name>.tcpport | TCP port of the IBM TSM server
|
| systemd.network.networks.<name>.enable | Whether to manage network configuration using systemd-network
|
| systemd.network.networks.<name>.tunnel | A list of tunnel interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.bridge | A list of bridge interfaces to be added to the network section of the
unit
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.prometheus.exporters.dmarc.imap.username | Login username for the IMAP connection.
|
| systemd.network.networks.<name>.domains | A list of domains to pass to the network config.
|
| services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.k3s.charts | Packaged Helm charts that are linked to /var/lib/rancher/k3s/server/static/charts before k3s starts
|
| systemd.network.networks.<name>.bridgeMDBs | A list of BridgeMDB sections to be added to the unit
|
| systemd.network.networks.<name>.bridgeFDBs | A list of BridgeFDB sections to be added to the unit
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| services.prometheus.exporters.pgbouncer.connectionEnvFile | File that must contain the environment variable
PGBOUNCER_EXPORTER_CONNECTION_STRING which is set to the connection
string used by pgbouncer
|
| systemd.user.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| security.apparmor.policies.<name>.path | A path of a profile file to include
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.limesurvey.nginx.virtualHost.serverName | Name of this virtual host
|
| services.pantalaimon-headless.instances.<name>.homeserver | The URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
|
| networking.wg-quick.interfaces.<name>.listenPort | 16-bit port for listening
|
| services.openafsServer.cellName | Cell name, this server will serve.
|
| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| services.varnish.listen.*.group | Group name who owns the socket file.
|
| networking.bonds.<name>.miimon | DEPRECATED, use driverOptions
|
| users.users.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.rss-bridge.virtualHost | Name of the nginx or caddy virtualhost to use and setup
|
| services.netatalk.extmap | File name extension mappings
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| services.authelia.instances.<name>.environmentVariables | Additional environment variables to provide to authelia
|
| services.icingaweb2.modules.monitoring.transports.<name>.instance | Assign a icinga instance to this transport
|
| services.kapacitor.defaultDatabase.username | The username to connect to the remote InfluxDB server
|
| services.bookstack.mail.fromName | Mail "from" name.
|
| services.postgresqlWalReceiver.receivers.<name>.environment | Environment variables passed to the service
|
| systemd.network.networks.<name>.bridgeVLANs | A list of BridgeVLAN sections to be added to the unit
|
| systemd.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.athens.storage.s3.bucket | Bucket name for the S3 storage backend.
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveConnections | Maximum number of idle keepalive connections between Tunnel and your origin
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.cachix-watch-store.cacheName | Cachix binary cache name
|
| services.smokeping.owner | Real name of the owner of the instance
|
| services.weechat.sessionName | Name of the screen session for weechat.
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| security.apparmor.policies.<name>.state | How strictly this policy should be enforced
|
| containers.<name>.extraVeths.<name>.forwardPorts | List of forwarded ports from host to container
|
| systemd.user.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.prometheus.exporters.mqtt.mqttUsername | Username which should be used to authenticate against the MQTT broker.
|
| services.pgpkeyserver-lite.hostname | Which hostname to set the vHost to that is proxying to sks.
|
| security.auditd.plugins.<name>.format | Binary passes the data exactly as the audit event dispatcher gets it from
the audit daemon
|
| services.smokeping.user | User that runs smokeping and (optionally) thttpd
|
| services.shellhub-agent.preferredHostname | Set the device preferred hostname
|
| programs.xfs_quota.projects.<name>.id | Project ID.
|
| services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| services.influxdb2.provision.organizations.<name>.buckets | Buckets to provision in this organization.
|
| programs.uwsm.waylandCompositors.<name>.prettyName | The full name of the desktop entry file.
|
| boot.initrd.luks.devices.<name>.allowDiscards | Whether to allow TRIM requests to the underlying device
|
| services.prometheus.scrapeConfigs.*.label_name_length_limit | Per-scrape limit on length of labels name that will be accepted for a sample
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation | Whether this connection is a mediation connection, that is, whether this
connection is used to mediate other connections using the IKEv2 Mediation
Extension
|
| services.influxdb2.provision.organizations.<name>.present | Whether to ensure that this organization is present or absent.
|
| services.wordpress.webserver | Whether to use apache2 or nginx for virtual host management
|