| services.strongswan-swanctl.swanctl.connections.<name>.keyingtries | Number of retransmission sequences to perform during initial
connect
|
| services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| services.samba.nmbd.enable | Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
service requests
|
| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| services.parsedmarc.provision.localMail.recipientName | The DMARC mail recipient name, i.e. the name part of the
email address which receives DMARC reports
|
| networking.wireguard.interfaces.<name>.metric | Set the metric of routes related to this Wireguard interface.
|
| services.nvme-rs.settings.email.smtp_username | SMTP username
|
| virtualisation.oci-containers.containers.<name>.hostname | The hostname of the container.
|
| systemd.network.networks.<name>.stochasticFairBlueConfig | Each attribute in this set specifies an option in the
[StochasticFairBlue] section of the unit
|
| virtualisation.fileSystems.<name>.fsType | Type of the file system
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.interfaces.<name>.ipv4.routes.*.type | Type of the route
|
| services.jigasi.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| services.resilio.deviceName | Name of the Resilio Sync device.
|
| services.lasuite-meet.domain | Domain name of the meet instance.
|
| services.lasuite-docs.domain | Domain name of the docs instance.
|
| services.agorakit.mail.fromName | Mail "from" name.
|
| services.gammu-smsd.backend.sql.user | User name used for connection to the database
|
| services.dependency-track.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.rshim.backend | Specify the backend to attach
|
| services.jupyter.group | Name of the group used to run the jupyter service
|
| services.dovecot2.group | Dovecot group name.
|
| services.znc.confOptions.userName | The user name used to log in to the ZNC web admin interface.
|
| networking.fqdn | The fully qualified domain name (FQDN) of this host
|
| services.wordpress.webserver | Whether to use apache2 or nginx for virtual host management
|
| containers.<name>.nixpkgs | A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container
|
| services.limesurvey.nginx.virtualHost.serverName | Name of this virtual host
|
| services.jupyter.user | Name of the user used to run the jupyter service
|
| services.mongodb.replSetName | If this instance is part of a replica set, set its name here
|
| services.freshrss.pool | Name of the php-fpm pool to use and setup
|
| networking.wireless.networks.<name>.authProtocols | The list of authentication protocols accepted by this network
|
| services.saunafs.masterHost | IP or hostname name of master host.
|
| systemd.network.networks.<name>.hierarchyTokenBucketConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucket] section of the unit
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| virtualisation.oci-containers.containers.<name>.login.username | Username for login.
|
| programs.nix-required-mounts.allowedPatterns.<name>.onFeatures | Which requiredSystemFeatures should trigger relaxation of the sandbox
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| boot.binfmt.registrations.<name>.preserveArgvZero | Whether to pass the original argv[0] to the interpreter
|
| services.ceph.global.clusterName | Name of cluster
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| services.heisenbridge.namespaces | Configure the 'namespaces' section of the registration.yml for the bridge and the server
|
| services.dolibarr.domain | Domain name of your server.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| boot.binfmt.registrations.<name>.magicOrExtension | The magic number or extension to match on.
|
| services.moosefs.masterHost | IP or DNS name of the MooseFS master server.
|
| systemd.user.generators | Definition of systemd generators; see systemd.generator(5)
|
| services.nginx.resolver | Configures name servers used to resolve names of upstream servers into addresses
|
| hardware.nvidia-container-toolkit.device-name-strategy | Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
|
| systemd.network.networks.<name>.trivialLinkEqualizerConfig | Each attribute in this set specifies an option in the
[TrivialLinkEqualizer] section of the unit
|
| networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| services.tlsrpt.reportd.settings.organization_name | Name of the organization sending out the reports.
|
| networking.interfaces.<name>.ipv4.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (24).
|
| networking.interfaces.<name>.ipv6.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (64).
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.bitlbee.hostName | Normally, BitlBee gets a hostname using getsockname()
|
| services.dawarich.user | User under which dawarich runs
|
| services.mjpg-streamer.group | mjpg-streamer group name.
|
| networking.vswitches.<name>.controllers | Specify the controller targets
|
| services.varnish.listen.*.user | User name who owns the socket file.
|
| services.pretalx.nginx.domain | The domain name under which to set up the virtual host.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_addrs | Local address(es) to use for IKE communication
|
| services.firezone.server.provision.accounts.<name>.features.flow_activities | Whether to enable the flow_activities feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.traffic_filters | Whether to enable the traffic_filters feature for this account.
|
| networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| programs.schroot.profiles.<name>.nssdatabases | System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name | Name of the filter
|
| networking.fqdnOrHostName | Either the fully qualified domain name (FQDN), or just the host name if
it does not exist
|
| services.strongswan-swanctl.swanctl.connections.<name>.childless | Use childless IKE_SA initiation (allow, prefer, force or never)
|
| services.sympa.database.user | Database user
|
| services.openafsClient.cellName | Cell name.
|
| networking.bridges | This option allows you to define Ethernet bridge devices
that connect physical networks together
|
| services.influxdb2.provision.initialSetup.username | Primary username
|
| services.baikal.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.headscale.settings.dns.nameservers.global | List of nameservers to pass to Tailscale clients.
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| services.strongswan-swanctl.swanctl.connections.<name>.reauth_time | Time to schedule IKE reauthentication
|
| virtualisation.fileSystems.<name>.label | Label of the device
|
| services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| networking.wireguard.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer
|
| systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| services.opendkim.keyPath | The path that opendkim should put its generated private keys into
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| services.powerdns.enable | Whether to enable PowerDNS domain name server.
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| services.echoip.virtualHost | Name of the nginx virtual host to use and setup
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| services.jibri.xmppEnvironments.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.strongswan-swanctl.swanctl.connections.<name>.proposals | A proposal is a set of algorithms
|
| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| services.weblate.localDomain | The domain name serving your Weblate instance.
|
| services.rke2.autoDeployCharts | Auto deploying Helm charts that are installed by the rke2 Helm controller
|
| boot.loader.systemd-boot.windows.<name>.efiDeviceHandle | The device handle of the EFI System Partition (ESP) where the Windows bootloader is
located
|