| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| systemd.network.networks.<name>.fairQueueingControlledDelayConfig | Each attribute in this set specifies an option in the
[FairQueueingControlledDelay] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| users.mysql.pam.logging.table | The name of the table to which logs are written.
|
| services.grav.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.limesurvey.nginx.virtualHost.serverName | Name of this virtual host
|
| services.kubernetes.kubelet.hostname | Kubernetes kubelet hostname override.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| services.librenms.group | Name of the LibreNMS group.
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| virtualisation.fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.dovecot2.group | Dovecot group name.
|
| security.wrappers.<name>.capabilities | A comma-separated list of capability clauses to be given to the
wrapper program
|
| services.forgejo.dump.file | Filename to be used for the dump
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| services.rss-bridge.pool | Name of phpfpm pool that is used to run web-application
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| boot.binfmt.registrations.<name>.wrapInterpreterInShell | Whether to wrap the interpreter in a shell script
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.id | This is the name that will be displayed by NetworkManager and GUIs.
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.slurm.controlAddr | Name that ControlMachine should be referred to in establishing a
communications path.
|
| services.unbound.enable | Whether to enable Unbound domain name server.
|
| services.dnsdist.enable | Whether to enable dnsdist domain name server.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name | Name of the filter
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| users.mysql.pam.updateTable | The name of the table used for password alteration
|
| services.ircdHybrid.serverName | IRCD server name.
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| services.matrix-hookshot.settings | config.yml configuration as a Nix attribute set
|
| specialisation.<name>.inheritParentConfig | Include the entire system's configuration
|
| services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| services.k3s.autoDeployCharts | Auto deploying Helm charts that are installed by the k3s Helm controller
|
| services.prometheus.scrapeConfigs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.keycloak.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.selfoss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.rshim.index | Specify the index to create device path /dev/rshim<index>
|
| services.prosody.muc.*.domain | Domain name of the MUC
|
| services.mastodon.smtp.user | SMTP login name.
|
| services.dawarich.smtp.user | SMTP login name.
|
| services.wiki-js.settings.db.db | Name of the database to use.
|
| services.nscd.enable | Whether to enable the Name Service Cache Daemon
|
| services.mjpg-streamer.user | mjpg-streamer user name.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.path | Unix domain socket path to bind this listener to.
|
| services.tor.settings.ServerDNSAllowNonRFC953Hostnames | See torrc manual.
|
| boot.binfmt.registrations.<name>.matchCredentials | Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit)
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| services.flannel.iface | Interface to use (IP or name) for inter-host communication
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| containers.<name>.networkNamespace | Takes the path to a file representing a kernel network namespace that the container
shall run in
|
| services.borgmatic.configurations.<name>.repositories.*.path | Path to the repository
|
| services.filesender.database.hostname | Database hostname.
|
| networking.wireguard.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| services.asusd.auraConfigs | The content of /etc/asusd/aura_.ron
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| services.pretix.nginx.domain | The domain name under which to set up the virtual host.
|
| services.zoneminder.database.username | Username for accessing the database.
|
| services.spiped.config | Configuration for a secure pipe daemon
|
| services.resilio.deviceName | Name of the Resilio Sync device.
|
| services.lasuite-meet.domain | Domain name of the meet instance.
|
| services.lasuite-docs.domain | Domain name of the docs instance.
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.strongswan-swanctl.swanctl.connections.<name>.aggressive | Enables Aggressive Mode instead of Main Mode with Identity
Protection
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| services.nixops-dns.domain | Fake domain name to resolve to NixOps virtual machines
|
| services.calibre-web.dataDir | Where Calibre-Web stores its data
|
| services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.jicofo.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.over_time | Hard IKE_SA lifetime if rekey/reauth does not complete, as time
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_port | Remote UDP port for IKE communication
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.saunafs.masterHost | IP or hostname name of master host.
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_required | Whether a Postquantum Preshared Key (PPK) is required for this connection
|
| services.teeworlds.game.tournamentMode | Whether to enable tournament mode
|
| services.nixops-dns.enable | Whether to enable the nixops-dns resolution
of NixOps virtual machines via dnsmasq and fake domain name.
|
| services.dolibarr.domain | Domain name of your server.
|
| services.mjolnir.pantalaimon.username | The username to login with.
|
| services.rke2.autoDeployCharts | Auto deploying Helm charts that are installed by the rke2 Helm controller
|
| services.sympa.web.server | The webserver used for the Sympa web interface
|
| services.jigasi.xmppDomain | Domain name of the XMMP server to which to connect as a component
|