| programs.tsmClient.servers.<name>.passworddir | Directory that holds the TSM
node's password information.
|
| systemd.network.netdevs.<name>.wireguardConfig | Each attribute in this set specifies an option in the
[WireGuard] section of the unit
|
| services.postfix.settings.main.myhostname | The internet hostname of this mail system
|
| containers.<name>.extraVeths | Extra veth-pairs to be created for the container.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries | SQL queries to run.
|
| services.strongswan-swanctl.swanctl.connections.<name>.encap | To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
NAT detection payloads
|
| systemd.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| boot.binfmt.registrations.<name>.interpreter | The interpreter to invoke to run the program
|
| services.cloudflared.tunnels.<name>.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| networking.wireless.networks.<name>.ssid | You could use this field to override the network's ssid
|
| services.bookstack.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.bookstack.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.grav.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.strongswan-swanctl.swanctl.connections.<name>.local | Section for a local authentication round
|
| services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris | List of CRL distribution points (ldap, http, or file URI)
|
| systemd.network.networks.<name>.heavyHitterFilterConfig | Each attribute in this set specifies an option in the
[HeavyHitterFilter] section of the unit
|
| systemd.network.networks.<name>.tokenBucketFilterConfig | Each attribute in this set specifies an option in the
[TokenBucketFilter] section of the unit
|
| services.tor.client.onionServices.<name>.clientAuthorizations | Clients' authorizations for a v3 onion service,
as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
See torrc manual.
|
| systemd.user.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.selfoss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| virtualisation.kvmgt.vgpus.<name>.uuid | UUID(s) of VGPU device
|
| networking.interfaces.<name>.ipv6.routes | List of extra IPv6 static routes that will be assigned to the interface.
|
| services.samba.nmbd.enable | Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
service requests
|
| services.gammu-smsd.backend.sql.user | User name used for connection to the database
|
| containers.<name>.bindMounts | An extra list of directories that is bound to the container.
|
| networking.supplicant.<name>.configFile.path | External wpa_supplicant.conf configuration file
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| programs.uwsm.waylandCompositors.<name>.extraArgs | Extra command-line arguments pass to to the compsitor.
|
| networking.interfaces.<name>.ipv6.routes.*.via | IPv6 address of the next hop.
|
| networking.interfaces.<name>.ipv4.routes.*.via | IPv4 address of the next hop.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| services.tor.settings.ServerDNSAllowNonRFC953Hostnames | See torrc manual.
|
| services.mail.sendmailSetuidWrapper.program | The name of the wrapper program
|
| networking.vswitches.<name>.openFlowVersion | Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with openFlowRules).
|
| systemd.shutdownRamfs.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| systemd.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| programs.ssh.knownHosts | The set of system-wide known SSH hosts
|
| services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| services.strongswan-swanctl.swanctl.connections.<name>.version | IKE major version to use for connection.
- 1 uses IKEv1 aka ISAKMP,
- 2 uses IKEv2.
- A connection using the default of 0 accepts both IKEv1 and IKEv2 as
responder, and initiates the connection actively with IKEv2
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.temp | Temperature in °C at which the fan speed should be changed
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| systemd.user.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.teeworlds.game.tournamentMode | Whether to enable tournament mode
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serverport | imap port number (at the moment only tls connection is supported)
|
| services.filesender.database.hostname | Database hostname.
|
| services.flannel.iface | Interface to use (IP or name) for inter-host communication
|
| services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris | List of OCSP URIs
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote | Section for a remote authentication round
|
| services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| services.spiped.config | Configuration for a secure pipe daemon
|
| security.wrappers.<name>.permissions | The permissions of the wrapper program
|
| services.zoneminder.database.username | Username for accessing the database.
|
| services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding | Disables chunked transfer encoding
|
| services.dsnet.settings.ExternalHostname | The hostname that clients should use to connect to this server
|
| services.slurm.controlAddr | Name that ControlMachine should be referred to in establishing a
communications path.
|
| services.unbound.enable | Whether to enable Unbound domain name server.
|
| services.dnsdist.enable | Whether to enable dnsdist domain name server.
|
| virtualisation.fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.librenms.group | Name of the LibreNMS group.
|
| systemd.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| networking.vlans | This option allows you to define vlan devices that tag packets
on top of a physical interface
|
| services.davfs2.davUser | When invoked by root the mount.davfs daemon will run as this user
|
| systemd.network.networks.<name>.quickFairQueueingConfig | Each attribute in this set specifies an option in the
[QuickFairQueueing] section of the unit
|
| systemd.shutdownRamfs.contents.<name>.dlopen.usePriority | Priority of dlopen ELF notes to include. "required" is
minimal, "recommended" includes "required", and
"suggested" includes "recommended"
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The base64 public key to the peer.
|
| services.znc.confOptions.userName | The user name used to log in to the ZNC web admin interface.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| services.postgresqlWalReceiver.receivers.<name>.statusInterval | Specifies the number of seconds between status packets sent back to the server
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.speed | Percent how fast the fan should run at
|
| services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| networking.wireless.networks.<name>.auth | Use this option to configure advanced authentication methods
like EAP
|
| services.k3s.autoDeployCharts | Auto deploying Helm charts that are installed by the k3s Helm controller
|
| services.shorewall6.configs | This option defines the Shorewall configs
|
| services.nixops-dns.domain | Fake domain name to resolve to NixOps virtual machines
|
| services.calibre-web.dataDir | Where Calibre-Web stores its data
|
| services.agorakit.mail.fromName | Mail "from" name.
|
| programs.nix-required-mounts.allowedPatterns.<name>.paths | A list of glob patterns, indicating which paths to expose to the sandbox
|
| services.mautrix-meta.instances.<name>.registrationServiceUnit | The registration service that generates the registration file
|
| networking.wireless.networks.<name>.extraConfig | Extra configuration lines appended to the network block
|
| networking.wireguard.interfaces.<name>.ips | The IP addresses of the interface.
|
| services.freshrss.webserver | Whether to use nginx or caddy for virtual host management
|
| services.dokuwiki.webserver | Whether to use nginx or caddy for virtual host management
|
| systemd.user.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| services.ircdHybrid.serverName | IRCD server name.
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| boot.binfmt.registrations.<name>.fixBinary | Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.mjolnir.pantalaimon.username | The username to login with.
|