| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| services.weblate.localDomain | The domain name serving your Weblate instance.
|
| services.postgresqlWalReceiver.receivers.<name>.synchronous | Flush the WAL data to disk immediately after it has been received
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| services.sympa.database.user | Database user
|
| virtualisation.oci-containers.containers.<name>.dependsOn | Define which other containers this one depends on
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.port | The port to listen for HTTP(S) requests on.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.mode | File permissions on the UNIX domain socket.
|
| services.echoip.virtualHost | Name of the nginx virtual host to use and setup
|
| services.strongswan-swanctl.swanctl.pools | Section defining named pools
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| services.tor.settings.ServerDNSAllowNonRFC953Hostnames | See torrc manual.
|
| services.misskey.reverseProxy.webserver.nginx.serverName | Name of this virtual host
|
| services.opendkim.keyPath | The path that opendkim should put its generated private keys into
|
| virtualisation.fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| users.mysql.pam.logging.table | The name of the table to which logs are written.
|
| services.postgresql.ensureUsers.*.ensureClauses.login | Grants the user, created by the ensureUser attr, login permissions
|
| virtualisation.allInterfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| services.filesender.database.hostname | Database hostname.
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| services.openafsServer.cellName | Cell name, this server will serve.
|
| services.peertube-runner.instancesToRegister.<name>.registrationTokenFile | Path to a file containing a registration token for the PeerTube instance
|
| services.zoneminder.database.username | Username for accessing the database.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| services.smokeping.owner | Real name of the owner of the instance
|
| services.cachix-watch-store.cacheName | Cachix binary cache name
|
| services.weechat.sessionName | Name of the screen session for weechat.
|
| networking.ipips.<name>.encapsulation.limit | For an IPv6-based tunnel, the maximum number of nested
encapsulation to allow. 0 means no nesting, "none" unlimited.
|
| services.prometheus.scrapeConfigs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.gitlab.databaseName | GitLab database name.
|
| services.varnish.listen.*.group | Group name who owns the socket file.
|
| virtualisation.fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| services.wakapi.database.user | The name of the user to use for Wakapi.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals | ESP proposals to offer for the CHILD_SA
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| services.avahi.publish.domain | Whether to announce the locally used domain name for browsing by other hosts.
|
| services.teeworlds.game.tournamentMode | Whether to enable tournament mode
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.alerta.databaseName | Name of the database instance to connect to
|
| services.rss-bridge.virtualHost | Name of the nginx or caddy virtualhost to use and setup
|
| services.netatalk.extmap | File name extension mappings
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| networking.vswitches.<name>.supportedOpenFlowVersions | Supported versions to enable on this switch.
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| networking.interfaces.<name>.ipv6.routes.*.options | Other route options
|
| networking.interfaces.<name>.ipv4.routes.*.options | Other route options
|
| services.postfix.settings.main.myhostname | The internet hostname of this mail system
|
| users.mysql.pam.updateTable | The name of the table used for password alteration
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.gitlab.registry.host | GitLab container registry host name.
|
| networking.sits.<name>.encapsulation.sourcePort | Source port when using UDP encapsulation
|
| networking.supplicant.<name>.userControlled.socketDir | Directory of sockets for controlling wpa_supplicant.
|
| services.mjolnir.pantalaimon.username | The username to login with.
|
| services.bird-lg.frontend.domain | Server name domain suffixes.
|
| services.dovecot2.imapsieve.mailbox.*.from | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when the message originates from the indicated mailbox
|
| networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| services.misskey.settings.db.db | The database name.
|
| virtualisation.fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| services.dsnet.settings.ExternalHostname | The hostname that clients should use to connect to this server
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| services.smokeping.hostName | DNS name for the urls generated in the cgi.
|
| services.smokeping.user | User that runs smokeping and (optionally) thttpd
|
| networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| services.gnome.at-spi2-core.enable | Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform
|
| services.ddclient.domains | Domain name(s) to synchronize.
|
| services.netbird.enable | Enables backward-compatible NetBird client service
|
| services.hadoop.hdfs.namenode.restartIfChanged | Automatically restart the service on config change
|
| services.suricata.settings.unix-command.filename | Filename for unix-command socket.
|
| services.ncps.cache.storage.s3.bucket | The name of the S3 bucket.
|
| services.dovecot2.imapsieve.mailbox.*.causes | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when one of the listed IMAPSIEVE causes apply
|
| virtualisation.oci-containers.containers.<name>.imageFile | Path to an image file to load before running the image
|
| networking.wg-quick.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| services.paperless.passwordFile | A file containing the superuser password
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.reposilite.settings.hostname | The hostname to bind to
|
| networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name | Name of the filter
|
| services.bookstack.mail.fromName | Mail "from" name.
|
| services.vault.storageBackend | The name of the type of storage backend
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.pgpkeyserver-lite.hostname | Which hostname to set the vHost to that is proxying to sks.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.path | Unix domain socket path to bind this listener to.
|
| networking.wireguard.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| networking.openconnect.interfaces.<name>.autoStart | Whether this VPN connection should be started automatically.
|
| virtualisation.fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| networking.interfaces.<name>.ipv6.addresses.*.address | IPv6 address of the interface
|
| networking.interfaces.<name>.ipv4.addresses.*.address | IPv4 address of the interface
|