| services.redis.servers.<name>.slowLogLogSlowerThan | Log queries whose execution take longer than X in milliseconds.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.icecast.hostname | DNS name or IP address that will be used for the stream directory lookups or possibly the playlist generation if a Host header is not provided.
|
| services.veilid.settings.core.network.routing_table.node_id | Base64-encoded public key for the node, used as the node's ID.
|
| services.kerberos_server.settings.realms | The realm(s) to serve keys for.
|
| services.kerberos_server.settings.module | Modules to obtain Kerberos configuration from.
|
| services.gitwatch.<name>.message | Optional text to use in as commit message; all occurrences of %d will be replaced by formatted date/time
|
| services.kea.dhcp-ddns.configFile | Kea DHCP-DDNS configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/ddns.html
|
| services.system76-scheduler.settings.processScheduler.enable | Tweak scheduling of individual processes in real time.
|
| services.nextcloud-spreed-signaling.settings.backend.allowall | Allow any hostname as backend endpoint
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| services.sanoid.datasets.<name>.monthly | Number of monthly snapshots.
|
| services.errbot.instances.<name>.logLevel | Errbot log level
|
| virtualisation.oci-containers.containers.<name>.networks | Networks to attach the container to
|
| services.ax25.axports.<name>.callsign | The callsign of the physical interface to bind to.
|
| services.nvme-rs.settings.thresholds.wear_critical | Wear critical threshold (%)
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| hardware.alsa.cardAliases.<name>.id | The ID of the sound card
|
| services.nginx.virtualHosts.<name>.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.fedimintd.<name>.dataDir | Path to the data dir fedimintd will use to store its data
|
| programs.tsmClient.servers.<name>.servername | Local name of the IBM TSM server,
must not contain space or more than 64 chars.
|
| services.nginx.virtualHosts.<name>.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.drupal.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.wyoming.piper.servers.<name>.noiseWidth | Phoneme width noise value.
|
| services.parsedmarc.settings.elasticsearch.user | Username to use when connecting to Elasticsearch, if
required.
|
| systemd.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.minidlna.settings.root_container | Use a different container as the root of the directory tree presented to clients.
|
| services.firefox-syncserver.database.name | Database to use for storage
|
| security.pam.services.<name>.requireWheel | Whether to permit root access only to members of group wheel.
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| systemd.user.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.quicktun.<name>.protocol | Which protocol to use.
|
| services.buildkite-agents.<name>.tags | Tags for the agent.
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| services.httpd.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.nvme-rs.settings.thresholds.spare_warning | Available spare warning threshold (%)
|
| services.nvme-rs.settings.thresholds.temp_critical | Temperature critical threshold (°C)
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| nix.settings.trusted-substituters | List of binary cache URLs that non-root users can use (in
addition to those specified using
nix.settings.substituters) by passing
--option binary-caches to Nix commands.
|
| security.acme.certs.<name>.validMinDays | Minimum remaining validity before renewal in days.
|
| services.gitlab-runner.services.<name>.tagList | Tag list
|
| services.github-runners.<name>.package | The github-runner package to use.
|
| services.grafana.settings.database.query_retries | This setting applies to sqlite3 only and controls the number of times the system retries a query when the database is locked.
|
| fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.mailpit.instances.<name>.smtp | SMTP bind interface and port.
|
| services.rspamd.workers.<name>.includes | List of files to include in configuration
|
| services.tarsnap.archives.<name>.nodump | Exclude files with the nodump flag.
|
| services.syncoid.commands.<name>.extraArgs | Extra syncoid arguments for this command.
|
| services.wstunnel.servers.<name>.enable | Whether to enable this wstunnel instance.
|
| services.wstunnel.clients.<name>.enable | Whether to enable this wstunnel instance.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.matomo.nginx.locations.<name>.index | Adds index directive.
|
| services.monica.nginx.locations.<name>.index | Adds index directive.
|
| services.matomo.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.gancio.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.fluidd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.akkoma.nginx.locations.<name>.index | Adds index directive.
|
| services.gancio.nginx.locations.<name>.index | Adds index directive.
|
| services.fluidd.nginx.locations.<name>.index | Adds index directive.
|
| systemd.services.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.chhoto-url.settings.redirect_method | The redirect method to use.
|
| services.drupal.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.nylon.<name>.allowedIPRanges | Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges:
[ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
|
| services.netbird.clients.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.netbird.tunnels.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| systemd.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.jupyterhub.kernels.<name>.displayName | Name that will be shown to the user.
|
| networking.vlans.<name>.id | The vlan identifier
|
| services.firezone.server.settingsSecret.TOKENS_SALT | A file containing a unique base64 encoded secret for the
TOKENS_SALT
|
| services.nginx.virtualHosts.<name>.listen.*.port | Port number to listen on
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| security.pam.services.<name>.forwardXAuth | Whether X authentication keys should be passed from the
calling user to the target user (e.g. for
su)
|
| users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| systemd.user.services.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| networking.sits.<name>.dev | The underlying network device on which the tunnel resides.
|
| systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| services.grafana.provision.alerting.policies.settings.resetPolicies | List of orgIds that should be reset to the default policy.
|
| services.kanidm.server.settings.online_backup.versions | Number of backups to keep
|
| services.quicktun.<name>.remoteFloat | Whether to allow the remote address and port to change when properly encrypted packets are received.
|
| users.users.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.suricata.settings.classification-file | Suricata classification configuration file.
|
| services.drupal.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| programs.ssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| services.vault-agent.instances.<name>.group | Group under which this instance runs.
|
| services.grafana.settings.server.enforce_domain | Redirect to correct domain if the host header does not match the domain
|
| services.journald.upload.settings.Upload.TrustedCertificateFile | SSL CA certificate
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.tor.relay.onionServices.<name>.version | See torrc manual.
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.restic.backups.<name>.extraBackupArgs | Extra arguments passed to restic backup.
|
| services.redis.servers.<name>.openFirewall | Whether to open ports in the firewall for the server.
|
| services.spiped.config.<name>.source | Address on which spiped should listen for incoming
connections
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|