| services.nginx.virtualHosts.<name>.listen | Listen addresses and ports for this virtual host
|
| services.transmission.settings.incomplete-dir | When enabled with
services.transmission.home
services.transmission.settings.incomplete-dir-enabled,
new torrents will download the files to this directory
|
| services.grafana.provision.alerting.policies.settings.resetPolicies | List of orgIds that should be reset to the default policy.
|
| services.journald.upload.settings.Upload.TrustedCertificateFile | SSL CA certificate
|
| services.opentelemetry-collector.settings | Specify the configuration for Opentelemetry Collector in Nix
|
| services.firewalld.zones.<name>.version | Version of the zone.
|
| services.restic.backups.<name>.progressFps | Controls the frequency of progress reporting.
|
| services.kmonad.keyboards.<name>.device | Path to the keyboard's device file.
|
| services.errbot.instances.<name>.admins | List of identifiers of errbot admins.
|
| services.anubis.instances.<name>.enable | Whether to enable this instance of Anubis.
|
| services.firewalld.zones.<name>.icmpBlocks | ICMP types to block in the zone.
|
| services.dokuwiki.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| systemd.slices.<name>.aliases | Aliases of that unit.
|
| systemd.timers.<name>.aliases | Aliases of that unit.
|
| services.headscale.settings.dns.search_domains | Search domains to inject to Tailscale clients.
|
| systemd.targets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.sockets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.matomo.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.monica.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.gancio.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.fluidd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.akkoma.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.snipe-it.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.tarsnap.archives.<name>.period | Create archive at this interval
|
| services.dokuwiki.sites.<name>.plugins | List of path(s) to respective plugin(s) which are copied into the 'plugin' directory.
These plugins need to be packaged before use, see example.
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| services.orangefs.server.fileSystems.<name>.id | File system ID (must be unique within configuration).
|
| systemd.user.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.wgautomesh.settings.lan_discovery | Enable discovery of peers on the same LAN using UDP broadcast.
|
| services.journald.remote.settings.Remote.ServerCertificateFile | A path to a SSL certificate file in PEM format
|
| services.mpd.settings.music_directory | The directory or URI where MPD reads music from
|
| services.transmission.settings.script-torrent-done-enabled | Whether to run
services.transmission.settings.script-torrent-done-filename
at torrent completion.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers | Ensure that only the given members are part of this group at every server start.
|
| services.grafana.provision.dashboards.settings.providers.*.type | Dashboard provider type.
|
| systemd.services.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.pingvin-share.hostname | The domain name of your instance
|
| services.opkssh.providers.<name>.clientId | OAuth client ID
|
| services.redis.servers.<name>.databases | Set the number of databases.
|
| services.pgbackrest.repos.<name>.sftp-host | SFTP repository host
|
| services.awstats.configs.<name>.hostAliases | List of aliases the site has.
|
| services.bluemap.storage.<name>.storage-type | Type of storage config
|
| services.wordpress.sites.<name>.package | The wordpress package to use.
|
| services.httpd.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| users.users.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| users.users.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| services.quicktun.<name>.localAddress | IP address or hostname of the local end.
|
| services.github-runners.<name>.workDir | Working directory, available as $GITHUB_WORKSPACE during workflow runs
and used as a default for repository checkouts
|
| services.fedimintd.<name>.nginx.config.quic | Whether to enable the QUIC transport protocol
|
| services.postgresql.systemCallFilter.<name>.enable | Whether to enable ‹name› in postgresql's syscall filter.
|
| security.acme.certs.<name>.keyType | Key type to use for private keys
|
| security.pam.services.<name>.kwallet.package | The kwallet-pam package to use.
|
| services.znapzend.zetup.<name>.mbuffer.enable | Whether to use mbuffer.
|
| services.neo4j.ssl.policies.<name>.tlsVersions | Restrict the TLS protocol versions of this policy to those
defined here.
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.wyoming.piper.servers.<name>.speaker | ID of a specific speaker in a multi-speaker model.
|
| services.restic.backups.<name>.extraOptions | Extra extended options to be passed to the restic --option flag.
|
| services.prometheus.exporters.rtl_433.channels.*.name | Name to match.
|
| services.syncthing.settings.options.maxFolderConcurrency | This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning
|
| services.matrix-synapse.settings.enable_metrics | Enable collection and rendering of performance metrics
|
| services.hostapd.radios.<name>.networks | This defines a BSS, colloquially known as a WiFi network
|
| services.httpd.virtualHosts.<name>.extraConfig | These lines go to httpd.conf verbatim
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| virtualisation.cri-o.settings | Configuration for cri-o, see
https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md.
|
| services.grafana.settings.server.router_logging | Set to true for Grafana to log all HTTP requests (not just errors)
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets.*.address | The subnet of this host
|
| services.matrix-synapse.settings.listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| services.drupal.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.jupyterhub.kernels.<name>.language | Language of the environment
|
| services.mediagoblin.settings.mediagoblin.plugins | Plugins to enable
|
| services.parsedmarc.settings.elasticsearch.hosts | A list of Elasticsearch hosts to push parsed reports
to.
|
| services.warpgate.settings.postgres.external_port | The PostgreSQL listener is reachable via this port externally.
|
| services.github-runners.<name>.enable | Whether to enable GitHub Actions runner
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.maubot.settings.crypto_database | Separate database URL for the crypto database
|
| services.vdirsyncer.jobs.<name>.enable | Whether to enable this vdirsyncer job.
|
| services.firezone.server.settingsSecret.SECRET_KEY_BASE | A file containing a unique base64 encoded secret for the
SECRET_KEY_BASE
|
| services.firezone.server.settingsSecret.TOKENS_KEY_BASE | A file containing a unique base64 encoded secret for the
TOKENS_KEY_BASE
|
| services.wyoming.piper.servers.<name>.lengthScale | Phoneme length value.
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.baseurl | The base URL of the ntfy.sh instance.
|
| services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.slskd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.movim.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.slskd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.davis.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.davis.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanata.keyboards.<name>.extraArgs | Extra command line arguments passed to kanata.
|
| systemd.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.logcheck.ignoreCron.<name>.timeArgs | "min hr dom mon dow" crontab time args, to auto-create a cronjob too
|
| services.firewalld.settings.IPv6_rpfilter | Performs reverse path filtering (RPF) on IPv6 packets as per RFC 3704
|
| services.hostapd.radios.<name>.wifi6.require | Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't.
|
| services.snapper.configs.<name>.ALLOW_USERS | List of users allowed to operate with the config. "root" is always
implicitly included
|
| systemd.user.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.sockets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.targets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.taler.merchant.settings.merchant.LEGAL_PRESERVATION | How long to keep data in the database for tax audits after the transaction has completed.
|