| services.agorakit.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.dolibarr.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| services.roundcube.database.username | Username for the postgresql connection
|
| services.wordpress.sites.<name>.virtualHost.locations | Declarative location config
|
| services.nullmailer.config.me | The fully-qualifiled host name of the computer running nullmailer
|
| services.hostapd.radios.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the global segment was generated and may dynamically
append global options the generated configuration file
|
| services.anubis.instances.<name>.policy.settings | Additional policy settings merged into the policy file
|
| services.inadyn.settings.provider.<name>.password | Password for this DDNS provider
|
| systemd.user.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| networking.wg-quick.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| services.nebula.networks.<name>.lighthouses | List of IPs of lighthouse hosts this node should report to and query from
|
| services.invoiceplane.sites.<name>.cron.enable | Enable cron service which periodically runs Invoiceplane tasks
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload | Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation
|
| services.authelia.instances.<name>.settings.log.format | Format the logs are written as.
|
| services.sanoid.datasets.<name>.use_template | Names of the templates to use for this dataset.
|
| services.jibri.xmppEnvironments.<name>.xmppServerHosts | Hostnames of the XMPP servers to connect to.
|
| services.kanidm.provision.systems.oauth2.<name>.present | Whether to ensure that this oauth2 resource server is present or absent.
|
| services.invoiceplane.sites.<name>.database.user | Database user.
|
| virtualisation.fileSystems.<name>.fsType | Type of the file system
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa | Whether to set mark_in on the inbound SA
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| services.nullmailer.remotesFile | Path to the remotes control file
|
| services.opengfw.settings.ruleset.geosite | Path to geosite.dat.
|
| services.mastodon.secretKeyBaseFile | Path to file containing the secret key base
|
| services.limesurvey.nginx.virtualHost.root | The path of the web root directory.
|
| services.netdata.extraNdsudoPackages | Extra packages to add to PATH to make available to ndsudo.
ndsudo has SUID privileges, be careful what packages you list here.
cfg.package must be built with withNdsudo = true
|
| services.etesync-dav.sslCertificate | Path to server SSL certificate
|
| services.haven.environmentFile | Path to a file containing sensitive environment variables
|
| services.gitlab.secrets.otpFile | A file containing the secret used to encrypt secrets for OTP
tokens
|
| services.calibre-server.libraries | Make sure each library path is initialized before service startup
|
| services.gitlab.initialRootPasswordFile | File containing the initial password of the root account if
this is a new install
|
| services.esphome.allowedDevices | A list of device nodes to which esphome has access to
|
| services.grafana.settings.server.socket | Path where the socket should be created when protocol=socket
|
| services.gitlab.databasePasswordFile | File containing the GitLab database user password
|
| services.wyoming.satellite.sounds.awake | Path to audio file in WAV format to play when wake word is detected.
|
| services.firewalld.services.<name>.sourcePorts.*.protocol | |
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.speed | Percent how fast the fan should run at
|
| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| systemd.network.networks.<name>.quickFairQueueingConfigClass | Each attribute in this set specifies an option in the
[QuickFairQueueingClass] section of the unit
|
| services.strongswan-swanctl.swanctl.pools.<name>.p_cscf | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.server | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.subnet | Address or CIDR subnets
StrongSwan default: []
|
| services.autorandr.profiles.<name>.hooks.preswitch | Preswitch hook executed before mode switch.
|
| services.keepalived.vrrpInstances.<name>.extraConfig | Extra lines to be added verbatim to the vrrp_instance section.
|
| services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.jirafeau.nginxConfig.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.radicle.httpd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| networking.wg-quick.interfaces.<name>.autostart | Whether to bring up this interface automatically during boot.
|
| services.ghostunnel.servers.<name>.extraArguments | Extra arguments to pass to ghostunnel server
|
| services.vdirsyncer.jobs.<name>.additionalGroups | additional groups to add the dynamic user to
|
| services.invoiceplane.sites.<name>.database.host | Database host address.
|
| services.invoiceplane.sites.<name>.database.port | Database host port.
|
| systemd.user.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| networking.wg-quick.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets | Maximum number of packets processed before CHILD_SA gets closed
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| services.nagios.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.moodle.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.borgbackup.jobs.<name>.encryption.mode | Encryption mode to use
|
| services.photoprism.originalsPath | Storage path of your original media files (photos and videos).
|
| services.postgresqlBackup.location | Path of directory where the PostgreSQL database dumps will be placed.
|
| services.prefect.databasePasswordFile | path to a file containing e.g.:
DBPASSWORD=supersecret
stored outside the nix store, read by systemd as EnvironmentFile.
|
| networking.firewall.logReversePathDrops | Logs dropped packets failing the reverse path filter test if
the option networking.firewall.checkReversePath is enabled.
|
| services.warpgate.settings.postgres.key | Path to PostgreSQL listener private key.
|
| virtualisation.rootDevice | The path (inside the VM) to the device containing the root filesystem.
|
| services.kubernetes.kubelet.cni.configDir | Path to Kubernetes CNI configuration directory.
|
| services.simplesamlphp.<name>.settings | Configuration options used by SimpleSAMLphp
|
| services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| networking.supplicant.<name>.configFile.writable | Whether the configuration file at configFile.path should be written to by
wpa_supplicant.
|
| services.znapzend.zetup.<name>.timestampFormat | The timestamp format to use for constructing snapshot names
|
| services.easytier.instances.<name>.configServer | Configure the instance from config server
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_time | Time to schedule CHILD_SA rekeying
|
| systemd.shutdownRamfs.contents.<name>.dlopen.usePriority | Priority of dlopen ELF notes to include. "required" is
minimal, "recommended" includes "required", and
"suggested" includes "recommended"
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.brd | The broadcast address on the interface.
|
| networking.wireguard.interfaces.<name>.preSetup | Commands called at the start of the interface setup.
|
| networking.sits.<name>.encapsulation.port | Destination port when using UDP encapsulation.
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.interfaces.<name>.ipv4.routes.*.type | Type of the route
|
| services.monica.hostname | The hostname to serve monica on.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_QUARTERLY | Limits for timeline cleanup.
|
| services.radicle.httpd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.stash.username | Username for login.
|
| services.multipath.devices.*.dev_loss_tmo | Specify the number of seconds the SCSI layer will wait after a problem has
been detected on a FC remote port before removing it from the system
|
| services.slskd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.movim.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.autorandr.profiles.<name>.hooks.predetect | Predetect hook executed before autorandr attempts to run xrandr.
|
| services.davis.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.dawarich.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process.
If left empty, all job classes will be executed by this process.
|
| services.mosquitto.bridges.<name>.addresses.*.address | Address of the remote MQTT broker.
|
| services.misskey.meilisearch.keyFile | The path to a file containing the Meilisearch API key
|
| services.typesense.settings.server.data-dir | Path to the directory where data will be stored on disk.
|
| services.netbird.server.coturn.passwordFile | The path to a file containing the password of the user used by netbird to connect to the coturn server.
|