| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| services.jigasi.defaultJvbRoomName | Name of the default JVB room that will be joined if no special header is included in SIP invite.
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| services.dovecot2.imapsieve.mailbox.*.causes | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when one of the listed IMAPSIEVE causes apply
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.id | This is the name that will be displayed by NetworkManager and GUIs.
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| services.lasuite-docs.settings.DB_NAME | Name of the database
|
| services.lasuite-meet.settings.DB_NAME | Name of the database
|
| services.gitea.settings.server.DOMAIN | Domain name of your server.
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| services.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| networking.openconnect.interfaces.<name>.protocol | Protocol to use.
|
| users.mysql.pam.logging.msgColumn | The name of the column in the log table to which the description
of the performed operation is stored.
|
| virtualisation.interfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| containers.<name>.nixpkgs | A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.cloudlog.database.user | MySQL user name.
|
| boot.initrd.luks.devices | The encrypted disk that should be opened before the root
filesystem is mounted
|
| services.influxdb2.provision.initialSetup.username | Primary username
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name | Name of the filter
|
| services.usbrelayd.clientName | Name, your client connects as.
|
| services.gammu-smsd.backend.sql.database | Database name to store sms data
|
| services.freshrss.virtualHost | Name of the caddy/nginx virtualhost to use and setup.
|
| services.syncplay.useACMEHost | If set, use NixOS-generated ACME certificate with the specified name for TLS
|
| services.supybot.plugins | Attribute set of additional plugins that will be symlinked to the
plugin subdirectory
|
| virtualisation.allInterfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| services.shairport-sync.group | Group account name under which to run shairport-sync
|
| services.rspamd.overrides | Overridden configuration files, written into /etc/rspamd/override.d/{name}.
|
| virtualisation.fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.heisenbridge.namespaces | Configure the 'namespaces' section of the registration.yml for the bridge and the server
|
| networking.interfaces.<name>.ipv6.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (64).
|
| networking.interfaces.<name>.ipv4.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (24).
|
| services.prometheus.exporters.pihole.piholeHostname | Hostname or address where to find the Pi-Hole webinterface
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_addrs | Local address(es) to use for IKE communication
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.miredo.interfaceName | Name of the network tunneling interface.
|
| boot.binfmt.registrations.<name>.wrapInterpreterInShell | Whether to wrap the interpreter in a shell script
|
| services.hatsu.settings.HATSU_DOMAIN | The domain name of your instance (eg 'hatsu.local').
|
| services.mastodon.user | User under which mastodon runs
|
| services.autossh.sessions.*.user | Name of the user the AutoSSH session should run as
|
| services.resolved.llmnr | Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host
|
| services.mattermost.siteName | Name of this Mattermost site.
|
| xdg.portal.config | Sets which portal backend should be used to provide the implementation
for the requested interface
|
| services.strongswan-swanctl.swanctl.connections.<name>.childless | Use childless IKE_SA initiation (allow, prefer, force or never)
|
| users.mysql.pam.logging.timeColumn | The name of the column in the log table to which the timestamp of the
log entry is stored.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.strongswan-swanctl.swanctl.connections.<name>.reauth_time | Time to schedule IKE reauthentication
|
| services.bacula-sd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.cloudlog.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.airsonic.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.coder.database.database | Name of database.
|
| services.pds.settings.PDS_HOSTNAME | Instance hostname (base domain name)
|
| services.restic.server.privateRepos | Enable private repos
|
| users.mysql.pam.logging.pidColumn | The name of the column in the log table to which the pid of the
process utilising the pam_mysql authentication
service is stored.
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| boot.binfmt.registrations.<name>.matchCredentials | Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit)
|
| virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| services.k3s.charts | Packaged Helm charts that are linked to /var/lib/rancher/k3s/server/static/charts before k3s starts
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| networking.wireguard.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| virtualisation.credentials.<name>.source | Source file on the host containing the credential data.
|
| containers.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| services.youtrack.virtualHost | Name of the nginx virtual host to use and setup
|
| services.radicle.httpd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.athens.storage.mongo.defaultDBName | Name of the mongo database.
|
| services.wiki-js.stateDirectoryName | Name of the directory in /var/lib.
|
| services.bacula-dir.tls.allowedCN | Common name attribute of allowed peer certificates
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| security.wrappers.<name>.capabilities | A comma-separated list of capability clauses to be given to the
wrapper program
|
| services.strongswan-swanctl.swanctl.connections.<name>.proposals | A proposal is a set of algorithms
|
| services.portunus.ldap.searchUserName | The login name of the search user
|
| services.samba.winbindd.enable | Whether to enable Samba's winbindd, which provides a number of services
to the Name Service Switch capability found in most modern C libraries,
to arbitrary applications via PAM and ntlm_auth and to Samba itself.
|
| services.acme-dns.settings.general.domain | Domain name to serve the requests off of.
|
| services.unpoller.unifi.defaults.user | Unifi service user name.
|
| services.gancio.settings.db.database | Name of the PostgreSQL database
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base | Defines the base URI for the Hash and URL feature supported by
IKEv2
|
| services.jibri.xmppEnvironments.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| services.tailscale.derper.domain | Domain name under which the derper server is reachable.
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.sanoid.datasets.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| services.slskd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.movim.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.davis.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.mqtt2influxdb.influxdb.username | Username for InfluxDB login.
|
| services.stargazer.routes.*.route | Route section name
|
| services.caddy.adapter | Name of the config adapter to use
|
| services.prometheus.exporters.py-air-control.deviceHostname | The hostname of the air purification device from which to scrape the metrics.
|