| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.nbd.server.exports.<name>.extraOptions | Extra options for this export
|
| services.headscale.settings.dns.search_domains | Search domains to inject to Tailscale clients.
|
| services.transmission.settings.incomplete-dir | When enabled with
services.transmission.home
services.transmission.settings.incomplete-dir-enabled,
new torrents will download the files to this directory
|
| services.borgbackup.jobs.<name>.paths | Path(s) to back up
|
| services.opentelemetry-collector.settings | Specify the configuration for Opentelemetry Collector in Nix
|
| environment.etc.<name>.user | User name of file owner
|
| services.nginx.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.httpd.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.udp-over-tcp.tcp2udp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.udp2tcp.<name>.recvBufferSize | If given, sets the SO_RCVBUF option on the TCP socket to the given number of bytes
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.udp-over-tcp.tcp2udp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.udp-over-tcp.udp2tcp.<name>.sendBufferSize | If given, sets the SO_SNDBUF option on the TCP socket to the given number of bytes
|
| services.wstunnel.clients.<name>.soMark | Mark network packets with the SO_MARK sockoption with the specified value
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.anubis.instances.<name>.user | The user under which Anubis is run
|
| services.k3s.autoDeployCharts.<name>.version | The version of the Helm chart
|
| services.journald.remote.settings.Remote.ServerCertificateFile | A path to a SSL certificate file in PEM format
|
| services.grafana.provision.dashboards.settings.providers.*.type | Dashboard provider type.
|
| services.wgautomesh.settings.lan_discovery | Enable discovery of peers on the same LAN using UDP broadcast.
|
| services.opkssh.providers.<name>.issuer | Issuer URI
|
| services.kmonad.keyboards.<name>.config | Keyboard configuration.
|
| systemd.user.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.nextcloud.config.dbname | Database name.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers | Ensure that only the given members are part of this group at every server start.
|
| services.transmission.settings.script-torrent-done-enabled | Whether to run
services.transmission.settings.script-torrent-done-filename
at torrent completion.
|
| services.public-inbox.inboxes.<name>.address | The email addresses of the public-inbox.
|
| services.udp-over-tcp.tcp2udp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.udp-over-tcp.udp2tcp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| security.pam.services.<name>.sssdStrictAccess | enforce sssd access control
|
| services.movim.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.slskd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.davis.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.mpd.settings.music_directory | The directory or URI where MPD reads music from
|
| services.drupal.sites.<name>.virtualHost.servedDirs | This option provides a simple way to serve static directories.
|
| services.geth.<name>.websocket.address | Listen address of Go Ethereum WebSocket API.
|
| services.borgbackup.jobs.<name>.postInit | Shell commands to run after borg init.
|
| services.geth.<name>.authrpc.jwtsecret | Path to a JWT secret for authenticated RPC endpoint.
|
| services.wstunnel.clients.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.wstunnel.servers.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.drupal.sites.<name>.virtualHost.logFormat | Log format for Apache's log files
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.borgbackup.repos.<name>.path | Where to store the backups
|
| security.pam.services.<name>.logFailures | Whether to log authentication failures in /var/log/faillog.
|
| services.borgbackup.jobs.<name>.preHook | Shell commands to run before the backup
|
| services.matrix-synapse.settings.enable_metrics | Enable collection and rendering of performance metrics
|
| services.syncthing.settings.options.maxFolderConcurrency | This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning
|
| services.wstunnel.clients.<name>.addNetBind | Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.
|
| services.awstats.configs.<name>.logFormat | The log format being used
|
| services.znapzend.zetup.<name>.presnap | Command to run before snapshots are taken on the source dataset,
e.g. for database locking/flushing
|
| networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| users.extraUsers.<name>.subUidRanges.*.count | Count of subordinate user ids
|
| services.gitlab-runner.services.<name>.limit | Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit.
|
| services.grafana.settings.server.router_logging | Set to true for Grafana to log all HTTP requests (not just errors)
|
| services.parsedmarc.settings.elasticsearch.hosts | A list of Elasticsearch hosts to push parsed reports
to.
|
| services.warpgate.settings.postgres.external_port | The PostgreSQL listener is reachable via this port externally.
|
| services.rspamd.overrides.<name>.source | Path of the source file.
|
| services.sanoid.templates.<name>.hourly | Number of hourly snapshots.
|
| services.sanoid.templates.<name>.yearly | Number of yearly snapshots.
|
| services.matrix-synapse.settings.listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| services.drupal.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.mediagoblin.settings.mediagoblin.plugins | Plugins to enable
|
| services.fedimintd.<name>.package | The fedimint package to use.
|
| services.prometheus.exporters.rtl_433.channels.*.name | Name to match.
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.baseurl | The base URL of the ntfy.sh instance.
|
| services.tarsnap.archives.<name>.maxbwRateUp | Upload bandwidth rate limit in bytes.
|
| services.httpd.virtualHosts.<name>.sslServerChain | Path to server SSL chain file.
|
| systemd.user.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.maubot.settings.crypto_database | Separate database URL for the crypto database
|
| services.rke2.manifests.<name>.source | Path of the source .yaml file.
|
| services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| systemd.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.matrix-appservice-irc.settings.database.connectionString | The database connection string
|
| services.caddy.virtualHosts.<name>.extraConfig | Additional lines of configuration appended to this virtual host in the
automatically generated Caddyfile.
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| virtualisation.podman.defaultNetwork.settings | Settings for podman's default network.
|
| services.taler.merchant.settings.merchant.LEGAL_PRESERVATION | How long to keep data in the database for tax audits after the transaction has completed.
|
| services.github-runners.<name>.url | Repository to add the runner to
|
| services.nginx.proxyCachePath.<name>.inactive | Cached data that has not been accessed for the time specified by
the inactive parameter is removed from the cache, regardless of
its freshness.
|
| power.ups.ups.<name>.directives | List of configuration directives for this UPS.
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints | List of contact points to import or update.
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.netbird.clients.<name>.autoStart | Start the service with the system
|
| services.openvpn.servers.<name>.config | Configuration of this OpenVPN instance
|
| services.restic.backups.<name>.timerConfig | When to run the backup
|
| services.listmonk.database.settings."app.notify_emails" | Administrator emails for system notifications
|
| power.ups.users.<name>.instcmds | Let the user initiate specific instant commands
|
| services.firewalld.zones.<name>.version | Version of the zone.
|
| services.matomo.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.monica.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.gancio.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.fluidd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.akkoma.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.buildkite-agents.<name>.dataDir | The workdir for the agent
|
| services.postgresql.systemCallFilter.<name>.enable | Whether to enable ‹name› in postgresql's syscall filter.
|
| services.snipe-it.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|