| users.extraUsers.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| users.extraUsers.<name>.subUidRanges | Subordinate user ids that user is allowed to use
|
| services.listmonk.database.settings."app.notify_emails" | Administrator emails for system notifications
|
| services.mchprs.settings.block_in_hitbox | Allow placing blocks inside of players
(hitbox logic is simplified)
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints | List of contact points to import or update.
|
| services.nginx.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.nghttpx.backends.*.params.dns | Name resolution of a backends host name is done at start up,
or configuration reload
|
| services.kerberos_server.settings.include | Files to include in the Kerberos configuration.
|
| services.kea.ctrl-agent.configFile | Kea Control Agent configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/agent.html
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.matrix-conduit.settings.global.database_path | Path to the conduit database, the directory where conduit will save its data
|
| systemd.user.slices.<name>.aliases | Aliases of that unit.
|
| systemd.user.timers.<name>.aliases | Aliases of that unit.
|
| services.kanidm.provision.systems.oauth2.<name>.displayName | Display name
|
| services.znc.confOptions.networks.<name>.extraConf | Extra config for the network
|
| services.bacula-sd.device.<name>.extraDeviceConfig | Extra configuration to be passed in Device directive.
|
| services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.anubis.instances.<name>.policy | Anubis policy configuration
|
| services.matrix-synapse.settings.public_baseurl | The public-facing base URL for the client API (not including _matrix/...)
|
| services.borgbackup.jobs.<name>.doInit | Run borg init if the
specified repo does not exist
|
| services.transmission.settings.incomplete-dir-enabled | |
| services.hostapd.radios.<name>.wifi5.require | Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.
|
| services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| services.bepasty.servers.<name>.extraConfig | Extra configuration for bepasty server to be appended on the
configuration.
see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
for all options.
|
| systemd.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.anubis.instances.<name>.group | The group under which Anubis is run
|
| services.wordpress.sites.<name>.themes | Path(s) to respective theme(s) which are copied from the 'theme' directory.
These themes need to be packaged before use, see example.
|
| services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| systemd.user.services.<name>.requisite | Similar to requires
|
| services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| services.umurmur.settings.default_channel | The channel in which users will appear in when connecting.
|
| services.hostapd.radios.<name>.networks.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the bss segment was generated and may dynamically
append bss options to the generated configuration file
|
| systemd.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.archisteamfarm.settings | The ASF.json file, all the options are documented here
|
| services.geoipupdate.settings.DatabaseDirectory | The directory to store the database files in
|
| services.borgbackup.jobs.<name>.prune.keep | Prune a repository by deleting all archives not matching any of the
specified retention options
|
| services.home-assistant.config.homeassistant.name | Name of the location where Home Assistant is running.
|
| services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nextcloud.settings.mail_smtphost | This depends on mail_smtpmode
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| services.snipe-it.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Web.Endpoint".http.ip | The IP address to listen on
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Web.Endpoint".http.port | The port to run the server
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.mailpit.instances.<name>.max | Maximum number of emails to keep
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| services.omnom.settings.app.results_per_page | Number of results per page.
|
| services.transmission.settings.trash-original-torrent-files | Whether to delete torrents added from the
services.transmission.settings.watch-dir.
|
| hardware.alsa.cardAliases.<name>.id | The ID of the sound card
|
| services.nsd.zones.<name>.dnssecPolicy.coverage | The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
| programs.tsmClient.servers.<name>.servername | Local name of the IBM TSM server,
must not contain space or more than 64 chars.
|
| services.v4l2-relayd.instances.<name>.input.width | The width to read from input-stream.
|
| services.hercules-ci-agent.settings.concurrentTasks | Number of tasks to perform simultaneously
|
| services.tor.settings.UseMicrodescriptors | See torrc manual.
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| systemd.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| systemd.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| services.geoclue2.appConfig.<name>.users | List of UIDs of all users for which this application is allowed location
info access, Defaults to an empty string to allow it for all users.
|
| services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| services.tinc.networks.<name>.listenAddress | The ip address to listen on for incoming connections.
|
| services.tinc.networks.<name>.chroot | Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security
|
| services.fedimintd.<name>.nginx.path_ws | Path to host the API on and forward to the daemon's api port
|
| services.firefox-syncserver.settings.tokenserver.enabled | Whether to enable the token service as well.
|
| services.veilid.settings.client_api.ipc_directory | IPC directory where file sockets are stored.
|
| systemd.user.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.auto-epp.settings.Settings.epp_state_for_AC | energy_performance_preference when on plugged in
See available epp states by running:
cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences
|
| services.geoclue2.appConfig.<name>.isSystem | Whether the application is a system component or not.
|
| services.reposilite.settings.compressionStrategy | Compression algorithm used by this instance of Reposilite.
none reduces usage of CPU & memory, but requires transfering more data.
|
| nix.settings.trusted-substituters | List of binary cache URLs that non-root users can use (in
addition to those specified using
nix.settings.substituters) by passing
--option binary-caches to Nix commands.
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| security.acme.certs.<name>.validMinDays | Minimum remaining validity before renewal in days.
|
| services.fedimintd.<name>.nginx.config.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.vdirsyncer.jobs.<name>.config.pairs | vdirsyncer pair configurations
|
| services.monica.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.matomo.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.gancio.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fedimintd.<name>.nginx.config.acmeRoot | Directory for the ACME challenge, which is public
|
| services.firewalld.services.<name>.ports.*.port | |
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.grafana.provision.alerting.templates.settings.templates | List of templates to import or update.
|