| virtualisation.sharedDirectories.<name>.securityModel | The security model to use for this share:
passthrough: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)mapped-xattr: some of the file attributes like uid, gid, mode bits and link target are stored as file attributesmapped-file: the attributes are stored in the hidden .virtfs_metadata directory
|
| virtualisation.oci-containers.containers.<name>.environmentFiles | Environment files for this container.
|
| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| services.vault-agent.instances | Attribute set of vault-agent instances
|
| services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| services.gammu-smsd.backend.sql.database | Database name to store sms data
|
| services.nextcloud.settings.mail_smtpname | This depends on mail_smtpauth
|
| services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| services.tailscale.authKeyFile | A file containing the auth key
|
| services.nominatim.enable | Whether to enable nominatim
|
| virtualisation.oci-containers.containers.<name>.podman.sdnotify | Determines how podman should notify systemd that the unit is ready
|
| services.portunus.ldap.searchUserName | The login name of the search user
|
| services.openvscode-server.host | The host name or IP address the server should listen to.
|
| services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| virtualisation.oci-containers.containers.<name>.imageStream | Path to a script that streams the desired image on standard output
|
| services.roundcube.enable | Whether to enable roundcube
|
| services.gitlab.registry.serviceName | GitLab container registry service name.
|
| services.webhook.urlPrefix | The URL path prefix to use for served hooks (protocol://yourserver:port/${prefix}/hook-id).
|
| networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds | When the dynamic endpoint refresh that is configured via
dynamicEndpointRefreshSeconds exits (likely due to a failure),
restart that service after this many seconds
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.httpd.customLogFormat | Defines a custom Apache HTTPD access log format string
|
| services.postfix.networksStyle | Name of standard way of trusted network specification to use,
leave blank if you specify it explicitly or if you want to use
default (localhost-only).
|
| services.prometheus.scrapeConfigs.*.label_name_length_limit | Per-scrape limit on length of labels name that will be accepted for a sample
|
| services.prometheus.scrapeConfigs.*.basic_auth.username | HTTP username
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| services.athens.storage.mongo.defaultDBName | Name of the mongo database.
|
| swapDevices.*.encrypted.label | Label of the unlocked encrypted device
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.type | The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.
|
| services.prometheus.exporters.buildkite-agent.tokenPath | The token from your Buildkite "Agents" page
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.samba.winbindd.enable | Whether to enable Samba's winbindd, which provides a number of services
to the Name Service Switch capability found in most modern C libraries,
to arbitrary applications via PAM and ntlm_auth and to Samba itself.
|
| services.slurm.dbdserver.storageUser | Database user name.
|
| services.rustus.storage.s3_region | S3 region name.
|
| services.hickory-dns.settings.zones.*.zone | Zone name, like "example.com", "localhost", or "0.0.127.in-addr.arpa".
|
| services.borgmatic.configurations.<name>.source_directories | List of source directories and files to backup
|
| services.acme-dns.settings.general.domain | Domain name to serve the requests off of.
|
| services.unpoller.unifi.defaults.user | Unifi service user name.
|
| services.gancio.settings.db.database | Name of the PostgreSQL database
|
| services.matrix-hookshot.registrationFile | Appservice registration file
|
| services._3proxy.resolution | Use this option to configure name resolution and DNS caching.
|
| services.lavalink.plugins.*.configName | The name of the plugin to use as the key for the plugin configuration.
|
| services.mobilizon.settings.":mobilizon".":instance".hostname | Your instance's hostname
|
| services.bacula-sd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.samba.usershares.group | Name of the group members of which will be allowed to create usershares
|
| services.caddy.adapter | Name of the config adapter to use
|
| services.thinkfan.fans.*.query | The query string used to match one or more fans: can be
a fullpath to the temperature file (single fan) or a fullpath
to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
|
| services.rosenpass.defaultDevice | Name of the network interface to use for all peers by default.
|
| services.cassandra.clusterName | The name of the cluster
|
| programs.regreet.iconTheme.package | The package that provides the icon theme given in the name option.
|
| services.nextcloud.autoUpdateApps.startAt | When to run the update
|
| services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| virtualisation.oci-containers.containers.<name>.capabilities | Capabilities to configure for the container
|
| services.vikunja.database.database | Database name.
|
| services.bacula-dir.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| virtualisation.oci-containers.containers.<name>.ports | Network ports to publish from the container to the outer host
|
| services.victoriametrics.basicAuthUsername | Basic Auth username used to protect VictoriaMetrics instance by authorization
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| services.btrbk.extraPackages | Extra packages for btrbk, like compression utilities for stream_compress.
Note: This option will get deprecated in future releases
|
| systemd.network.config.routeTables | Defines route table names as an attrset of name to number
|
| services.slskd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.movim.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.davis.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| services.prometheus.exporters.fritz.settings.devices.*.hostname | Hostname under which the target device is reachable.
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| services.cloudflare-ddns.wafLists | List of WAF IP Lists to manage, in the format account-id/list-name.
(Experimental feature as of cloudflare-ddns 1.14.0).
|
| services.libreswan.policies | A set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
|
| services.forgejo.settings.server.DOMAIN | Domain name of your server.
|
| services.snipe-it.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.ntopng.redis.createInstance | Local Redis instance name
|
| services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| services.prometheus.remoteWrite.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.sourcehut.settings.webhooks.private-key | An absolute file path (which should be outside the Nix-store)
to a base64-encoded Ed25519 key for signing webhook payloads
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| image.repart.verityStore.partitionIds.esp | Specify the attribute name of the ESP.
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| services.k3s.charts | Packaged Helm charts that are linked to /var/lib/rancher/k3s/server/static/charts before k3s starts
|
| services.canaille.settings.SERVER_NAME | The domain name on which canaille will be served.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| services.icingaweb2.virtualHost | Name of the nginx virtualhost to use and setup
|
| boot.zfs.extraPools | Name or GUID of extra ZFS pools that you wish to import during boot
|
| services.mainsail.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.pixelfed.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.dolibarr.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fediwall.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.librenms.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.kanboard.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.agorakit.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.firezone.server.provision.accounts.<name>.features.multi_site_resources | Whether to enable the multi_site_resources feature for this account.
|
| services.lldap.environment | Environment variables passed to the service
|