| services.syncthing.settings.folders.<name>.devices | The devices this folder should be shared with
|
| services.namecoind.rpc.key | Key file for securing RPC connections.
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| virtualisation.allInterfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| services.znc.user | The name of an existing user account to use to own the ZNC server
process
|
| services.evremap.settings.phys | The physical device name to listen on
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| services.klipper.firmwares.<name>.enableKlipperFlash | Whether to enable flashings scripts for firmware
|
| services.angrr.settings.temporary-root-policies.<name>.period | Retention period for the GC roots matched by this policy.
|
| services.dovecot2.mailboxes.<name>.autoexpunge | To automatically remove all email from the mailbox which is older than the
specified time.
|
| services.system76-scheduler.assignments.<name>.nice | Niceness.
|
| services.firefox-syncserver.singleNode.hostname | Host name to use for this service.
|
| systemd.network.networks.<name>.trivialLinkEqualizerConfig | Each attribute in this set specifies an option in the
[TrivialLinkEqualizer] section of the unit
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| hardware.nvidia-container-toolkit.device-name-strategy | Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
|
| services.netbird.useRoutingFeatures | Enables settings required for NetBird's routing features: Network Resources, Network Routes & Exit Nodes
|
| services.routinator.settings.log-file | A string value containing the path to a file to which log messages will be appended if the log configuration value is set to file
|
| services.openvscode-server.extraPackages | Additional packages to add to the openvscode-server PATH.
|
| services.meilisearch.masterKeyFile | Path to file which contains the master key
|
| services.sharkey.settings.mediaDirectory | Path to the folder where Sharkey stores uploaded media such as images and attachments.
|
| services.prometheus.exporters.lnd.lndTlsPath | Path to lnd TLS certificate.
|
| services.limesurvey.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.invidious.database.passwordFile | Path to file containing the database password.
|
| services.discourse.sslCertificate | The path to the server SSL certificate
|
| services.desktopManager.budgie.sessionPath | Additional list of packages to be added to the session search path
|
| services.postsrsd.settings.secrets-file | Path to the file containing the secret keys.
Secrets are passed using LoadCredential= on the systemd unit,
so this options is read-only
|
| services.zabbixWeb.httpd.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.keepalived.vrrpInstances.<name>.interface | Interface for inside_network, bound by vrrp.
|
| services.archisteamfarm.bots.<name>.enabled | Whether to enable the bot on startup.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_in | Netfilter mark applied to packets after the inbound IPsec SA processed
them
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name | Name of the filter
|
| networking.wireguard.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer
|
| services.vmalert.instances.<name>.settings."notifier.url" | Prometheus Alertmanager URL
|
| services.jirafeau.nginxConfig.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| services.postfix.masterConfig.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.keepalived.vrrpInstances.<name>.unicastSrcIp | Default IP for binding vrrpd is the primary IP on interface
|
| programs.schroot.profiles.<name>.nssdatabases | System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
|
| services.printing.cups-pdf.instances.<name>.settings.GhostScript | location of GhostScript binary
|
| services.limesurvey.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| virtualisation.fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| services.thanos.store.objstore.config | Object store configuration
|
| services.thanos.query-frontend.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.opensnitch.settings.Rules.Path | Path to the directory where firewall rules can be found and will
get stored by the NixOS module.
|
| services.networking.websockify.sslCert | Path to the SSL certificate.
|
| services.neo4j.directories.data | Path of the data directory
|
| services.mediawiki.httpd.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.plausible.server.secretKeybaseFile | Path to the secret used by the phoenix-framework
|
| services.thanos.query.web.external-prefix | Static prefix for all HTML links and redirect URLs in the UI query web
interface
|
| services.taskserver.pki.manual.server.cert | Fully qualified path to the server certificate.
Setting this option will prevent automatic CA creation and handling.
|
| services.taskserver.pki.manual.server.crl | Fully qualified path to the server certificate revocation list.
Setting this option will prevent automatic CA creation and handling.
|
| services.mastodon.vapidPrivateKeyFile | Path to file containing the private key used for Web Push
Voluntary Application Server Identification
|
| services.homer.settings | Settings serialized into config.yml before build
|
| services.beszel.agent.environmentFile | File path containing environment variables for configuring the beszel-agent service in the format of an EnvironmentFile
|
| services.karakeep.environmentFile | An optional path to an environment file that will be used in the web and workers
services
|
| security.pam.yubico.challengeResponsePath | If not null, set the path used by yubico pam module where the challenge expected response is stored
|
| services.kanidm.provision.adminPasswordFile | Path to a file containing the admin password for kanidm
|
| services.tailscale.serve.services.<name>.advertised | Whether the service should accept new connections
|
| services.angrr.settings.temporary-root-policies.<name>.filter | External filter program to further filter GC roots matched by this policy.
|
| services.system76-scheduler.assignments.<name>.prio | CPU scheduler priority.
|
| services.zeronsd.servedNetworks.<name>.settings.log_level | Log Level.
|
| services.consul-template.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.slot | Optional slot number to access the token.
|
| services.limesurvey.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.jibri.xmppEnvironments.<name>.control.muc.domain | The domain part of the MUC to connect to for control.
|
| services.evremap.settings.device_name | The name of the device that should be remapped
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id | PPK identity the PPK belongs to
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| services.sftpgo.user | User account name under which SFTPGo runs.
|
| services.r53-ddns.domain | The name of your domain in Route53
|
| programs.zsh.ohMyZsh.theme | Name of the theme to be used by oh-my-zsh.
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| services.system76-scheduler.assignments.<name>.ioPrio | IO scheduler priority.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| networking.vswitches.<name>.supportedOpenFlowVersions | Supported versions to enable on this switch.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.radicle.httpd.nginx.sslCertificate | Path to server SSL certificate.
|
| services.mainsail.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.n8n.environment.N8N_USER_FOLDER | Provide the path where n8n will create the .n8n folder
|
| services.pixelfed.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.chatgpt-retrieval-plugin.bearerTokenPath | Path to the secret bearer token used for the http api authentication.
|
| services.sourcehut.settings."todo.sr.ht::mail".sock | Path for the lmtp daemon's unix socket
|
| services.agorakit.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.librenms.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.dolibarr.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.fediwall.nginx.sslCertificateKey | Path to server SSL certificate key.
|