| services.znapzend.zetup.<name>.recursive | Whether to do recursive snapshots.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.borgbackup.repos.<name>.group | The group borg serve is run as
|
| services.znapzend.zetup.<name>.postsnap | Command to run after snapshots are taken on the source dataset,
e.g. for database unlocking
|
| systemd.user.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| services.headscale.settings.oidc.allowed_domains | Allowed principal domains. if an authenticated user's domain
is not in this list authentication request will be rejected.
|
| documentation.man.mandoc.settings.output.style | Path to the file used for an external style-sheet
|
| services.snipe-it.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.public-inbox.inboxes.<name>.inboxdir | The absolute path to the directory which hosts the public-inbox.
|
| services.klipper.firmwares.<name>.enable | Whether to enable building of firmware for manual flashing
.
|
| services.fedimintd.<name>.ui.openFirewall | Opens TCP port in firewall for built-in UI
|
| services.nextcloud-spreed-signaling.settings.stats.allowed_ips | List of IP addresses that are allowed to access the debug, stats and metrics endpoints
|
| services.postfix.settings.main.mynetworks_style | The method used for generating the default value for mynetworks, if that option is unset.
https://www.postfix.org/postconf.5.html#mynetworks_style
|
| users.ldap.base | The distinguished name of the search base.
|
| services.matrix-conduit.settings.global.trusted_servers | Servers trusted with signing server keys.
|
| services.nextcloud.settings.mail_smtpsecure | This depends on mail_smtpmode
|
| services.nextcloud-spreed-signaling.settings.sessions.blockkeyFile | The path to the file containing the value for sessions.blockkey
|
| services.drupal.sites.<name>.virtualHost.logFormat | Log format for Apache's log files
|
| services.i2pd.ifname6 | IPv6 interface to bind to.
|
| services.i2pd.ifname4 | IPv4 interface to bind to.
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| services.snapserver.settings.tcp.bind_to_address | Address to listen on for snapclient connections.
|
| systemd.targets.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.sockets.<name>.upholds | Keeps the specified running while this unit is running
|
| services.nginx.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.prosody.virtualHosts.<name>.extraConfig | Additional virtual host specific configuration
|
| services.wstunnel.clients.<name>.localToRemote | Listen on local and forwards traffic from remote.
|
| security.pam.services.<name>.kwallet.package | The kwallet-pam package to use.
|
| services.buildkite-agents.<name>.extraConfig | Extra lines to be added verbatim to the configuration file.
|
| services.znapzend.zetup.<name>.mbuffer.enable | Whether to use mbuffer.
|
| services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| virtualisation.xen.store.settings.quota.maxWatch | Maximum number of watches by the Xenstore Watchdog.
|
| services.grafana.settings.users.allow_org_create | Set to false to prohibit users from creating new organizations.
|
| services.orangefs.server.fileSystems.<name>.id | File system ID (must be unique within configuration).
|
| users.users.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| security.agnos.settings.accounts.*.certificates | Certificates for agnos to issue or renew.
|
| virtualisation.xen.store.settings.enableMerge | Whether to enable transaction merge support.
|
| services.mbpfan.settings.general.polling_interval | The polling interval.
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.errbot.instances.<name>.extraConfig | String to be appended to the config verbatim
|
| services.wordpress.sites.<name>.mergedConfig | Read only representation of the final configuration.
|
| services.wyoming.piper.servers.<name>.lengthScale | Phoneme length value.
|
| services.filebeat.settings.output.elasticsearch.hosts | The list of Elasticsearch nodes to connect to
|
| services.borgbackup.repos.<name>.quota | Storage quota for the repository
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.wstunnel.clients.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.extraArgs | Extra command line arguments to pass to wstunnel
|
| services.borgbackup.jobs.<name>.postHook | Shell commands to run just before exit
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| services.maubot.settings.server.plugin_base_path | The base path for plugin endpoints
|
| services.neo4j.ssl.policies.<name>.tlsVersions | Restrict the TLS protocol versions of this policy to those
defined here.
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.wordpress.sites.<name>.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.
|
| services.wyoming.piper.servers.<name>.speaker | ID of a specific speaker in a multi-speaker model.
|
| services.matrix-synapse.settings.max_image_pixels | Maximum number of pixels that will be thumbnailed
|
| services.matrix-synapse.settings.media_store_path | Directory where uploaded images and attachments are stored.
|
| services.matrix-synapse.settings.signing_key_path | Path to the signing key to sign messages with.
|
| services.blockbook-frontend.<name>.cssDir | Location of the dir with main.css CSS file
|
| services.nginx.virtualHosts.<name>.locations | Declarative location config
|
| services.firewalld.zones.<name>.sources.*.ipset | An ipset.
|
| services.firewalld.zones.<name>.forwardPorts | Ports to forward in the zone.
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| services.vault-agent.instances.<name>.package | The vault package to use.
|
| services.public-inbox.settings.publicinboxmda.spamcheck | If set to spamc, public-inbox-watch(1) will filter spam
using SpamAssassin.
|
| systemd.nspawn.<name>.filesConfig | Each attribute in this set specifies an option in the
[Files] section of this unit
|
| systemd.user.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.slices.<name>.sliceConfig | Each attribute in this set specifies an option in the
[Slice] section of the unit
|
| services.grafana.settings.database.client_key_path | The path to the client key
|
| services.nebula.networks.<name>.tun.disable | When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
|
| services.nginx.upstreams.<name>.servers | Defines the address and other parameters of the upstream servers
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.pgbackrest.stanzas.<name>.jobs | Backups jobs to schedule for this stanza as described in:
https://pgbackrest.org/user-guide.html#quickstart/schedule-backup
|
| services.fedimintd.<name>.api.openFirewall | Opens port in firewall for fedimintd's api port
|
| virtualisation.xen.store.settings.quota.enable | Whether to enable the quota system.
|
| services.hostapd.radios.<name>.networks.<name>.ignoreBroadcastSsid | Send empty SSID in beacons and ignore probe request frames that do not
specify full SSID, i.e., require stations to know SSID
|
| systemd.user.sockets.<name>.aliases | Aliases of that unit.
|
| systemd.user.targets.<name>.aliases | Aliases of that unit.
|
| services.snapserver.settings.http.bind_to_address | Address to listen on for snapclient connections.
|
| services.grafana.settings.server.static_root_path | Root path for static assets.
|
| services.tarsnap.archives.<name>.keyfile | Set a specific keyfile for this archive
|
| services.rshim.device | Specify the device name to attach
|
| services.firewalld.services.<name>.version | Version of the service.
|
| services.firewalld.services.<name>.helpers | Helpers for the service.
|
| services.tor.settings.VersioningAuthoritativeDirectory | See torrc manual.
|
| services.firezone.server.settingsSecret.SECRET_KEY_BASE | A file containing a unique base64 encoded secret for the
SECRET_KEY_BASE
|
| services.firezone.server.settingsSecret.TOKENS_KEY_BASE | A file containing a unique base64 encoded secret for the
TOKENS_KEY_BASE
|
| services.klipper.firmwares.<name>.serial | Path to serial port this printer is connected to
|
| systemd.user.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.parsedmarc.settings.general.save_aggregate | Save aggregate report data to Elasticsearch and/or Splunk.
|
| services.wordpress.sites.<name>.uploadsDir | This directory is used for uploads of pictures
|
| users.users.<name>.isSystemUser | Indicates if the user is a system user or not
|
| services.atalkd.interfaces.<name>.config | Optional configuration string for this interface.
|
| services.drupal.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|