| services.multipath.devices.*.marginal_path_double_failed_time | One of the four parameters of supporting path check based on accounting IO error such as intermittent error
|
| networking.interfaces.<name>.ipv6.addresses.*.address | IPv6 address of the interface
|
| networking.interfaces.<name>.ipv4.addresses.*.address | IPv4 address of the interface
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| services.sabnzbd.settings.servers.<name>.ssl_verify | Level of TLS verification
|
| networking.sits.<name>.encapsulation.sourcePort | Source port when using UDP encapsulation
|
| services.pantalaimon-headless.instances.<name>.logLevel | Set the log level of the daemon.
|
| networking.supplicant.<name>.userControlled.socketDir | Directory of sockets for controlling wpa_supplicant.
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| services.jirafeau.nginxConfig.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.prometheus.exporters.sql.configFile | Path to configuration file.
|
| services.unbound.localControlSocketPath | When not set to null this option defines the path
at which the unbound remote control socket should be created at
|
| services.openssh.authorizedKeysCommand | Specifies a program to be used to look up the user's public
keys
|
| services.nextcloud.config.adminpassFile | The full path to a file that contains the admin's password
|
| services.slskd.environmentFile | Path to the environment file sourced on startup
|
| services.sourcehut.settings."pages.sr.ht".gemini-certs | An absolute file path (which should be outside the Nix-store)
to Gemini certificates.
|
| services.bookstack.nginx.sslCertificate | Path to server SSL certificate.
|
| nixpkgs.flake.setFlakeRegistry | Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json) to the
store path of the sources of nixpkgs used to build the NixOS system
|
| services.zfs.autoReplication.identityFilePath | Path to SSH key used to login to host.
|
| services.keepalived.vrrpInstances.<name>.virtualRouterId | Arbitrary unique number 1..255
|
| services.printing.cups-pdf.instances.<name>.installPrinter | Whether to enable a CUPS printer queue for this instance
|
| services.mainsail.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.pixelfed.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.kanboard.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.dolibarr.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.librenms.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.agorakit.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.fediwall.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action | Action to perform after loading the configuration.
- The default of
none loads the connection only, which
then can be manually initiated or used as a responder configuration.
- The value
trap installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
- The value
start initiates the connection actively.
- Since version 5.9.6 two modes above can be combined with
trap|start,
to immediately initiate a connection for which trap policies have been installed
|
| services.filesender.settings.storage_filesystem_path | When using storage type filesystem this is the absolute path to the file system where uploaded files are stored until they expire
|
| services.i2pd.proto.http.hostname | Expected hostname for WebUI.
|
| services.wyoming.faster-whisper.servers.<name>.initialPrompt | Optional text to provide as a prompt for the first window
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.sftpgo.group | Group name under which SFTPGo runs.
|
| services.tt-rss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.pantalaimon-headless.instances.<name>.dataPath | The directory where pantalaimon should store its state such as the database file.
|
| services.limesurvey.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.matrix-synapse.settings.media_store_path | Directory where uploaded images and attachments are stored.
|
| networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| services.hostapd.radios.<name>.wifi4.capabilities | HT (High Throughput) capabilities given as a list of flags
|
| services.cloudflared.tunnels.<name>.warp-routing.enabled | Enable warp routing
|
| services.matomo.hostname | URL of the host, without https prefix
|
| services.monica.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.openvscode-server.extensionsDir | Set the root path for extensions.
|
| services.matomo.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.monero.environmentFile | Path to an EnvironmentFile for the monero service as defined in systemd.exec(5)
|
| services.firezone.headless-client.tokenFile | A file containing the firezone client token
|
| services.gancio.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.fluidd.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.anuko-time-tracker.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.akkoma.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.anubis.instances.<name>.settings.DIFFICULTY | The difficulty required for clients to solve the challenge
|
| services.kanidm.provision.systems.oauth2.<name>.originLanding | When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret | Value of decryption passphrase for ECDSA key.
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceSingleHopMode | See torrc manual.
|
| services.jibri.xmppEnvironments.<name>.call.login.passwordFile | File containing the password for the user.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.printing.cups-pdf.instances.<name>.settings.Anonuser | User for anonymous PDF creation
|
| services.cloudflared.tunnels.<name>.originRequest.tcpKeepAlive | The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
|
| networking.wg-quick.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.easytier.instances.<name>.environmentFiles | Environment files for this instance
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret | Value of decryption passphrase for PKCS#8 key.
|
| virtualisation.interfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| services.prometheus.exporters.ipmi.configFile | Path to configuration file.
|
| services.matrix-continuwuity.admin.enable | Add conduwuit command to PATH for administration
|
| services.prometheus.exporters.json.configFile | Path to configuration file.
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.audiobookshelf.dataDir | Path to Audiobookshelf config and metadata inside of /var/lib.
|
| services.keepalived.enableScriptSecurity | Don't run scripts configured to be run as root if any part of the path is writable by a non-root user.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.gitlab-runner.services.<name>.requestConcurrency | Limit number of concurrent requests for new jobs from GitLab.
|
| systemd.network.networks.<name>.deficitRoundRobinSchedulerConfig | Each attribute in this set specifies an option in the
[DeficitRoundRobinScheduler] section of the unit
|
| services.kanidm.provision.systems.oauth2.<name>.enableLegacyCrypto | Enable legacy crypto on this client
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams | See torrc manual.
|
| networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| services.radicle.ci.adapters.native.instances.<name>.settings | Configuration of radicle-native-ci
|
| services.hddfancontrol.settings.<drive-bay-name>.extraArgs | Extra commandline arguments for hddfancontrol
|
| networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets | Number of packets processed before initiating CHILD_SA rekeying
|
| services.radicle.httpd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.woodpecker-agents.agents.<name>.environment | woodpecker-agent config environment variables, for other options read the documentation
|
| services.limesurvey.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.monero.rpc.user | User name for RPC connections.
|
| services.grav.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.cntlm.domain | Proxy account domain/workgroup name.
|
| services.gancio.user | The user (and PostgreSQL database name) used to run the gancio server
|
| services.gitlab.host | GitLab host name
|
| services.hostapd.radios.<name>.wifi6.operatingChannelWidth | Determines the operating channel width for HE.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|