| virtualisation.containers.enable | This option enables the common /etc/containers configuration module.
|
| virtualisation.containers.containersConf.cniPlugins | CNI plugins to install on the system.
|
| services.consul-template.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| virtualisation.containers.containersConf.settings | containers.conf configuration
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df | Whether to copy the DF bit to the outer IPv4 header in tunnel mode
|
| services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| boot.loader.grub.mirroredBoots.*.path | The path to the boot directory where GRUB will be written
|
| users.users.<name>.name | The name of the user account
|
| services.udev.path | Packages added to the PATH environment variable when
executing programs from Udev rules.
coreutils, gnu{sed,grep}, util-linux and config.systemd.package are
automatically included.
|
| services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| services.fedimintd.<name>.nginx.config.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.angrr.settings.temporary-root-policies.<name>.priority | Priority of this policy
|
| virtualisation.fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.invoiceplane.sites.<name>.invoiceTemplates | List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| services.tftpd.path | Where the tftp server files are stored.
|
| services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| systemd.services.<name>.confinement.packages | Additional packages or strings with context to add to the closure of
the chroot
|
| virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| services.archisteamfarm.bots.<name>.passwordFile | Path to a file containing the password
|
| services.radicle.ci.adapters.native.instances.<name>.runtimePackages | Packages added to the adapter's PATH.
|
| services.leaps.path | Subdirectory used for reverse proxy setups
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| users.groups.<name>.name | The name of the group
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes | List of path prefixes to ignore
|
| services.bacula-sd.autochanger.<name>.changerCommand | The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula
|
| services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| boot.loader.grub.mirroredBoots.*.efiBootloaderId | The id of the bootloader to store in efi nvram
|
| services.suricata.settings.default-log-dir | The default logging directory
|
| services.strongswan-swanctl.swanctl.authorities.<name>.file | Absolute path to the certificate to load
|
| services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| services.matrix-synapse.workers.<name>.worker_log_config | The file for log configuration
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes-in-home | Path prefixes to ignore under home directory
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| services.olivetin.path | Packages added to the service's PATH.
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.gitlab.backup.path | GitLab path for backups.
|
| services.public-inbox.path | Additional packages to place in the path of public-inbox-mda,
public-inbox-watch, etc.
|
| services.tlsrpt.collectd.settings.socketname | Path at which the UNIX socket will be created.
|
| services.pipewire.wireplumber.extraScripts | Additional scripts for WirePlumber to be used by configuration files
|
| users.extraUsers.<name>.name | The name of the user account
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding | Pads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality
|
| services.pantalaimon-headless.instances.<name>.homeserver | The URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
|
| services.munin-node.extraPlugins | Additional Munin plugins to activate
|
| security.dhparams.path | Path to the directory in which Diffie-Hellman parameters will be
stored
|
| services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| system.name | The name of the system used in the system.build.toplevel derivation
|
| services.public-inbox.settings.publicinbox.css | The local path name of a CSS file for the PSGI web interface.
|
| virtualisation.containers.policy | Signature verification policy file
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| users.extraGroups.<name>.name | The name of the group
|
| services.strongswan-swanctl.swanctl.connections.<name>.encap | To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
NAT detection payloads
|
| services.mediawiki.path | Extra packages to add to the PATH of phpfpm-pool.
|
| services.gitea.database.path | Path to the sqlite3 database file.
|
| services.peertube-runner.instancesToRegister.<name>.registrationTokenFile | Path to a file containing a registration token for the PeerTube instance
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| systemd.paths | Definition of systemd path units; see systemd.path(5).
|
| services.matrix-synapse.settings.database.args.database | Name of the database when using the psycopg2 backend,
path to the database location when using sqlite3.
|
| services.doh-server.settings.path | HTTP path for resolve application
|
| services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| services.crowdsec-firewall-bouncer.secrets.apiKeyPath | Path to the API key to authenticate with a local CrowdSec API
|
| services.xserver.displayManager.lightdm.greeters.gtk.indicators | List of allowed indicator modules to use for the lightdm gtk
greeter panel
|
| virtualisation.containers.ociSeccompBpfHook.enable | Enable the OCI seccomp BPF hook
|
| virtualisation.containers.storage.settings | storage.conf configuration
|
| services.nylon.<name>.name | The name of this nylon instance.
|
| services.forgejo.database.path | Path to the sqlite3 database file.
|
| services.vikunja.database.path | Path to the sqlite3 database file.
|
| services.gammu-smsd.device.path | Device node or address of the phone
|
| systemd.units.<name>.name | The name of this systemd unit, including its extension
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.tarsnap.keyfile | The keyfile which associates this machine with your tarsnap
account
|
| services.matrix-synapse.settings.log_config | The file that holds the logging configuration.
|
| systemd.user.paths | Definition of systemd per-user path units.
|
| virtualisation.containers.registries.block | List of blocked repositories.
|
| services.kubernetes.path | Packages added to the services' PATH environment variable
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| virtualisation.containers.registries.search | List of repositories to search.
|
| services.discourse.siteSettings | Discourse site settings
|
| security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| boot.kernel.enable | Whether to enable the Linux kernel
|
| services.keycloak.settings.hostname-backchannel-dynamic | Enables dynamic resolving of backchannel URLs,
including hostname, scheme, port and context path
|
| systemd.timers.<name>.name | The name of this systemd unit, including its extension
|
| systemd.slices.<name>.name | The name of this systemd unit, including its extension
|
| services.offlineimap.path | List of derivations to put in Offlineimap's path.
|
| virtualisation.lxd.enable | This option enables lxd, a daemon that manages
containers
|
| services.bind.zones.<name>.name | Name of the zone.
|
| services.multipath.devices.*.user_friendly_names | If set to "yes", using the bindings file /etc/multipath/bindings
to assign a persistent and unique alias to the multipath, in the
form of mpath
|
| services.pppd.peers.<name>.name | Name of the PPP peer.
|
| virtualisation.containers.registries.insecure | List of insecure repositories.
|
| services.protonmail-bridge.path | List of derivations to put in protonmail-bridge's path.
|
| systemd.user.units.<name>.name | The name of this systemd unit, including its extension
|
| services.aria2.settings.conf-path | Configuration file path.
|
| services.thanos.sidecar.tsdb.path | Data directory of TSDB.
|
| services.hedgedoc.settings.path | Path to UNIX domain socket to listen on
If specified, host and port will be ignored.
|
| systemd.targets.<name>.name | The name of this systemd unit, including its extension
|
| systemd.sockets.<name>.name | The name of this systemd unit, including its extension
|