| services.livekit.ingress.settings.rtc_config.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| services.firewalld.zones.<name>.sources.*.address | An IP address or a network IP address with a mask for IPv4 or IPv6
|
| services.authelia.instances.<name>.secrets.jwtSecretFile | Path to your JWT secret used during identity verificaton.
|
| services.wordpress.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.wordpress.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.wordpress.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.matrix-synapse.workers.<name>.worker_app | Type of this worker
|
| services.k3s.nodeName | Node name.
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| programs.neovim.runtime.<name>.enable | Whether this runtime directory should be generated
|
| services.nextcloud.settings.skeletondirectory | The directory where the skeleton files are located
|
| services.warpgate.settings.ssh.keepalive_interval | If nothing is received from the client for this amount of time, server will send a keepalive message.
|
| services.roundcube.database.username | Username for the postgresql connection
|
| systemd.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| systemd.nspawn.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of this unit
|
| systemd.user.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.cloudflared.tunnels.<name>.ingress | Ingress rules
|
| services.cloudflared.tunnels.<name>.default | Catch-all service if no ingress matches
|
| services.mosquitto.bridges.<name>.addresses.*.port | Port of the remote MQTT broker.
|
| services.fedimintd.<name>.api_iroh.openFirewall | Opens UDP port in firewall for fedimintd's API Iroh endpoint
|
| services.wordpress.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.wordpress.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.simplesamlphp.<name>.libDir | Path to the SimpleSAMLphp library directory.
|
| services.tarsnap.archives.<name>.verylowmem | Reduce memory consumption by a factor of 2 beyond what
lowmem does, at the cost of significantly
slowing down the archiving process.
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.hadoop.hdfs.namenode.enable | Whether to enable HDFS NameNode.
|
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.radicle.ci.adapters.native.instances.<name>.package | The radicle-native-ci package to use.
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| services.grafana.provision.datasources.settings.datasources.*.secureJsonData | Datasource specific secure configuration
|
| services.rke2.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| services.rke2.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id | If this attribute is given with non-zero length, it will set the password identifier
for this entry
|
| services.nvme-rs.settings.check_interval_secs | Check interval in seconds
|
| services.netbird.tunnels.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.netbird.clients.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.plausible.database.postgres.dbname | Name of the database to use.
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.present | Whether to ensure that this bucket is present or absent.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile | Sets the password for WPA-PSK
|
| services.strongswan-swanctl.swanctl.connections.<name>.children | CHILD_SA configuration sub-section
|
| services.wordpress.sites.<name>.virtualHost.locations | Declarative location config
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| virtualisation.xen.store.settings.xenstored.accessLog.file | Path to the Xen Store access log file.
|
| services.borgbackup.jobs.<name>.encryption.mode | Encryption mode to use
|
| services.moodle.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nagios.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| systemd.user.slices.<name>.requisite | Similar to requires
|
| systemd.user.timers.<name>.requisite | Similar to requires
|
| services.firewalld.zones.<name>.forwardPorts.*.protocol | |
| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| services.public-inbox.inboxes.<name>.description | User-visible description for the repository.
|
| security.agnos.settings.accounts.*.certificates.*.domains | Domains the certificate represents
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies | Whether to install IPsec policies or not
|
| services.xserver.xkb.extraLayouts.<name>.description | A short description of the layout.
|
| networking.supplicant.<name>.bridge | Name of the bridge interface that wpa_supplicant should listen at.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.nice | Niceness.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.nice | Niceness.
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|
| services.honk.host | The host name or IP address the server should listen to.
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.listmonk.database.settings."privacy.domain_blocklist" | E-mail addresses with these domains are disallowed from subscribing.
|
| services.networkd-dispatcher.rules.<name>.onState | List of names of the systemd-networkd operational states which
should trigger the script
|
| security.auditd.settings.space_left | If the free space in the filesystem containing log_file drops below this value, the audit daemon takes the action specified by
space_left_action
|
| services.jitsi-videobridge.xmppConfigs.<name>.userName | User part of the JID.
|
| systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.mailman.ldap.attrMap.username | LDAP-attribute that corresponds to the username-attribute in mailman.
|
| boot.initrd.luks.devices.<name>.yubikey.storage.path | Absolute path of the salt on the unencrypted device with
that device's root directory as "/".
|
| services.anubis.instances.<name>.policy.useDefaultBotRules | Whether to include Anubis's default bot detection rules via the
(data)/meta/default-config.yaml import
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecn | Whether to copy the ECN (Explicit Congestion Notification) header field
to/from the outer IP header in tunnel mode
|
| services.grafana.settings.database.conn_max_lifetime | Sets the maximum amount of time a connection may be reused
|
| services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.mediawiki.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.mediawiki.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.ghostunnel.servers.<name>.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| services.postfix.hostname | Hostname to use
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.prio | CPU scheduler priority.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.prio | CPU scheduler priority.
|
| services.firewalld.services.<name>.sourcePorts.*.protocol | |
| services.firewalld.zones.<name>.description | Description for the zone.
|
| services.nextcloud.settings.mail_sendmailmode | For smtp, the sendmail binary is started with the parameter -bs: Use the SMTP protocol on standard input and output
|
| services.grafana.settings.users.auto_assign_org_id | Set this value to automatically add new users to the provided org
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.movim.secretFile | The secret file to be sourced for the .env settings.
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.autorandr.profiles.<name>.hooks.preswitch | Preswitch hook executed before mode switch.
|
| services.strongswan-swanctl.swanctl.pools.<name>.subnet | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.server | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.p_cscf | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.topic | Note: when using ntfy.sh and other public instances
it is recommended to set this option to an empty string and set the actual topic via
services.prometheus.alertmanager-ntfy.extraConfigFiles since
the topic in ntfy.sh is essentially a password
|