| services.quicktun.<name>.publicKey | Remote public key in hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.awstats.configs.<name>.domain | The domain name to collect stats for.
|
| fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.autorandr.profiles.<name>.config.<name>.scale.y | Vertical scaling factor/pixels.
|
| services.autorandr.profiles.<name>.config.<name>.scale.x | Horizontal scaling factor/pixels.
|
| programs.tsmClient.servers.<name>.servername | Local name of the IBM TSM server,
must not contain space or more than 64 chars.
|
| containers.<name>.flake | The Flake URI of the NixOS configuration to use for the container
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.netbird.tunnels.<name>.user.group | A system group name for this client instance.
|
| services.netbird.clients.<name>.user.group | A system group name for this client instance.
|
| services.hostapd.radios.<name>.networks.<name>.macDeny | Specifies the MAC addresses to deny if macAcl is set to "deny" or "radius"
|
| services.rauc.slots.<name>.*.device | The device to update.
|
| services.znapzend.zetup.<name>.destinations.<name>.label | Label for this destination
|
| boot.initrd.systemd.groups.<name>.gid | ID of the group in initrd.
|
| services.writefreely.database.name | The name of the database to store data in.
|
| environment.etc.<name>.user | User name of file owner
|
| systemd.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.netbird.tunnels.<name>.dir.baseName | A systemd service name to use (without .service suffix).
|
| services.netbird.clients.<name>.dir.baseName | A systemd service name to use (without .service suffix).
|
| services.nginx.virtualHosts.<name>.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.homebridge.settings.bridge.name | Name of the homebridge
|
| power.ups.ups.<name>.maxStartDelay | This can be set as a global variable above your first UPS
definition and it can also be set in a UPS section
|
| systemd.user.sockets.<name>.wants | Start the specified units when this unit is started.
|
| systemd.user.targets.<name>.wants | Start the specified units when this unit is started.
|
| systemd.user.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| networking.vlans.<name>.id | The vlan identifier
|
| systemd.user.targets.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.user.sockets.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.httpd.virtualHosts.<name>.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.pppd.peers.<name>.enable | Whether to enable this PPP peer.
|
| services.tts.servers.<name>.port | Port to bind the TTS server to.
|
| services.phpfpm.pools.<name>.user | User account under which this pool runs.
|
| services.openafsServer.roles.backup.cellServDB.<name>.*.dnsname | DNS full-qualified domain name of a database server
|
| systemd.user.units.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.paths.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.timers.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.slices.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.etebase-server.settings.database.name | The database name.
|
| networking.sits.<name>.dev | The underlying network device on which the tunnel resides.
|
| services.autorandr.profiles.<name>.config.<name>.enable | Whether to enable the output.
|
| services.autorandr.profiles.<name>.config.<name>.rotate | Output rotate configuration.
|
| systemd.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| services.netbird.clients.<name>.bin.suffix | A system group name for this client instance.
|
| services.netbird.tunnels.<name>.bin.suffix | A system group name for this client instance.
|
| systemd.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.geth.<name>.network | The network to connect to
|
| services.h2o.hosts.<name>.acme.root | Directory for the ACME challenge, which is public
|
| services.bind.zones.<name>.master | Master=false means slave server
|
| services.bind.zones.<name>.slaves | Addresses who may request zone transfers.
|
| services.nsd.zones.<name>.minRetrySecs | Limit retry time for secondary zones.
|
| services.rauc.slots.<name>.*.enable | Whether to enable this RAUC slot.
|
| services.mpd.settings | Configuration for MPD
|
| services.hostapd.radios.<name>.networks.<name>.macAllow | Specifies the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| services.redis.servers.<name>.logfile | Specify the log file name
|
| systemd.user.timers.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.slices.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| services.thanos.query.grpc-client-server-name | Server name to verify the hostname on the returned gRPC certificates
|
| services.nginx.virtualHosts.<name>.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.nginx.virtualHosts.<name>.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.cgit.<name>.extraConfig | These lines go to the end of cgitrc verbatim.
|
| systemd.services.<name>.preStop | Shell commands executed to stop the service.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module | Optional PKCS#11 module name.
|
| services.szurubooru.server.settings.name | Name shown in the website title and on the front page.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.alias | Alias directory for requests
|
| containers.<name>.extraVeths.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| services.borgbackup.jobs.<name>.startAt | When or how often the backup should run
|
| services.nylon.<name>.logging | Enable logging, default is no logging.
|
| services.phpfpm.pools.<name>.phpEnv | Environment variables used for this PHP-FPM pool.
|
| services.i2pd.inTunnels.<name>.type | Tunnel type.
|
| systemd.user.slices.<name>.aliases | Aliases of that unit.
|
| systemd.user.timers.<name>.aliases | Aliases of that unit.
|
| environment.etc.<name>.group | Group name of file owner
|
| services.bitmagnet.settings.postgres.name | Database name to connect to
|
| systemd.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.postfix.settings.master.<name>.command | A program name specifying a Postfix service/daemon process
|
| services.nebula.networks.<name>.tun.device | Name of the tun device
|
| services.matrix-synapse.settings.database.name | The database engine name
|
| services.nsd.keys.<name>.keyFile | Path to the file which contains the actual base64 encoded
key
|
| systemd.user.targets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.sockets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| services.bacula-sd.autochanger.<name>.changerDevice | The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource
|
| services.ax25.axports.<name>.tty | Location of hardware kiss tnc for this interface.
|
| services.tinc.networks.<name>.hostSettings.<name>.settings | Configuration for this host
|
| services.h2o.hosts.<name>.tls.quic | Enables HTTP/3 over QUIC on the UDP port for TLS
|
| systemd.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| security.acme.certs.<name>.keyType | Key type to use for private keys
|
| systemd.services.<name>.wants | Start the specified units when this unit is started.
|
| hardware.alsa.cardAliases.<name>.id | The ID of the sound card
|
| containers.<name>.extraVeths.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.openvpn.servers | Each attribute of this option defines a systemd service that
runs an OpenVPN instance
|