| services.pretix.nginx.domain | The domain name under which to set up the virtual host.
|
| services.saunafs.masterHost | IP or hostname name of master host.
|
| services.discourse.database.username | Discourse database user.
|
| hardware.nvidia-container-toolkit.device-name-strategy | Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
|
| services.dolibarr.domain | Domain name of your server.
|
| services.nixops-dns.enable | Whether to enable the nixops-dns resolution
of NixOps virtual machines via dnsmasq and fake domain name.
|
| services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| programs.schroot.profiles.<name>.nssdatabases | System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| services.jigasi.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| i18n.inputMethod.fcitx5.plasma6Support | Use qt6 versions of fcitx5 packages
|
| services.flexget.systemScheduler | When true, execute the runs via the flexget-runner.timer
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals | ESP proposals to offer for the CHILD_SA
|
| services.multipath.overrides | This section defines values for attributes that should override the
device-specific settings for all devices.
|
| containers.<name>.networkNamespace | Takes the path to a file representing a kernel network namespace that the container
shall run in
|
| virtualisation.fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| networking.vswitches.<name>.supportedOpenFlowVersions | Supported versions to enable on this switch.
|
| services.moosefs.masterHost | IP or DNS name of the MooseFS master server.
|
| services.wgautomesh.settings.upnp_forward_external_port | Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD.
|
| services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| services.mjpg-streamer.group | mjpg-streamer group name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| services.openafsClient.cellName | Cell name.
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| services.freshrss.pool | Name of the php-fpm pool to use and setup
|
| services.mongodb.replSetName | If this instance is part of a replica set, set its name here
|
| services.veilid.settings.core.protected_store.allow_insecure_fallback | If we can't use system-provided secure storage, should we proceed anyway?
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.postgresql.ensureUsers.*.ensureClauses.login | Grants the user, created by the ensureUser attr, login permissions
|
| services.librespeed.secrets | Attribute set of filesystem paths
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| services.nginx.resolver | Configures name servers used to resolve names of upstream servers into addresses
|
| services.sympa.web.server | The webserver used for the Sympa web interface
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| services.kubernetes.kubelet.hostname | Kubernetes kubelet hostname override.
|
| services.strongswan-swanctl.swanctl.pools | Section defining named pools
|
| networking.interfaces.<name>.ipv6.routes.*.options | Other route options
|
| networking.interfaces.<name>.ipv4.routes.*.options | Other route options
|
| services.varnish.listen.*.user | User name who owns the socket file.
|
| services.prometheus.scrapeConfigs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.jupyter.group | Name of the group used to run the jupyter service
|
| services.rshim.backend | Specify the backend to attach
|
| virtualisation.fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| programs.captive-browser.enable | Whether to enable captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.
|
| services.agorakit.mail.fromName | Mail "from" name.
|
| networking.ipips.<name>.encapsulation.limit | For an IPv6-based tunnel, the maximum number of nested
encapsulation to allow. 0 means no nesting, "none" unlimited.
|
| systemd.network.networks.<name>.hierarchyTokenBucketClassConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucketClass] section of the unit
|
| services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.path | Unix domain socket path to bind this listener to.
|
| services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.borgmatic.configurations.<name>.repositories.*.path | Path to the repository
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| services.prometheus.remoteWrite.*.sigv4 | Configures AWS Signature Version 4 settings.
|
| services.baikal.virtualHost | Name of the nginx virtualhost to use and setup
|
| virtualisation.oci-containers.containers.<name>.imageFile | Path to an image file to load before running the image
|
| virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.dovecot2.imapsieve.mailbox.*.from | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when the message originates from the indicated mailbox
|
| services.powerdns.enable | Whether to enable PowerDNS domain name server.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| services.weblate.localDomain | The domain name serving your Weblate instance.
|
| services.dawarich.user | User under which dawarich runs
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| networking.supplicant.<name>.userControlled.socketDir | Directory of sockets for controlling wpa_supplicant.
|
| services.ceph.global.clusterName | Name of cluster
|
| services.dovecot2.imapsieve.mailbox.*.causes | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when one of the listed IMAPSIEVE causes apply
|
| networking.interfaces.<name>.ipv4.addresses.*.address | IPv4 address of the interface
|
| networking.interfaces.<name>.ipv6.addresses.*.address | IPv6 address of the interface
|
| networking.sits.<name>.encapsulation.sourcePort | Source port when using UDP encapsulation
|
| services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| services.factorio.extraSettingsFile | File, which is dynamically applied to server-settings.json before
startup
|
| services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| services.echoip.virtualHost | Name of the nginx virtual host to use and setup
|
| services.znc.confOptions.userName | The user name used to log in to the ZNC web admin interface.
|
| services.misskey.reverseProxy.webserver.nginx.serverName | Name of this virtual host
|
| services.bitlbee.hostName | Normally, BitlBee gets a hostname using getsockname()
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|
| services.openafsServer.cellName | Cell name, this server will serve.
|
| services.keycloak.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.cachix-watch-store.cacheName | Cachix binary cache name
|
| services.smokeping.owner | Real name of the owner of the instance
|
| services.weechat.sessionName | Name of the screen session for weechat.
|
| services.yggdrasil.configFile | A file which contains JSON or HJSON configuration for yggdrasil
|