| networking.networkmanager.ensureProfiles.profiles.<name>.connection.id | This is the name that will be displayed by NetworkManager and GUIs.
|
| systemd.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.services.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| power.ups.upsmon.monitor.<name>.system | Identifier of the UPS to monitor, in this form: <upsname>[@<hostname>[:<port>]]
See upsmon.conf for details.
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.roundcube.database.username | Username for the postgresql connection
|
| environment.etc.<name>.group | Group name of file owner
|
| services.k3s.autoDeployCharts.<name>.package | The packaged Helm chart
|
| services.mailman.ldap.attrMap.username | LDAP-attribute that corresponds to the username-attribute in mailman.
|
| programs.uwsm.waylandCompositors.<name>.extraArgs | Extra command-line arguments pass to to the compsitor.
|
| services.drupal.sites.<name>.filesDir | The location of the Drupal files directory.
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| systemd.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.fedimintd.<name>.nginx.config.locations.<name>.root | Root directory for requests.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.i2pd.inTunnels.<name>.inPort | Service port
|
| services.stash.settings.stash_boxes.*.name | The name of the Stash Box
|
| power.ups.ups.<name>.shutdownOrder | When you have multiple UPSes on your system, you usually need to
turn them off in a certain order. upsdrvctl shuts down all the
0s, then the 1s, 2s, and so on
|
| services.autosuspend.checks.<name>.class | Name of the class implementing the check
|
| services.bacula-sd.autochanger.<name>.changerDevice | The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource
|
| systemd.sockets.<name>.aliases | Aliases of that unit.
|
| systemd.targets.<name>.aliases | Aliases of that unit.
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.rsync.jobs.<name>.timerConfig | When to run the job.
|
| services.ndppd.proxies.<name>.ttl | Controls how long a valid or invalid entry remains in the cache, in
milliseconds.
|
| services.drupal.sites.<name>.stateDir | The location of the Drupal site state directory.
|
| boot.initrd.luks.devices.<name>.gpgCard.publicKey | Path to the Public Key.
|
| networking.ipips.<name>.dev | The underlying network device on which the tunnel resides.
|
| services.ax25.axports.<name>.baud | The serial port speed of this interface.
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.librespeed.frontend.servers.*.name | Name shown in the server list.
|
| systemd.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| services.weblate.smtp.user | SMTP login name.
|
| services.httpd.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.nginx.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| security.pam.services.<name>.text | Contents of the PAM service file.
|
| containers.<name>.bindMounts.<name>.hostPath | Location of the host path to be mounted.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.bind.zones.<name>.masters | List of servers for inclusion in stub and secondary zones.
|
| services.bluemap.maps.<name>.world | Path to world folder containing the dimension to render
|
| services.redis.servers.<name>.bind | The IP interface to bind to.
null means "all interfaces".
|
| services.geth.<name>.syncmode | Blockchain sync mode.
|
| services.geth.<name>.maxpeers | Maximum peers to connect to.
|
| services.znapzend.zetup.<name>.destinations.<name>.dataset | Dataset name to send snapshots to.
|
| services.guix.publish.user | Name of the user to change once the server is up.
|
| networking.ipips.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| services.h2o.hosts.<name>.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.index | Adds index directive.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.alias | Alias directory for requests.
|
| fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| systemd.timers.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.slices.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.nspawn.<name>.execConfig | Each attribute in this set specifies an option in the
[Exec] section of this unit
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| security.pam.services.<name>.zfs | Enable unlocking and mounting of encrypted ZFS home dataset at login.
|
| services.udp-over-tcp.tcp2udp.<name>.bind | Which local IP to bind the UDP socket to.
|
| services.awstats.configs.<name>.extraConfig | Extra configuration to be appended to awstats.${name}.conf.
|
| services.librenms.distributedPoller.name | Custom name of this poller.
|
| services.openvpn.servers | Each attribute of this option defines a systemd service that
runs an OpenVPN instance
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| systemd.services.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| programs.nix-required-mounts.allowedPatterns.<name>.paths | A list of glob patterns, indicating which paths to expose to the sandbox
|
| services.phpfpm.pools.<name>.listen | The address on which to accept FastCGI requests.
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.spiped.config.<name>.keyfile | Name of a file containing the spiped key
|
| power.ups.upsmon.monitor.<name>.powerValue | Number of power supplies that the UPS feeds on this system
|
| services.jupyter.kernels.<name>.displayName | Name that will be shown to the user.
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| services.i2pd.inTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.gitwatch.<name>.path | The path to repo in local machine
|
| services.influxdb2.provision.users.<name>.present | Whether to ensure that this user is present or absent.
|
| services.redis.servers.<name>.slaveOf.ip | IP of the Redis master
|
| systemd.services.<name>.postStop | Shell commands executed after the service's main process
has exited.
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| services.h2o.hosts.<name>.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| services.kimai.sites.<name>.package | The kimai package to use.
|
| services.tahoe.nodes.<name>.package | The tahoelafs package to use.
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| users.mysql.database | The name of the database containing the users
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| virtualisation.qemu.drives.*.name | A name for the drive
|
| services.fedimintd.<name>.nginx.config.locations.<name>.tryFiles | Adds try_files directive.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.asusd.auraConfigs.<name>.text | Text of the file.
|
| programs.tsmClient.defaultServername | If multiple server stanzas are declared with
programs.tsmClient.servers,
this option may be used to name a default
server stanza that IBM TSM uses in the absence of
a user-defined dsm.opt file
|
| services.nsd.zones.<name>.notifyRetry | Specifies the number of retries for failed notifies
|
| services.drupal.sites.<name>.enable | Whether to enable Drupal web application.
|
| services.tts.servers.<name>.enable | Whether to enable Coqui TTS server.
|
| services.tts.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| users.mysql.pam.logging.table | The name of the table to which logs are written.
|
| services.tahoe.nodes.<name>.sftpd.port | The port on which the SFTP server will listen
|