| services.drupal.sites.<name>.stateDir | The location of the Drupal site state directory.
|
| services.matrix-synapse.settings.database.name | The database engine name
|
| services.rsync.jobs.<name>.timerConfig | When to run the job.
|
| services.i2pd.outTunnels.<name>.inbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| nix.registry.<name>.to | The flake reference from is rewritten to
|
| users.users.<name>.enable | If set to false, the user account will not be created
|
| users.users.<name>.extraGroups | The user's auxiliary groups.
|
| security.pam.services.<name>.text | Contents of the PAM service file.
|
| boot.initrd.luks.devices.<name>.header | The name of the file or block device that
should be used as header for the encrypted device.
|
| users.users.<name>.shell | The path to the user's shell
|
| services.cgit.<name>.settings | cgit configuration, see cgitrc(5)
|
| services.uhub.<name>.settings | Configuration of uhub
|
| services.bitcoind.<name>.dataDir | The data directory for bitcoind.
|
| systemd.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.bind.zones.<name>.masters | List of servers for inclusion in stub and secondary zones.
|
| services.bluemap.maps.<name>.world | Path to world folder containing the dimension to render
|
| services.redis.servers.<name>.bind | The IP interface to bind to.
null means "all interfaces".
|
| systemd.network.networks.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of the unit
|
| systemd.network.networks.<name>.ipv6AcceptRAConfig | Each attribute in this set specifies an option in the
[IPv6AcceptRA] section of the unit
|
| services.autosuspend.checks.<name>.class | Name of the class implementing the check
|
| security.pam.services.<name>.zfs | Enable unlocking and mounting of encrypted ZFS home dataset at login.
|
| services.udp-over-tcp.tcp2udp.<name>.bind | Which local IP to bind the UDP socket to.
|
| services.mpd.settings | Configuration for MPD
|
| services.httpd.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.nginx.virtualHosts.<name>.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| power.ups.users.<name>.upsmon | Add the necessary actions for a upsmon process to work
|
| services.bitcoind.<name>.pidFile | Location of bitcoind pid file.
|
| services.bacula-sd.autochanger.<name>.changerDevice | The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource
|
| services.autorandr.profiles.<name>.config.<name>.primary | Whether output should be marked as primary
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module | Optional PKCS#11 module name.
|
| systemd.network.networks.<name>.addresses | A list of address sections to be added to the unit
|
| users.users.<name>.pamMount | Attributes for user's entry in
pam_mount.conf.xml
|
| services.phpfpm.pools.<name>.listen | The address on which to accept FastCGI requests.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.root | Root directory for requests.
|
| services.autorandr.profiles.<name>.config.<name>.scale.method | Output scaling method.
|
| services.bitcoind.<name>.group | The group as which to run bitcoind.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| users.users.<name>.cryptHomeLuks | Path to encrypted luks device that contains
the user's home directory.
|
| boot.initrd.luks.devices.<name>.keyFile | The name of the file (can be a raw device or a partition) that
should be used as the decryption key for the encrypted device
|
| ec2.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| services.spiped.config.<name>.keyfile | Name of a file containing the spiped key
|
| services.awstats.configs.<name>.extraConfig | Extra configuration to be appended to awstats.${name}.conf.
|
| services.kimai.sites.<name>.package | The kimai package to use.
|
| services.tahoe.nodes.<name>.package | The tahoelafs package to use.
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.znapzend.zetup.<name>.destinations.<name>.dataset | Dataset name to send snapshots to.
|
| services.nsd.zones.<name>.notifyRetry | Specifies the number of retries for failed notifies
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.drupal.sites.<name>.enable | Whether to enable Drupal web application.
|
| services.tts.servers.<name>.enable | Whether to enable Coqui TTS server.
|
| services.tts.servers.<name>.extraArgs | Extra arguments to pass to the server commandline.
|
| services.asusd.auraConfigs.<name>.text | Text of the file.
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| services.jupyter.kernels.<name>.displayName | Name that will be shown to the user.
|
| systemd.user.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.stash.settings.stash_boxes.*.name | The name of the Stash Box
|
| services.nix-store-gcs-proxy.<name>.enable | Whether to enable proxy for this bucket
|
| services.bitcoind.<name>.rpc.port | Override the default port on which to listen for JSON-RPC connections.
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| services.h2o.hosts.<name>.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| programs.tsmClient.servers.<name>.nodename | Target node name on the IBM TSM server.
|
| services.librespeed.frontend.servers.*.name | Name shown in the server list.
|
| systemd.network.networks.<name>.ipv6PREF64Prefixes | A list of IPv6PREF64Prefix sections to be added to the unit
|
| services.restic.backups.<name>.user | As which user the backup should run.
|
| services.rke2.autoDeployCharts.<name>.package | The packaged Helm chart
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| security.acme.certs.<name>.s3Bucket | S3 bucket name to use for HTTP-01 based challenges
|
| services.nsd.zones.<name>.maxRetrySecs | Limit retry time for secondary zones
|
| services.filebeat.modules.<name>.module | The name of the module
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.fedimintd.<name>.nginx.config.locations.<name>.index | Adds index directive.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.alias | Alias directory for requests.
|
| services.quicktun.<name>.tunMode | Whether to operate in tun (IP) or tap (Ethernet) mode.
|
| services.h2o.hosts.<name>.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| services.bind.zones.<name>.extraConfig | Extra zone config to be appended at the end of the zone section.
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKey | Legacy RSA public key of the host in PEM format, including start and
end markers
|
| nix.registry.<name>.from | The flake reference to be rewritten
|
| services.nginx.proxyCachePath.<name>.maxSize | Set maximum cache size
|
| services.redis.servers.<name>.slaveOf.ip | IP of the Redis master
|
| systemd.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| hardware.alsa.controls.<name>.card | Name of the PCM card to control (slave).
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.openvpn.servers | Each attribute of this option defines a systemd service that
runs an OpenVPN instance
|
| boot.initrd.systemd.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| services.librenms.distributedPoller.name | Custom name of this poller.
|
| services.bind.zones.<name>.allowQuery | List of address ranges allowed to query this zone
|
| virtualisation.interfaces.<name>.name | Interface name
|
| services.i2pd.inTunnels.<name>.outbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.pgbackrest.stanzas.<name>.jobs.<name>.schedule | When or how often the backup should run
|
| services.tahoe.nodes.<name>.sftpd.port | The port on which the SFTP server will listen
|
| users.users.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.autorandr.profiles.<name>.config.<name>.position | Output position
|
| services.autosuspend.wakeups.<name>.class | Name of the class implementing the check
|
| services.quicktun.<name>.privateKeyFile | Path to file containing local secret key in binary or hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|