| services.vmalert.instances.<name>.rules | A list of the given alerting or recording rules against configured "datasource.url" compatible with
Prometheus HTTP API for vmalert to execute
|
| services.vmalert.instances.<name>.settings.rule | Path to the files with alerting and/or recording rules.
|
| services.opengfw.rules.*.name | Name of the rule.
|
| services.ndppd.proxies.<name>.rules.<name>.network | This is the target address is to match against
|
| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.opengfw.rules.*.modifier.name | Name of the modifier.
|
| services.ndppd.proxies.<name>.rules | This is a rule that the target address is to match against
|
| systemd.user.tmpfiles.users.<name>.rules | Per-user rules for creation, deletion and cleaning of volatile and
temporary files automatically
|
| services.ndppd.proxies.<name>.rules.<name>.interface | Interface to use when method is iface.
|
| services.ndppd.proxies.<name>.rules.<name>.method | static: Immediately answer any Neighbor Solicitation Messages
(if they match the IP rule).
iface: Forward the Neighbor Solicitation Message through the specified
interface and only respond if a matching Neighbor Advertisement
Message is received.
auto: Same as iface, but instead of manually specifying the outgoing
interface, check for a matching route in /proc/net/ipv6_route.
|
| services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.anubis.instances.<name>.policy.extraBots | Additional bot rules appended to the policy
|
| services.vmalert.instances | Define multiple instances of vmalert.
|
| services.vmalert.rules | A list of the given alerting or recording rules against configured "datasource.url" compatible with
Prometheus HTTP API for vmalert to execute
|
| services.networkd-dispatcher.rules.<name>.script | Shell commands executed on specified operational states.
|
| services.networkd-dispatcher.rules.<name>.onState | List of names of the systemd-networkd operational states which
should trigger the script
|
| services.grafana.provision.alerting.rules.settings.groups.*.name | Name of the rule group
|
| services.anubis.instances.<name>.policy.useDefaultBotRules | Whether to include Anubis's default bot detection rules via the
(data)/meta/default-config.yaml import
|
| programs.pay-respects.runtimeRules | List of rules to be added to /etc/xdg/pay-respects/rules.
pay-respects will read the contents of these generated rules to recommend command corrections
|
| services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| services.opengfw.rules | Rules passed to OpenGFW. Example rules
|
| services.cloudflared.tunnels.<name>.ingress | Ingress rules
|
| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| services.ndppd.proxies.<name>.interface | Listen for any Neighbor Solicitation messages on this interface,
and respond to them according to a set of rules
|
| services.firewalld.zones.<name>.target | Action for packets that doesn't match any rules.
|
| boot.initrd.services.udev.rules | udev rules to include in the initrd
only
|
| services.opensnitch.rules | Declarative configuration of firewall rules
|
| security.audit.rules | The ordered audit rules, with each string appearing as one line of the audit.rules file.
|
| services.nebula.networks.<name>.firewall.inbound | Firewall rules for inbound traffic.
|
| services.logrotate.settings.<name>.files | Single or list of files for which rules are defined
|
| networking.jool.siit.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.opengfw.rules.*.log | Whether to enable logging for the rule.
|
| services.vmalert.instances.<name>.settings | vmalert configuration, passed via command line flags
|
| services.opengfw.rulesFile | Path to file containing OpenGFW rules.
|
| services.nebula.networks.<name>.firewall.outbound | Firewall rules for outbound traffic.
|
| networking.jool.nat64.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| networking.vswitches.<name>.openFlowRules | OpenFlow rules to insert into the Open vSwitch
|
| systemd.tmpfiles.rules | Rules for creation, deletion and cleaning of volatile and temporary files
automatically
|
| services.prometheus.rules | Alerting and/or Recording rules to evaluate at runtime.
|
| services.opengfw.rules.*.expr | Expr Language expression using analyzers and functions.
|
| systemd.network.networks.<name>.routingPolicyRules | A list of routing policy rules sections to be added to the unit
|
| services.xserver.imwheel.rules | Window class translation rules.
/etc/X11/imwheelrc is generated based on this config
which means this config is global for all users
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.opengfw.rules.*.action | Action of the rule. Supported actions
|
| systemd.user.tmpfiles.rules | Global user rules for creation, deletion and cleaning of volatile and
temporary files automatically
|
| programs.rush.rules | The rule statement configures a GNU Rush rule
|
| services.usbguard.rules | The USBGuard daemon will load this as the policy rule set
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| services.vmalert.instances.<name>.settings."notifier.url" | Prometheus Alertmanager URL
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| services.armagetronad.servers.<name>.settings | Armagetron Advanced server rules configuration
|
| services.vmalert.settings.rule | Path to the files with alerting and/or recording rules.
Consider using the services.vmalert.rules option as a convenient alternative for declaring rules
directly in the nix language.
|
| services.ananicy.rulesProvider | Which package to copy default rules,types,cgroups from.
|
| services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| services.opengfw.rules.*.modifier.args | Arguments passed to the modifier.
|
| services.opengfw.rules.*.modifier | Modification of specified packets when using the modify action. Available modifiers
|
| services.vmalert.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile | Sets the password for WPA-PSK
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| services.networkd-dispatcher.rules | Declarative configuration of networkd-dispatcher rules
|
| hardware.block.scheduler | Assign block I/O scheduler by device name pattern
|
| services.grafana.provision.alerting.rules.path | Path to YAML rules configuration
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out | Netfilter mark and mask for output traffic
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| services.strongswan-swanctl.swanctl.connections.<name>.local | Section for a local authentication round
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|
| services.grafana.provision.alerting.rules.settings | Grafana rules configuration in Nix
|
| boot.uki.name | Name of the UKI
|
| services.v4l2-relayd.instances.<name>.name | The name of the instance.
|
| services.authelia.instances.<name>.name | Name is used as a suffix for the service name, user, and group
|
| users.users.<name>.name | The name of the user account
|
| services.grafana.provision.alerting.rules.settings.groups | List of rule groups to import or update.
|
| services.gitea-actions-runner.instances.<name>.name | The name identifying the runner instance towards the Gitea/Forgejo instance.
|
| services.grafana.provision.alerting.rules.settings.apiVersion | Config file version.
|
| services.grafana.provision.alerting.rules.settings.deleteRules | List of alert rule UIDs that should be deleted.
|
| services.opengfw.settings.ruleset | The path to load specific local geoip/geosite db files
|
| services.radicle.ci.adapters.native.instances.<name>.name | Adapter name that is used in the radicle-ci-broker configuration
|
| users.groups.<name>.name | The name of the group
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.uid | Unique identifier for the rule
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.orgId | Organization ID, default = 1
|
| services.nylon.<name>.name | The name of this nylon instance.
|
| services.anubis.defaultOptions.policy.extraBots | Additional bot rules appended to the policy
|
| services.udev.extraRules | Additional udev rules
|
| services.bind.zones.<name>.name | Name of the zone.
|
| services.pppd.peers.<name>.name | Name of the PPP peer.
|
| services.firewalld.settings.LogDenied | Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.
|
| services.grafana.provision.alerting.rules.settings.groups.*.interval | Interval that the rule group should be evaluated at
|
| system.name | The name of the system used in the system.build.toplevel derivation
|
| users.extraUsers.<name>.name | The name of the user account
|
| services.frp.instances.<name>.role | The frp consists of client and server
|
| services.frp.instances.<name>.enable | Whether to enable frp.
|
| users.extraGroups.<name>.name | The name of the group
|
| services.etcd.name | Etcd unique node name.
|
| services.authelia.instances.<name>.user | The name of the user for this authelia instance.
|
| services.v4l2-relayd.instances.<name>.cardLabel | The name the camera will show up as.
|
| services.errbot.instances.<name>.backend | Errbot backend name.
|
| services.errbot.instances.<name>.dataDir | Data directory for errbot instance.
|
| services.authelia.instances.<name>.group | The name of the group for this authelia instance.
|
| services.ytdl-sub.instances.<name>.enable | Whether to enable ytdl-sub instance.
|