programs.neovim.plugins._.runtime._name_.text ‐ NixOS ‐ Searchix

Search Nix packages and options from NixOS, Darwin, Home Manager, Nix Packages and NUR

Indexing last ran 7 hours ago, will run again in 17 hours.

NixOS options search

Title	Description
programs.neovim.runtime.<name>.text	Text of the file.
programs.neovim.runtime	Set of files that have to be linked in runtime.
programs.neovim.runtime.<name>.enable	Whether this runtime directory should be generated
programs.neovim.runtime.<name>.source	Path of the source file.
programs.neovim.runtime.<name>.target	Name of symlink
programs.pay-respects.runtimeRules	List of rules to be added to `/etc/xdg/pay-respects/rules`. `pay-respects` will read the contents of these generated rules to recommend command corrections
services.pds.settings.PDS_BSKY_APP_VIEW_DID	DID of bsky frontend
services.pds.settings.PDS_BSKY_APP_VIEW_URL	URL of bsky frontend
services.pds.settings.PDS_DID_PLC_URL	URL of DID PLC directory
services.bluesky-pds.settings.PDS_BSKY_APP_VIEW_DID	DID of bsky frontend
services.bluesky-pds.settings.PDS_BSKY_APP_VIEW_URL	URL of bsky frontend
services.movim.runtimeDir	Runtime directory of the `movim` user which holds the application’s caches & temporary files.
services.taler.runtimeDir	Runtime directory shared between the taler services
services.bluesky-pds.settings.PDS_DID_PLC_URL	URL of DID PLC directory
services.pds.settings.PDS_BLOB_UPLOAD_LIMIT	Size limit of uploaded blobs in bytes
services.moosefs.chunkserver.settings.DATA_PATH	Directory for lock files and other runtime data.
services.pds.settings.PDS_REPORT_SERVICE_DID	DID of mod service
services.pds.settings.PDS_REPORT_SERVICE_URL	URL of mod service
services.netbird.tunnels.<name>.dir.runtime	A runtime directory used by NetBird client.
services.netbird.clients.<name>.dir.runtime	A runtime directory used by NetBird client.
services.bluesky-pds.settings.PDS_BLOB_UPLOAD_LIMIT	Size limit of uploaded blobs in bytes
systemd.units.<name>.text	Text of this systemd unit.
security.loginDefs.settings.SYS_UID_MAX	Range of user IDs used for the creation of system users by useradd or newusers.
security.loginDefs.settings.SYS_UID_MIN	Range of user IDs used for the creation of system users by useradd or newusers.
security.loginDefs.settings.SYS_GID_MAX	Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
security.loginDefs.settings.SYS_GID_MIN	Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
systemd.user.units.<name>.text	Text of this systemd unit.
services.pixelfed.runtimeDir	Ruutime directory of the `pixelfed` user which holds the application's caches and temporary files.
systemd.watchdog.runtimeTime	The amount of time which can elapse before a watchdog hardware device will automatically reboot the system
services.bluesky-pds.settings.PDS_REPORT_SERVICE_DID	DID of mod service
services.lasuite-docs.settings.DJANGO_SECRET_KEY_FILE	The path to the file containing Django's secret key
services.lasuite-meet.settings.DJANGO_SECRET_KEY_FILE	The path to the file containing Django's secret key
services.bluesky-pds.settings.PDS_REPORT_SERVICE_URL	URL of mod service
services.bluesky-pds.settings.PDS_RATE_LIMITS_ENABLED	Enable rate limiting
services.wastebin.settings.WASTEBIN_MAX_BODY_SIZE	Number of bytes to accept for POST requests
services.pocket-id.settings.PUBLIC_APP_URL	The URL where you will access the app.
services.libeufin.nexus.settings.nexus-ebics.BANK_PUBLIC_KEYS_FILE	Filesystem location where Nexus should store the bank public keys.
services.pds.settings.PDS_BLOBSTORE_DISK_LOCATION	Store blobs at this location, set to null to use e.g
services.hatsu.settings.HATSU_LISTEN_HOST	Host where hatsu should listen for incoming requests.
services.hatsu.settings.HATSU_LISTEN_PORT	Port where hatsu should listen for incoming requests.
virtualisation.cri-o.runtime	Override the default runtime
services.firefly-iii.settings.APP_KEY_FILE	The path to your appkey
services.umami.settings.APP_SECRET_FILE	A file containing a secure random string
services.gitea.settings.server.STATIC_ROOT_PATH	Upper level of template and static files path.
services.libeufin.nexus.settings.nexus-ebics.CLIENT_PRIVATE_KEYS_FILE	Filesystem location where Nexus should store the subscriber private keys.
services.pds.settings.PDS_DATA_DIRECTORY	Directory to store state
services.lasuite-meet.settings.DJANGO_DATA_DIR	Path to the data directory
services.hatsu.settings.HATSU_DATABASE_URL	Database URL.
services.renovate.runtimePackages	Packages available to renovate.
services.firezone.server.settingsSecret.LIVE_VIEW_SIGNING_SALT	A file containing a unique base64 encoded secret for the `LIVE_VIEW_SIGNING_SALT`
services.snips-sh.settings.SNIPS_SSH_INTERNAL	The internal SSH address of the service
services.umami.settings.TRACKER_SCRIPT_NAME	Allows you to assign a custom name to the tracker script different from the default `script.js`.
services.asusd.animeConfig.text	Text of the file.
services.asusd.asusdConfig.text	Text of the file.
services.bluesky-pds.settings.PDS_BLOBSTORE_DISK_LOCATION	Store blobs at this location, set to null to use e.g
services.lasuite-meet.settings.LIVEKIT_API_URL	URL to the livekit server
services.umami.settings.DATABASE_URL_FILE	A file containing a connection string for the database
services.snips-sh.settings.SNIPS_HTTP_INTERNAL	The internal HTTP address of the service
services.bookstack.settings.APP_KEY_FILE	The path to your appkey
services.forgejo.settings.server.STATIC_ROOT_PATH	Upper level of template and static files path.
services.lasuite-meet.settings.CELERY_BROKER_URL	URL of the redis backend for celery
services.lasuite-docs.settings.CELERY_BROKER_URL	URL of the redis backend for celery
services.taler.settings.taler.CURRENCY_ROUND_UNIT	Smallest amount in this currency that can be transferred using the underlying RTGS
services.libeufin.nexus.settings.nexus-ebics.HOST_BASE_URL	URL of the EBICS server.
services.hatsu.settings.HATSU_PRIMARY_ACCOUNT	The primary account of your instance (eg 'example.com').
services.corteza.settings.HTTP_WEBAPP_ENABLED	Whether to enable webapps.
services.n8n.environment.N8N_USER_FOLDER	Provide the path where n8n will create the .n8n folder
services.rspamd.locals.<name>.text	Text of the file.
services.umami.settings.COLLECT_API_ENDPOINT	Allows you to send metrics to a location different than the default `/api/send`.
services.asusd.fanCurvesConfig.text	Text of the file.
services.asusd.userLedModesConfig.text	Text of the file.
services.canaille.settings.CANAILLE_LDAP.BIND_PW	The LDAP bind password
services.pds.settings.PDS_PORT	Port to listen on
services.kubernetes.apiserver.runtimeConfig	Api runtime configuration
services.gokapi.environment.GOKAPI_DATA_DIR	Sets the directory for the data.
services.wastebin.settings.WASTEBIN_BASE_URL	Base URL for the QR code display
services.bluesky-pds.settings.PDS_DATA_DIRECTORY	Directory to store state
services.asusd.profileConfig.text	Text of the file.
services.lasuite-meet.settings.DJANGO_ALLOWED_HOSTS	Comma-separated list of hosts that are able to connect to the server
services.lasuite-docs.settings.DJANGO_ALLOWED_HOSTS	Comma-separated list of hosts that are able to connect to the server
services.snapper.configs.<name>.TIMELINE_LIMIT_DAILY	Limits for timeline cleanup.
boot.initrd.systemd.contents.<name>.text	Text of the file.
services.bookstack.settings.DB_PASSWORD_FILE	The file containing your mysql/mariadb database password.
services.asusd.auraConfigs.<name>.text	Text of the file.
services.wastebin.settings.WASTEBIN_CACHE_SIZE	Number of rendered syntax highlight items to cache
services.murmur.textMsgLength	Max length of text messages
services.ferretdb.settings.FERRETDB_SQLITE_URL	SQLite URI (directory) for 'sqlite' handler
services.gokapi.environment.GOKAPI_CONFIG_DIR	Sets the directory for the config file.
services.canaille.settings.CANAILLE_OIDC.JWT.PRIVATE_KEY	JWT private key
services.snapper.configs.<name>.TIMELINE_LIMIT_HOURLY	Limits for timeline cleanup.
services.snapper.configs.<name>.TIMELINE_LIMIT_WEEKLY	Limits for timeline cleanup.
services.snapper.configs.<name>.TIMELINE_LIMIT_YEARLY	Limits for timeline cleanup.
services.anubis.defaultOptions.settings.SERVE_ROBOTS_TXT	Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.
services.gokapi.environment.GOKAPI_CONFIG_FILE	Sets the filename for the config file.
services.gitea.settings.log.ROOT_PATH	Root path for log files.
services.firezone.server.settingsSecret.TOKENS_KEY_BASE	A file containing a unique base64 encoded secret for the `TOKENS_KEY_BASE`
services.firezone.server.settingsSecret.SECRET_KEY_BASE	A file containing a unique base64 encoded secret for the `SECRET_KEY_BASE`
services.wastebin.settings.WASTEBIN_ADDRESS_PORT	Address and port to bind to
security.pam.services.<name>.text	Contents of the PAM service file.
services.canaille.settings.PREFERRED_URL_SCHEME	The url scheme by which canaille will be served.
environment.etc.<name>.text	Text of the file.
services.pocket-id.settings.APP_URL	The URL where you will access the app.
services.snapper.configs.<name>.TIMELINE_LIMIT_MONTHLY	Limits for timeline cleanup.
services.wastebin.settings.WASTEBIN_HTTP_TIMEOUT	Maximum number of seconds a request can be processed until wastebin responds with 408
security.loginDefs.settings.UID_MIN	Range of user IDs used for the creation of regular users by useradd or newusers.
security.loginDefs.settings.UID_MAX	Range of user IDs used for the creation of regular users by useradd or newusers.
security.loginDefs.settings.GID_MIN	Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
security.loginDefs.settings.GID_MAX	Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
services.taler.exchange.settings.exchange.MASTER_PUBLIC_KEY	Used by the exchange to verify information signed by the offline system.
services.anubis.instances.<name>.settings.SERVE_ROBOTS_TXT	Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.
services.sympa.settingsFile.<name>.text	Text of the file.
services.umami.settings.BASE_PATH	Allows you to host Umami under a subdirectory
services.canaille.settings.CANAILLE_SQL.DATABASE_URI	The SQL server URI
services.moosefs.cgiserver.settings.GUISERV_LISTEN_PORT	Port for GUI server to listen on.
services.wastebin.settings.WASTEBIN_DATABASE_PATH	Path to the sqlite3 database file
services.moosefs.cgiserver.settings.GUISERV_LISTEN_HOST	IP address to bind GUI server to (* means any).
services.pds.settings.LOG_ENABLED	Enable logging
services.buildkite-agents.<name>.runtimePackages	Add programs to the buildkite-agent environment
services.gitea.settings.server.ROOT_URL	Full public URL of gitea server.
services.healthchecks.settings.SECRET_KEY_FILE	Path to a file containing the secret key.
services.taler.exchange.settings.exchange.CURRENCY_ROUND_UNIT	Smallest amount in this currency that can be transferred using the underlying RTGS
services.forgejo.settings.log.ROOT_PATH	Root path for log files.
services.firezone.server.settingsSecret.COOKIE_SIGNING_SALT	A file containing a unique base64 encoded secret for the `COOKIE_SIGNING_SALT`
services.anubis.defaultOptions.settings.METRICS_BIND_NETWORK	The network family that the metrics server should bind to
services.gitea.settings.server.HTTP_PORT	Listen port
services.gitea.settings.server.HTTP_ADDR	Listen address
services.n8n.environment.N8N_VERSION_NOTIFICATIONS_ENABLED	When enabled, n8n sends notifications of new versions and security updates.
services.bluesky-pds.settings.PDS_PORT	Port to listen on
services.zipline.settings.CORE_PORT	The port to listen on.
services.firefly-iii.settings.APP_ENV	The app environment
services.gitea.settings.server.SSH_PORT	SSH port displayed in clone URL
services.firefly-iii.settings.DB_PORT	The port your database is listening at. sqlite does not require this value to be filled.
services.snapper.configs.<name>.TIMELINE_LIMIT_QUARTERLY	Limits for timeline cleanup.
services.rspamd.overrides.<name>.text	Text of the file.
services.lasuite-docs.settings.DB_HOST	Host of the database
services.lasuite-meet.settings.DB_USER	User of the database
services.lasuite-meet.settings.DB_HOST	Host of the database
services.lasuite-meet.settings.DB_NAME	Name of the database
services.lasuite-docs.settings.DB_NAME	Name of the database
services.lasuite-docs.settings.DB_USER	User of the database
services.hatsu.settings.HATSU_DOMAIN	The domain name of your instance (eg 'hatsu.local').
services.pds.settings.PDS_CRAWLERS	URL of crawlers
services.lasuite-docs.settings.DATA_DIR	Path to the data directory
services.ferretdb.settings.FERRETDB_POSTGRESQL_URL	PostgreSQL URL for 'pg' handler
services.firefly-iii.settings.APP_URL	The APP_URL used by firefly-iii internally
services.pds.settings.PDS_HOSTNAME	Instance hostname (base domain name)
services.pocket-id.settings.TRUST_PROXY	Whether the app is behind a reverse proxy.
services.radicle.ci.adapters.native.instances.<name>.runtimePackages	Packages added to the adapter's PATH.
services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK	The network family that the metrics server should bind to
services.firefly-iii.settings.DB_HOST	The machine which hosts your database
services.miniflux.config.LISTEN_ADDR	Address to listen on
services.lasuite-docs.settings.REDIS_URL	URL of the redis backend
services.lasuite-meet.settings.REDIS_URL	URL of the redis backend
services.forgejo.settings.server.ROOT_URL	Full public URL of Forgejo server.
systemd.shutdownRamfs.contents.<name>.text	Text of the file.
services.miniflux.config.CREATE_ADMIN	Create an admin user from environment variables.
services.saunafs.master.settings.DATA_PATH	Data storage directory.
services.part-db.settings.DATABASE_URL	The postgresql database server to connect to
services.moosefs.master.settings.DATA_PATH	Directory for storing master metadata.
services.forgejo.settings.server.HTTP_PORT	Listen port
services.forgejo.settings.server.HTTP_ADDR	Listen address
services.gitea.settings.server.DISABLE_SSH	Disable external SSH feature.
security.loginDefs.settings.DEFAULT_HOME	Indicate if login is allowed if we can't cd to the home directory.
services.umami.settings.DATABASE_URL	Connection string for the database
services.forgejo.settings.server.SSH_PORT	SSH port displayed in clone URL
services.postgres-websockets.environment.PGWS_DB_URI	libpq connection parameters as documented in: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS The `environment
services.wastebin.settings.RUST_LOG	Influences logging
services.n8n.environment.N8N_DIAGNOSTICS_ENABLED	Whether to share selected, anonymous telemetry with n8n
services.n8n.environment.N8N_PORT	The HTTP port n8n runs on.
services.bookstack.settings.DB_PORT	The port your database is listening at.
services.firezone.server.settingsSecret.COOKIE_ENCRYPTION_SALT	A file containing a unique base64 encoded secret for the `COOKIE_ENCRYPTION_SALT`
services.bookstack.settings.DB_HOST	The IP or hostname which hosts your database.
services.bluesky-pds.settings.LOG_ENABLED	Enable logging
services.canaille.settings.SECRET_KEY	Flask Secret Key
services.miniflux.config.DATABASE_URL	Postgresql connection parameters
services.bookstack.settings.APP_URL	The root URL that you want to host BookStack on
services.netbox.settings.ALLOWED_HOSTS	A list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the NetBox service.
services.snapper.configs.<name>.ALLOW_USERS	List of users allowed to operate with the config. "root" is always implicitly included
services.canaille.settings.SERVER_NAME	The domain name on which canaille will be served.
services.libeufin.nexus.settings.nexus-ebics.HOST_ID	Name of the EBICS host.
services.gitea.settings.mailer.SENDMAIL_PATH	Path to sendmail binary or script.
security.loginDefs.settings.ENCRYPT_METHOD	This defines the system default encryption algorithm for encrypting passwords.
services.umami.settings.DISABLE_UPDATES	Disables the check for new versions of Umami.
services.glitchtip.settings.ENABLE_USER_REGISTRATION	When true, any user will be able to register
services.slurm.rest.environment.SLURM_JWT	This variable must be set to use JWT token authentication.
services.forgejo.settings.server.DISABLE_SSH	Disable external SSH feature.
services.libeufin.nexus.settings.nexus-ebics.USER_ID	User ID of the EBICS subscriber
services.snapper.configs.<name>.ALLOW_GROUPS	List of groups allowed to operate with the config
services.bluesky-pds.settings.PDS_CRAWLERS	URL of crawlers
services.zipline.settings.CORE_HOSTNAME	The hostname to listen on.
services.prometheus.scrapeConfigs.*.label_name_length_limit	Per-scrape limit on length of labels name that will be accepted for a sample
services.gitea.settings.session.COOKIE_SECURE	Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS
services.bluesky-pds.settings.PDS_HOSTNAME	Instance hostname (base domain name)
services.lasuite-docs.collaborationServer.settings.COLLABORATION_BACKEND_BASE_URL	URL to the backend server base
programs.vim.enable	Whether to enable Vi IMproved, an advanced text editor.
services.moosefs.cgiserver.settings.DATA_PATH	Directory for lock files.
services.moosefs.cgiserver.settings.BIND_HOST	IP address to bind CGI server to.
services.suricata.settings.vars.address-groups.HOME_NET	HOME_NET variable.
services.glitchtip.settings.ENABLE_ORGANIZATION_CREATION	When false, only superusers will be able to create new organizations after the first
programs.nano.enable	Whether to enable nano, a small user-friendly console text editor.
services.canaille.settings.CANAILLE_OIDC	OpenID Connect settings
programs.nncp.settings	NNCP configuration, see http://www.nncpgo.org/Configuration.html
services.canaille.settings.CANAILLE_LDAP	Configuration for the LDAP backend
services.gokapi.environment.GOKAPI_PORT	Sets the port of the service.
services.miniflux.config.RUN_MIGRATIONS	Run database migrations.
programs.gamescope.env	Default environment variables available to the GameScope process, overridable at runtime.
services.forgejo.settings.session.COOKIE_SECURE	Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS
services.libeufin.nexus.settings.nexus-ebics.PARTNER_ID	Partner ID of the EBICS subscriber
services.seafile.ccnetSettings.General.SERVICE_URL	Seahub public URL.
services.wastebin.settings.WASTEBIN_TITLE	Overrides the HTML page title
services.froide-govplan.settings.ALLOWED_HOSTS	A list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the Froide-Govplan service.
services.libeufin.nexus.settings.nexus-ebics.BANK_DIALECT	Name of the following combination: EBICS version and ISO20022 recommendations that Nexus would honor in the communication with the bank
services.saunafs.metalogger.settings.DATA_PATH	Data storage directory
services.moosefs.metalogger.settings.DATA_PATH	Directory for storing metalogger data.
services.umami.settings.DISABLE_TELEMETRY	Umami collects completely anonymous telemetry data in order help improve the application
services.open-web-calendar.settings.ALLOWED_HOSTS	The hosts that the Open Web Calendar permits
services.snapper.configs.<name>.TIMELINE_CREATE	Defines whether hourly snapshots should be created.
services.suricata.settings.vars.address-groups.ENIP_SERVER	ENIP_SERVER variable.
services.suricata.settings.vars.address-groups.ENIP_CLIENT	ENIP_CLIENT variable.
services.libeufin.bank.settings.libeufin-bank.SUGGESTED_WITHDRAWAL_EXCHANGE	Exchange that is suggested to wallets when withdrawing
services.anubis.defaultOptions.settings.POLICY_FNAME	The policy file to use
programs.xonsh.config	Extra text added to the end of `/etc/xonsh/xonshrc`, the system-wide control file for xonsh.
services.suricata.settings.vars.address-groups.DC_SERVERS	DC_SERVERS variable.
services.firefly-iii.settings.DB_CONNECTION	The type of database you wish to use
services.peering-manager.settings.ALLOWED_HOSTS	A list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the peering manager service.
services.suricata.settings.vars.address-groups.AIM_SERVERS	AIM_SERVERS variable.
services.suricata.settings.vars.address-groups.SQL_SERVERS	SQL_SERVERS variable.
services.suricata.settings.vars.address-groups.DNS_SERVERS	DNS_SERVERS variable.
services.firezone.server.settingsSecret.TOKENS_SALT	A file containing a unique base64 encoded secret for the `TOKENS_SALT`
services.anubis.defaultOptions.settings.BIND_NETWORK	The network family that Anubis should bind to
services.ferretdb.settings.FERRETDB_HANDLER	Backend handler
services.suricata.settings.vars.address-groups.HTTP_SERVERS	HTTP_SERVERS variable.
services.suricata.settings.vars.address-groups.SMTP_SERVERS	SMTP_SERVERS variable.
services.healthchecks.settings.DB_NAME	Database name.
services.snapper.configs.<name>.TIMELINE_CLEANUP	Defines whether the timeline cleanup algorithm should be run for the config.
services.suricata.settings.vars.address-groups.MODBUS_SERVER	MODBUS_SERVER variable.
services.suricata.settings.vars.address-groups.MODBUS_CLIENT	MODBUS_CLIENT variable
services.saunafs.chunkserver.settings.DATA_PATH	Directory for chunck meta data
services.suricata.settings.vars.address-groups.EXTERNAL_NET	EXTERNAL_NET variable.
programs.ssh.extraConfig	Extra configuration text prepended to ssh_config
services.pocket-id.settings.ANALYTICS_DISABLED	Whether to disable analytics
services.anubis.instances.<name>.settings.POLICY_FNAME	The policy file to use
services.n8n.environment.GENERIC_TIMEZONE	The n8n instance timezone
services.suricata.settings.vars.address-groups.TELNET_SERVERS	TELNET_SERVERS variable.
services.anubis.instances.<name>.settings.BIND_NETWORK	The network family that Anubis should bind to
programs.tsmClient.dsmSysText	This configuration key contains the effective text of the client system-options file "dsm.sys"
services.glitchtip.settings.GLITCHTIP_DOMAIN	The URL under which GlitchTip is externally reachable.
services.firezone.server.settingsSecret.RELEASE_COOKIE	A file containing a unique secret identifier for the Erlang cluster
services.ferretdb.settings.FERRETDB_TELEMETRY	Enable or disable basic telemetry
services.slurm.rest.environment.SLURMRESTD_DEBUG	Set debug level explicitly
services.anubis.defaultOptions.settings.WEBMASTER_EMAIL	If set, shows a contact email address when rendering error pages
services.slurm.rest.environment.SLURMRESTD_LISTEN	Comma-delimited list of host:port pairs or unix sockets to listen on.
services.anubis.instances.<name>.settings.METRICS_BIND	The address Anubis' metrics server listens to
services.lasuite-docs.collaborationServer.settings.COLLABORATION_SERVER_ORIGIN	Origins allowed to connect to the collaboration server
services.healthchecks.settings.ALLOWED_HOSTS	The host/domain names that this site can serve.
services.anubis.instances.<name>.settings.WEBMASTER_EMAIL	If set, shows a contact email address when rendering error pages
services.your_spotify.settings.SPOTIFY_PUBLIC	The public client ID of your Spotify application
services.anubis.defaultOptions.settings.OG_PASSTHROUGH	Whether to enable Open Graph tag passthrough
services.your_spotify.settings.MONGO_ENDPOINT	The endpoint of the Mongo database.
services.your_spotify.settings.API_ENDPOINT	The endpoint of your server This api has to be reachable from the device you use the website from not from the server
services.your_spotify.settings.CLIENT_ENDPOINT	The endpoint of your web application
services.gitea.settings.service.DISABLE_REGISTRATION	By default any user can create an account on this `gitea` instance
services.postgres-websockets.environment.PGWS_HOST	Address the server will listen for websocket connections.
virtualisation.credentials.<name>.text	Text content of the credential
services.anubis.instances.<name>.settings.OG_PASSTHROUGH	Whether to enable Open Graph tag passthrough
services.taler.merchant.settings.merchant.LEGAL_PRESERVATION	How long to keep data in the database for tax audits after the transaction has completed.
services.airsonic.contextPath	The context path, i.e., the last part of the Airsonic URL
services.subsonic.contextPath	The context path, i.e., the last part of the Subsonic URL
services.davis.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.movim.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.slskd.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.openssh.authorizedKeysFiles	Specify the rules for which files to read on the host
services.snipe-it.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.bacula-fd.director.<name>.tls.require	Require TLS or TLS-PSK encryption
services.bacula-sd.director.<name>.tls.require	Require TLS or TLS-PSK encryption
services.bacula-fd.director.<name>.tls.verifyPeer	Verify peer certificate
services.bacula-sd.director.<name>.tls.verifyPeer	Verify peer certificate
services.gancio.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.akkoma.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.fluidd.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.matomo.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.monica.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.crowdsec.localConfig.contexts	A list of additional contexts to specify
services.sourcehut.settings."hg.sr.ht".srhtext	Path to the srht mercurial extension (defaults to where the hgsrht code is)
services.healthchecks.settings.REGISTRATION_OPEN	A boolean that controls whether site visitors can create new accounts
services.tor.settings.WarnPlaintextPorts	See torrc manual.
services.radicle.httpd.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.murmur.welcometext	Welcome message for connected clients.
services.sharkey.settings.fulltextSearch.provider	Which provider to use for full text search
services.kanboard.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.librenms.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.dolibarr.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.agorakit.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.fediwall.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.pixelfed.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.mainsail.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.tor.settings.RejectPlaintextPorts	See torrc manual.
programs.tsmClient.servers.<name>.inclexcl	Text lines with `include.` and `exclude.` directives to be used when sending files to the IBM TSM server, or an absolute path pointing to a file with such lines.
services.anuko-time-tracker.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.zabbixWeb.nginx.virtualHost.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.bacula-sd.director.<name>.tls.enable	Specifies if TLS should be enabled
services.bacula-fd.director.<name>.tls.enable	Specifies if TLS should be enabled
services.filebeat.inputs	Inputs specify how Filebeat locates and processes input data
services.bookstack.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.jirafeau.nginxConfig.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.umurmur.settings.welcometext	Welcome message for connected clients.
services.nginx.virtualHosts.<name>.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.postgresql.systemCallFilter	Configures the syscall filter for `postgresql.service`
services.fedimintd.<name>.nginx.config.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.bacula-fd.director.<name>.tls.allowedCN	Common name attribute of allowed peer certificates
services.bacula-sd.director.<name>.tls.allowedCN	Common name attribute of allowed peer certificates
services.filebeat.modules	Filebeat modules provide a quick way to get started processing common log formats
services.traefik.dynamic.dir	Path to the directory Traefik should watch for configuration files. Files in this directory matching the glob `_nixos-` (reserved for Nix-managed dynamic configurations) will be deleted as part of `systemd-tmpfiles-resetup.service`, regardless of their origin.*.
services.limesurvey.nginx.virtualHost.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
services.nncp.daemon.socketActivation.listenStreams	TCP sockets to bind to
services.metricbeat.modules	Metricbeat modules are responsible for reading metrics from the various sources
services.misskey.reverseProxy.webserver.nginx.rejectSSL	Whether to listen for and reject all HTTPS connections to this vhost
boot.kernel.sysctl	Runtime parameters of the Linux kernel, as set by sysctl(8)
services.openssh.authorizedKeysInHomedir	Enables the use of the `~/.ssh/authorized_keys` file
services.syncthing.overrideFolders	Whether to delete the folders which are not configured via the folders option
services.monado.defaultRuntime	Whether to enable Monado as the default OpenXR runtime on the system
services.wivrn.defaultRuntime	Whether to enable WiVRn as the default OpenXR runtime on the system
services.postsrsd.settings.chroot-dir	Path to chroot into at runtime as an additional layer of protection. We confine the runtime environment through systemd hardening instead, so this option is read-only.
services.matrix-synapse.log	Default configuration for the loggers used by `matrix-synapse` and its workers
services.galene.keyFile	Path to the server's private key
services.scx.extraArgs	Parameters passed to the chosen scheduler at runtime. Run `chosen-scx-scheduler --help` to see the available options
networking.tempAddresses	Whether to enable IPv6 Privacy Extensions for interfaces not configured explicitly in networking.interfaces._name_.tempAddress
services.node-red.withNpmAndGcc	Give Node-RED access to NPM and GCC at runtime, so 'Nodes' can be downloaded and managed imperatively via the 'Palette Manager'.
services.galene.certFile	Path to the server's certificate
services.pgbackrest.stanzas.<name>.settings	An attribute set of options as described in: https://pgbackrest.org/configuration.html All options can be used
services.traefik.dynamic.files	Dynamic configuration files to write
services.bacula-sd.director.<name>.tls.certificate	The full path to the PEM encoded TLS certificate
services.bacula-fd.director.<name>.tls.certificate	The full path to the PEM encoded TLS certificate
virtualisation.rosetta.mountTag	The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software
services.bacula-fd.director.<name>.tls.caCertificateFile	The path specifying a PEM encoded TLS CA certificate(s)
services.bacula-sd.director.<name>.tls.caCertificateFile	The path specifying a PEM encoded TLS CA certificate(s)
hardware.amdgpu.opencl.enable	Whether to enable OpenCL support using ROCM runtime library.
services.wiki-js.settings.logLevel	Define how much detail is supposed to be logged at runtime.
services.linyaps.enable	Whether to enable linyaps, a cross-distribution package manager with sandboxed apps and shared runtime.
services.bird.preCheckConfig	Commands to execute before the config file check
services.athens.goBinary	The Go package used by Athens at runtime
services.couchdb.configFile	Configuration file for persisting runtime changes
services.maddy.tls.loader	TLS certificates are obtained by modules called "certificate loaders"
services.forgejo.customDir	Base directory for custom templates and other options
services.lighttpd.cgit.configText	Verbatim contents of the cgit runtime configuration file
services.zitadel.settings	Contents of the runtime configuration file
services.unifi.maximumJavaHeapSize	Set the maximum heap size for the JVM in MB
services.unifi.initialJavaHeapSize	Set the initial heap size for the JVM in MB
system.nixos.label	NixOS version name to be used in the names of generated outputs and boot labels
hardware.amdgpu.amdvlk.settings	Runtime settings for AMDVLK to be configured /etc/amd/amdVulkanSettings.cfg
boot.plymouth.font	Font file made available for displaying text on the splash screen.
services.wivrn.config.json	Configuration for WiVRn
nix.extraOptions	Additional text appended to nix.conf.
services.prometheus.rules	Alerting and/or Recording rules to evaluate at runtime.
services.rkvm.server.settings.switch-keys	A key list specifying a host switch combination. A list of key names is available in https://github.com/htrefil/rkvm/blob/master/switch-keys.md.
services.riemann.configFiles	Extra files containing Riemann configuration
services.jupyter.extraPackages	Extra packages to be available in the jupyter runtime environment
services.flannel.storageBackend	Determines where flannel stores its configuration at runtime
hardware.alsa.defaultDevice.capture	The default capture device (i.e. microphone)
services.apcupsd.configText	Contents of the runtime configuration file, apcupsd.conf
services.netdata.python.extraPackages	Extra python packages available at runtime to enable additional python plugins.
services.deluge.extraPackages	Extra packages available at runtime to enable Deluge's plugins
services.activemq.extraJavaOptions	Add extra options here that you want to be sent to the Java runtime when the broker service is started.
services.moonraker.analysis.enable	Whether to enable Runtime analysis with klipper-estimator.
hardware.alsa.defaultDevice.playback	The default playback device
services.nextcloud.settings.mail_send_plaintext_only	Email will be sent by default with an HTML and a plain text body
services.gotify.stateDirectoryName	The name of the directory below /var/lib where gotify stores its runtime data.
services.nginx.uwsgiResolveWhileRunning	Resolves domains of uwsgi targets at runtime and not only at start, you have to set services.nginx.resolver, too.
boot.loader.grub.splashImage	Background image used for GRUB
services.userdbd.enableSSHSupport	Whether to enable exposing OpenSSH public keys defined in userdb
services.monado.forceDefaultRuntime	Whether to ensure that Monado is the active runtime set for the current user
services.dae.config	WARNING: This option will expose store your config unencrypted world-readable in the nix store
services.rabbitmq.config	Verbatim advanced configuration file contents using the Erlang syntax
services.evcc.environmentFile	File with environment variables to pass into the runtime environment
services.ntp.extraConfig	Additional text appended to ntp.conf.
services.firewalld.settings.FlushAllOnReload	Whether to flush all runtime rules on a reload.
services.davis.nginx.basicAuth	Basic Auth protection for a vhost
services.movim.nginx.basicAuth	Basic Auth protection for a vhost
services.slskd.nginx.basicAuth	Basic Auth protection for a vhost
services.mirakurun.tunerSettings	Options which are added to tuners.yml
services.snipe-it.nginx.basicAuth	Basic Auth protection for a vhost
services.crossfire-server.stateDir	Where to store runtime data (save files, persistent items, etc)
services.buffyboard.settings.theme.default	Selects the default theme on boot
services.nginx.proxyResolveWhileRunning	Resolves domains of proxyPass targets at runtime and not only at startup
services.athens.storage.gcp.jsonKey	Base64 encoded GCP service account key
services.borgbackup.jobs.<name>.extraInitArgs	Additional arguments for `borg init`
security.sudo.extraConfig	Extra configuration text appended to sudoers.
services.schleuder.extraSettingsFile	YAML file to merge into the schleuder config at runtime
security.sudo-rs.extraConfig	Extra configuration text appended to sudoers.
services.akkoma.nginx.basicAuth	Basic Auth protection for a vhost
services.gancio.nginx.basicAuth	Basic Auth protection for a vhost
services.fluidd.nginx.basicAuth	Basic Auth protection for a vhost
services.matomo.nginx.basicAuth	Basic Auth protection for a vhost
services.monica.nginx.basicAuth	Basic Auth protection for a vhost
services.borgbackup.jobs.<name>.extraPruneArgs	Additional arguments for `borg prune`
services.vault.extraConfig	Extra text appended to vault.hcl.
services.rabbitmq.configItems	Configuration options in RabbitMQ's new config file format, which is a simple key-value format that can not express nested data structures
services.mirakurun.channelSettings	Options which are added to channels.yml
services.solanum.motd	Solanum MOTD text
boot.loader.grub.users.<name>.password	Specifies the clear text password for the account
services.borgbackup.jobs.<name>.extraCreateArgs	Additional arguments for `borg create`
virtualisation.cri-o.enable	Whether to enable Container Runtime Interface for OCI (CRI-O).
services.radicle.httpd.nginx.basicAuth	Basic Auth protection for a vhost
services.firezone.server.settingsSecret	This is a convenience option which allows you to set secret values for environment variables by specifying a file which will contain the value at runtime
security.doas.extraConfig	Extra configuration text appended to doas.conf
services.prometheus.exporters.py-air-control.stateDir	Directory below `/var/lib` to store runtime data
services.firezone.server.provision.accounts	All accounts to provision
services.athens.basicAuthPass	Password for basic auth
services.grafana.settings.users.login_hint	Text used as placeholder text on login page for login/username input.
services.athens.storage.s3.token	Token for the S3 storage backend
services.borgbackup.jobs.<name>.extraCompactArgs	Additional arguments for `borg compact`
power.ups.users.<name>.passwordFile	The full path to a file that contains the user's (clear text) password
services.wstunnel.clients.<name>.httpProxy	Proxy to use to connect to the wstunnel server (`USER:PASS@HOST:PORT`). Passwords specified here will be world-readable in the Nix store! To pass a password to the service, point the `environmentFile` option to a file containing `PROXY_PASSWORD=<your-password-here>` and set this option to `<user>:$PROXY_PASSWORD@<host>:<port>`
boot.loader.grub.timeoutStyle	`menu` shows the menu. `countdown` uses a text-mode countdown. `hidden` hides GRUB entirely
services.athens.storage.minio.secret	Secret key for the minio storage backend
services.prometheus.exporters.varnish.withGoMetrics	Export go runtime and http handler metrics.
services.gitweb.extraConfig	Verbatim configuration text appended to the generated gitweb.conf file.
services.agate.language	RFC 4646 Language code for text/gemini documents.
services.sharkey.environmentFiles	List of paths to files containing environment variables for Sharkey to use at runtime
services.athens.index.mysql.password	Password for the MySQL database
services.monero.banlist	Path to a text file containing IPs to block
services.zitadel.settings.TLS.Key	The TLS certificate private key, as a base64-encoded string
services.syncplay.motdFile	Path to text to display when users join
boot.loader.grub.users.<name>.passwordFile	Specifies the path to a file containing the clear text password for the account
services.athens.storage.s3.secret	Secret key for the S3 storage backend
services.zitadel.settings.TLS.Cert	The TLS certificate, as a base64-encoded string
services.teeworlds.motd	The server's message of the day text.
systemd.services.<name>.confinement.enable	If set, all the required runtime store paths for this service are bind-mounted into a `tmpfs`-based chroot(2).
services.borgbackup.jobs.<name>.archiveBaseName	How to name the created archives
services.moodle.extraConfig	Any additional text to be appended to the config.php configuration file
services.syncplay.motd	Text to display when users join
services.fediwall.nginx.basicAuth	Basic Auth protection for a vhost
services.agorakit.nginx.basicAuth	Basic Auth protection for a vhost
services.dolibarr.nginx.basicAuth	Basic Auth protection for a vhost
services.librenms.nginx.basicAuth	Basic Auth protection for a vhost
services.kanboard.nginx.basicAuth	Basic Auth protection for a vhost
services.mainsail.nginx.basicAuth	Basic Auth protection for a vhost
services.pixelfed.nginx.basicAuth	Basic Auth protection for a vhost
services.athens.githubToken	Creates .netrc file with the given token to be used for GitHub
services.authelia.instances.<name>.secrets	It is recommended you keep your secrets separate from the configuration
services.zabbixWeb.nginx.virtualHost.basicAuth	Basic Auth protection for a vhost
services.weblate.extraConfig	Text to append to `settings.py` Weblate configuration file.
services.snmpd.configText	The contents of the snmpd.conf
services.bird-lg.frontend.navbar.allServers	Text of 'All server' button in the navigation bar.
services.syslogd.extraConfig	Additional text appended to syslog.conf, i.e. the contents of `defaultConfig`.
services.jitsi-meet.extraConfig	Text to append to config.js web application config file
services.anuko-time-tracker.nginx.basicAuth	Basic Auth protection for a vhost
services.gitea-actions-runner.instances.<name>.labels	Labels used to map jobs to their runtime environment
services.xonotic.appendConfig	Literal text to insert at the end of `server.cfg`.
hardware.nvidia.powerManagement.finegrained	Whether to enable experimental power management of PRIME offload
services.charybdis.motd	Charybdis MOTD text
services.bookstack.nginx.basicAuth	Basic Auth protection for a vhost
services.znapzend.zetup.<name>.timestampFormat	The timestamp format to use for constructing snapshot names
services.openntpd.extraConfig	Additional text appended to openntpd.conf.
networking.hostName	The name of the machine
services.jupyter.extraEnvironmentVariables	Extra environment variables to be set in the runtime context of jupyter notebook
services.athens.index.postgres.password	Password for the Postgres database
services.athens.singleFlight.redis.password	Password for the redis server
services.crowdsec-firewall-bouncer.settings.api_key	API key to authenticate with a local crowdsec API
services.postfix.enableSmtp	Whether to enable the `smtp` service configured in the master.cf
services.greetd.useTextGreeter	Whether the greeter uses text-based user interfaces (For example, tuigreet)
services.xonotic.settings.sv_motd	Text displayed when players join the server.
services.rsyslogd.extraConfig	Additional text appended to syslog.conf, i.e. the contents of `defaultConfig`.
hardware.nvidia-container-toolkit.device-name-strategy	Specify the strategy for generating device names, passed to `nvidia-ctk cdi generate`
services.jirafeau.nginxConfig.basicAuth	Basic Auth protection for a vhost
services.terraria.messageOfTheDay	Set the server message of the day text.
services.xonotic.prependConfig	Literal text to insert at the start of `server.cfg`.
services.grafana.settings.users.password_hint	Text used as placeholder text on login page for password input.
virtualisation.podman.extraRuntimes	Extra runtime packages to be installed in the Podman wrapper
services.cloudlog.extraConfig	Any additional text to be appended to the config.php configuration file
security.allowUserNamespaces	Whether to allow creation of user namespaces
services.lavalink.password	The password for Lavalink's authentication in plain text.
services.kubernetes.kubelet.containerRuntimeEndpoint	Endpoint at which to find the container runtime api interface/socket
virtualisation.containerd.enable	Whether to enable containerd container runtime.
services.sogo.configReplaces	Replacement-filepath mapping for sogo.conf
services.wstunnel.clients.<name>.environmentFile	Environment file to be passed to the systemd service
services.wstunnel.servers.<name>.environmentFile	Environment file to be passed to the systemd service
services.vsftpd.userDbPath	Only applies if `enableVirtualUsers` is true
services.suricata.settings.stats	Engine statistics such as packet counters, memory use counters and others can be logged in several ways
services.vault.listenerExtraConfig	Extra text appended to the listener section.
services.tee-supplicant.trustedApplications	A list of full paths to trusted applications that will be loaded at runtime by tee-supplicant.
services.davis.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.movim.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.slskd.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.bacula-fd.director.<name>.password	Specifies the password that must be supplied for the default Bacula Console to be authorized
services.bacula-sd.director.<name>.password	Specifies the password that must be supplied for the default Bacula Console to be authorized
services.nginx.virtualHosts.<name>.basicAuth	Basic Auth protection for a vhost
services.snipe-it.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.mediawiki.extraConfig	Any additional text to be appended to MediaWiki's LocalSettings.php configuration file
services.immich.database.enableVectorChord	Whether to enable the new VectorChord extension for full-text search in Postgres.
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".signing_salt	Signing salt
services.athens.storage.azureblob.accountKey	Account key for the Azure Blob storage backend
services.misskey.reverseProxy.webserver.nginx.basicAuth	Basic Auth protection for a vhost
services.radicle.httpd.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.limesurvey.nginx.virtualHost.basicAuth	Basic Auth protection for a vhost
services.gancio.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.akkoma.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.fluidd.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.fedimintd.<name>.nginx.config.basicAuth	Basic Auth protection for a vhost
services.matomo.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.monica.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.postgrey.greylistText	Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient
services.hylafax.userAccessFile	The hosts.hfaxd file entry in the spooling area will be symlinked to the location given here
services.redis.servers.<name>.masterAuth	If the master is password protected (using the requirePass configuration) it is possible to tell the slave to authenticate before starting the replication synchronization process, otherwise the master will refuse the slave request. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
services.redis.servers.<name>.requirePass	Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
services.prometheus.alertmanager.configText	Alertmanager configuration as YAML text
services.dendrite.settings.sync_api.search.enabled	Whether to enable Dendrite's full-text search engine.
services.prometheus.configText	If non-null, this option defines the text that is written to prometheus.yml
services.github-runners.<name>.ephemeral	If enabled, causes the following behavior: Passes the `--ephemeral` flag to the runner configuration script De-registers and stops the runner with GitHub after it has processed one job On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option) Restarts the service after its successful exit On start, wipes the state directory and configures a new runner You should only enable this option if `tokenFile` points to a file which contains a personal access token (PAT)
services.akkoma.config.":joken".":default_signer"	JWT signing secret
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".live_view.signing_salt	LiveView signing salt
services.healthchecks.settings	Environment variables which are read by healthchecks `(local)_settings.py`
virtualisation.qemu.networkingOptions	Networking-related command-line options that should be passed to qemu
boot.loader.limine.style.graphicalTerminal.foreground	Text foreground color (RRGGBB).
system.includeBuildDependencies	Whether to include the build closure of the whole system in its runtime closure
boot.loader.limine.style.graphicalTerminal.background	Text background color (TTRRGGBB)
services.wstunnel.clients.<name>.upgradeCredentials	Use these credentials to authenticate during the HTTP upgrade request (Basic authorization type, `USER:[PASS]`). Passwords specified here will be world-readable in the Nix store! To pass a password to the service, point the `environmentFile` option to a file containing `HTTP_PASSWORD=<your-password-here>` and set this option to `<user>:$HTTP_PASSWORD`
services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.healthchecks.settingsFile	Environment variables which are read by healthchecks `(local)_settings.py`
services.dolibarr.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.kanboard.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.fediwall.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.librenms.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.agorakit.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.mainsail.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.pixelfed.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.nitter.preferences.bidiSupport	Support bidirectional text (makes clicking on tweets harder).
networking.tcpcrypt.enable	Whether to enable opportunistic TCP encryption
documentation.doc.enable	Whether to install documentation distributed in packages' `/share/doc`
services.printing.cups-pdf.instances.<name>.confFileText	This will contain the contents of cups-pdf.conf for this instance, derived from `settings`
services.karakeep.meilisearch.enable	Enable Meilisearch and configure Karakeep to use it
services.pinnwand.settings.paste_help	Raw HTML help text shown in the header area.
services.komodo-periphery.passkeys	Passkeys required to access the periphery API
boot.loader.limine.style.graphicalTerminal.brightBackground	Text background bright color (RRGGBB).
boot.loader.limine.style.graphicalTerminal.brightForeground	Text foreground bright color (RRGGBB).
services.prometheus.exporters.pve.configFile	Path to the service's config file
services.anuko-time-tracker.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services._3proxy.usersFile	Load users and passwords from this file
services.gitwatch.<name>.message	Optional text to use in as commit message; all occurrences of `%d` will be replaced by formatted date/time
virtualisation.oci-containers.containers.<name>.labels	Labels to attach to the container at runtime.
services.bookstack.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.wordpress.sites.<name>.extraConfig	Any additional text to be appended to the wp-config.php configuration file
environment.wordlist.lists	A set with the key names being the environment variable you'd like to set and the values being a list of paths to text documents containing lists of words
services.vault.extraSettingsPaths	Configuration files to load besides the immutable one defined by the NixOS module
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".secret_key_base	Secret key used as a base to generate further secrets for encrypting and signing data
documentation.man.mandoc.settings.output.indent	Number of blank characters at the left margin for normal text, default of `5` for mdoc(7) and `7` for man(7)
services.jirafeau.nginxConfig.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.athens.singleFlight.redisSentinel.sentinelPassword	Password for the sentinel server
services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.mastodon.elasticsearch.host	Elasticsearch host
services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.crossfire-server.configFiles	Text to append to the corresponding configuration files
services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth	Basic Auth protection for a vhost
services.postfix.enableSubmission	Whether to enable the `submission` service configured in master.cf
services.wyoming.faster-whisper.servers.<name>.initialPrompt	Optional text to provide as a prompt for the first window
services.nginx.virtualHosts.<name>.locations.<name>.basicAuth	Basic Auth protection for a vhost
specialisation	Additional configurations to build
services.prometheus.exporters.pve.environmentFile	Path to the service's environment file
services.mosquitto.listeners.*.users.<name>.password	Specifies the (clear text) password for the MQTT User.
services.grafana.provision.alerting.templates.settings.templates.*.template	Alerting with a custom text template
services.maddy.ensureCredentials.<name>.passwordFile	Specifies the path to a file containing the clear text password for the user.
virtualisation.oci-containers.containers.<name>.capabilities	Capabilities to configure for the container
services.prometheus.exporters.mail.configuration.servers	List of servers that should be probed. Note: if your mailserver has rspamd(8) configured, it can happen that emails from this exporter are marked as spam
security.allowSimultaneousMultithreading	Whether to allow SMT/hyperthreading
services.mosquitto.listeners.*.users.<name>.passwordFile	Specifies the path to a file containing the clear text password for the MQTT user
services.prometheus.exporters.idrac.configurationPath	Path to the service's config file
users.users.<name>.password	Specifies the (clear text) password for the user
services.jellyfin.transcoding.enableSubtitleExtraction	Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding
users.extraUsers.<name>.password	Specifies the (clear text) password for the user