Whether the service's sockets and storage directory is restricted to be only available via the mail system

Enable localtimed, a simple daemon for keeping the system timezone up-to-date based on the current location

Extra configuration for the caddy virtual host of Misskey

Whether to enable HTTPS in addition to plain HTTP

Extra configuration for the nginx virtual host of Misskey

These lines go to httpd.conf verbatim

Whether to enable HTTPS in addition to plain HTTP

This is the config file for override lxc-net bridge default settings.

Enables lxd to use zfs as a storage for containers

Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json) to the store path of the sources of nixpkgs used to build the NixOS system

Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.

When not set to null this option defines the path at which the unbound remote control socket should be created at

IP address on which RabbitMQ will listen for AMQP connections

Configure the default calendar

Path to the Xen multiboot binary used for BIOS booting

Collect and save data from deep packet inspection

Default kubeconfig certificate authority file used to connect to kube-apiserver.

List of default nx agent options.

Type of token to use for runner registration

User as which this instance of fcgiwrap will be run

How many processor threads to use for processing sidekiq background job queues

Default Alerta environment

If not specified, the MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice

Default port blendfarm server advertises itself on.

Address or CIDR subnets

StrongSwan default: []

Default kubeconfig client key file used to connect to kube-apiserver.

Whether to allow invalid certificates when provisioning the target instance

QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed.

Timeout before closing CHILD_SA after inactivity

Path to a file containing the default admin password

Disable client authentication, no client certificate will be required.

Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one"

Definitions of NAT64 instances of Jool

SMTP configuration

PKCE method to use:

• plain: Use plain code verifier
• S256: Use SHA256 hashed code verifier (default, recommended)

If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build

Whether to enable IPv6 Privacy Extensions for interfaces not configured explicitly in networking.interfaces._name_.tempAddress

Enables the use of the ~/.ssh/authorized_keys file

Address or CIDR subnets

StrongSwan default: []

Base directory used for logging.

Address or CIDR subnets

StrongSwan default: []

Default kubeconfig client certificate file used to connect to kube-apiserver.

Default kubeconfig kube-apiserver server address.

These lines go to httpd.conf verbatim

AddressBook subscription URL for initial setup

Path to a custom home page

The configuration of each Fail2ban “jail”

Object store configuration

This option activates an additional oneshot systemd service to ensure that the mullvad daemon will start and block traffic before any network configuration will be applied

The job name assigned to scraped metrics by default.

Object store configuration

Object store configuration

By default, pam_mysql keeps the connection to the MySQL database until the session is closed

Configuration for ZNC, see https://wiki.znc.in/Configuration for details

Authentication to perform locally.

• The default pubkey uses public key authentication using a private key associated to a usable certificate.
• psk uses pre-shared key authentication.
• The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
• while the IKEv2 specific eap keyword defines EAP authentication.
• For xauth, a specific backend name may be appended, separated by a dash

Overrides for the default database_opts when using a non-default postgres connection URL.

Environment variables for configuring the rke2 service/agent

Filebeat modules provide a quick way to get started processing common log formats

Enable bluemap's built-in webserver

URL path to download test on this server

URL path to upload test on this server

Whether to consider the network online when any interface is online, as opposed to all of them

Allow users to register themselves

An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on

List of accepted local users

The user to log in into NUT server

An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on

Policy for warnings and action based on battery levels

Whether battery percentage based policy should be used

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

A file containing the Discourse API key used to add posts and messages from mail

Hostname of the XMPP server to connect to

If set the URL specified in bitcoin.rpc.url will get the content of this file added as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com

Adds custom rules to the IPv4 scope table

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Default action whether to block or allow application internet access.

The internet hostname of this mail system

The error-policy setting applies to all app-layer parsers

ActivityPub public key

Like services.smartd.defaults.monitored, but for the autodetected devices.

Allow the installation and updating of apps from the Nextcloud appstore

Verify the Unifi controller's certificate.

Collect and save site data.

Send certificate request payloads to offer trusted root CA certificates to the peer

Action to perform for this CHILD_SA on DPD timeout

Certificate revocation policy for CRL or OCSP revocation.

• A strict revocation policy fails if no revocation information is available, i.e. the certificate is not known to be unrevoked.
• ifuri fails only if a CRL/OCSP URI is available, but certificate revocation checking fails, i.e. there should be revocation information available, but it could not be obtained.
• The default revocation policy relaxed fails only if a certificate is revoked, i.e. it is explicitly known that it is bad

Path to xen.efi. pkgs.xen is patched to install the xen.efi file on $boot/boot/xen.efi, but an unpatched Xen build may install it somewhere else, such as $out/boot/efi/efi/nixos/xen.efi

URL path to IP lookup on this server

Fish code composing the body of the starship_transient_prompt_func function

Override default settings of the speedtest web client

These lines go to httpd.conf verbatim

The address group variables for suricata, if not defined the default value of suricata (see example) will be used

List of peer public keys to allow incoming peering connections from

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS

Path to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider

Fish code composing the body of the starship_transient_rprompt_func function

Default blacklisted interfaces, this includes NixOS containers interfaces (ve).

Toggles lego DNS propagation check, which is used alongside DNS-01 challenge to ensure the DNS entries required are available.

Default banning action (e.g. iptables, iptables-new, iptables-multiport, shorewall, etc) for "allports" jails

Set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)