| services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.prometheus.remoteWrite.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.remoteRead.*.required_matchers | An optional list of equality matchers which have to be
present in a selector to query the remote read endpoint.
|
| services.prometheus.remoteRead.*.bearer_token_file | Sets the Authorization header on every remote read request with the bearer token
read from the configured file
|
| nix.sshServe.enable | Whether to enable serving the Nix store as a remote store via SSH.
|
| services.prometheus.remoteWrite.*.bearer_token_file | Sets the Authorization header on every remote write request with the bearer token
read from the configured file
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.remoteWrite.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.rustdesk-server.enable | Whether to enable RustDesk, a remote access and remote control software, allowing maintenance of computers and other devices.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation | Certificate revocation policy for CRL or OCSP revocation.
- A
strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.- The default revocation policy
relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad
|
| services.prometheus.remoteWrite.*.queue_config.max_shards | Maximum number of shards, i.e. amount of concurrency.
|
| services.prometheus.remoteWrite.*.queue_config.min_shards | Minimum number of shards, i.e. amount of concurrency.
|
| hardware.sane.netConf | Network hosts that should be probed for remote scanners.
|
| services.prometheus.remoteWrite.*.metadata_config.send_interval | How frequently metric metadata is sent to remote storage.
|
| services.prometheus.remoteRead.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.remoteWrite.*.queue_config.max_backoff | Maximum retry delay.
|
| services.prometheus.remoteWrite.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.remoteWrite.*.queue_config.min_backoff | Initial retry delay
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_port | Remote UDP port for IKE communication
|
| services.prometheus.remoteWrite.*.write_relabel_configs | List of remote write relabel configurations.
|
| services.xrdp.enable | Whether to enable xrdp, the Remote Desktop Protocol server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.syncoid.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| services.murmur.dbus | Enable D-Bus remote control
|
| services.cfssl.tlsRemoteCa | CAs to trust for remote TLS requests.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts | List of remote selectors to include in CHILD_SA
|
| services.unbound.localControlSocketPath | When not set to null this option defines the path
at which the unbound remote control socket should be created at
|
| networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| boot.initrd.network.ssh.shell | Login shell of the remote user
|
| services.syncoid.sshKey | SSH private key file to use to login to the remote system
|
| services.znapzend.features.sendRaw | Whether to enable sendRaw feature which adds the options -w to the
zfs send command
|
| services.openssh.banner | Message to display to the remote user before authentication is allowed.
|
| networking.ipips.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| services.btrbk.sshAccess.*.key | SSH public key allowed to login as user btrbk to run remote backups.
|
| services.exim.user | User to use when no root privileges are required
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| networking.sits.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.thanos.store.stateDir | Data directory relative to /var/lib
in which to cache remote blocks.
|
| services.openssh.enable | Whether to enable the OpenSSH secure shell daemon, which
allows secure remote logins.
|
| nix.buildMachines.*.sshUser | The username to log in as on the remote host
|
| nix.buildMachines | This option lists the machines to be used if distributed builds are
enabled (see nix.distributedBuilds)
|
| services.saned.enable | Enable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| networking.ipips.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.neo4j.shell.enable | Enable a remote shell server which Neo4j Shell clients can log in to
|
| services.uptime.usesRemoteMongo | Whether the configuration file specifies a remote mongo instance
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.regex | Regular expression against which the extracted value is matched
|
| services.autossh.sessions.*.extraArguments | Arguments to be passed to AutoSSH and retransmitted to SSH
process
|
| services.gitwatch.<name>.branch | Optional branch in remote repository
|
| services.btrbk.niceness | Niceness for local instances of btrbk
|
| services.prometheus.remoteRead.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.action | Action to perform based on regex matching
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.modulus | Modulus to take of the hash of the source label values.
|
| services.tt-rss.auth.autoLogin | Automatically login user on remote or other kind of externally supplied
authentication, otherwise redirect to login form as normal
|
| services.prometheus.remoteWrite.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.remoteWrite.*.queue_config.batch_send_deadline | Maximum time a sample will wait in buffer.
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.cfssl.mutualTlsClientCert | Mutual TLS - client certificate to call remote instance requiring client certs.
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.separator | Separator placed between concatenated source label values
|
| services.cfssl.mutualTlsClientKey | Mutual TLS - client key to call remote instance requiring client certs
|
| security.pam.sshAgentAuth.enable | Whether to enable authenticating using a signature performed by the ssh-agent
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|
| services.prometheus.remoteWrite.*.queue_config.max_samples_per_send | Maximum number of samples per send.
|
| users.mysql.pam.logging.rHostColumn | The name of the column in the log table to which the name of the remote
host that initiates the session is stored
|
| services.nar-serve.cacheURL | Binary cache URL to connect to
|
| services.icecream.daemon.user | User to run the icecream daemon as
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.replacement | Replacement value against which a regex replace is performed if the
regular expression matches
|
| networking.greTunnels.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.hylafax.faxcron.infoDays | Set the expiration time for data in the
remote machine information directory in days.
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.target_label | Label to which the resulting value is written in a replace action
|
| services.quicktun.<name>.publicKey | Remote public key in hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.boinc.allowRemoteGuiRpc | If set to true, any remote host can connect to and control this BOINC
client (subject to password authentication)
|
| services.journald.upload.enable | Whether to enable uploading the systemd journal to a remote server.
|
| services.thanos.receive.enable | Whether to enable the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb.
|
| services.unifi.openFirewall | Whether or not to open the minimum required ports on the firewall
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| services.borgbackup.jobs.<name>.repo | Remote or local repository to back up to.
|
| boot.initrd.network.ssh.enable | Start SSH service during initrd boot
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.source_labels | The source labels select values from existing labels
|
| services.shairport-sync.enable | Enable the shairport-sync daemon
|
| nix.buildMachines.*.protocol | The protocol used for communicating with the build machine
|
| services.printing.browsed.enable | Whether to enable the CUPS Remote Printer Discovery (browsed) daemon.
|
| services.tinc.networks.<name>.name | The name of the node which is used as an identifier when communicating
with the remote nodes in the mesh
|
| services.syncoid.commands.<name>.sshKey | SSH private key file to use to login to the remote system
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| services.mastodon.mediaAutoRemove.startAt | How often to remove remote media
|
| services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.thanos.store.sync-block-duration | Repeat interval for syncing the blocks between local and remote view
|
| services.neo4j.ssl.policies.<name>.trustAll | Makes this policy trust all remote parties
|
| services.teeworlds.rconPassword | Password to access the remote console
|
| services.zfs.autoReplication.host | Remote host where snapshots should be sent. lz4 is expected to be installed on this host.
|
| services.mastodon.mediaAutoRemove.olderThanDays | How old remote media needs to be in order to be removed.
|
| services.wstunnel.clients.<name>.localToRemote | Listen on local and forwards traffic from remote.
|
| boot.binfmt.addEmulatedSystemsToNixSandbox | Whether to add the boot.binfmt.emulatedSystems to nix.settings.extra-platforms
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|