| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.librenms.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.kanboard.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.agorakit.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.dolibarr.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.fediwall.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.pixelfed.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.mainsail.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| security.pki.certificateFiles | A list of files containing trusted root certificates in PEM
format
|
| services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.radicle.httpd.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certspotter.sendmailPath | Path to the sendmail binary
|
| services.moodle.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nagios.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cert | Path to certificate (PEM with certificate chain)
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| services.prometheus.exporters.node-cert.port | Port to listen on.
|
| services.certspotter.watchlist | Domain names to watch
|
| services.prometheus.exporters.node-cert.user | User owning the certs.
|
| services.anuko-time-tracker.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.bookstack.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certmgr.enable | Whether to enable certmgr.
|
| services.certmgr.validMin | The interval before a certificate expires to start attempting to renew it.
|
| services.prometheus.exporters.node-cert.paths | List of paths to search for SSL certificates.
|
| services.grafana.settings.smtp.cert_file | File path to a cert file.
|
| services.jirafeau.nginxConfig.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.zabbixWeb.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.zabbixWeb.nginx.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certmgr.specs | Certificate specs as described by:
https://github.com/cloudflare/certmgr#certificate-specs
These will be added to the Nix store, so they will be world readable.
|
| services.bcg.mqtt.certfile | Certificate file for MQTT server access.
|
| services.kubernetes.kubeconfig.certFile | Default kubeconfig client certificate file used to connect to kube-apiserver.
|
| services.prometheus.exporters.pve.server.certFile | Path to a SSL certificate file for the server
|
| services.drupal.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certspotter.emailRecipients | A list of email addresses to send certificate updates to.
|
| services.certmgr.package | The certmgr package to use.
|
| services.kubernetes.proxy.kubeconfig.certFile | Kubernetes proxy client certificate file used to connect to kube-apiserver.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.fedimintd.<name>.nginx.config.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.prometheus.exporters.node-cert.excludePaths | List of paths to exclute from searching for SSL certificates.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.prometheus.exporters.node-cert.listenAddress | Address to listen on.
|
| services.certmgr.metricsPort | The port for the Prometheus HTTP endpoint.
|
| services.mediawiki.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.prometheus.exporters.node-cert.excludeGlobs | List files matching a pattern to include
|
| services.prometheus.exporters.node-cert.includeGlobs | List files matching a pattern to include
|
| services.prometheus.exporters.node-cert.openFirewall | Open port in firewall for incoming connections.
|
| services.kubernetes.kubelet.kubeconfig.certFile | Kubelet client certificate file used to connect to kube-apiserver.
|
| services.limesurvey.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.prometheus.exporters.node-cert.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.node-cert.openFirewall is true.
|
| services.limesurvey.nginx.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.limesurvey.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.certmgr.svcManager | This specifies the service manager to use for restarting or reloading services
|
| services.misskey.reverseProxy.webserver.caddy.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certmgr.defaultRemote | The default CA host:port to use.
|
| services.kubernetes.scheduler.kubeconfig.certFile | Kubernetes scheduler client certificate file used to connect to kube-apiserver.
|
| services.etcd.peerCertFile | Cert file to use for peer to peer communication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.prometheus.exporters.node-cert.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.node-cert.openFirewall
is true
|
| security.agnos.settings.accounts.*.certificates | Certificates for agnos to issue or renew.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.misskey.reverseProxy.webserver.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certmgr.renewInterval | How often to check certificate expirations and how often to update the cert_next_expires metric.
|
| services.certmgr.metricsAddress | The address for the Prometheus HTTP endpoint.
|
| security.agnos.settings.accounts.*.certificates.*.domains | Domains the certificate represents
|
| services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.quassel.dataDir | The directory holding configuration files, the SQlite database and the SSL Cert.
|
| services.kubernetes.controllerManager.kubeconfig.certFile | Kubernetes controller manager client certificate file used to connect to kube-apiserver.
|
| services.prometheus.remoteWrite.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.ircdHybrid.certificate | IRCD server SSL certificate
|
| services.oauth2-proxy.tls.certificate | Path to certificate file.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| services.agate.certificatesDir | Root of the certificate directory.
|
| services.minio.certificatesDir | The directory where TLS certificates are stored.
|
| services.hitch.frontend | The port and interface of the listen endpoint in the
form [HOST]:PORT[+CERT].
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.quassel.certificateFile | Path to the certificate used for SSL connections with clients.
|
| services.grafana.settings.server.cert_key | Path to the certificate key file (if protocol is set to https or h2).
|
| services.maddy.tls.certificates | A list of attribute sets containing paths to TLS certificates and
keys
|
| services.maddy.tls.certificates.*.keyPath | Path to the private key used for TLS.
|
| services.dendrite.tlsKey | The path to the TLS key.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
|
| services.jibri.ignoreCert | Whether to enable the flag "--ignore-certificate-errors" for the Chromium browser opened by Jibri
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.dendrite.tlsCert | The path to the TLS certificate.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
|
| services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| services.bacula-sd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.tls.certificate | The full path to the PEM encoded TLS certificate
|