| services.fedimintd.<name>.nginx.config.listen.*.port | Port number to listen on
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| services.gitea-actions-runner.instances.<name>.url | Base URL of your Gitea/Forgejo instance.
|
| services.rke2.manifests.<name>.content | Content of the manifest file
|
| services.kmonad.keyboards.<name>.defcfg.compose.key | The (optional) compose key to use.
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.nagios.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.nagios.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.moodle.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.wordpress.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| services.biboumi.settings.db_name | The name of the database to use
|
| services.drupal.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.drupal.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| programs.proxychains.proxies.<name>.host | Proxy host or IP address.
|
| programs.xfs_quota.projects.<name>.sizeSoftLimit | Soft limit of the project size
|
| programs.xfs_quota.projects.<name>.sizeHardLimit | Hard limit of the project size.
|
| security.pam.services.<name>.gnupg.noAutostart | Don't start gpg-agent if it is not running
|
| users.mysql.pam.logging.userColumn | The name of the column in the log table to which the name of the
user being authenticated is stored.
|
| users.mysql.pam.logging.hostColumn | The name of the column in the log table to which the name of the user
being authenticated is stored.
|
| services.github-runners.<name>.group | Group under which to run the service
|
| services.blockbook-frontend.<name>.coinName | See https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61
for current of coins supported in master (Note: may differ from release).
|
| services.orangefs.server.fileSystems.<name>.rootHandle | File system root ID.
|
| services.syncthing.settings.folders.<name>.id | The ID of the folder
|
| services.syncthing.settings.devices.<name>.id | The device ID
|
| services.blockbook-frontend.<name>.public | Public http server binding [address]:port.
|
| services.drupal.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.authelia.instances.<name>.package | The authelia package to use.
|
| services.mosquitto.bridges.<name>.settings | Additional settings for this bridge.
|
| services.davis.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.movim.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.fedimintd.<name>.nginx.config.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| services.wstunnel.clients.<name>.customHeaders | Custom HTTP headers to send during the upgrade request.
|
| services.grafana.provision.alerting.templates.settings.templates.*.name | Name of the template, must be unique
|
| services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| services.bookstack.nginx.locations.<name>.root | Root directory for requests.
|
| services.firezone.server.provision.accounts.<name>.relayGroups | All relay groups to provision
|
| services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.woodpecker-agents.agents.<name>.path | Additional packages that should be added to the agent's PATH
|
| services.drupal.sites.<name>.virtualHost.locations | Declarative location config
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writeBuckets | The organization's buckets which should be allowed to be written
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp | Enable IPComp compression before encryption
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| programs.xfs_quota.projects.<name>.fileSystem | XFS filesystem hosting the xfs_quota project.
|
| services.snapper.configs.<name>.TIMELINE_CREATE | Defines whether hourly snapshots should be created.
|
| systemd.user.services.<name>.environment | Environment variables passed to the service's processes.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id | Server side EAP-Identity to expect in the EAP method
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys | List of raw public key candidates to use for
authentication
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.printing.cups-pdf.instances.<name>.enable | Whether to enable this cups-pdf instance.
|
| services.fcgiwrap.instances.<name>.socket.mode | Mode to be set on the UNIX socket
|
| services.logrotate.settings.<name>.global | Whether this setting is a global option or not: set to have these
settings apply to all files settings with a higher priority.
|
| services.wordpress.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| systemd.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.netbird.tunnels.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.netbird.clients.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.matomo.webServerUser | Name of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| services.nginx.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| systemd.network.networks.<name>.ipv6PREF64Prefixes | A list of IPv6PREF64Prefix sections to be added to the unit
|
| openstack.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| services.snipe-it.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.nebula.networks.<name>.enableReload | Enable automatic config reload on config change
|
| services.borgbackup.jobs.<name>.exclude | Exclude paths matching any of the given patterns
|
| services.nntp-proxy.users.<name>.maxConnections | Maximum number of concurrent connections to the proxy for this user
|
| services.anuko-time-tracker.nginx.locations.<name>.index | Adds index directive.
|
| services.anuko-time-tracker.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.radicle.httpd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.slurm.nodeName | Name that SLURM uses to refer to a node (or base partition for BlueGene
systems)
|
| boot.initrd.systemd.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.wyoming.piper.servers.<name>.streaming | Whether to enable audio streaming on sentence boundaries.
|
| services.drupal.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.description | Optional description for the API token
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.openvpn.servers.<name>.updateResolvConf | Use the script from the update-resolv-conf package to automatically
update resolv.conf with the DNS information provided by openvpn
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| services.kubernetes.kubelet.taints.<name>.value | Value of taint.
|
| services.kanboard.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.librenms.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.agorakit.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fcgiwrap.instances.<name>.socket.group | Group to be set as owner of the UNIX socket.
|
| services.dolibarr.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.invoiceplane.sites.<name>.cron.key | Cron key taken from the administration page.
|
| services.fediwall.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.pixelfed.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.mainsail.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| services.borgbackup.jobs.<name>.extraCreateArgs | Additional arguments for borg create
|
| services.traefik.dynamic.files.<name>.settings | Dynamic configuration for Traefik, written in Nix.
This will be serialized to JSON (which is considered valid YAML) at build, and passed as part of the static file.
|