| services.monica.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority | Optional fixed priority for IPsec policies
|
| services.sabnzbd.settings.servers.<name>.optional | In case of connection failures, temporarily
disable this server. (See sabnzbd's documentation
for usage guides).
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts | List of remote selectors to include in CHILD_SA
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey_time
|
| services.davis.hostname | Domain of the host to serve davis under
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| services.strongswan-swanctl.swanctl.pools.<name>.dhcp | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.nbns | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.wstunnel.clients.<name>.settings.http-headers | Custom headers to send in the upgrade request
|
| boot.specialFileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.woodpecker-agents.agents.<name>.enable | Whether to enable this Woodpecker-Agent
|
| services.k3s.nodeName | Node name.
|
| security.pam.services | This option defines the PAM services
|
| services.maubot.settings.homeservers.<name>.url | Client-server API URL
|
| services.cloudflared.tunnels.<name>.ingress | Ingress rules
|
| services.cloudflared.tunnels.<name>.default | Catch-all service if no ingress matches
|
| services.mosquitto.bridges.<name>.addresses.*.port | Port of the remote MQTT broker.
|
| services.icecream.daemon.netName | Network name to connect to
|
| boot.initrd.luks.devices.<name>.yubikey.saltLength | Length of the new salt in byte (64 is the effective maximum).
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wordpress.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.kanidm.provision.systems.oauth2.<name>.scopeMaps | Maps kanidm groups to returned oauth scopes
|
| services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| services.firewalld.zones.<name>.forwardPorts.*.protocol | |
| services.fedimintd.<name>.api_iroh.openFirewall | Opens UDP port in firewall for fedimintd's API Iroh endpoint
|
| services.samba-wsdd.hostname | Override (NetBIOS) hostname to be used (default hostname).
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac | If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff),
the entry is available for any station (client) to use
|
| networking.wg-quick.interfaces.<name>.listenPort | 16-bit port for listening
|
| services.anuko-time-tracker.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.wyoming.faster-whisper.servers.<name>.language | The language used to to parse words and sentences.
|
| services.public-inbox.inboxes.<name>.description | User-visible description for the repository.
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.netbird.clients.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.netbird.tunnels.<name>.environment | Environment for the netbird service, used to pass configuration options.
|
| services.mautrix-meta.instances.<name>.serviceUnit | The systemd unit (a service or a target) for other services to depend on if they
need to be started after matrix-synapse
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanidm.provision.systems.oauth2.<name>.originUrl | The redirect URL of the service
|
| services.jitsi-videobridge.xmppConfigs.<name>.userName | User part of the JID.
|
| services.tarsnap.archives.<name>.verylowmem | Reduce memory consumption by a factor of 2 beyond what
lowmem does, at the cost of significantly
slowing down the archiving process.
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.blockbook-frontend.<name>.templateDir | Location of the HTML templates
|
| boot.initrd.luks.devices.<name>.yubikey.gracePeriod | Time in seconds to wait for the YubiKey.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| image.repart.partitions.<name>.storePaths | The store paths to include in the partition.
|
| services.namecoind.rpc.port | Port the RPC server will bind to.
|
| services.radicle.httpd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fcgiwrap.instances.<name>.process.prefork | Number of processes to prefork.
|
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.firewalld.zones.<name>.description | Description for the zone.
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid | If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.
|
| services.nebula.networks.<name>.lighthouse.dns.enable | Whether this lighthouse node should serve DNS.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles | List of roles for this stream
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.retention | The duration in seconds for which the bucket will retain data (0 is infinite).
|
| security.acme.certs.<name>.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| services.i2pd.proto.http.hostname | Expected hostname for WebUI.
|
| services.drupal.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.easytier.instances.<name>.settings.peers | Peers to connect initially
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| programs.uwsm.waylandCompositors.<name>.prettyName | The full name of the desktop entry file.
|
| services.zeronsd.servedNetworks.<name>.settings.domain | Domain under which ZeroTier records will be available.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess | Hostaccess variable to pass to updown script
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.addressDescription | An optional description for resource address, usually a full link to the resource including a schema.
|
| services.zabbixWeb.hostname | Hostname for either nginx or httpd.
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| services.jibri.xmppEnvironments.<name>.xmppDomain | The base XMPP domain.
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|
| services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| services.buildkite-agents.<name>.runtimePackages | Add programs to the buildkite-agent environment
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| services.github-runners.<name>.serviceOverrides | Modify the systemd service
|
| services.jirafeau.nginxConfig.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.jirafeau.nginxConfig.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.postfix.settings.master.<name>.privileged | |
| services.authelia.instances.<name>.settings | Your Authelia config.yml as a Nix attribute set
|
| services.firewalld.zones.<name>.sources.*.address | An IP address or a network IP address with a mask for IPv4 or IPv6
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.printing.cups-pdf.instances.<name>.settings.Spool | spool directory
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucJids | JID of the MUC to join
|
| security.dhparams.params.<name>.path | The resulting path of the generated Diffie-Hellman parameters
file for other services to reference
|
| networking.bonds.<name>.miimon | DEPRECATED, use driverOptions
|
| users.users.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| services.firewalld.services.<name>.sourcePorts.*.protocol | |
| services.bookstack.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|