| hardware.tuxedo-drivers.settings.fn-lock | Enables or disables the laptop keyboard's Function (Fn) lock at boot
|
| services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| services.pid-fan-controller.settings.heatSources.*.pidParams.setPoint | Set point of the controller in °C.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.bacula-fd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.bacula-sd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.grafana.settings.users.hidden_users | This is a comma-separated list of usernames
|
| services.quicktun.<name>.privateKeyFile | Path to file containing local secret key in binary or hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.asusd.auraConfigs.<name>.source | Path of the source file.
|
| services.httpd.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.caddy.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.redis.servers.<name>.unixSocket | The path to the socket to bind to.
|
| services.rss2email.feeds.<name>.url | The URL at which to fetch the feed.
|
| services.k3s.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| services.tahoe.nodes.<name>.storage.enable | Whether to enable storage service.
|
| services.wyoming.piper.servers.<name>.uri | URI to bind the wyoming server to.
|
| services.engelsystem.settings | Options to be added to config.php, as a nix attribute set
|
| services.openafsClient.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.openafsServer.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.nginx.proxyCachePath.<name>.keysZoneSize | Set size to shared memory zone.
|
| services.nextcloud.settings.mail_domain | The return address that you want to appear on emails sent by the Nextcloud server, for example nc-admin@example.com, substituting your own domain, of course.
|
| services.bluesky-pds.settings.PDS_BLOBSTORE_DISK_LOCATION | Store blobs at this location, set to null to use e.g
|
| services.geth.<name>.authrpc.address | Listen address of Go Ethereum Auth RPC API.
|
| services.phpfpm.pools.<name>.phpPackage | The PHP package to use for running this PHP-FPM pool.
|
| services.restic.backups.<name>.runCheck | Whether to run the check command with the provided checkOpts options.
|
| services.fedimintd.<name>.api.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.fedimintd.<name>.api.port | Port to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.snapserver.settings.tcp-streaming.enabled | Whether to enable streaming via TCP.
|
| services.cjdns.ETHInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.cjdns.UDPInterface.connectTo.<name>.login | (optional) name your peer has for you
|
| services.epgstation.settings.clientSocketioPort | Socket.io port that the web client is going to connect to
|
| services.reposilite.settings.bypassExternalCache | Add cache bypass headers to responses from /api/* to avoid issues with proxies such as Cloudflare.
|
| services.nix-store-gcs-proxy.<name>.address | The address of the proxy.
|
| services.anubis.defaultOptions.settings.DIFFICULTY | The difficulty required for clients to solve the challenge
|
| services.grafana.provision.alerting.rules.settings.apiVersion | Config file version.
|
| services.redis.servers.<name>.save | The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes
|
| services.gitwatch.<name>.remote | Optional url of remote repository
|
| services.gitwatch.<name>.enable | Whether to enable watching for repo.
|
| services.bitcoind.<name>.enable | Whether to enable Bitcoin daemon.
|
| services.gitwatch.<name>.branch | Optional branch in remote repository
|
| systemd.services.<name>.startAt | Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7)
|
| services.hostapd.radios.<name>.band | Specifies the frequency band to use, possible values are 2g for 2.4 GHz,
5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz.
|
| services.httpd.virtualHosts.<name>.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nginx.virtualHosts.<name>.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.i2pd.ifname | Network interface to bind to.
|
| services.grafana.settings.security.admin_email | The email of the default Grafana Admin, created on startup.
|
| security.pam.services.<name>.rssh | If set, the calling user's SSH agent is used to authenticate
against the configured keys
|
| services.nsd.zones.<name>.dnssecPolicy.keyttl | TTL for dnssec records
|
| services.k3s.autoDeployCharts.<name>.hash | The hash of the packaged Helm chart
|
| services.i2pd.inTunnels.<name>.crypto.tagsToSend | Number of ElGamal/AES tags to send.
|
| services.healthchecks.settings.ALLOWED_HOSTS | The host/domain names that this site can serve.
|
| services.hans.clients.<name>.extraConfig | Additional command line parameters
|
| services.iodine.clients.<name>.server | Hostname of server running iodined
|
| services.dokuwiki.sites.<name>.stateDir | Location of the DokuWiki state directory.
|
| services.restic.backups.<name>.checkOpts | A list of options for 'restic check'.
|
| services.rspamd.workers.<name>.enable | Whether to run the rspamd worker.
|
| services.slskd.settings.retention.transfers.upload.errored | Lifespan of errored upload tasks.
|
| services.tahoe.nodes.<name>.client.shares.happy | The number of distinct storage nodes required to store
a file.
|
| services.firewalld.settings.StrictForwardPorts | If enabled, the generated destination NAT (DNAT) rules will NOT accept traffic that was DNAT'd by other entities, e.g. docker
|
| services.geth.<name>.websocket.port | Port number of Go Ethereum WebSocket API.
|
| services.tahoe.nodes.<name>.sftpd.accounts.url | URL of the accounts server.
|
| services.h2o.hosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host
configuration.
|
| systemd.user.services.<name>.upholds | Keeps the specified running while this unit is running
|
| security.pam.services.<name>.mysqlAuth | If set, the pam_mysql module will be used to
authenticate users against a MySQL/MariaDB database.
|
| services.pgbackrest.stanzas.<name>.instances.<name>.host | PostgreSQL host for operating remotely.
|
| services.authelia.instances.<name>.group | The name of the group for this authelia instance.
|
| services.omnom.settings.server.secure_cookie | Whether to limit cookies to a secure channel.
|
| services.transmission.settings.watch-dir-enabled | Whether to enable the
services.transmission.settings.watch-dir.
|
| services.mchprs.settings.view_distance | Maximal distance (in chunks) between players and loaded chunks
|
| services.etebase-server.settings.global.secret_file | The path to a file containing the secret
used as django's SECRET_KEY.
|
| services.grafana.settings.database.log_queries | Set to true to log the sql calls and execution times
|
| services.homebridge.settings.accessories | Homebridge Accessories
|
| services.grafana.provision.alerting.rules.settings.deleteRules | List of alert rule UIDs that should be deleted.
|
| hardware.alsa.controls.<name>.card | Name of the PCM card to control (slave).
|
| services.transmission.settings.peer-port-random-low | The minimal peer port to listen to for incoming connections
when services.transmission.settings.peer-port-random-on-start is enabled.
|
| services.tarsnap.archives.<name>.printStats | Print global archive statistics upon completion
|
| services.sourcehut.settings."pages.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.sourcehut.settings."paste.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.sourcehut.settings."lists.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.nsd.zones.<name>.maxRefreshSecs | Limit refresh time for secondary zones
|
| services.prometheus.exporters.fritz.settings.devices | Fritz!-devices to monitor using the exporter.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.tor.settings.BridgeAuthoritativeDir | See torrc manual.
|
| services.opensnitch.settings.InterceptUnknown | Whether to intercept spare connections.
|
| services.anuko-time-tracker.settings.exportDecimalDuration | Defines whether time duration values are decimal in CSV and XML data
exports (1.25 vs 1:15).
|
| security.krb5.settings.includedir | Directories containing files to include in the Kerberos configuration.
|
| nix.settings.substituters | List of binary cache URLs used to obtain pre-built binaries
of Nix packages
|
| services.h2o.hosts.<name>.tls.extraSettings | Additional TLS/SSL-related configuration options
|
| security.pam.services.<name>.failDelay.delay | The delay time (in microseconds) on failure.
|
| services.grafana-image-renderer.settings.rendering.height | Height of the PNG used to display the alerting graph.
|
| services.bacula-fd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-sd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.veilid.settings.core.capabilities.disable | A list of capabilities to disable (for example, DHTV to say you cannot store DHT information).
|
| services.dokuwiki.sites.<name>.acl.*.actor | User or group to restrict
|
| services.bepasty.servers.<name>.dataDir | Path to the directory where the pastes will be saved to
|
| security.pam.services.<name>.makeHomeDir | Whether to try to create home directories for users
with $HOMEs pointing to nonexistent
locations on session login.
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.bindPort | Port that the media proxy binds to.
|
| services.homebridge.settings.description | Description of the homebridge instance.
|