| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| security.pam.services.<name>.updateWtmp | Whether to update /var/log/wtmp.
|
| services.nextcloud-spreed-signaling.settings.http.listen | IP and port to listen on for HTTP requests, in the format of ip:port
|
| services.fedimintd.<name>.nginx.config.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.kanidm.server.settings.online_backup.path | Path to the output directory for backups.
|
| services.phpfpm.pools.<name>.extraConfig | Extra lines that go into the pool configuration
|
| services.xserver.displayManager.lightdm.greeters.enso.theme.name | Name of the theme to use for the lightdm-enso-os-greeter
|
| services.tor.settings.ServerTransportPlugin.transports | List of pluggable transports.
|
| services.filebeat.inputs.<name>.type | The input type
|
| services.tahoe.nodes.<name>.tub.location | The external location that the node should listen on
|
| services.sharkey.settings.fulltextSearch.provider | Which provider to use for full text search
|
| services.libeufin.bank.settings.libeufin-bankdb-postgres.CONFIG | The database connection string for the libeufin-bank database.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| systemd.services.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.services.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.your_spotify.settings.MONGO_ENDPOINT | The endpoint of the Mongo database.
|
| services.wgautomesh.settings.gossip_port | wgautomesh gossip port, this MUST be the same number on all nodes in
the wgautomesh network.
|
| services.i2pd.inTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| systemd.services.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.draupnir.settings.managementRoom | The room ID or alias where moderators can use the bot's functionality
|
| services.headscale.settings.tls_key_path | Path to key for already created certificate.
|
| services.swapspace.settings.max_swapsize | Greatest allowed size for individual swapfiles
|
| services.swapspace.settings.min_swapsize | Smallest allowed size for individual swapfiles
|
| services.sourcehut.settings."builds.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.warpgate.settings.postgres.certificate | Path to PostgreSQL listener certificate.
|
| services.matrix-appservice-irc.settings.homeserver | Homeserver configuration
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.keepalived.vrrpScripts.<name>.user | Name of user to run the script under.
|
| services.prosody.virtualHosts.<name>.ssl | Paths to SSL files
|
| services.nebula.networks.<name>.isRelay | Whether this node is a relay.
|
| services.logcheck.ignoreCron.<name>.user | User that runs the cronjob.
|
| services.dependency-track.settings."alpine.oidc.teams.default" | Defines one or more team names that auto-provisioned OIDC users shall be added to
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| systemd.user.services.<name>.scriptArgs | Arguments passed to the main process script
|
| services.acpid.handlers.<name>.action | Shell commands to execute when the event is triggered.
|
| security.pam.services.<name>.enableUMask | If enabled, the pam_umask module will be loaded.
|
| services.logcheck.ignore.<name>.regex | Regex specifying which log lines to ignore.
|
| services.tuned.settings.dynamic_tuning | Whether to enable dynamic tuning.
|
| services.umurmur.settings.max_bandwidth | Maximum bandwidth (in bits per second) that clients may send
speech at.
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.grafana.provision.alerting.policies.settings | Grafana notification policies configuration in Nix
|
| boot.initrd.systemd.users.<name>.uid | ID of the user in initrd.
|
| services.quicktun.<name>.upScript | Run specified command or script after the tunnel device has been opened.
|
| services.slskd.settings.directories.incomplete | Directory where incomplete downloading files are stored.
|
| services.tahoe.nodes.<name>.client.shares.needed | The number of shares required to reconstitute a file.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod | How frequently to change keys
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod | How frequently to change keys
|
| services.prosody.virtualHosts.<name>.ssl.cert | Path to the certificate file.
|
| services.akkoma.initDb.username | Name of the database user to initialise the database with
|
| services.headscale.settings.oidc.extra_params | Custom query parameters to send with the Authorize Endpoint request.
|
| services.matrix-appservice-irc.settings.homeserver.url | The URL to the home server for client-server API calls
|
| services.blockbook-frontend.<name>.user | The user as which to run blockbook-frontend-‹name›.
|
| security.pam.services.<name>.u2fAuth | If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key
|
| services.olivetin.settings.ListenAddressSingleHTTPFrontend | The address to listen on for the internal "microproxy" frontend.
|
| services.mackerel-agent.settings.host_status.on_stop | Host status after agent shutdown.
|
| services.netbird.tunnels.<name>.interface | Name of the network interface managed by this client.
|
| services.netbird.clients.<name>.interface | Name of the network interface managed by this client.
|
| services.nsd.zones.<name>.multiMasterCheck | If enabled, checks all masters for the last zone version
|
| services.postfix.masterConfig.<name>.type | The type of the service
|
| users.users.<name>.subUidRanges | Subordinate user ids that user is allowed to use
|
| users.users.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| services.i2pd.outTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.kubernetes.kubelet.taints.<name>.key | Key of taint.
|
| services.matrix-synapse.settings.listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.netbird.tunnels.<name>.logLevel | Log level of the NetBird daemon.
|
| services.netbird.clients.<name>.logLevel | Log level of the NetBird daemon.
|
| security.pam.services.<name>.nodelay | Whether the delay after typing a wrong password should be disabled.
|
| security.pam.services.<name>.fprintAuth | If set, fingerprint reader will be used (if exists and
your fingerprints are enrolled).
|
| services.bepasty.servers.<name>.workDir | Path to the working directory (used for config and pidfile)
|
| services.dokuwiki.sites.<name>.acl.*.level | Permission level to restrict the actor(s) to
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| services.spiped.config.<name>.encrypt | Take unencrypted connections from the
source socket and send encrypted
connections to the target socket.
|
| services.journald.upload.settings.Upload.NetworkTimeoutSec | When network connectivity to the server is lost, this option
configures the time to wait for the connectivity to get restored
|
| services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.name | Name of the icon theme to use for the lightdm-gtk-greeter.
|
| services.maubot.settings.plugin_databases | Plugin database settings
|
| services.beesd.filesystems.<name>.workDir | Name (relative to the root of the filesystem) of the subvolume where
the hash table will be stored.
|
| services.netbird.clients.<name>.dir.state | A state directory used by NetBird client to store config.json, state.json & resolv.conf.
|
| services.netbird.tunnels.<name>.dir.state | A state directory used by NetBird client to store config.json, state.json & resolv.conf.
|
| services.stash.settings.parallel_tasks | Number of parallel tasks to start during scan/generate
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| systemd.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.kanidm.provision.persons.<name>.legalName | Full legal name
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.publicUrl | URL under which the media proxy is publicly acccessible.
|
| services.xserver.displayManager.lightdm.greeters.slick.theme.name | Name of the theme to use for the lightdm-slick-greeter.
|
| services.ghostunnel.servers.<name>.allowCN | Allow client if common name appears in the list.
|
| services.nextcloud-spreed-signaling.settings.grpc.targets | For target type static: List of GRPC targets to connect to for clustering mode.
|
| services.your_spotify.settings.SPOTIFY_PUBLIC | The public client ID of your Spotify application
|
| services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.akkoma.frontends.<name>.ref | Akkoma frontend reference.
|
| services.frp.instances.<name>.enable | Whether to enable frp.
|
| services.tinc.networks.<name>.package | The tinc_pre package to use.
|
| services.redis.servers.<name>.unixSocketPerm | Change permissions for the socket
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes | List of mute time intervals to import or update.
|
| services.tuned.settings.sleep_interval | Interval in which the TuneD daemon is waken up and checks for events (in seconds).
|
| services.httpd.virtualHosts.<name>.adminAddr | E-mail address of the server administrator.
|
| services.httpd.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.nginx.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|