| services.homebridge.settings.platforms.*.name | Name of the platform
|
| boot.loader.timeout | Timeout (in seconds) until loader boots the default menu item
|
| services.cntlm.proxy | A list of NTLM/NTLMv2 authenticating HTTP proxies
|
| services.flood.port | Port to bind webserver.
|
| services.gancio.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.lidarr.group | Group under which Lidarr runs.
|
| services.geth | Specification of one or more geth instances.
|
| boot.initrd.clevis.package | The clevis package to use.
|
| security.pam.loginLimits.*.domain | Username, groupname, or wildcard this limit applies to
|
| services.gitolite.extraGitoliteRc | Extra configuration to append to the default ~/.gitolite.rc
|
| services.anuko-time-tracker.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| security.pam.howdy.enable | Whether to enable the Howdy PAM module
|
| services.buffyboard.settings.quirks.fbdev_force_refresh | If true and using the framebuffer backend, this triggers a display refresh after every draw operation
|
| services.grafana.settings.users.auto_assign_org | Set to true to automatically add new users to the main organization (id 1)
|
| services.gvpe.subnet | IP subnet assigned to GVPE network
|
| services.anuko-time-tracker.nginx.serverName | Name of this virtual host
|
| services.athens.protocolWorkers | Number of workers concurrently serving protocol paths.
|
| services.hitch.pem-files | PEM files to use
|
| services.bcg.qosNodeMessages | Set the guarantee of MQTT message delivery.
|
| services.buildbot-master.workers | List of Workers.
|
| programs.proxychains.proxyDNS | Proxy DNS requests - no leak for DNS data.
|
| security.krb5.enable | Enable and configure Kerberos utilities
|
| services.angrr.timer.dates | How often or when the retention policy is performed.
|
| services.calibre-web.user | User account under which Calibre-Web runs.
|
| services.displayManager.sddm.enable | Whether to enable sddm as the display manager.
|
| services.filebrowser.settings.cache-dir | The directory where FileBrowser stores its cache.
|
| services.go-csp-collector.package | The go-csp-collector package to use.
|
| services.grafana.settings.users.home_page | Path to a custom home page
|
| services.freshrss.defaultUser | Default username for FreshRSS.
|
| environment.ldso32 | The executable to link into the normal FHS location of the 32-bit ELF loader
|
| networking.nftables.checkRulesetRedirects | Set of paths that should be intercepted and rewritten while checking the ruleset
using pkgs.buildPackages.libredirect.
|
| services.anuko-time-tracker.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.haveged.enable | Whether to enable haveged entropy daemon, which refills /dev/random when low
|
| services.hostapd.radios.<name>.wifi6.enable | Enables support for IEEE 802.11ax (WiFi 6, HE)
|
| services.inputplumber.package | The inputplumber package to use.
|
| services.jellyfin.transcoding.enableToneMapping | Enable tone mapping when transcoding HDR content.
|
| hardware.inputmodule.enable | Whether to enable Support for Framework input modules.
|
| networking.networkmanager.wifi.scanRandMacAddress | Whether to enable MAC address randomization of a Wi-Fi device
during scanning.
|
| services.crowdsec.localConfig.profiles | A list of profiles to enable
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.cgit.<name>.scanPath | A path which will be scanned for repositories.
|
| services.heartbeat.enable | Whether to enable heartbeat, uptime monitoring.
|
| services.komodo-periphery.ssl.keyFile | Path to SSL key file.
|
| programs.ssh.ciphers | Specifies the ciphers allowed and their order of preference.
|
| services.komodo-periphery.logging.level | Logging verbosity level.
|
| services.bluesky-pds.settings.PDS_BSKY_APP_VIEW_DID | DID of bsky frontend
|
| security.pam.u2f.settings.cue | By default pam-u2f module does not inform user
that he needs to use the u2f device, it just waits without a prompt
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.name | Name of the contact point
|
| services.akkoma.dist.extraFlags | Extra flags to pass to Erlang
|
| services.akkoma.nginx.listen | Listen addresses and ports for this virtual host
|
| services.athens.storage.mongo.certPath | Path to the certificate file for the mongo database.
|
| services.athens.storage.s3.awsContainerCredentialsRelativeURI | Container relative url (used by fargate).
|
| services.gollum.h1-title | Use the first h1 as page title
|
| services.akkoma.nginx.default | Makes this vhost the default.
|
| services.hitch.frontend | The port and interface of the listen endpoint in the
form [HOST]:PORT[+CERT].
|
| power.ups.upsmon.monitor | Set of UPS to monitor
|
| security.acme.defaults.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| services.bazarr.listenPort | Port on which the bazarr web interface should listen
|
| services.epmd.enable | Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),
which acts as a name server on all hosts involved in distributed
Erlang computations.
|
| services.atuin.openRegistration | Allow new user registrations with the atuin server.
|
| security.apparmor.policies | AppArmor policies.
|
| services.fediwall.settings | Fediwall configuration
|
| services.kimai.webserver | The webserver to configure for the PHP frontend
|
| services.keyd.keyboards.<name>.ids | Device identifiers, as shown by keyd(1).
|
| services.graphite.carbon.storageSchemas | Defines retention rates for storing metrics.
|
| security.duosec.prompts | If a user fails to authenticate with a second factor, Duo
Unix will prompt the user to authenticate again
|
| services.bitmagnet.useLocalPostgresDB | Use a local postgresql database, create user and database
|
| services.etcd.listenClientUrls | Etcd list of URLs to listen on for client traffic.
|
| services.fediwall.nginx.listen.*.addr | Listen address.
|
| services.couchdb.argsFile | vm.args configuration
|
| security.dhparams.params.<name>.path | The resulting path of the generated Diffie-Hellman parameters
file for other services to reference
|
| services.grafana.settings.database.host | Only applicable to MySQL or Postgres
|
| services.goeland.enable | Whether to enable goeland, an alternative to rss2email.
|
| services.akkoma.nginx.serverName | Name of this virtual host
|
| services.i2pd.exploratory.inbound.length | Guaranteed minimum hops for exploratory tunnels.
|
| services.below.compression.enable | Whether to enable data compression.
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| services.anuko-time-tracker.settings.multiorgMode | Defines whether users see the Register option in the menu of Time Tracker that allows them
to self-register and create new organizations (top groups).
|
| services.firefox-syncserver.singleNode.enableNginx | Whether to enable nginx virtualhost definitions.
|
| services.fluentd.plugins | A list of plugin paths to pass into fluentd
|
| i18n.inputMethod.fcitx5.quickPhraseFiles | Quick phrase files.
|
| security.pam.mount.debugLevel | Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing,
and 2 additionally enables tracing in mount.crypt
|
| services.gitlab.packages.pages | The gitlab-pages package to use.
|
| services.gns3-server.package | The gns3-server package to use.
|
| services.i2pd.upnp.name | Name i2pd appears in UPnP forwardings list.
|
| services.dragonflydb.bind | The IP interface to bind to.
null means "all interfaces".
|
| services.i2pd.outTunnels.<name>.name | The endpoint name.
|
| services.geoclue2.geoProviderUrl | The url to the wifi GeoLocation Service.
|
| services.certmgr.defaultRemote | The default CA host:port to use.
|
| services.dependency-track.ldap.bindPasswordFile | The path to a file containing the LDAP bind password.
|
| services.grafana.settings.security.admin_user | Default admin username.
|
| services.hqplayerd.enable | Whether to enable HQPlayer Embedded.
|
| networking.hostName | The name of the machine
|
| programs.zsh.zsh-autoenv.enable | Whether to enable zsh-autoenv.
|
| services.agorakit.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.gocd-server.group | If the default user "gocd-server" is configured then this is the primary group of that user.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| services.kanboard.nginx.acmeRoot | Directory for the ACME challenge, which is public
|
| security.wrappers.<name>.group | The group of the wrapper program.
|
| services.baikal.user | User account under which the web-application run.
|