| services.httpd.virtualHosts.<name>.adminAddr | E-mail address of the server administrator.
|
| services.suricata.settings.logging.stacktrace-on-signal | Requires libunwind to be available when Suricata is configured and built
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fedimintd.<name>.nginx.path | Path to host the API on and forward to the daemon's api port
|
| services.pppd.peers.<name>.autostart | Whether the PPP session is automatically started at boot time.
|
| services.netbird.clients.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.netbird.tunnels.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.xserver.xkb.extraLayouts.<name>.symbolsFile | The path to the xkb symbols file
|
| services.ndppd.proxies.<name>.timeout | Controls how long to wait for a Neighbor Advertisement Message before
invalidating the entry, in milliseconds.
|
| boot.initrd.systemd.groups.<name>.gid | ID of the group in initrd.
|
| services.httpd.virtualHosts.<name>.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.nginx.virtualHosts.<name>.acmeRoot | Directory for the ACME challenge, which is public
|
| services.httpd.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.nginx.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.openvpn.servers | Each attribute of this option defines a systemd service that
runs an OpenVPN instance
|
| services.quicktun.<name>.remotePort | Remote UDP port
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.signingKeyPath | Path to the signing key file for authenticated media.
|
| users.extraUsers.<name>.cryptHomeLuks | Path to encrypted luks device that contains
the user's home directory.
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.ttlSeconds | Lifetime in seconds, that generated URLs stay valid
|
| services.dependency-track.settings."alpine.data.directory" | Defines the path to the data directory
|
| services.grafana.provision.alerting.contactPoints.settings | Grafana contact points configuration in Nix
|
| services.postfix.settings.main.mydestination | List of domain names intended for local delivery using /etc/passwd and /etc/aliases.
Do not include virtual domains in this list.
https://www.postfix.org/postconf.5.html#mydestination
|
| services.waagent.settings.Provisioning.Enable | Whether to enable provisioning functionality in the agent
|
| services.grafana.provision.dashboards.settings.apiVersion | Config file version.
|
| services.ax25.axports.<name>.package | The ax25-tools package to use.
|
| services.nylon.<name>.verbosity | Enable verbose output, default is to not be verbose.
|
| services.prometheus.exporters.script.settings | Free-form configuration for script_exporter, expressed as a Nix attrset and rendered to YAML.
Migration note:
The previous format using script = "sleep 5" is no longer supported
|
| services.slskd.settings.retention.transfers.download.errored | Lifespan of errored download tasks.
|
| services.firewalld.settings.NftablesFlowtable | This may improve forwarded traffic throughput by enabling nftables flowtable
|
| security.pam.services.<name>.limits.*.value | Value of this limit
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.k3s.manifests.<name>.source | Path of the source .yaml file.
|
| services.wyoming.piper.servers.<name>.piper | The piper-tts package to use.
|
| services.neo4j.ssl.policies.<name>.clientAuth | The client authentication stance for this policy.
|
| systemd.user.paths.<name>.aliases | Aliases of that unit.
|
| systemd.user.units.<name>.aliases | Aliases of that unit.
|
| services.wyoming.piper.servers.<name>.useCUDA | Whether to accelerate the underlying onnxruntime library with CUDA.
|
| services.redis.servers.<name>.extraParams | Extra parameters to append to redis-server invocation
|
| services.grafana.provision.datasources.settings | Grafana datasource configuration in Nix
|
| services.fedimintd.<name>.nginx.fqdn | Public domain of the API address of the reverse proxy/tls terminator.
|
| services.grafana-image-renderer.settings.rendering.mode | Rendering mode of grafana-image-renderer:
default: Creates on browser-instance
per rendering request.reusable: One browser instance
will be started and reused for each rendering request.clustered: allows to precisely
configure how many browser-instances are supposed to be used
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| services.spiped.config.<name>.timeout | Timeout, in seconds, after which an attempt to connect to
the target or a protocol handshake will be aborted (and the
connection dropped) if not completed
|
| virtualisation.allInterfaces.<name>.name | Interface name
|
| services.dokuwiki.sites.<name>.acl | Access Control Lists: see https://www.dokuwiki.org/acl
Mutually exclusive with services.dokuwiki.aclFile
Set this to a value other than null to take precedence over aclFile option
|
| services.gitea.settings.service.DISABLE_REGISTRATION | By default any user can create an account on this gitea instance
|
| systemd.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.services.<name>.scriptArgs | Arguments passed to the main process script
|
| services.veilid.settings.client_api.ipc_enabled | veilid-server will respond to Python and other JSON client requests.
|
| services.nylon.<name>.deniedIPRanges | Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:
[ "0.0.0.0/0" ]
To block all other access than the allowed.
|
| services.firewalld.zones.<name>.ports | Ports to allow in the zone.
|
| services.firewalld.zones.<name>.short | Short description for the zone.
|
| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.restic.backups.<name>.package | The restic package to use.
|
| nix.registry.<name>.exact | Whether the from reference needs to match exactly
|
| services.davis.nginx.locations.<name>.root | Root directory for requests.
|
| services.movim.nginx.locations.<name>.root | Root directory for requests.
|
| services.slskd.nginx.locations.<name>.root | Root directory for requests.
|
| services.borgmatic.settings.repositories.*.label | Label to the repository
|
| services.tor.settings.CookieAuthentication | See torrc manual.
|
| services.grafana.settings.users.allow_sign_up | Set to false to prohibit users from being able to sign up / create user accounts
|
| services.nginx.virtualHosts.<name>.kTLS | Whether to enable kTLS support
|
| services.grafana.provision.alerting.templates.settings | Grafana templates configuration in Nix
|
| services.xserver.displayManager.lightdm.greeters.slick.iconTheme.name | Name of the icon theme to use for the lightdm-slick-greeter.
|
| services.ghostunnel.servers.<name>.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| services.ghostunnel.servers.<name>.allowURI | Allow client if URI subject alternative name appears in the list.
|
| services.grafana.provision.alerting.muteTimings.settings.apiVersion | Config file version.
|
| services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| services.blockbook-frontend.<name>.dataDir | Location of blockbook-frontend-‹name› data directory.
|
| services.frp.instances.<name>.role | The frp consists of client and server
|
| services.synapse-auto-compressor.settings.levels | Sizes of each new level in the compression algorithm, as a comma-separated list
|
| services.mackerel-agent.settings.host_status.on_start | Host status after agent startup.
|
| documentation.man.mandoc.settings | Configuration for man.conf(5)
|
| security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| services.rss2email.feeds.<name>.to | Email address to which to send feed items
|
| hardware.sane.brscan4.netDevices.<name>.nodename | The node name of the device
|
| hardware.sane.brscan5.netDevices.<name>.nodename | The node name of the device
|
| services.your_spotify.settings.CLIENT_ENDPOINT | The endpoint of your web application
|
| services.libeufin.nexus.settings.libeufin-nexusdb-postgres.CONFIG | The database connection string for the libeufin-nexus database.
|
| services.warpgate.settings.mysql.external_port | The MySQL listener is reachable via this port externally.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.bitcoind.<name>.package | The bitcoind package to use.
|
| services.immichframe.settings.Accounts.*.ImmichServerUrl | The URL of your Immich server.
|
| services.slskd.settings.retention.transfers.upload.cancelled | Lifespan of cancelled upload tasks.
|
| services.slskd.settings.retention.transfers.upload.succeeded | Lifespan of succeeded upload tasks.
|
| services.nvme-rs.settings.thresholds.wear_warning | Wear warning threshold (%)
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.neo4j.ssl.policies.<name>.trustAll | Makes this policy trust all remote parties
|
| services.fedimintd.<name>.nginx.config.http3 | Whether to enable the HTTP/3 protocol
|
| services.blockbook-frontend.<name>.group | The group as which to run blockbook-frontend-‹name›.
|
| services.grafana.provision.datasources.settings.prune | When true, provisioned datasources from this file will be deleted
automatically when removed from
services.grafana.provision.datasources.settings.datasources.
|
| services.bitcoind.<name>.configFile | The configuration file path to supply bitcoind.
|
| services.jupyter.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyter.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| services.livekit.settings.rtc.port_range_end | End of UDP port range for WebRTC
|
| services.h2o.hosts.<name>.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.restic.backups.<name>.paths | Which paths to backup, in addition to ones specified via
dynamicFilesFrom
|
| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|