| services.kerberos_server.settings.realms.<name>.acl.*.target | The principals that 'access' applies to.
|
| services.syncthing.settings.folders.<name>.ignorePatterns | Syncthing can be configured to ignore certain files in a folder using ignore patterns
|
| services.headscale.settings.dns.nameservers.global | List of nameservers to pass to Tailscale clients.
|
| services.libeufin.nexus.settings.nexus-ebics.CURRENCY | Name of the fiat currency.
|
| services.radicle.ci.broker.settings.triggers.*.adapter | Adapter name.
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.anubis.defaultOptions.settings.POLICY_FNAME | The policy file to use
|
| services.public-inbox.settings.publicinbox.css | The local path name of a CSS file for the PSGI web interface.
|
| services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| services.suricata.settings.unix-command | Unix command socket that can be used to pass commands to Suricata
|
| services.matrix-synapse.settings.listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.anubis.defaultOptions.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| services.dovecot2.imapsieve.mailbox.*.name | This setting configures the name of a mailbox for which administrator scripts are configured
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| services.libeufin.nexus.settings.nexus-ebics.BANK_DIALECT | Name of the following combination: EBICS version and ISO20022
recommendations that Nexus would honor in the communication with the
bank
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| services.nextcloud.settings.mail_smtpname | This depends on mail_smtpauth
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.easytier.instances.<name>.settings.network_secret | EasyTier network credential used for verification and
encryption
|
| services.kerberos_server.settings.realms.<name>.acl.*.principal | Which principal the rule applies to
|
| services.prometheus.exporters.process.settings.process_names | All settings expressed as an Nix attrset
|
| services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| services.journald.upload.settings.Upload.ServerKeyFile | SSL key in PEM format
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.mobilizon.settings.":mobilizon".":instance".hostname | Your instance's hostname
|
| services.matrix-synapse.settings.database.args.database | Name of the database when using the psycopg2 backend,
path to the database location when using sqlite3.
|
| services.suricata.settings.outputs | Configure the type of alert (and other) logging you would like
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| services.prometheus.exporters.fritz.settings.devices.*.hostname | Hostname under which the target device is reachable.
|
| services.easytier.instances.<name>.extraSettings | Extra settings to add to easytier-‹name›.toml.
|
| services.tlsrpt.reportd.settings.organization_name | Name of the organization sending out the reports.
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| services.keycloak.settings.hostname-backchannel-dynamic | Enables dynamic resolving of backchannel URLs,
including hostname, scheme, port and context path
|
| services.grafana.settings.smtp.ehlo_identity | Name to be used as client identity for EHLO in SMTP dialog.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.matrix-synapse.settings.log_config | The file that holds the logging configuration.
|
| boot.uki.name | Name of the UKI
|
| services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.nextcloud.settings."profile.enabled" | Makes user-profiles globally available under nextcloud.tld/u/user.name
|
| services.warpgate.settings.external_host | Configure the domain name of this Warpgate instance
|
| services.prometheus.exporters.nginxlog.settings.namespaces | Namespaces to collect the metrics for
|
| services.easytier.instances.<name>.configFile | Path to easytier config file
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".username | User used to connect to the database
|
| services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| services.discourse.siteSettings | Discourse site settings
|
| services.warpgate.settings.sso_providers.*.label | SSO provider name displayed on login page.
|
| services.jupyter.user | Name of the user used to run the jupyter service
|
| services.sanoid.datasets.<name>.recursive | Whether to recursively snapshot dataset children
|
| services.crowdsec-firewall-bouncer.settings.api_key | API key to authenticate with a local crowdsec API
|
| services.nipap.settings.auth.default_backend | Name of auth backend to use by default.
|
| services.opendkim.keyPath | The path that opendkim should put its generated private keys into
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| services.matrix-appservice-irc.settings.homeserver.domain | The 'domain' part for user IDs on this home server
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.authelia.instances.<name>.settings.default_2fa_method | Default 2FA method for new users and fallback for preferred but disabled methods.
|
| services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| services.biboumi.settings.realname_from_jid | Whether the realname and username of each biboumi
user will be extracted from their JID
|
| services.factorio.saveName | The name of the savegame that will be used by the server
|
| services.pgbouncer.settings.pgbouncer.listen_addr | Specifies a list (comma-separated) of addresses where to listen for TCP connections
|
| users.users.<name>.name | The name of the user account
|
| services.easytier.instances.<name>.configServer | Configure the instance from config server
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| documentation.man.mandoc.settings.output.man | A template for linked manuals (usually via the Xr macro) in HTML
output
|
| services.fedimintd.<name>.nginx.config.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".database | Name of the database
|
| services.veilid.settings.core.network.routing_table.bootstrap | Host name of existing well-known Veilid bootstrap servers for the network to connect to.
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.movim.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| documentation.man.mandoc.settings.output.paper | This option is for generating PostScript and PDF output
|
| users.groups.<name>.name | The name of the group
|
| services.nylon.<name>.name | The name of this nylon instance.
|
| virtualisation.xen.store.settings.perms.enableWatch | Whether to enable the watch permission system
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.dolibarr.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.bind.zones.<name>.name | Name of the zone.
|
| services.filesender.settings.log_facilities | Defines where FileSender logging is sent
|
| services.pppd.peers.<name>.name | Name of the PPP peer.
|
| services.pgbouncer.settings.pgbouncer.max_client_conn | Maximum number of client connections allowed
|
| system.name | The name of the system used in the system.build.toplevel derivation
|
| services.btrbk.extraPackages | Extra packages for btrbk, like compression utilities for stream_compress.
Note: This option will get deprecated in future releases
|
| users.extraUsers.<name>.name | The name of the user account
|
| services.davis.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.davis.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.movim.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.slskd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.slskd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.movim.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.snipe-it.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.snipe-it.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.lact.settings | Settings for LACT
|
| services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.gancio.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|