| services.xtreemfs.homeDir | XtreemFS home dir for the xtreemfs user.
|
| services.sourcehut.settings."pages.sr.ht".user-domain | Configures the user domain, if enabled
|
| services.syncplay.enable | If enabled, start the Syncplay server.
|
| services.canaille.settings.CANAILLE.SMTP | SMTP configuration
|
| security.acme.certs.<name>.directory | Directory where certificate and other state is stored.
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.httpd.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.syncthing.settings.folders | Folders which should be shared by Syncthing
|
| services.thanos.query.enable | Whether to enable the Thanos query node exposing PromQL enabled Query API with data retrieved from multiple store nodes.
|
| services.bacula-sd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.bacula-fd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.clamav.fangfrisch.settings | fangfrisch configuration
|
| services.syncthing.settings.devices | Peers/devices which Syncthing should communicate with
|
| services.jirafeau.nginxConfig.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.kanata.package | The kanata package to use. ::: {.note}
If danger-enable-cmd is enabled in any of the keyboards, the
kanata-with-cmd package should be used.
:::
|
| nix.settings.trusted-public-keys | List of public keys used to sign binary caches
|
| services.hickory-dns.quiet | Log ERROR level messages only
|
| services.headscale.settings.derp.auto_update_enabled | Whether to automatically update DERP maps on a set frequency.
|
| services.nginx.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.jirafeau.nginxConfig.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.spacecookie.settings.log.hide-ips | If enabled, spacecookie will hide personal
information of users like IP addresses from
log output.
|
| services.redsocks.redsocks.*.doNotRedirect | Iptables filters that if matched will get the packet off of
redsocks.
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| i18n.inputMethod.fcitx5.addons | Enabled Fcitx5 addons.
|
| services.nextcloud.appstoreEnable | Allow the installation and updating of apps from the Nextcloud appstore
|
| services.spacecookie.settings.log.hide-time | If enabled, spacecookie will not print timestamps
at the beginning of every log line.
|
| services.drupal.sites.<name>.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.longview.enable | If enabled, system metrics will be sent to Linode LongView.
|
| services.nginx.virtualHosts.<name>.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| services.eris-server.decode | Whether the HTTP service (when enabled) will decode ERIS content at /uri-res/N2R?urn:eris:
|
| services.znapzend.pure | Do not persist any stateful znapzend setups
|
| services.vdirsyncer.jobs.<name>.config.storages | vdirsyncer storage configurations
|
| services.lighttpd.mod_userdir | If true, requests in the form /~user/page.html are rewritten to take
the file public_html/page.html from the home directory of the user.
|
| services.hickory-dns.debug | Log DEBUG, INFO, WARN and ERROR messages
|
| services.paperless.exporter.directory | Directory to store export.
|
| services.tayga.wkpfStrict | Enable restrictions on the use of the well-known prefix (64:ff9b::/96) - prevents translation of non-global IPv4 ranges when using the well-known prefix
|
| users.ldap.extraConfig | Extra configuration options that will be added verbatim at
the end of the ldap configuration file (ldap.conf(5))
|
| services.davis.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.slskd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.movim.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.veilid.settings.core.protected_store.directory | The filesystem directory to store your protected store in.
|
| services.sabnzbd.settings.misc.html_login | Prompt for login with an html login mask if enabled,
otherwise prompt for basic auth (useful for SSO)
|
| services.grafana.settings.users.verify_email_enabled | Require email validation before sign up completes.
|
| services.plausible.mail.smtp.user | The username/email in case SMTP auth is enabled.
|
| services.sabnzbd.settings.misc.https_cert | Path to the TLS certificate for the web UI
|
| i18n.inputMethod.type | Select the enabled input method
|
| services.devpi-server.replica | Run node as a replica
|
| services.snipe-it.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.neo4j.directories.imports | The root directory for file URLs used with the Cypher
LOAD CSV clause
|
| services.dbus.apparmor | AppArmor mode for dbus.
enabled enables mediation when it's
supported in the kernel, disabled
always disables AppArmor even with kernel support, and
required fails when AppArmor was not found
in the kernel.
|
| security.duosec.ssh.enable | If enabled, protect SSH logins with Duo Security.
|
| hardware.facter.debug.nvd | A shell application which will produce an nvd diff of the system closure with and without facter enabled.
|
| services.emacs.defaultEditor | When enabled, configures emacsclient to be the default editor
using the EDITOR environment variable.
|
| services.neo4j.directories.plugins | Path of the database plugin directory
|
| services.goxlr-utility.autoStart.xdg | Start the daemon automatically using XDG autostart
|
| services.k3s.images | List of derivations that provide container images
|
| services.vdirsyncer.jobs.<name>.forceDiscover | Run yes | vdirsyncer discover prior to vdirsyncer sync
|
| services.fail2ban.enable | Whether to enable the fail2ban service
|
| services.biboumi.settings.policy_directory | A directory that should contain the policy files,
used to customize Botan’s behaviour
when negotiating the TLS connections with the IRC servers.
|
| services.httpd.logPerVirtualHost | If enabled, each virtual host gets its own
access.log and
error.log, namely suffixed by the
hostName of the virtual host.
|
| services.consul.leaveOnStop | If enabled, causes a leave action to be sent when closing consul
|
| services.waagent.settings.ResourceDisk.EnableSwap | If enabled, the agent creates a swap file (/swapfile) on the resource disk
and adds it to the system swap space
|
| services.suricata.settings.unix-command | Unix command socket that can be used to pass commands to Suricata
|
| swapDevices.*.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| security.duosec.pam.enable | If enabled, protect logins with Duo Security using PAM support.
|
| services.libreswan.disableRedirects | Whether to disable send and accept redirects for all network interfaces
|
| services.kerberos_server.settings.includedir | Directories containing files to include in the Kerberos configuration.
|
| services.undervolt.turbo | Changes the Intel Turbo feature status (1 is disabled and 0 is enabled).
|
| services.bacula-sd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.stash.settings.notifications_enabled | If we should send notifications to the desktop
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.mediawiki.httpd.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.dolibarr.h2o | With this option, you can customize an H2O virtual host which already
has sensible defaults for Dolibarr
|
| services.riemann-dash.dataDir | Location of the riemann-base dir
|
| services.akkoma.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fluidd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.gancio.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.monica.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.matomo.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.zitadel.tlsMode | The TLS mode to use
|
| services.mailman.webHosts | The list of hostnames and/or IP addresses from which the Mailman Web
UI will accept requests
|
| services.stunnel.clients | Define the client configurations
|
| services.fedimintd.<name>.nginx.config.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| services.actkbd.bindings | Key bindings for actkbd
|
| fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.fedimintd.<name>.nginx.config.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| nix.settings.sandbox | If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build
|
| hardware.facter.debug.nix-diff | A shell application which will produce a nix-diff of the system closure with and without facter enabled.
|
| services.matomo.nginx | With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo
|
| services.gitolite.enable | Enable gitolite management under the
gitolite user
|
| services.tinyproxy.settings.Anonymous | If an Anonymous keyword is present, then anonymous proxying is enabled
|
| services.limesurvey.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| i18n.inputMethod.kime.daemonModules | List of enabled daemon modules
|
| services.firefly-iii.virtualHost | The hostname at which you wish firefly-iii to be served
|
| services.minetest-server.enable | If enabled, starts a Minetest Server.
|
| services.dovecot2.enablePop3 | Whether to enable starting the POP3 listener (when Dovecot is enabled).
|