| services.mautrix-meta.instances.<name>.environmentFile | File containing environment variables to substitute when copying the configuration
out of Nix store to the services.mautrix-meta.dataDir
|
| services.rspamd.locals | Local configuration files, written into /etc/rspamd/local.d/{name}.
|
| services.limesurvey.nginx.virtualHost.serverName | Name of this virtual host
|
| services.sanoid.templates.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| services.maubot.settings.server.hostname | The IP to listen on
|
| services.tt-rss.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.icingaweb2.modules.monitoring.transports.<name>.type | Type of this transport
|
| services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| services.mautrix-meta.instances.<name>.serviceDependencies | List of Systemd services to require and wait for when starting the application service.
|
| services.tarsnap.archives.<name>.aggressiveNetworking | Upload data over multiple TCP connections, potentially
increasing tarsnap's bandwidth utilisation at the cost
of slowing down all other network traffic
|
| virtualisation.credentials.<name>.source | Source file on the host containing the credential data.
|
| services.hqplayerd.auth.username | Username used for HQPlayer's WebUI
|
| services.syncplay.maxUsernameLength | Maximum number of characters in a username.
|
| services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects | Allow localhost redirects
|
| virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| services.icingaweb2.modules.monitoring.transports.<name>.host | Host for the api or remote transport
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| boot.binfmt.registrations.<name>.matchCredentials | Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit)
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| services.zoneminder.hostname | The hostname on which to listen.
|
| services.icingaweb2.modules.monitoring.transports.<name>.path | Path to the socket for local or remote transports
|
| services.icingaweb2.modules.monitoring.transports.<name>.port | Port to connect to for the api or remote transport
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals | AH proposals to offer for the CHILD_SA
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.starttls | set to true for using STARTTLS to start a TLS connection
|
| console.font | The font used for the virtual consoles
|
| services.pantalaimon-headless.instances.<name>.listenAddress | The address where the daemon will listen to client connections
for this homeserver.
|
| services.gitlab-runner.services.<name>.environmentVariables | Custom environment variables injected to build environment
|
| services.strongswan-swanctl.swanctl.connections.<name>.dscp | Differentiated Services Field Codepoint to set on outgoing IKE packets for
this connection
|
| services.grav.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.librenms.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.agorakit.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.agorakit.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.librenms.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.dolibarr.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.dolibarr.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.kanboard.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fediwall.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.kanboard.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fediwall.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.pixelfed.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.pixelfed.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.mainsail.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.mainsail.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.dawarich.smtp.user | SMTP login name.
|
| services.mastodon.smtp.user | SMTP login name.
|
| services.icingaweb2.modules.monitoring.backends.<name>.disabled | Disable this backend
|
| security.wrappers.<name>.capabilities | A comma-separated list of capability clauses to be given to the
wrapper program
|
| services.limesurvey.nginx.virtualHost.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.onlyoffice.hostname | FQDN for the OnlyOffice instance.
|
| services.rss-bridge.pool | Name of phpfpm pool that is used to run web-application
|
| services.postgresqlWalReceiver.receivers.<name>.compress | Enables gzip compression of write-ahead logs, and specifies the compression level
(0 through 9, 0 being no compression and 9 being best compression)
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| services.wordpress.webserver | Whether to use apache2 or nginx for virtual host management
|
| services.pretix.nginx.domain | The domain name under which to set up the virtual host.
|
| services.hddfancontrol.settings.<drive-bay-name>.logVerbosity | Verbosity of the log level
|
| services.librenms.group | Name of the LibreNMS group.
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.vikunja.frontendHostname | The Hostname under which the frontend is running.
|
| services.hadoop.hdfs.namenode.formatOnInit | Format HDFS namenode on first start
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.davfs2.davUser | When invoked by root the mount.davfs daemon will run as this user
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.skydns.nameservers | Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
|
| services.strongswan-swanctl.swanctl.connections.<name>.vips | List of virtual IPs to request in IKEv2 configuration payloads or IKEv1
Mode Config
|
| services.sympa.web.server | The webserver used for the Sympa web interface
|
| services.pantalaimon-headless.instances.<name>.extraSettings | Extra configuration options
|
| services.biboumi.settings.hostname | The hostname served by the XMPP gateway
|
| services.rshim.index | Specify the index to create device path /dev/rshim<index>
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.castopod.database.hostname | Database hostname.
|
| services.dovecot2.user | Dovecot user name.
|
| services.dnsdist.enable | Whether to enable dnsdist domain name server.
|
| services.slurm.controlAddr | Name that ControlMachine should be referred to in establishing a
communications path.
|
| services.unbound.enable | Whether to enable Unbound domain name server.
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.cassandra.jmxRoles.*.username | Username for JMX
|
| security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| services.syncthing.settings.folders.<name>.ignorePatterns | Syncthing can be configured to ignore certain files in a folder using ignore patterns
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| services.nscd.enable | Whether to enable the Name Service Cache Daemon
|
| boot.iscsi-initiator.target | Name of the iSCSI target to boot from.
|
| networking.networkmanager.unmanaged | List of interfaces that will not be managed by NetworkManager
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.ircdHybrid.serverName | IRCD server name.
|
| services.selfoss.pool | Name of existing phpfpm pool that is used to run web-application
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.k3s.autoDeployCharts | Auto deploying Helm charts that are installed by the k3s Helm controller
|
| services.kerberos_server.settings.realms.<name>.acl.*.target | The principals that 'access' applies to.
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| services.kubernetes.proxy.hostname | Kubernetes proxy hostname override.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|