| services.onlyoffice.jwtSecretFile | Path to a file that contains the secret to sign web requests using JSON Web Tokens
|
| services.nextcloud.config.dbhost | Database host (+port) or socket path
|
| services.oauth2-proxy.tls.certificate | Path to certificate file.
|
| services.movim.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.thinkfan.sensors | List of temperature sensors thinkfan will monitor.
This section slightly departs from the thinkfan.conf syntax
|
| services.zoneminder.storageDir | ZoneMinder can generate quite a lot of data, so in case you don't want
to use the default /var/lib/zoneminder, you can override the path here.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation | Certificate revocation policy for CRL or OCSP revocation.
- A
strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.- The default revocation policy
relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad
|
| networking.sits.<name>.encapsulation | Configures the type of encapsulation.
|
| services.znapzend.zetup.<name>.destinations | Additional destinations.
|
| services.fedimintd.<name>.nginx.config.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.openafsServer.roles.backup.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| networking.wireless.networks.<name>.extraConfig | Extra configuration lines appended to the network block
|
| services.sabnzbd.settings.servers.<name>.optional | In case of connection failures, temporarily
disable this server. (See sabnzbd's documentation
for usage guides).
|
| services.authelia.instances.<name>.settings | Your Authelia config.yml as a Nix attribute set
|
| services.anuko-time-tracker.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.hostapd.radios.<name>.wifi7.multiUserBeamformer | EHT multi user beamformee support
|
| services.wyoming.faster-whisper.servers.<name>.language | The language used to to parse words and sentences.
|
| services.invoiceplane.sites.<name>.poolConfig | Options for the InvoicePlane PHP pool
|
| services.anubis.instances.<name>.settings.TARGET | The reverse proxy target that Anubis is protecting
|
| services.networkd-dispatcher.rules.<name>.onState | List of names of the systemd-networkd operational states which
should trigger the script
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| services.ghostunnel.servers.<name>.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| services.akkoma.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fluidd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matomo.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.monica.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| services.fcgiwrap.instances.<name>.process.prefork | Number of processes to prefork.
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.gitlab-runner.services.<name>.debugTraceDisabled | When set to true Runner will disable the possibility of
using the CI_DEBUG_TRACE feature.
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.honk.host | The host name or IP address the server should listen to.
|
| services.anuko-time-tracker.nginx.serverName | Name of this virtual host
|
| services.mysql.galeraCluster.localName | The unique name that identifies this particular node within the cluster
|
| services.neo4j.ssl.policies | Defines the SSL policies for use with Neo4j connectors
|
| services.dovecot2.mailPlugins.perProtocol.<name>.enable | mail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action | Action to perform for this CHILD_SA on DPD timeout
|
| services.gitlab-runner.services.<name>.protected | When set to true Runner will only run on pipelines
triggered on protected branches
|
| services.grafana.settings.smtp.key_file | File path to a key file.
|
| services.akkoma.nginx.sslCertificate | Path to server SSL certificate.
|
| services.gancio.nginx.sslCertificate | Path to server SSL certificate.
|
| services.fluidd.nginx.sslCertificate | Path to server SSL certificate.
|
| services.akkoma.extraPackages | List of extra packages to include in the executable search path of the service unit
|
| services.thanos.receive.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.oauth2-proxy.google.serviceAccountJSON | The path to the service account JSON credentials.
|
| services.monica.nginx.sslCertificate | Path to server SSL certificate.
|
| services.snipe-it.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.thanos.sidecar.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.matomo.nginx.sslCertificate | Path to server SSL certificate.
|
| services.thanos.compact.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.pretalx.settings.database.host | Database host or socket path.
|
| services.quassel.certificateFile | Path to the certificate used for SSL connections with clients.
|
| services.microsocks.authPasswordFile | Path to a file containing the password for authentication.
|
| services.unpoller.unifi.defaults.pass | Path of a file containing the password for the unifi service user
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.postfix.settings.master.<name>.privileged | |
| services.zeronsd.servedNetworks.<name>.settings.domain | Domain under which ZeroTier records will be available.
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| services.blockbook-frontend.<name>.extraCmdLineOptions | Extra command line options to pass to Blockbook
|
| services.authelia.instances.<name>.settings.log.level | Level of verbosity for logs.
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| services.icingaweb2.modules.monitoring.backends.<name>.resource | Name of the IDO resource
|
| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| services.kanidm.provision.systems.oauth2.<name>.public | Whether this is a public client (enforces PKCE, doesn't use a basic secret)
|
| services.firewalld.zones.<name>.sources.*.address | An IP address or a network IP address with a mask for IPv4 or IPv6
|
| services.easytier.instances.<name>.settings.peers | Peers to connect initially
|
| security.ipa.ipaHostname | Fully-qualified hostname used to identify this host in the IPA domain.
|
| boot.binfmt.registrations.<name>.fixBinary | Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| users.users.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packets | Packet range from which to choose a random value to subtract from
rekey_packets
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter_config.clientSecretFile | A file containing a the client secret for an openid_connect adapter
|
| services.drupal.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.buffyboard.configFile | Path to an INI format configuration file to provide Buffyboard
|
| services.hardware.pommed.configFile | The path to the pommed.conf file
|
| services.gitlab.secrets.jwsFile | A file containing the secret used to encrypt session
keys
|
| services.gitlab.secrets.dbFile | A file containing the secret used to encrypt variables in
the DB
|
| services.opengfw.settings.ruleset | The path to load specific local geoip/geosite db files
|
| services.slurm.dbdserver.storagePassFile | Path to file with database password
|
| services.tlsrpt.fetcher.settings.storage | Path to the collectd sqlite database.
|
| services.misskey.database.passwordFile | The path to a file containing the database password
|
| services.nagios.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.moodle.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.bookstack.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| systemd.user.targets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.sockets.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.shorewall.configs | This option defines the Shorewall configs
|
| systemd.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.jirafeau.nginxConfig.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.jirafeau.nginxConfig.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.simplesamlphp.<name>.authSources | Auth sources options used by SimpleSAMLphp.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| services.keepalived.vrrpInstances.<name>.vmacXmitBase | Send/Recv VRRP messages from base interface instead of VMAC interface.
|
| services.peertube-runner.instancesToRegister.<name>.url | URL of the PeerTube instance.
|
| virtualisation.fileSystems.<name>.enable | Whether to enable the filesystem mount.
|