| services.biboumi.settings.hostname | The hostname served by the XMPP gateway
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| services.syncplay.useACMEHost | If set, use NixOS-generated ACME certificate with the specified name for TLS
|
| services.nix-serve.secretKeyFile | The path to the file used for signing derivation data
|
| services.slurm.dbdserver.dbdHost | Hostname of the machine where slurmdbd
is running (i.e. name returned by hostname -s).
|
| services.supybot.plugins | Attribute set of additional plugins that will be symlinked to the
plugin subdirectory
|
| services.cloudlog.database.user | MySQL user name.
|
| services.zabbixWeb.nginx.virtualHost | Nginx configuration can be done by adapting services.nginx.virtualHosts.<name>
|
| systemd.network.config.routeTables | Defines route table names as an attrset of name to number
|
| services.zabbixWeb.httpd.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.<name>
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| services.athens.storage.minio.bucket | Bucket name for the minio storage backend.
|
| services.writefreely.host | The public host name to serve.
|
| services.vsmartcard-vpcd.hostname | Hostname of a waiting vpicc server vpcd will be connecting to
|
| virtualisation.oci-containers.containers.<name>.login.passwordFile | Path to file containing password.
|
| services.borgmatic.configurations.<name>.repositories.*.path | Path to the repository
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals | ESP proposals to offer for the CHILD_SA
|
| virtualisation.fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds | Periodically refresh the endpoint hostname or address for all peers
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| services.multipath.devices.*.prio | The name of the path priority routine
|
| services.coder.database.database | Name of database.
|
| services.athens.index.mysql.database | Database name for the MySQL database.
|
| services.cadvisor.storageDriverDb | Cadvisord storage driver database name.
|
| services.hatsu.settings.HATSU_DOMAIN | The domain name of your instance (eg 'hatsu.local').
|
| image.repart.verityStore.partitionIds.esp | Specify the attribute name of the ESP.
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| virtualisation.oci-containers.containers.<name>.privileged | Give extended privileges to the container
|
| virtualisation.oci-containers.containers.<name>.entrypoint | Override the default entrypoint of the image.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.path | Unix domain socket path to bind this listener to.
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| services.minetest-server.world | Name of the world to use
|
| services.slskd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.multipath.pathGroups.*.alias | The name of the multipath device
|
| services.misskey.reverseProxy.host | The fully qualified domain name to bind to
|
| services.movim.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.pds.settings.PDS_HOSTNAME | Instance hostname (base domain name)
|
| services.resolved.llmnr | Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host
|
| hardware.firmware | List of packages containing firmware files
|
| services.davis.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| virtualisation.oci-containers.containers.<name>.volumes | List of volumes to attach to this container
|
| networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| virtualisation.oci-containers.containers.<name>.log-driver | Logging driver for the container
|
| services.snipe-it.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| services.slurm.controlMachine | The short hostname of the machine where SLURM control functions are
executed (i.e. the name returned by the command "hostname -s", use "tux001"
rather than "tux001.my.com").
|
| services.netbird.server.signal.domain | The domain name for the signal service.
|
| boot.zfs.extraPools | Name or GUID of extra ZFS pools that you wish to import during boot
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| services.xserver.xrandrHeads.*.output | The output name of the monitor, as shown by
xrandr(1) invoked without arguments.
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.discourse.database.username | Discourse database user.
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| services.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.restic.server.privateRepos | Enable private repos
|
| services.mastodon.user | User under which mastodon runs
|
| services.tailscale.derper.domain | Domain name under which the derper server is reachable.
|
| services.knot-resolver.enable | Whether to enable knot-resolver (version 6) domain name server
|
| services.gitea.settings.server.DOMAIN | Domain name of your server.
|
| services.vault-agent.instances | Attribute set of vault-agent instances
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_required | Whether a Postquantum Preshared Key (PPK) is required for this connection
|
| services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| virtualisation.oci-containers.containers.<name>.environment | Environment variables to set for this container.
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.tailscale.authKeyFile | A file containing the auth key
|
| services.ncps.cache.lru.scheduleTimeZone | The name of the timezone to use for the cron schedule
|
| services.nominatim.enable | Whether to enable nominatim
|
| services._3proxy.resolution | Use this option to configure name resolution and DNS caching.
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_port | Remote UDP port for IKE communication
|
| services.strongswan-swanctl.swanctl.connections.<name>.aggressive | Enables Aggressive Mode instead of Main Mode with Identity
Protection
|
| services.tlsrpt.reportd.settings.organization_name | Name of the organization sending out the reports.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| services.kubernetes.kubelet.hostname | Kubernetes kubelet hostname override.
|
| services.nextjs-ollama-llm-ui.hostname | The hostname under which the Ollama UI interface should be accessible
|
| services.roundcube.enable | Whether to enable roundcube
|
| services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| services.matomo.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.portunus.ldap.searchUserName | The login name of the search user
|
| services.monica.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.postfix.networksStyle | Name of standard way of trusted network specification to use,
leave blank if you specify it explicitly or if you want to use
default (localhost-only).
|
| services.akkoma.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.gancio.nginx.http3 | Whether to enable the HTTP/3 protocol
|