| services.mediawiki.httpd.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.newt.environmentFile | Path to a file containing sensitive environment variables for Newt
|
| services.reposilite.settings.basePath | Custom base path for this Reposilite instance
|
| services.mattermost.database.socketPath | The database (Postgres or MySQL) socket path.
|
| services.openssh.sftpServerExecutable | The sftp server executable
|
| services.sourcehut.settings."hg.sr.ht".srhtext | Path to the srht mercurial extension
(defaults to where the hgsrht code is)
|
| services.dashy.settings | Settings serialized into user-data/conf.yml before build
|
| services.keycloak.sslCertificateKey | The path to a PEM formatted private key to use for TLS/SSL
connections.
|
| security.pam.u2f.enable | Enables U2F PAM (pam-u2f) module
|
| programs.hyprland.systemd.setPath.enable | Set environment path of systemd to include the current system's bin directory
|
| services.lasuite-docs.settings.DJANGO_SECRET_KEY_FILE | The path to the file containing Django's secret key
|
| services.lasuite-meet.settings.DJANGO_SECRET_KEY_FILE | The path to the file containing Django's secret key
|
| services.monica.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.matomo.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.addr | IP address, optionally with a netmask: IPADDR[/MASK]
|
| services.gancio.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.fluidd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.akkoma.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.firewalld.services.<name>.destination | Destinations for the service.
|
| services.firewalld.services.<name>.description | Description for the service.
|
| services.bookstack.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.shorewall6.configs | This option defines the Shorewall configs
|
| services.zabbixWeb.nginx.virtualHost.serverName | Name of this virtual host
|
| services.sogo.vhostName | Name of the nginx vhost
|
| services.bcg.device | Device name to configure gateway to use.
|
| services.artalk.user | Artalk user name.
|
| security.tpm2.tssUser | Name of the tpm device-owner and service user, set if applyUdevRules is
set.
|
| users.mysql.database | The name of the database containing the users
|
| services.zammad.user | Name of the Zammad user.
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.refresh_interval | The time after which the containers are refreshed
|
| services.wstunnel.servers.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.wstunnel.clients.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| services.mastodon.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class
|
| services.limesurvey.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.limesurvey.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.prometheus.scrapeConfigs.*.job_name | The job name assigned to scraped metrics by default.
|
| programs.nix-required-mounts.allowedPatterns.<name>.onFeatures | Which requiredSystemFeatures should trigger relaxation of the sandbox
|
| services.samba-wsdd.hostname | Override (NetBIOS) hostname to be used (default hostname).
|
| virtualisation.fileSystems.<name>.label | Label of the device
|
| networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| networking.wireless.networks.<name>.authProtocols | The list of authentication protocols accepted by this network
|
| services.keepalived.vrrpInstances.<name>.priority | For electing MASTER, highest priority wins
|
| virtualisation.interfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| services.jibri.xmppEnvironments.<name>.stripFromRoomDomain | The prefix to strip from the room's JID domain to derive the call URL.
|
| services.reposilite.keyPasswordFile | Path the the file containing the password used to unlock the Java KeyStore file specified in services.reposilite.settings.keyPath
|
| services.thanos.rule.objstore.config | Object store configuration
|
| services.ntfy-sh.environmentFile | Path to a file containing extra ntfy environment variables in the systemd EnvironmentFile
format
|
| services.thanos.rule.web.external-prefix | Static prefix for all HTML links and redirect URLs in the UI query web
interface
|
| services.self-deploy.repository | The repository to fetch from
|
| services.taskserver.extensions | Fully qualified path of the Taskserver extension scripts
|
| services.chatgpt-retrieval-plugin.openaiApiKeyPath | Path to the secret openai api key used for embeddings.
|
| services.hickory-dns.settings.directory | The directory in which hickory-dns should look for .zone files,
whenever zones aren't specified by absolute path.
|
| services.postfixadmin.database.dbname | Name of the postgresql database
|
| services.mediawiki.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.mediawiki.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.zeronsd.servedNetworks.<name>.settings.wildcard | Whether to serve a wildcard record for ZeroTier Nodes.
|
| systemd.network.networks.<name>.hierarchyTokenBucketConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucket] section of the unit
|
| services.nebula.networks.<name>.lighthouse.dns.host | IP address on which nebula lighthouse should serve DNS.
'localhost' is a good default to ensure the service does not listen on public interfaces;
use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.scope | The scope of the area where this address is valid.
|
| services.zabbixWeb.hostname | Hostname for either nginx or httpd.
|
| services.angrr.settings.temporary-root-policies.<name>.enable | Whether to enable this angrr policy.
|
| boot.binfmt.registrations.<name>.magicOrExtension | The magic number or extension to match on.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|
| services.radicle.ci.adapters.native.instances.<name>.enable | Whether to enable this radicle-native-ci instance.
|
| specialisation.<name>.inheritParentConfig | Include the entire system's configuration
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| boot.binfmt.registrations.<name>.preserveArgvZero | Whether to pass the original argv[0] to the interpreter
|
| virtualisation.fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.tarsnap.archives.<name>.checkpointBytes | Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value
|
| services.znc.confOptions.networks.<name>.hasBitlbeeControlChannel | Whether to add the special Bitlbee operations channel.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action | Action to perform after a CHILD_SA gets closed by the peer.
- The default of
none does not take any action,
trap installs a trap policy for the CHILD_SA.start tries to re-create the CHILD_SA.
close_action does not provide any guarantee that the
CHILD_SA is kept alive
|
| services.authelia.instances.<name>.secrets.manual | Configuring authelia's secret files via the secrets attribute set
is intended to be convenient and help catch cases where values are required
to run at all
|
| services.davis.hostname | Domain of the host to serve davis under
|
| services.autorandr.profiles.<name>.hooks.postswitch | Postswitch hook executed after mode switch.
|
| services.taskserver.pki.manual.server.key | Fully qualified path to the server key.
Setting this option will prevent automatic CA creation and handling.
|
| services.mainsail.nginx.sslCertificate | Path to server SSL certificate.
|
| services.pixelfed.nginx.sslCertificate | Path to server SSL certificate.
|
| services.networking.websockify.sslKey | Path to the SSL key.
|
| services.mastodon.vapidPublicKeyFile | Path to file containing the public key used for Web Push
Voluntary Application Server Identification
|
| services.mattermost.database.peerAuth | If set, will use peer auth instead of connecting to a Postgres server
|
| services.scion.stateless | Setting this value to false (stateful) can lead to improved caching and
performance
|
| services.certspotter.sendmailPath | Path to the sendmail binary
|
| services.desktopManager.gnome.sessionPath | Additional list of packages to be added to the session search path
|
| services.atticd.environmentFile | Path to an EnvironmentFile containing required environment
variables:
- ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the
RS256 JWT secret
|
| services.fediwall.nginx.sslCertificate | Path to server SSL certificate.
|
| security.dhparams.stateful | Whether generation of Diffie-Hellman parameters should be stateful or
not
|
| services.librenms.nginx.sslCertificate | Path to server SSL certificate.
|
| services.agorakit.nginx.sslCertificate | Path to server SSL certificate.
|
| services.gitlab.secrets.secretFile | A file containing the secret used to encrypt variables in
the DB
|
| services.dolibarr.nginx.sslCertificate | Path to server SSL certificate.
|
| services.grafana.settings.server.cert_key | Path to the certificate key file (if protocol is set to https or h2).
|
| services.kanboard.nginx.sslCertificate | Path to server SSL certificate.
|
| services.lasuite-docs.environmentFile | Path to environment file
|
| services.lasuite-meet.environmentFile | Path to environment file
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytes | Number of bytes processed before initiating CHILD_SA rekeying
|
| services.kanidm.provision.systems.oauth2.<name>.imageFile | Application image to display in the WebUI
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fedimintd.<name>.nginx.config.listenAddresses | Listen addresses for this virtual host
|