| services.librenms.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.kanboard.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.agorakit.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| services.slurm.dbdserver.storageUser | Database user name.
|
| services.rustus.storage.s3_region | S3 region name.
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.postfix.networksStyle | Name of standard way of trusted network specification to use,
leave blank if you specify it explicitly or if you want to use
default (localhost-only).
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.prometheus.alertmanagerGotify.metrics.namespace | The namescape of the metrics.
|
| services.samba.usershares.group | Name of the group members of which will be allowed to create usershares
|
| networking.dhcpcd.setHostname | Whether to set the machine hostname based on the information
received from the DHCP server.
The hostname will be changed only if the current one is
the empty string, localhost or nixos
|
| services.openvscode-server.host | The host name or IP address the server should listen to.
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| virtualisation.oci-containers.containers.<name>.pull | Image pull policy for the container
|
| containers.<name>.ephemeral | Runs container in ephemeral mode with the empty root filesystem at boot
|
| services.btrbk.extraPackages | Extra packages for btrbk, like compression utilities for stream_compress.
Note: This option will get deprecated in future releases
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| networking.bonds.<name>.xmit_hash_policy | DEPRECATED, use driverOptions
|
| services.borgmatic.configurations.<name>.source_directories | List of source directories and files to backup
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| boot.zfs.forceImportAll | Forcibly import all ZFS pool(s)
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.monica.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.matomo.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.gancio.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.akkoma.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.fluidd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.forgejo.settings.server.DOMAIN | Domain name of your server.
|
| virtualisation.oci-containers.containers.<name>.labels | Labels to attach to the container at runtime.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.nextcloud.autoUpdateApps.startAt | When to run the update
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".username | User used to connect to the database
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| services.firezone.server.provision.accounts.<name>.features.multi_site_resources | Whether to enable the multi_site_resources feature for this account.
|
| services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.ntopng.redis.createInstance | Local Redis instance name
|
| services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| services.portunus.dex.oidcClients | List of OIDC clients
|
| services.slskd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.movim.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.davis.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| services.rke2.charts | Packaged Helm charts that are linked to /var/lib/rancher/rke2/server/static/charts before rke2 starts
|
| containers.<name>.privateUsers | Whether to give the container its own private UIDs/GIDs space (user namespacing)
|
| services.lavalink.plugins.*.configName | The name of the plugin to use as the key for the plugin configuration.
|
| services.vikunja.database.database | Database name.
|
| services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| services.cassandra.clusterName | The name of the cluster
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| services.snipe-it.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| virtualisation.oci-containers.containers.<name>.podman | Podman-specific settings in OCI containers
|
| services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.znc.useLegacyConfig | Whether to propagate the legacy options under
services.znc.confOptions.* to the znc config
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| virtualisation.oci-containers.containers.<name>.devices | List of devices to attach to this container.
|
| services.stargazer.routes | Routes that Stargazer should server
|
| services.athens.index.postgres.database | Database name for the Postgres database.
|
| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.rosenpass.defaultDevice | Name of the network interface to use for all peers by default.
|
| virtualisation.oci-containers.containers.<name>.workdir | Override the default working directory for the container.
|
| networking.wireguard.interfaces.<name>.interfaceNamespace | The pre-existing network namespace the WireGuard
interface is moved to
|
| services.zfs.autoSnapshot.flags | Flags to pass to the zfs-auto-snapshot command
|
| networking.nameservers | The list of nameservers
|
| virtualisation.oci-containers.containers.<name>.autoStart | When enabled, the container is automatically started on boot
|
| services.cloudflare-ddns.wafLists | List of WAF IP Lists to manage, in the format account-id/list-name.
(Experimental feature as of cloudflare-ddns 1.14.0).
|
| services.canaille.settings.SERVER_NAME | The domain name on which canaille will be served.
|
| services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| services.libreswan.policies | A set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| users.mysql.pam.logging.msgColumn | The name of the column in the log table to which the description
of the performed operation is stored.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| boot.initrd.luks.devices | The encrypted disk that should be opened before the root
filesystem is mounted
|
| services.prometheus.scrapeConfigs.*.label_name_length_limit | Per-scrape limit on length of labels name that will be accepted for a sample
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| services.bookstack.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| virtualisation.oci-containers.containers.<name>.autoRemoveOnStop | Automatically remove the container when it is stopped or killed
|
| services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.matomo.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.fluidd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| virtualisation.oci-containers.containers.<name>.networks | Networks to attach the container to
|
| services.dependency-track.nginx.domain | The domain name under which to set up the virtual host.
|
| services.prometheus.remoteWrite.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services._3proxy.resolution | Use this option to configure name resolution and DNS caching.
|
| console.font | The font used for the virtual consoles
|
| services.lasuite-meet.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|