| users.extraUsers.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| services.nginx.virtualHosts.<name>.reuseport | Create an individual listening socket
|
| services.maddy.hostname | Hostname to use
|
| programs.neovim.runtime.<name>.text | Text of the file.
|
| services.radicle.httpd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.spiped.config.<name>.weakHandshake | Use fast/weak handshaking: This reduces the CPU time spent
in the initial connection setup, at the expense of losing
perfect forward secrecy.
|
| services.httpd.virtualHosts.<name>.documentRoot | The path of Apache's document root directory
|
| services.kanata.keyboards.<name>.devices | Paths to keyboard devices
|
| services.drupal.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.snipe-it.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.orgId | Organization ID, default = 1.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.firezone.server.settingsSecret.COOKIE_SIGNING_SALT | A file containing a unique base64 encoded secret for the
COOKIE_SIGNING_SALT
|
| services.mainsail.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.pixelfed.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.dolibarr.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.kanboard.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.anuko-time-tracker.nginx.locations.<name>.root | Root directory for requests.
|
| services.librenms.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.fediwall.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.agorakit.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.vdirsyncer.jobs.<name>.config.statusPath | vdirsyncer's status path
|
| services.matrix-conduit.settings.global.trusted_servers | Servers trusted with signing server keys.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.openvpn.servers.<name>.authUserPass.password | The password to store inside the credentials file.
|
| services.fcgiwrap.instances.<name>.socket.user | User to be set as owner of the UNIX socket.
|
| services.fcgiwrap.instances.<name>.socket.type | Socket type: 'unix', 'tcp' or 'tcp6'.
|
| services.v4l2-relayd.instances.<name>.output.format | The video-format to write to output-stream.
|
| services.znc.confOptions.networks.<name>.password | IRC server password, such as for a Slack gateway.
|
| services.fedimintd.<name>.nginx.config.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.errbot.instances.<name>.identity | Errbot identity configuration
|
| services.public-inbox.settings.publicinboxmda.spamcheck | If set to spamc, public-inbox-watch(1) will filter spam
using SpamAssassin.
|
| services.grafana.settings.users.allow_org_create | Set to false to prohibit users from creating new organizations.
|
| services.gitlab-runner.services.<name>.postBuildScript | Runner-specific command script executed after code is pulled
and just after build executes.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.enable | Boost Pipewire client priorities.
|
| services.wstunnel.servers.<name>.restrictTo | Accepted traffic will be forwarded only to this service.
|
| services.keepalived.vrrpScripts.<name>.fall | Required number of failures for KO transition.
|
| services.keepalived.vrrpScripts.<name>.rise | Required number of successes for OK transition.
|
| services.snapserver.settings.tcp.bind_to_address | Address to listen on for snapclient connections.
|
| services.maubot.settings.server.plugin_base_path | The base path for plugin endpoints
|
| services.snapserver.streams.<name>.query | Key-value pairs that convey additional parameters about a stream.
|
| services.klipper.firmwares.<name>.configFile | Path to firmware config which is generated using klipper-genconf
|
| services.grafana.settings.security.admin_password | Default admin password
|
| services.firezone.server.provision.accounts.<name>.actors | All actors (users) to provision
|
| systemd.user.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.mobilizon.settings.":mobilizon".":instance".email_from | The email for the From: header in emails
|
| systemd.user.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| services.orangefs.server.fileSystems.<name>.troveSyncData | Sync data.
|
| services.vdirsyncer.jobs.<name>.config.general | general configuration
|
| services.veilid.settings.core.protected_store.directory | The filesystem directory to store your protected store in.
|
| services.roundcube.database.dbname | Name of the postgresql database
|
| services.nominatim.database.dbname | Name of the postgresql database.
|
| services.wstunnel.servers.<name>.listen.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| virtualisation.xen.store.settings.quota.enable | Whether to enable the quota system.
|
| services.firewalld.zones.<name>.forwardPorts.*.port | |
| services.drupal.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.gitlab-runner.services.<name>.dockerExtraHosts | Add a custom host-to-IP mapping.
|
| services.drupal.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.drupal.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.mbpfan.settings.general.polling_interval | The polling interval.
|
| services.sanoid.templates.<name>.autosnap | Whether to automatically take snapshots.
|
| services.autorandr.profiles.<name>.config | Per output profile configuration.
|
| services.authelia.instances.<name>.enable | Whether to enable Authelia instance.
|
| services.grafana.settings.database.client_key_path | The path to the client key
|
| services.swapspace.settings.lower_freelimit | Lower free-space threshold: if the percentage of free space drops below this number, additional swapspace is allocated
|
| services.grafana.provision.datasources.settings.datasources | List of datasources to insert/update.
|
| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| services.github-runners.<name>.group | Group under which to run the service
|
| systemd.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.glitchtip.settings.ENABLE_ORGANIZATION_CREATION | When false, only superusers will be able to create new organizations after the first
|
| systemd.user.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.syncoid.commands.<name>.sendOptions | Advanced options to pass to zfs send
|
| services.syncoid.commands.<name>.recvOptions | Advanced options to pass to zfs recv
|
| systemd.user.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.orangefs.server.fileSystems.<name>.troveSyncMeta | Sync meta data.
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.hostapd.radios.<name>.networks.<name>.ignoreBroadcastSsid | Send empty SSID in beacons and ignore probe request frames that do not
specify full SSID, i.e., require stations to know SSID
|
| services.hickory-dns.configFile | Path to an existing toml file to configure hickory-dns with
|
| virtualisation.xen.store.settings.perms.enable | Whether to enable the node permission system.
|
| services.nagios.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.nagios.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.wordpress.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.wordpress.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|