| services.thanos.downsample.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.limesurvey.httpd.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.cyrus-imap.imapdSettings.lmtpsocket | Unix socket that lmtpd listens on, used by deliver(8)
|
| services.homebridge.environmentFile | Path to an environment-file which may contain secrets.
|
| services.dawarich.secretKeyBaseFile | Path to file containing the secret key base
|
| services.bookstack.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| networking.wireguard.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| networking.openconnect.interfaces.<name>.autoStart | Whether this VPN connection should be started automatically.
|
| virtualisation.fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| services.hostapd.radios.<name>.wifi5.operatingChannelWidth | Determines the operating channel width for VHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.hostapd.radios.<name>.wifi7.operatingChannelWidth | Determines the operating channel width for EHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| virtualisation.allInterfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| services.cloudflared.tunnels.<name>.originRequest.noTLSVerify | Disables TLS verification of the certificate presented by your origin
|
| services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| services.mail.sendmailSetuidWrapper.program | The name of the wrapper program
|
| boot.loader.systemd-boot.extraEntries | Any additional entries you want added to the systemd-boot menu
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.handle | Hex-encoded CKA_ID or handle of the private key on the token or TPM,
respectively.
|
| services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| services.lighthouse.beacon.execution.jwtPath | Path for the jwt secret required to connect to the execution layer.
|
| services.umurmur.settings.certificate | Path to your SSL certificate
|
| services.prometheus.exporters.bird.birdSocket | Path to BIRD2 (or BIRD1 v4) socket.
|
| services.movim.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| services.thanos.compact.objstore.config | Object store configuration
|
| services.snapserver.settings.http.doc_root | Path to serve from the HTTP servers root.
|
| services.thanos.receive.objstore.config | Object store configuration
|
| services.thanos.sidecar.objstore.config | Object store configuration
|
| services.umurmur.settings.private_key | Path to your SSL key
|
| services.plausible.database.postgres.socket | Path to the UNIX domain-socket to communicate with postgres.
|
| services.grafana.settings.database.host | Only applicable to MySQL or Postgres
|
| services.calibre-web.options.enableBookConversion | Configure path to the Calibre's ebook-convert in the DB.
|
| services.bacula-sd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.grafana.settings.users.home_page | Path to a custom home page
|
| services.apache-kafka.configFiles.serverProperties | Kafka server.properties configuration file path
|
| services.jirafeau.nginxConfig.sslCertificate | Path to server SSL certificate.
|
| services.postfix.hostname | Hostname to use
|
| networking.interfaces.<name>.ipv6.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (64).
|
| networking.interfaces.<name>.ipv4.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (24).
|
| services.paretosecurity.users.<name>.inviteId | A unique ID that links the agent to Pareto Cloud
|
| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediated_by | The name of the connection to mediate this connection through
|
| services.outline.smtp.username | Username to authenticate with.
|
| services.consul-template.instances.<name>.settings.template | Template section of consul-template
|
| services.keepalived.vrrpInstances.<name>.noPreempt | VRRP will normally preempt a lower priority machine when a higher
priority machine comes online. "nopreempt" allows the lower priority
machine to maintain the master role, even when a higher priority machine
comes back online
|
| networking.wireguard.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| security.agnos.settings.accounts.*.certificates.*.key_output_file | Output path for the certificate private key
|
| services.syncthing.settings.folders.<name>.versioning.type | The type of versioning
|
| boot.binfmt.registrations.<name>.recognitionType | Whether to recognize executables by magic number or extension.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.taskserver.organisations.<name>.users | A list of user names that belong to the organization.
|
| services.sanoid.datasets.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.pretalx.settings.filesystem.static | Path to the directory that contains static files.
|
| services.opensnitch.settings.Ebpf.ModulesPath | Configure eBPF modules path
|
| services.sourcehut.settings."sr.ht".network-key | An absolute file path (which should be outside the Nix-store)
to a secret key to encrypt internal messages with
|
| services.librespeed.frontend.servers.*.ulURL | URL path to upload test on this server
|
| services.bacula-dir.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.librespeed.frontend.servers.*.dlURL | URL path to download test on this server
|
| services.desktopManager.pantheon.sessionPath | Additional list of packages to be added to the session search path
|
| services.pihole-web.hostName | Domain name for the website.
|
| services.tayga.tunDevice | Name of the nat64 tun device.
|
| services.fcron.allow | Users allowed to use fcrontab and fcrondyn (one name per
line, all for everyone).
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret | Value of decryption passphrase for PKCS#12 container.
|
| services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.armagetronad.servers.<name>.roundSettings | Armagetron Advanced server per-round configuration
|
| services.frigate.hostname | Hostname of the nginx vhost to configure
|
| systemd.network.networks.<name>.genericRandomEarlyDetectionConfig | Each attribute in this set specifies an option in the
[GenericRandomEarlyDetection] section of the unit
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.root | Root directory for requests.
|
| networking.wireguard.interfaces.<name>.allowedIPsAsRoutes | Determines whether to add allowed IPs as routes or not.
|
| services.radicle.ci.adapters.native.instances.<name>.settings.log | File where radicle-native-ci should write the run log.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names | List of resources to host on this listener.
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| services.cloudflared.tunnels.<name>.originRequest.httpHostHeader | Sets the HTTP Host header on requests sent to the local service.
|
| services.librenms.hostname | The hostname to serve LibreNMS on.
|
| networking.openconnect.interfaces.<name>.gateway | Gateway server to connect to.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out | Whether to install outbound FWD IPsec policies or not
|
| services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|
| services.rkvm.client.settings.certificate | TLS ceritficate path.
This should be generated with rkvm-certificate-gen.
|
| services.suwayomi-server.settings.server.localSourcePath | Path to the local source folder.
|
| services.rustus.info_storage | Info storages are used to store information about file uploads
|
| services.sabnzbd.settings.misc.https_cert | Path to the TLS certificate for the web UI
|
| services.nextcloud.notify_push.socketPath | Socket path to use for notify_push
|
| services.limesurvey.encryptionKeyFile | 32-byte key used to encrypt variables in the database
|
| services.rkvm.server.settings.certificate | TLS certificate path.
This should be generated with rkvm-certificate-gen.
|
| services.unpoller.unifi.controllers.*.pass | Path of a file containing the password for the unifi service user
|
| services.sourcehut.settings."lists.sr.ht::worker".sock | Path for the lmtp daemon's unix socket
|
| services.anuko-time-tracker.settings.email.smtpPasswordFile | Path to file containing the MTA authentication password.
|
| services.filebrowser.settings.database | The path to FileBrowser's Bolt database.
|
| services.blendfarm.basicSecurityPasswordFile | Path to the password file the client needs to connect to the server
|
| hardware.graphics.extraPackages32 | Additional packages to add to 32-bit graphics driver lookup path on 64-bit systems
|
| services.discourse.mail.incoming.apiKeyFile | A file containing the Discourse API key used to add
posts and messages from mail
|
| services.discourse.database.passwordFile | File containing the Discourse database user password
|
| services.zabbixWeb.nginx.virtualHost.sslCertificate | Path to server SSL certificate.
|
| services.kanidm.provision.idmAdminPasswordFile | Path to a file containing the idm admin password for kanidm
|
| services.namecoind.wallet | Wallet file
|
| services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| services.bookstack.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|