| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| virtualisation.virtualbox.host.enableHardening | Enable hardened VirtualBox, which ensures that only the binaries in the
system path get access to the devices exposed by the kernel modules
instead of all users in the vboxusers group.
Disabling this can put your system's security at risk, as local users
in the vboxusers group can tamper with the VirtualBox device files.
|
| services.bookstack.hostname | The hostname to serve BookStack on.
|
| services.discourse.hostname | The hostname to serve Discourse on.
|
| services.ghostunnel.servers | Server mode ghostunnels (TLS listener -> plain TCP/UNIX target)
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.movim.nginx | With this option, you can customize an Nginx virtual host which
already has sensible defaults for Movim
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.extraArguments | Extra arguments to pass to ghostunnel server
|
| services.lemmy.settings.hostname | The domain name of your instance (eg 'lemmy.ml').
|
| services.movim.h2o.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| services.httpd.logPerVirtualHost | If enabled, each virtual host gets its own
access.log and
error.log, namely suffixed by the
hostName of the virtual host.
|
| services.hostapd.radios.<name>.wifi6.enable | Enables support for IEEE 802.11ax (WiFi 6, HE)
|
| services.tomcat.virtualHosts | List consisting of a virtual host name and a list of web applications to deploy on each virtual host
|
| services.actual.settings.hostname | The address to listen on
|
| services.hostapd.radios.<name>.wifi5.enable | Enables support for IEEE 802.11ac (WiFi 5, VHT)
|
| services.gancio.settings.hostname | The domain name under which the server is reachable.
|
| services.h2o.hosts.<name>.tls.identity.*.key-file | Path to key file
|
| programs.ssh.knownHosts | The set of system-wide known SSH hosts
|
| services.nextcloud.notify_push.dbhost | Database host (+port) or socket path
|
| services.zoneminder.hostname | The hostname on which to listen.
|
| services.etebase-server.settings.allowed_hosts.allowed_host1 | The main host that is allowed access.
|
| services.ghostunnel.servers.<name>.key | Path to certificate private key (PEM with private key)
|
| services.ghostunnel.servers.<name>.target | Address to forward connections to (can be HOST:PORT or unix:PATH).
|
| services.ghostunnel.servers.<name>.listen | Address and port to listen on (can be HOST:PORT, unix:PATH).
|
| services.onlyoffice.hostname | FQDN for the OnlyOffice instance.
|
| services.h2o.hosts.<name>.tls.extraSettings | Additional TLS/SSL-related configuration options
|
| services.ghostunnel.servers.<name>.cert | Path to certificate (PEM with certificate chain)
|
| services.fastnetmon-advanced.hostgroups | Hostgroups to declaratively load into FastNetMon Advanced
|
| services.bitwarden-directory-connector-cli.ldap.hostname | The host the LDAP is accessible on.
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.home-assistant.config.http.server_host | Only listen to incoming requests on specific IP/host
|
| services.icecream.daemon.hostname | Hostname of the daemon in the icecream infrastructure
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.hostapd.radios.<name>.networks | This defines a BSS, colloquially known as a WiFi network
|
| services.slurm.enableStools | Whether to provide a slurm.conf file
|
| services.ghostunnel.servers.<name>.allowCN | Allow client if common name appears in the list.
|
| services.hostapd.radios.<name>.wifi6.require | Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't.
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| services.dolibarr.h2o | With this option, you can customize an H2O virtual host which already
has sensible defaults for Dolibarr
|
| services.nullmailer.config.defaulthost | The content of this attribute is appended to any address that
is missing a host name
|
| services.ghostunnel.servers.<name>.allowOU | Allow client if organizational unit name appears in the list.
|
| services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| services.hostapd.radios.<name>.wifi5.require | Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't.
|
| services.ghostunnel.servers.<name>.allowAll | If true, allow all clients, do not check client cert subject.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.host | Address of the Docker daemon.
|
| services.ghostunnel.servers.<name>.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| services.ghostunnel.servers.<name>.allowURI | Allow client if URI subject alternative name appears in the list.
|
| services.prometheus.exporters.fritz.settings.devices.*.host_info | Enable extended host info for this device. Warning: This will heavily increase scrape time.
|
| services.xonotic.settings.hostname | The name that will appear in the server list. $g_xonoticversion
gets replaced with the current version.
|
| services.castopod.database.hostname | Database hostname.
|
| services.biboumi.settings.hostname | The hostname served by the XMPP gateway
|
| services.h2o.hosts.<name>.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.kubernetes.proxy.hostname | Kubernetes proxy hostname override.
|
| services.multipath.devices.*.ghost_delay | Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd
|
| services.pixelfed.nginx | With this option, you can customize an nginx virtual host which already has sensible defaults for Pixelfed
|
| services.vsmartcard-vpcd.hostname | Hostname of a waiting vpicc server vpcd will be connecting to
|
| services.maubot.settings.server.hostname | The IP to listen on
|
| services.nextjs-ollama-llm-ui.hostname | The hostname under which the Ollama UI interface should be accessible
|
| services.hostapd.radios.<name>.networks.<name>.ssid | SSID to be used in IEEE 802.11 management frames.
|
| services.hostapd.radios | This option allows you to define APs for one or multiple physical radios
|
| <imports = [ pkgs.ghostunnel.services.default ]> | This is a modular service, which can be imported into a NixOS configuration using the system.services option.
|
| programs.ssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.ncdns.identity.hostname | The hostname of this ncdns instance, which defaults to the machine
hostname
|
| services.dolibarr.h2o.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| services.hostapd.radios.<name>.settings | Extra configuration options to put at the end of global initialization, before defining BSSs
|
| services.inadyn.settings.custom.<name>.hostname | Hostname alias(es).
|
| services.hostapd.radios.<name>.networks.<name>.group | Members of this group can access the control socket for this interface.
|
| services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| services.hostapd.radios.<name>.networks.<name>.utf8Ssid | Whether the SSID is to be interpreted using UTF-8 encoding.
|
| virtualisation.forwardPorts.*.from | Controls the direction in which the ports are mapped:
"host" means traffic from the host ports
is forwarded to the given guest port."guest" means traffic from the guest ports
is forwarded to the given host port.
|
| services.dolibarr.nginx | With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr
|
| services.openssh.generateHostKeys | Whether to generate SSH host keys
|
| services.kubernetes.kubelet.hostname | Kubernetes kubelet hostname override.
|
| services.movim.h2o.tls | TLS options for virtual host
|
| services.nullmailer.config.idhost | The content of this attribute is used when building the message-id
string for the message
|
| services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| services.bind.ipv4Only | Only use ipv4, even if the host supports ipv6.
|
| services.ghostunnel.servers.<name>.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| services.pinchflat.selfhosted | Use a weak secret
|
| services.redmine.components.ghostscript | Whether to enable exporting Gant diagrams as PDF..
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.hostapd.radios.<name>.networks.<name>.logLevel | Levels (minimum value for logged events):
0 = verbose debugging
1 = debugging
2 = informational messages
3 = notification
4 = warning
|
| services.filesender.database.hostname | Database hostname.
|
| services.movim.h2o.acme | ACME options for virtual host.
|
| services.nifi.proxyHost | Allow requests from a specific host.
|
| services.movim.h2o.http | HTTP options for virtual host
|
| services.odoo.domain | Domain to host Odoo with nginx
|
| services.rqbit.httpHost | The listen host for the HTTP API.
|
| services.hostapd.radios.<name>.networks.<name>.apIsolate | Isolate traffic between stations (clients) and prevent them from
communicating with each other.
|
| services.nextcloud.settings.mail_smtphost | This depends on mail_smtpmode
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.hostapd.radios.<name>.networks.<name>.macDeny | Specifies the MAC addresses to deny if macAcl is set to "deny" or "radius"
|
| services.pgpkeyserver-lite.hostname | Which hostname to set the vHost to that is proxying to sks.
|
| services.cjdns.ETHInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.cjdns.UDPInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.inadyn.settings.provider.<name>.hostname | Hostname alias(es).
|
| services.prosody.httpFileShare.http_host | To avoid an additional DNS record and certificate, you may set this option to your primary domain (e.g. "example.com")
or use a reverse proxy to handle the HTTP for that domain.
|
| services.davis.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|