| services.tailscale.serve.services | Services to configure for Tailscale Serve
|
| services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| services.cloudflared.tunnels.<name>.credentialsFile | Credential file
|
| virtualisation.credentials.<name>.source | Source file on the host containing the credential data.
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret | Value of the EAP/XAuth secret
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.multipath.devices.*.delay_wait_checks | This option is deprecated, and mapped to san_path_err_recovery_time
|
| networking.wireless.networks.<name>.priority | By default, all networks will get same priority group (0)
|
| services.invoiceplane.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.mosquitto.listeners.*.authPlugins.*.plugin | Plugin path to load, should be a .so file.
|
| services.onlyoffice.postgresPasswordFile | Path to a file that contains the password OnlyOffice should use to connect to Postgresql
|
| services.pangolin.environmentFile | Path to a file containing sensitive environment variables for Pangolin
|
| services.pocket-id.environmentFile | Path to an environment file to be loaded
|
| services.prometheus.exporters.pve.server.keyFile | Path to a SSL private key file for the server
|
| services.librespeed.frontend.servers.*.getIpURL | URL path to IP lookup on this server
|
| services.jirafeau.nginxConfig.sslCertificateKey | Path to server SSL certificate key.
|
| services.cloudflared.tunnels.<name>.originRequest.tlsTimeout | Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
|
| services.invoiceplane.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.hddfancontrol.settings.<drive-bay-name>.disks | Drive(s) to get temperature from
Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.freshrss.webserver | Whether to use nginx or caddy for virtual host management
|
| services.dokuwiki.webserver | Whether to use nginx or caddy for virtual host management
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| services.patroni.scope | Cluster name.
|
| services.gitea.dump.file | Filename to be used for the dump
|
| services.cyrus-imap.user | Cyrus IMAP user name
|
| services.avahi.domainName | Domain name for all advertisements.
|
| services.code-server.host | The host name or IP address the server should listen to.
|
| users.mysql.pam.logging.table | The name of the table to which logs are written.
|
| services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| services.nitter.server.hostname | Hostname of the instance.
|
| networking.openconnect.interfaces.<name>.privateKey | Private key to authenticate with.
|
| services.easytier.instances.<name>.settings.listeners | Listener addresses to accept connections from other peers
|
| services.limesurvey.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.limesurvey.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| systemd.network.networks.<name>.deficitRoundRobinSchedulerClassConfig | Each attribute in this set specifies an option in the
[DeficitRoundRobinSchedulerClass] section of the unit
|
| services.multipath.devices.*.product_blacklist | Products with the given vendor matching this string are blacklisted
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.index | Adds index directive.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.keepalived.vrrpInstances.<name>.trackInterfaces | List of network interfaces to monitor for health tracking.
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| services.prometheus.exporters.knot.knotSocketPath | Socket path of knotd(8).
|
| services.reposilite.database.passwordFile | Path to the file containing the password for the database connection
|
| services.prometheus.exporters.ipmi.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.nextcloud.notify_push.dbpassFile | The full path to a file that contains the database password.
|
| services.prometheus.exporters.pve.server.certFile | Path to a SSL certificate file for the server
|
| services.ocsinventory-agent.settings.ca | Path to CA certificates file in PEM format, for server
SSL certificate validation.
|
| services.sourcehut.settings.objects.s3-secret-key | An absolute file path (which should be outside the Nix-store)
to the secret key of the S3-compatible object storage service.
|
| programs.gnupg.agent.pinentryPackage | Which pinentry package to use
|
| security.acme.defaults.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| virtualisation.incus.clientPackage | The incus client package to use
|
| services.hercules-ci-agent.settings.secretsJsonPath | Path to a JSON file containing secrets for effects
|
| services.taskserver.organisations.<name>.groups | A list of group names that belong to the organization.
|
| services.parsedmarc.provision.localMail.recipientName | The DMARC mail recipient name, i.e. the name part of the
email address which receives DMARC reports
|
| services.multipath.devices.*.fast_io_fail_tmo | Specify the number of seconds the SCSI layer will wait after a problem has been
detected on a FC remote port before failing I/O to devices on that remote port
|
| services.namecoind.extraNodes | List of additional peer IP addresses to connect to.
|
| services.radicle.ci.adapters.native.instances.<name>.settings.state | Directory where per-run directories are stored.
|
| services.limesurvey.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.strongswan-swanctl.swanctl.secrets.private.<name>.secret | Value of decryption passphrase for private key.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers | Additionally enable the recommended set of pairwise ciphers
|
| hardware.fw-fanctrl.config.strategies.<name>.fanSpeedUpdateFrequency | How often the fan speed should be updated in seconds
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| services.gitlab-runner.services.<name>.registrationFlags | Extra command-line flags passed to
gitlab-runner register
|
| services.szurubooru.server.settings.data_dir | Path to the static files.
|
| services.sftpgo.settings.ftpd.bindings.*.address | Network listen address
|
| services.limesurvey.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.dependency-track.database.passwordFile | The path to a file containing the database password.
|
| services.librespeed.frontend.servers.*.pingURL | URL path to latency/jitter test on this server
|
| services.interception-tools.udevmonConfig | String of udevmon YAML configuration, or path to a udevmon YAML
configuration file.
|
| services.zabbixWeb.nginx.virtualHost.sslCertificateKey | Path to server SSL certificate key.
|
| services.sanoid.datasets.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| services.mediawiki.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.woodpecker-agents.agents.<name>.environmentFile | File to load environment variables
from
|
| services.keepalived.vrrpInstances.<name>.unicastPeers | Do not send VRRP adverts over VRRP multicast group
|
| services.jirafeau.nginxConfig.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.system76-scheduler.assignments.<name>.matchers | Process matchers.
|
| services.cloudflared.tunnels.<name>.originRequest.proxyPort | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| networking.sits.<name>.encapsulation.type | Select the encapsulation type:
-
6in4: the IPv6 packets are encapsulated using the
6in4 protocol (formerly known as SIT, RFC 4213);
-
gue: the IPv6 packets are encapsulated in UDP packets
using the Generic UDP Encapsulation (GUE) scheme;
-
foo: the IPv6 packets are encapsulated in UDP packets
using the Foo over UDP (FOU) scheme.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.murmur.user | The name of an existing user to use to run the service
|
| services.nscd.config | Configuration to use for Name Service Cache Daemon
|
| services.avahi.hostName | Host name advertised on the LAN
|
| users.mysql.pam.updateTable | The name of the table used for password alteration
|
| services.netbird.clients.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.netbird.tunnels.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret | Value of the PPK
|
| services.kanidm.provision.systems.oauth2.<name>.removeOrphanedClaimMaps | Whether claim maps not specified here but present in kanidm should be removed from kanidm.
|
| services.postfixadmin.database.username | Username for the postgresql connection
|
| services.mediawiki.httpd.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.neo4j.directories.plugins | Path of the database plugin directory
|
| services.pretix.settings.memcached.location | The host:port combination or the path to the UNIX socket of a memcached instance
|
| services.limesurvey.encryptionNonceFile | 24-byte used to encrypt variables in the database
|
| services.thanos.downsample.objstore.config-file | Path to YAML file that contains object store configuration
|
| services.thanos.query-frontend.tracing.config | Tracing configuration
|
| services.lighttpd.collectd.collectionCgi | Path to collection.cgi script from (collectd sources)/contrib/collection.cgi
This option allows to use a customized version
|
| documentation.man.man-db.manualPages | The manual pages to generate caches for if documentation.man.generateCaches
is enabled
|
| services.postgresqlWalReceiver.receivers.<name>.directory | Directory to write the output to.
|
| virtualisation.credentials.<name>.text | Text content of the credential
|