| services.jirafeau.nginxConfig.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.syncthing.settings.folders.<name>.ignorePatterns | Syncthing can be configured to ignore certain files in a folder using ignore patterns
|
| services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris | List of OCSP URIs
|
| services.cassandra.jmxRoles.*.username | Username for JMX
|
| services.strongswan-swanctl.swanctl.connections.<name>.pull | If the default of yes is used, Mode Config works in pull mode, where the
initiator actively requests a virtual IP
|
| services.misskey.reverseProxy.webserver.nginx.serverName | Name of this virtual host
|
| services.dovecot2.imapsieve.mailbox.*.causes | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when one of the listed IMAPSIEVE causes apply
|
| services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.dovecot2.imapsieve.mailbox.*.from | Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when the message originates from the indicated mailbox
|
| services.outline.slackAuthentication.secretFile | File path containing the authentication secret.
|
| services.mastodon.elasticsearch.passwordFile | Path to file containing password for optionally authenticating with Elasticsearch.
|
| services.dendrite.settings.global.private_key | The path to the signing private key file, used to sign
requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.key | Path to certificate private key (PEM with private key)
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cert | Path to certificate (PEM with certificate chain)
|
| services.tor.client.onionServices.<name>.clientAuthorizations | Clients' authorizations for a v3 onion service,
as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
See torrc manual.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.skydns.nameservers | Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
|
| services.postgresqlWalReceiver.receivers.<name>.slot | Require pg_receivewal to use an existing replication slot (see
Section 26.2.6 of the PostgreSQL manual)
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.transmission.credentialsFile | Path to a JSON file to be merged with the settings
|
| services.sourcehut.settings.webhooks.private-key | An absolute file path (which should be outside the Nix-store)
to a base64-encoded Ed25519 key for signing webhook payloads
|
| services.akkoma.config.":pleroma".":media_proxy".base_url | Base path for the media proxy
|
| services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding | Disables chunked transfer encoding
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.moosefs.masterHost | IP or DNS name of the MooseFS master server.
|
| services.openafsClient.cellName | Cell name.
|
| services.nixops-dns.enable | Whether to enable the nixops-dns resolution
of NixOps virtual machines via dnsmasq and fake domain name.
|
| services.mjpg-streamer.group | mjpg-streamer group name.
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| services.jigasi.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| users.mysql.pam.logging.timeColumn | The name of the column in the log table to which the timestamp of the
log entry is stored.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name | Name of the filter
|
| services.authelia.instances.<name>.environmentVariables | Additional environment variables to provide to authelia
|
| services.ghostunnel.servers.<name>.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.prometheus.exporters.postfix.systemd.journalPath | Path to the systemd journal.
|
| services.matrix-synapse.workers.<name>.worker_listeners | List of ports that this worker should listen on, their purpose and their configuration.
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.tor.torsocks.socks5Username | SOCKS5 username
|
| services.nginx.resolver | Configures name servers used to resolve names of upstream servers into addresses
|
| services.mongodb.replSetName | If this instance is part of a replica set, set its name here
|
| services.agorakit.mail.fromName | Mail "from" name.
|
| services.freshrss.pool | Name of the php-fpm pool to use and setup
|
| services.varnish.listen.*.user | User name who owns the socket file.
|
| users.mysql.pam.logging.pidColumn | The name of the column in the log table to which the pid of the
process utilising the pam_mysql authentication
service is stored.
|
| networking.wireguard.interfaces.<name>.interfaceNamespace | The pre-existing network namespace the WireGuard
interface is moved to
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.icingaweb2.modules.monitoring.transports.<name>.instance | Assign a icinga instance to this transport
|
| networking.nameservers | The list of nameservers
|
| services.lldap.settings.jwt_secret_file | Path to a file containing the JWT secret.
|
| services.prometheus.exporters.restic.repositoryFile | Path to the file containing the URI for the repository to monitor.
|
| services.nextcloud-spreed-signaling.settings.turn.secretFile | The path to the file containing the value for turn.secret
|
| services.prometheus.exporters.postgres.telemetryPath | Path under which to expose metrics.
|
| services.nextcloud-spreed-signaling.settings.turn.apikeyFile | The path to the file containing the value for turn.apikey
|
| services.jellyfin.hardwareAcceleration.device | Path to the hardware acceleration device that Jellyfin should use
|
| virtualisation.docker.rootless.extraPackages | Extra packages to add to PATH for the docker daemon process.
|
| services.icecream.daemon.hostname | Hostname of the daemon in the icecream infrastructure
|
| services.firezone.server.smtp.username | Username to authenticate against the SMTP relay
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.strongswan-swanctl.swanctl.connections.<name>.version | IKE major version to use for connection.
- 1 uses IKEv1 aka ISAKMP,
- 2 uses IKEv2.
- A connection using the default of 0 accepts both IKEv1 and IKEv2 as
responder, and initiates the connection actively with IKEv2
|
| services.microsocks.authUsername | Optional username to use for authentication.
|
| services.prometheus.exporters.sabnzbd.servers.*.apiKeyFile | The path to a file containing the API key
|
| services.akkoma.config.":pleroma".":instance".static_dir | Directory of static files
|
| services.strongswan-swanctl.swanctl.connections.<name>.local | Section for a local authentication round
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.sympa.web.server | The webserver used for the Sympa web interface
|
| services.rshim.backend | Specify the backend to attach
|
| services.powerdns.enable | Whether to enable PowerDNS domain name server.
|
| services.ceph.global.clusterName | Name of cluster
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.jupyter.group | Name of the group used to run the jupyter service
|
| services.baikal.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| services.weblate.localDomain | The domain name serving your Weblate instance.
|
| services.prometheus.exporters.ecoflow.ecoflowEmailFile | Path to the file with your personal ecoflow app login email address
|
| services.prometheus.alertmanagerGotify.webhookPath | The URL path to handle requests on.
|
| services.dependency-track.settings."alpine.data.directory" | Defines the path to the data directory
|
| services.xserver.windowManager.herbstluftwm.configFile | Path to the herbstluftwm configuration file
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveConnections | Maximum number of idle keepalive connections between Tunnel and your origin
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.type | The type of the listener, usually http.
|
| services.prometheus.remoteWrite.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.paperless.passwordFile | A file containing the superuser password
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| services.prometheus.exporters.buildkite-agent.tokenPath | The token from your Buildkite "Agents" page
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.port | The port to listen for HTTP(S) requests on.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.mode | File permissions on the UNIX domain socket.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.prometheus.exporters.rasdaemon.databasePath | Path to the RAS daemon machine check event database.
|
| services.prometheus.exporters.pgbouncer.pidFile | Path to PgBouncer pid file
|
| services.outline.oidcAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.prometheus.exporters.restic.rcloneConfigFile | Path to the file containing rclone configuration
|
| systemd.network.networks.<name>.enhancedTransmissionSelectionConfig | Each attribute in this set specifies an option in the
[EnhancedTransmissionSelection] section of the unit
|
| services.openafsServer.cellName | Cell name, this server will serve.
|
| services.smokeping.owner | Real name of the owner of the instance
|
| services.gitlab.databaseName | GitLab database name.
|
| services.echoip.virtualHost | Name of the nginx virtual host to use and setup
|
| services.dawarich.user | User under which dawarich runs
|
| services.cachix-watch-store.cacheName | Cachix binary cache name
|
| services.weechat.sessionName | Name of the screen session for weechat.
|
| services.znc.confOptions.userName | The user name used to log in to the ZNC web admin interface.
|