| networking.hostName | The name of the machine
|
| services.hqplayerd.auth.username | Username used for HQPlayer's WebUI
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| services.bcg.automaticRenameGenericNodes | Automatically rename generic nodes.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serverport | imap port number (at the moment only tls connection is supported)
|
| services.deye-dummycloud.mqttUsername | MQTT username
|
| services.misskey.reverseProxy.webserver.nginx.sslCertificate | Path to server SSL certificate.
|
| services.prometheus.exporters.nginxlog.metricsEndpoint | Path under which to expose metrics.
|
| services.mjolnir.pantalaimon.options.homeserver | The URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote | Section for a remote authentication round
|
| services.kerberos_server.settings.realms.<name>.acl.*.principal | Which principal the rule applies to
|
| services.easytier.instances.<name>.settings.network_secret | EasyTier network credential used for verification and
encryption
|
| networking.dhcpcd.setHostname | Whether to set the machine hostname based on the information
received from the DHCP server.
The hostname will be changed only if the current one is
the empty string, localhost or nixos
|
| services.postgresqlWalReceiver.receivers.<name>.synchronous | Flush the WAL data to disk immediately after it has been received
|
| services.meilisearch.masterKeyEnvironmentFile | Path to file which contains the master key
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cacert | Path to CA bundle file (PEM/X509)
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation | Whether this connection is a mediation connection, that is, whether this
connection is used to mediate other connections using the IKEv2 Mediation
Extension
|
| services.castopod.database.hostname | Database hostname.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| services.nullmailer.config.defaulthost | The content of this attribute is appended to any address that
is missing a host name
|
| services.pretalx.nginx.domain | The domain name under which to set up the virtual host.
|
| services.bitlbee.hostName | Normally, BitlBee gets a hostname using getsockname()
|
| services.jupyter.user | Name of the user used to run the jupyter service
|
| services.alerta.databaseName | Name of the database instance to connect to
|
| services.varnish.listen.*.group | Group name who owns the socket file.
|
| services.grafana.settings.server.serve_from_sub_path | Serve Grafana from subpath specified in the root_url setting
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries | SQL queries to run.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| services.multipath.devices.*.marginal_path_err_rate_threshold | The error rate threshold as a permillage (1/1000)
|
| services.prometheus.exporters.pgbouncer.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.smokeping.telemetryPath | Path under which to expose metrics.
|
| services.outline.azureAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.prometheus.exporters.junos-czerwonk.telemetryPath | Path under which to expose metrics.
|
| services.fluent-bit.configurationFile | Fluent Bit configuration
|
| services.matrix-synapse.settings.tls_private_key_path | PEM encoded private key for TLS
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals | ESP proposals to offer for the CHILD_SA
|
| services.nextcloud.config.objectstore.s3.sseCKeyFile | If provided this is the full path to a file that contains the key
to enable [server-side encryption with customer-provided keys][1]
(SSE-C)
|
| services.misskey.reverseProxy.webserver.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| virtualisation.xen.store.settings.xenstored.log.file | Path to the Xen Store log file.
|
| services.hadoop.hdfs.namenode.openFirewall | Open firewall ports for HDFS NameNode.
|
| services.biboumi.settings.hostname | The hostname served by the XMPP gateway
|
| services.rss-bridge.virtualHost | Name of the nginx or caddy virtualhost to use and setup
|
| services.smokeping.hostName | DNS name for the urls generated in the cgi.
|
| services.netatalk.extmap | File name extension mappings
|
| services.sympa.database.user | Database user
|
| services.ddclient.domains | Domain name(s) to synchronize.
|
| services.gammu-smsd.backend.sql.user | User name used for connection to the database
|
| services.kubernetes.proxy.hostname | Kubernetes proxy hostname override.
|
| services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| services.maubot.settings.server.hostname | The IP to listen on
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.xserver.displayManager.lightdm.greeter.package | The LightDM greeter to login via
|
| services.prometheus.exporters.ecoflow.ecoflowAccessKeyFile | Path to the file with your personal api access string from the Ecoflow development website https://developer-eu.ecoflow.com
|
| services.prometheus.exporters.ecoflow.ecoflowSecretKeyFile | Path to the file with your personal api secret string from the Ecoflow development website https://developer-eu.ecoflow.com
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.signingKeyPath | Path to the signing key file for authenticated media.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| services.prometheus.scrapeConfigs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.outline.googleAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.limesurvey.nginx.virtualHost.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.smokeping.user | User that runs smokeping and (optionally) thttpd
|
| services.samba.nmbd.enable | Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
service requests
|
| services.wakapi.database.user | The name of the user to use for Wakapi.
|
| services.vault.storageBackend | The name of the type of storage backend
|
| services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| services.vsmartcard-vpcd.hostname | Hostname of a waiting vpicc server vpcd will be connecting to
|
| services.kubernetes.apiserver.serviceAccountSigningKeyFile | Path to the file that contains the current private key of the service
account token issuer
|
| hardware.display.edid.linuxhw | Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID
Attribute names will be mapped to EDID filenames <NAME>.bin
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.pangolin.baseDomain | Your base fully qualified domain name (without any subdomains).
|
| services.gitlab.registry.host | GitLab container registry host name.
|
| services.bird-lg.frontend.domain | Server name domain suffixes.
|
| services.avahi.publish.domain | Whether to announce the locally used domain name for browsing by other hosts.
|
| programs.regreet.font.package | The package that provides the font given in the name option.
|
| virtualisation.fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds | Periodically refresh the endpoint hostname or address for all peers
|
| services.magnetico.web.credentialsFile | The path to the file holding the credentials to access the web
interface
|
| services.opentelemetry-collector.validateConfigFile | Whether to enable Validate configuration file.
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.outline.slackIntegration.verificationTokenFile | File path containing the verification token.
|
| services.prometheus.exporters.scaphandre.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| services.xserver.displayManager.session | List of sessions supported with the command used to start each
session
|
| services.samba-wsdd.workgroup | Set workgroup name (default WORKGROUP).
|
| services.prefect.databaseName | database name for postgres only
|
| services.tomcat.virtualHosts | List consisting of a virtual host name and a list of web applications to deploy on each virtual host
|
| services.smokeping.linkStyle | DNS name for the urls generated in the cgi.
|
| services.netbird.enable | Enables backward-compatible NetBird client service
|
| services.bookstack.mail.fromName | Mail "from" name.
|
| services.corosync.clusterName | Name of the corosync cluster.
|
| services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| services.outline.discordAuthentication.clientSecretFile | File path containing the authentication secret.
|