| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.prometheus.exporters.ecoflow.ecoflowPasswordFile | Path to the file with your personal ecoflow app login email password
|
| security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| services.misskey.settings.db.db | The database name.
|
| services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| services.shairport-sync.user | User account name under which to run shairport-sync
|
| services.autorandr.matchEdid | Match displays based on edid instead of name
|
| services.factorio.stateDirName | Name of the directory under /var/lib holding the server's data
|
| services.xserver.videoDriver | The name of the video driver for your graphics card
|
| services.prometheus.globalConfig.query_log_file | Path to the file prometheus should write its query log to.
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| services.discourse.database.username | Discourse database user.
|
| services.nextjs-ollama-llm-ui.hostname | The hostname under which the Ollama UI interface should be accessible
|
| virtualisation.xen.store.settings.xenstored.accessLog.file | Path to the Xen Store access log file.
|
| services.ncps.cache.storage.s3.bucket | The name of the S3 bucket.
|
| programs.regreet.theme.package | The package that provides the theme given in the name option.
|
| services.athens.storage.s3.bucket | Bucket name for the S3 storage backend.
|
| services.usbrelayd.clientName | Name, your client connects as.
|
| services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.paths | Paths can point to a single service, or the root of a tree of services.
|
| services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_required | Whether a Postquantum Preshared Key (PPK) is required for this connection
|
| services.strongswan-swanctl.swanctl.connections.<name>.aggressive | Enables Aggressive Mode instead of Main Mode with Identity
Protection
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_port | Remote UDP port for IKE communication
|
| services.mattermost.siteName | Name of this Mattermost site.
|
| services.miredo.interfaceName | Name of the network tunneling interface.
|
| services.prosody.httpFileShare.domain | Domain name for a http_file_share service.
|
| services.gnome.at-spi2-core.enable | Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform
|
| services.factorio.saveName | The name of the savegame that will be used by the server
|
| services.bird-lg.frontend.servers | Server name prefixes.
|
| services.jigasi.defaultJvbRoomName | Name of the default JVB room that will be joined if no special header is included in SIP invite.
|
| services.freshrss.virtualHost | Name of the caddy/nginx virtualhost to use and setup.
|
| swapDevices.*.encrypted.label | Label of the unlocked encrypted device
|
| services.tlsrpt.reportd.settings.sendmail_script | Path to a sendmail-compatible executable for delivery reports.
|
| services.hadoop.hdfs.namenode.formatOnInit | Format HDFS namenode on first start
|
| services.tsmBackup.servername | Create a systemd system service
tsm-backup.service that starts
a backup based on the given servername's stanza
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| services.kubernetes.kubelet.hostname | Kubernetes kubelet hostname override.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.misskey.reverseProxy.webserver.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.outline.storage.region | AWS S3 region name.
|
| services.shairport-sync.group | Group account name under which to run shairport-sync
|
| services.rspamd.overrides | Overridden configuration files, written into /etc/rspamd/override.d/{name}.
|
| services.prosody.uploadHttp.domain | Domain name for the http-upload service
|
| services.autossh.sessions.*.user | Name of the user the AutoSSH session should run as
|
| services.keyd.keyboards | Configuration for one or more device IDs
|
| services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| services.avahi.nssmdns4 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
|
| services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.strongswan-swanctl.swanctl.connections.<name>.over_time | Hard IKE_SA lifetime if rekey/reauth does not complete, as time
|
| virtualisation.sharedDirectories.<name>.securityModel | The security model to use for this share:
passthrough: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)mapped-xattr: some of the file attributes like uid, gid, mode bits and link target are stored as file attributesmapped-file: the attributes are stored in the hidden .virtfs_metadata directory
|
| services.ncdns.identity.hostname | The hostname of this ncdns instance, which defaults to the machine
hostname
|
| services.prometheus.exporters.snmp.configurationPath | Path to a snmp exporter configuration file
|
| environment.profileRelativeSessionVariables | Attribute set of environment variable used in the global
environment
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeout | Charon by default uses the normal retransmission mechanism and timeouts to
check the liveness of a peer, as all messages are used for liveness
checking
|
| services.prometheus.exporters.unbound.unbound.certificate | Path to the Unbound control socket certificate
|
| services.prometheus.alertmanager.webExternalUrl | The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy)
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds | Periodically re-execute the wg utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| services.cloudlog.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.discourse.admin.fullName | The admin user's full name.
|
| services.guacamole-server.host | The host name or IP address the server should listen to.
|
| services.airsonic.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.consul.interface.bind | The name of the interface to pull the bind_addr from.
|
| services.wiki-js.stateDirectoryName | Name of the directory in /var/lib.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_port | Local UDP port for IKE communication
|
| services.jibri.xmppEnvironments.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| services.prometheus.exporters.unpoller.controllers.*.pass | Path of a file containing the password for the unifi service user
|
| services.sanoid.datasets.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| services.thanos.rule.alert.label-drop | Labels by name to drop before sending to alertmanager
|
| services.synergy.client.screenName | Use the given name instead of the hostname to identify
ourselves to the server.
|
| services.unpoller.influxdb.db | Database name
|
| services.youtrack.virtualHost | Name of the nginx virtual host to use and setup
|
| services.gitlab.secrets.activeRecordDeterministicKeyFile | A file containing the secret used to encrypt some rails data in a deterministic way
in the DB
|
| services.strongswan-swanctl.swanctl.connections.<name>.rekey_time | IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
does not re-check associated credentials
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|
| services.tlsrpt.reportd.settings.organization_name | Name of the organization sending out the reports.
|
| services.strongswan-swanctl.swanctl.connections.<name>.keyingtries | Number of retransmission sequences to perform during initial
connect
|
| services.tor.settings.ServerDNSAllowNonRFC953Hostnames | See torrc manual.
|
| services.nextcloud-spreed-signaling.settings.https.certificate | Path to the certificate used for the HTTPS listener
|
| services.filesender.database.hostname | Database hostname.
|
| services.stargazer.routes.*.route | Route section name
|
| services.synergy.server.screenName | Use the given name instead of the hostname to identify
this screen in the configuration.
|
| programs.regreet.iconTheme.package | The package that provides the icon theme given in the name option.
|
| services.lasuite-docs.settings.DB_NAME | Name of the database
|
| services.lasuite-meet.settings.DB_NAME | Name of the database
|
| services.nextcloud-spreed-signaling.settings.sessions.hashkeyFile | The path to the file containing the value for sessions.hashkey
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds | When the dynamic endpoint refresh that is configured via
dynamicEndpointRefreshSeconds exits (likely due to a failure),
restart that service after this many seconds
|
| services.zoneminder.database.username | Username for accessing the database.
|
| networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| services.pgpkeyserver-lite.hostname | Which hostname to set the vHost to that is proxying to sks.
|
| services.syncplay.useACMEHost | If set, use NixOS-generated ACME certificate with the specified name for TLS
|