| services.fluidd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.gotenberg.port | Port on which the API should listen.
|
| services.discourse.redis.useSSL | Connect to Redis with SSL.
|
| services.bacula-dir.tls.require | Require TLS or TLS-PSK encryption
|
| services.collectd.validateConfig | Validate the syntax of collectd configuration file at build time
|
| services.crowdsec.hub.appSecRules | List of hub appsec rules to install
|
| services.i2pd.nat | Whether to enable NAT bypass.
|
| services.alloy.extraFlags | Extra command-line flags passed to alloy run
|
| services.bcg.mqtt.host | Host where MQTT server is running.
|
| services.bee.settings | Ethereum Swarm Bee configuration
|
| services.dawarich.smtp.user | SMTP login name.
|
| services.dendrite.httpPort | The port to listen for HTTP requests on.
|
| services.libeufin.bank.settings.libeufin-bank.SUGGESTED_WITHDRAWAL_EXCHANGE | Exchange that is suggested to wallets when withdrawing
|
| services.drupal.sites.<name>.poolConfig | Options for the Drupal PHP pool
|
| hardware.sata.timeout.drives | List of drives for which to configure the timeout.
|
| image.repart.version | Version of the image
|
| hardware.saleae-logic.enable | Whether to enable udev rules for Saleae Logic devices.
|
| programs.ssh.ciphers | Specifies the ciphers allowed and their order of preference.
|
| services.bluesky-pds.package | The bluesky-pds package to use.
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.etcd.peerTrustedCaFile | Certificate authority file to use for peer to peer communication
|
| services.drupal.sites.<name>.privateFilesDir | The location of the Drupal private files directory.
|
| services.headscale.settings.database.postgres.password_file | A file containing the password corresponding to
database.user.
|
| services.borgbackup.jobs.<name>.paths | Path(s) to back up
|
| services.kanboard.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.cockroachdb.listen.address | Address to bind to for intra-cluster communication
|
| image.repart.compression.algorithm | Compression algorithm
|
| services.graylog.rootUsername | Name of the default administrator user
|
| services.hbase-standalone.user | User account under which HBase runs.
|
| security.loginDefs.package | The shadow package to use.
|
| services.firezone.server.smtp.implicitTls | Whether to use implicit TLS instead of STARTTLS (usually port 465)
|
| services.canto-daemon.enable | Whether to enable the canto RSS daemon.
|
| services.hologram-agent.httpPort | Port for metadata service to listen on.
|
| networking.defaultGateway6.address | The default gateway address.
|
| services.kismet.serverDescription | The description of the server.
|
| services.cassandra.extraEnvSh | Extra shell lines to be appended onto cassandra-env.sh.
|
| services.ebusd.logs.device | Only write log for matching AREAs (all|main|network|bus|device|update|other) below or equal to LEVEL (none|error|notice|info|debug)
|
| services.gitlab.smtp.enableStartTLSAuto | Whether to try to use StartTLS.
|
| services.libeufin.nexus.settings.nexus-ebics.HOST_ID | Name of the EBICS host.
|
| boot.plymouth.theme | Splash screen theme.
|
| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| networking.firewall.backend | Underlying implementation for the firewall service.
|
| programs.tmux.extraConfig | Additional contents of /etc/tmux.conf, to be run after sourcing plugins.
|
| services.discourse.mail.outgoing.forceTLS | Force implicit TLS as per RFC 8314 3.3.
|
| services.exim.config | Verbatim Exim configuration
|
| services.jitterentropy-rngd.package | The jitterentropy-rngd package to use.
|
| hardware.sane.brscan4.netDevices.<name>.name | The friendly name you give to the network device
|
| services.grafana.provision.dashboards.settings.providers.*.name | A unique provider name.
|
| services.canaille.settings.PREFERRED_URL_SCHEME | The url scheme by which canaille will be served.
|
| services.grafana-to-ntfy.settings.bauthPass | The path to the password you will use in the Grafana webhook settings.
|
| security.acme.defaults.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| services.lanraragi.redis.passwordFile | A file containing the password for LANraragi's Redis server.
|
| boot.initrd.luks.devices.<name>.preLVM | Whether the luksOpen will be attempted before LVM scan or after it.
|
| services.hydra.extraConfig | Extra lines for the Hydra configuration.
|
| services.homebridge.uiSettings.restart | Command to restart the homebridge UI service
|
| nix.settings.max-jobs | This option defines the maximum number of jobs that Nix will try to
build in parallel
|
| services.davis.nginx.listen.*.extraParameters | Extra parameters of this listen directive.
|
| services.cloudlog.update-wwff.enable | Whether to periodically update the WWFF database
|
| services.handheld-daemon.ui.package | The handheld-daemon-ui package to use.
|
| services.atftpd.root | Document root directory for the atftpd.
|
| networking.bridges | This option allows you to define Ethernet bridge devices
that connect physical networks together
|
| services.i2pd.port | I2P listen port
|
| services.knot.extraArgs | List of additional command line parameters for knotd
|
| programs.throne.enable | Whether to enable Throne, a GUI proxy configuration manager.
|
| services.libinput.touchpad.naturalScrolling | Enables or disables natural scrolling behavior.
|
| services.athens.index.postgres.port | Port for the Postgres database.
|
| security.acme.certs | Attribute set of certificates to get signed and renewed
|
| services.biboumi.enable | Whether to enable the Biboumi XMPP gateway to IRC.
|
| services.biboumi.settings.policy_directory | A directory that should contain the policy files,
used to customize Botan’s behaviour
when negotiating the TLS connections with the IRC servers.
|
| services.keycloak.themes | Additional theme packages for Keycloak
|
| services.drupal.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|
| services.desktopManager.pantheon.enable | Enable the pantheon desktop manager
|
| services.icecream.daemon.package | The icecream package to use.
|
| services.clickhouse.package | The clickhouse package to use.
|
| services.athens.storage.minio.region | Region for the minio storage backend.
|
| services.borgbackup.package | The borgbackup package to use.
|
| services.forgejo.settings.server.HTTP_PORT | Listen port
|
| security.auditd.package | The auditd package to use.
|
| programs.ccache.packageNames | Nix top-level packages to be compiled using CCache
|
| services.bookstack.nginx.listen.*.ssl | Enable SSL.
|
| networking.bonds.<name>.interfaces | The interfaces to bond together
|
| services.datadog-agent.diskCheck | Disk check config
|
| services.docling-serve.package | The docling-serve package to use.
|
| services.cgit.<name>.extraConfig | These lines go to the end of cgitrc verbatim.
|
| hardware.hid-fanatecff.enable | Whether to enable hid-fanatecff, a Linux kernel driver that aims to add support for Fanatec devices.
|
| services.gitea.user | User account under which gitea runs.
|
| networking.vswitches.<name>.openFlowRules | OpenFlow rules to insert into the Open vSwitch
|
| services.healthchecks.settings.DB_NAME | Database name.
|
| services.gpsd.listenany | Listen on all addresses rather than just loopback.
|
| programs.dms-shell.enableCalendarEvents | Whether to install dependencies required for calendar events support
|
| services.headscale.settings.prefixes.v4 | Each prefix consists of either an IPv4 or IPv6 address,
and the associated prefix length, delimited by a slash
|
| programs.tmux.clock24 | Use 24 hour clock.
|
| services.goss.settings | The global options in config file in yaml format
|
| programs.minipro.enable | Whether to enable minipro and its udev rules
|
| security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| services.gitwatch.<name>.enable | Whether to enable watching for repo.
|
| services.howdy.control | PAM control flag to use for Howdy
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| services.changedetection-io.baseURL | The base url used in notifications and {base_url} token.
|
| services.clamav.fangfrisch.interval | How often freshclam is invoked
|