| services.nagios.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.prometheus.exporters.mikrotik.group | Group under which the mikrotik exporter shall be run.
|
| services.prometheus.exporters.opnsense.group | Group under which the opnsense exporter shall be run.
|
| services.prometheus.exporters.postgres.group | Group under which the postgres exporter shall be run.
|
| services.prometheus.exporters.nginxlog.group | Group under which the nginxlog exporter shall be run.
|
| services.prometheus.exporters.unpoller.group | Group under which the unpoller exporter shall be run.
|
| services.prometheus.exporters.graphite.group | Group under which the graphite exporter shall be run.
|
| services.prometheus.exporters.fritzbox.group | Group under which the fritzbox exporter shall be run.
|
| services.prometheus.exporters.smartctl.group | Group under which the smartctl exporter shall be run.
|
| services.prometheus.exporters.blackbox.group | Group under which the blackbox exporter shall be run.
|
| services.prometheus.exporters.influxdb.group | Group under which the influxdb exporter shall be run.
|
| services.prometheus.exporters.keylight.group | Group under which the keylight exporter shall be run.
|
| services.prometheus.exporters.collectd.group | Group under which the collectd exporter shall be run.
|
| services.certmgr.enable | Whether to enable certmgr.
|
| services.certmgr.validMin | The interval before a certificate expires to start attempting to renew it.
|
| services.prometheus.exporters.node-cert.paths | List of paths to search for SSL certificates.
|
| services.prometheus.exporters.mailman3.group | Group under which the mailman3 exporter shall be run.
|
| services.certspotter.emailRecipients | A list of email addresses to send certificate updates to.
|
| services.grafana.settings.smtp.cert_file | File path to a cert file.
|
| services.anuko-time-tracker.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certmgr.specs | Certificate specs as described by:
https://github.com/cloudflare/certmgr#certificate-specs
These will be added to the Nix store, so they will be world readable.
|
| services.bcg.mqtt.certfile | Certificate file for MQTT server access.
|
| services.prometheus.exporters.imap-mailstat.group | Group under which the imap-mailstat exporter shall be run.
|
| services.bookstack.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.kubernetes.kubeconfig.certFile | Default kubeconfig client certificate file used to connect to kube-apiserver.
|
| services.prometheus.exporters.borgmatic.group | Group under which the borgmatic exporter shall be run.
|
| services.prometheus.exporters.surfboard.group | Group under which the surfboard exporter shall be run.
|
| services.prometheus.exporters.rasdaemon.group | Group under which the rasdaemon exporter shall be run.
|
| services.prometheus.exporters.nextcloud.group | Group under which the nextcloud exporter shall be run.
|
| services.prometheus.exporters.smokeping.group | Group under which the smokeping exporter shall be run.
|
| services.prometheus.exporters.tailscale.group | Group under which the tailscale exporter shall be run.
|
| services.prometheus.exporters.pgbouncer.group | Group under which the pgbouncer exporter shall be run.
|
| services.prometheus.exporters.wireguard.group | Group under which the wireguard exporter shall be run.
|
| services.changedetection-io.group | Group account under which changedetection-io runs.
|
| services.prometheus.exporters.pve.server.certFile | Path to a SSL certificate file for the server
|
| services.prometheus.exporters.junos-czerwonk.group | Group under which the junos-czerwonk exporter shall be run.
|
| services.zabbixWeb.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.zabbixWeb.nginx.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.jirafeau.nginxConfig.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certmgr.package | The certmgr package to use.
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| services.kubernetes.proxy.kubeconfig.certFile | Kubernetes proxy client certificate file used to connect to kube-apiserver.
|
| services.prometheus.exporters.buildkite-agent.group | Group under which the buildkite-agent exporter shall be run.
|
| services.prometheus.exporters.storagebox.group | Group under which the storagebox exporter shall be run.
|
| services.prometheus.exporters.scaphandre.group | Group under which the scaphandre exporter shall be run.
|
| services.drupal.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.prometheus.exporters.exportarr-lidarr.group | Group under which the exportarr-lidarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-sonarr.group | Group under which the exportarr-sonarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-bazarr.group | Group under which the exportarr-bazarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-radarr.group | Group under which the exportarr-radarr exporter shall be run.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.hologram-server.groupClassAttr | The objectclass attribute to search for groups when enableLdapRoles is true
|
| services.prometheus.exporters.node-cert.excludePaths | List of paths to exclute from searching for SSL certificates.
|
| services.prometheus.exporters.node-cert.listenAddress | Address to listen on.
|
| services.certmgr.metricsPort | The port for the Prometheus HTTP endpoint.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.prometheus.exporters.node-cert.excludeGlobs | List files matching a pattern to include
|
| services.prometheus.exporters.node-cert.includeGlobs | List files matching a pattern to include
|
| services.prometheus.exporters.node-cert.openFirewall | Open port in firewall for incoming connections.
|
| services.kubernetes.kubelet.kubeconfig.certFile | Kubelet client certificate file used to connect to kube-apiserver.
|
| services.prometheus.exporters.exportarr-readarr.group | Group under which the exportarr-readarr exporter shall be run.
|
| services.prometheus.exporters.artifactory.group | Group under which the artifactory exporter shall be run.
|
| services.resilio.sharedFolders | Shared folder list
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.fedimintd.<name>.nginx.config.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.group | The group which should be allowed access to the given resource.
|
| services.prometheus.exporters.exportarr-prowlarr.group | Group under which the exportarr-prowlarr exporter shall be run.
|
| services.mediawiki.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.prometheus.exporters.node-cert.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.node-cert.openFirewall is true.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.limesurvey.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| security.agnos.settings.accounts.*.certificates | Certificates for agnos to issue or renew.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.prometheus.exporters.modemmanager.group | Group under which the modemmanager exporter shall be run.
|
| services.certmgr.svcManager | This specifies the service manager to use for restarting or reloading services
|
| hardware.sane.enable | Enable support for SANE scanners.
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.certmgr.defaultRemote | The default CA host:port to use.
|
| services.github-runners.<name>.user | User under which to run the service
|
| security.sudo.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| services.kubernetes.scheduler.kubeconfig.certFile | Kubernetes scheduler client certificate file used to connect to kube-apiserver.
|
| boot.initrd.systemd.groups | Groups to include in initrd.
|
| security.isolate.cgRoot | Control group which subgroups are placed under
|
| services.limesurvey.nginx.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.limesurvey.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.outline.user | User under which the service should run
|
| services.prometheus.exporters.node-cert.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.node-cert.openFirewall
is true
|
| security.sudo-rs.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| services.bitwarden-directory-connector-cli.sync.groupPath | Group directory, relative to root.
|
| users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| services.misskey.reverseProxy.webserver.caddy.useACMEHost | A host of an existing Let's Encrypt certificate to use
|