| services.ceph.global.clusterName | Name of cluster
|
| services.fedimintd.<name>.nginx.config.locations | Declarative location config
|
| services.coder.user | User under which the coder service runs.
If left as the default value this user will automatically be created
on system activation, otherwise it needs to be configured manually.
|
| services.foundationdb.listenAddress | Publicly visible IP address of the process
|
| services.inadyn.group | Group account under which inadyn runs.
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the inadyn service starts.
|
| services.irkerd.openPorts | Open ports in the firewall for irkerd
|
| services.glusterfs.tlsSettings.caCert | Path certificate authority used to sign the cluster certificates.
|
| services.kanboard.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| security.pki.certificates | A list of trusted root certificates in PEM format.
|
| services.errbot.instances.<name>.admins | List of identifiers of errbot admins.
|
| services.firebird.enable | Whether to enable the Firebird super server.
|
| programs.ssh.knownHosts.<name>.publicKey | The public key data for the host
|
| networking.rxe.interfaces | Enable RDMA on the listed interfaces
|
| programs.dmrconfig.package | The dmrconfig package to use.
|
| services.librenms.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.centrifugo.environmentFiles | Files to load environment variables from
|
| services.certspotter.package | The certspotter package to use.
|
| services.grafana.provision.datasources.settings.datasources | List of datasources to insert/update.
|
| security.ipa.realm | Kerberos realm.
|
| programs.appimage.binfmt | Whether to enable binfmt registration to run appimages via appimage-run seamlessly.
|
| services._3proxy.resolution.nscache | Set name cache size for IPv4.
|
| services.hans.server.ip | The assigned ip range
|
| services.hologram-server.ldapBindDN | DN of account to use to query the LDAP server
|
| programs.java.enable | Install and setup the Java development kit.
This adds JAVA_HOME to the global environment, by sourcing the
jdk's setup-hook on shell init
|
| services.klipper.configFile | Path to default Klipper config.
|
| programs.atop.atopService.enable | Whether to enable the atop service responsible for storing statistics for
long-term analysis.
|
| services.i2pd.outTunnels.<name>.address | Bind address for ‹name› endpoint.
|
| services.dovecot2.mailGroup | Default group to store mail for virtual users.
|
| services.below.retention.time | Retention time, in seconds.
As data is stored in 24 hour shards which are discarded as a whole,
only data expired by 24h (or more) is guaranteed to be discarded.
If retention.size is set, data may be discarded earlier than the specified time.
|
| services.gocd-agent.agentConfig | Agent registration configuration.
|
| networking.enableIPv6 | Whether to enable support for IPv6.
|
| services.broadcast-box.web.port | Port the HTTP server listens on.
|
| services.dovecot2.enable | Whether to enable the dovecot 2.x POP3/IMAP server.
|
| services.gitlab-runner.services.<name>.tagList | Tag list
|
| services.akkoma.config | Configuration for Akkoma
|
| hardware.sane.brscan4.enable | When enabled, will automatically register the "brscan4" sane
backend and bring configuration files to their expected location.
|
| meta.maintainers | List of maintainers of each module
|
| services.firezone.server.provision.enable | Whether to enable provisioning of the Firezone domain server.
|
| networking.networkmanager.ensureProfiles.secrets.package | The nm-file-secret-agent package to use.
|
| services.lavalink.enableHttp2 | Whether to enable HTTP/2 support.
|
| services.fedimintd.<name>.nginx.config.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services._3proxy.services.*.acl.*.rule | ACL rule
|
| services.akkoma.config.":web_push_encryption".":vapid_details".subject | mailto URI for administrative contact.
|
| services.caddy.virtualHosts.<name>.listenAddresses | A list of host interfaces to bind to for this virtual host.
|
| services.librenms.group | Name of the LibreNMS group.
|
| services.agorakit.nginx.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.ceph.mon.package | The ceph package to use.
|
| services.croc.ports | Ports of the relay.
|
| services.ferretdb.package | The ferretdb package to use.
|
| image.extension | Extension of the image filename (e.g. raw).
|
| networking.ucarp.addr | Virtual shared IP address.
|
| services.kimai.sites.<name>.database.port | Database host port.
|
| security.audit.backlogLimit | The maximum number of outstanding audit buffers allowed; exceeding this is
considered a failure and handled in a manner specified by failureMode.
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| services.canaille.secretKeyFile | File containing the Flask secret key
|
| services.icecream.daemon.schedulerHost | Explicit scheduler hostname, useful in firewalled environments
|
| services.immich.database.host | Hostname or address of the postgresql server
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeout | Timeout after which an idle keepalive connection can be discarded.
|
| services.druid.commonConfig | (key=value) Configuration to be written to common.runtime.properties
|
| programs.thunderbird.preferences | Preferences to set from about:config
|
| services.commafeed.environmentFile | Environment file as defined in systemd.exec(5).
|
| services.cloudflared.tunnels.<name>.originRequest.caPool | Path to the certificate authority (CA) for the certificate of your origin
|
| services.consul-template.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| services.librenms.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| programs.regreet.theme.name | Name of the theme to use for regreet.
|
| services.commafeed.group | Group under which CommaFeed runs.
|
| services.ananicy.package | The ananicy package to use.
|
| services.grafana.settings.users.auto_assign_org_role | The role new users will be assigned for the main organization (if the auto_assign_org setting is set to true).
|
| services.agorakit.nginx.serverName | Name of this virtual host
|
| networking.nftables.rulesetFile | The ruleset file to be used with nftables
|
| security.pam.mount.logoutWait | Amount of microseconds to wait until killing remaining processes after
final logout
|
| services.epgstation.settings.clientSocketioPort | Socket.io port that the web client is going to connect to
|
| networking.nat.externalIP | The public IP address to which packets from the local
network are to be rewritten
|
| hardware.trackpoint.mindrag | Minimum amount of force needed to trigger dragging.
|
| security.pam.services.<name>.limits.*.value | Value of this limit
|
| services.librenms.distributedPoller.memcachedPort | Port of the memcached server.
|
| services.actual.package | The actual-server package to use.
|
| services.cachefilesd.enable | Whether to enable cachefilesd network filesystems caching daemon.
|
| services.gitea.settings.server.ROOT_URL | Full public URL of gitea server.
|
| services.fediwall.nginx.listen.*.ssl | Enable SSL.
|
| services.i2pd.reseed.floodfill | Path to router info of floodfill to reseed from.
|
| services.knot-resolver.settings.network.listen | List of interfaces to listen to and its configuration.
|
| hardware.facter.detected.boot.initrd.networking.kernelModules | List of kernel modules to include in the initrd to support networking.
|
| hardware.nfc-nci.enable | Whether to enable PN5xx kernel module with udev rules, libnfc-nci userland, and optional ifdnfc-nci PC/SC driver.
|
| services.bluemap.enableRender | Enable rendering
|
| services.caddy.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.cockroachdb.certsDir | The path to the certificate directory.
|
| services.desktopManager.gnome.flashback.customSessions.*.enableGnomePanel | Whether to enable the GNOME panel in this session.
|
| services.factorio.game-password | Game password
|
| programs.screen.screenrc | The contents of /etc/screenrc file
|
| programs.skim.enable | Whether to enable skim fuzzy finder.
|
| security.apparmor.enable | Whether to enable the AppArmor Mandatory Access Control system
|
| services._3proxy.denyPrivate | Whether to deny access to private IP ranges including loopback.
|
| services.actual.user | User account under which Actual runs
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| services.crowdsec.hub.collections | List of hub collections to install
|
| services.freshrss.database.name | Database name for FreshRSS.
|
| programs.command-not-found.enable | Whether interactive shells should show which Nix package (if
any) provides a missing command
|
| security.pam.yubico.mode | Mode of operation
|
| services.akkoma.nginx.sslCertificate | Path to server SSL certificate.
|