| services.monica.config | monica configuration options to set in the
.env file
|
| networking.wireguard.interfaces.<name>.peers | Peers linked to the interface.
|
| services.gnome.at-spi2-core.enable | Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| programs.uwsm.waylandCompositors.<name>.binPath | The wayland-compositor binary path that will be called by UWSM
|
| services.ncps.cache.storage.s3.bucket | The name of the S3 bucket.
|
| containers.<name>.extraFlags | Extra flags passed to the systemd-nspawn command
|
| services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| networking.wg-quick.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| networking.wg-quick.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| services.bitlbee.hostName | Normally, BitlBee gets a hostname using getsockname()
|
| services.matrix-synapse.settings.app_service_config_files | A list of application service config file to use
|
| services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.nginx.resolver | Configures name servers used to resolve names of upstream servers into addresses
|
| programs.tsmClient.defaultServername | If multiple server stanzas are declared with
programs.tsmClient.servers,
this option may be used to name a default
server stanza that IBM TSM uses in the absence of
a user-defined dsm.opt file
|
| systemd.network.networks.<name>.quickFairQueueingConfigClass | Each attribute in this set specifies an option in the
[QuickFairQueueingClass] section of the unit
|
| services.dawarich.user | User under which dawarich runs
|
| services.moosefs.masterHost | IP or DNS name of the MooseFS master server.
|
| services.dolibarr.domain | Domain name of your server.
|
| services.tuned.settings.default_instance_priority | Default instance (unit) priority.
|
| networking.interfaces.<name>.virtualOwner | In case of a virtual device, the user who owns it.
null will not set owner, allowing access to any user.
|
| services.avahi.publish.domain | Whether to announce the locally used domain name for browsing by other hosts.
|
| containers.<name>.enableTun | Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN capability and
enabling access to /dev/net/tun.
|
| services.icingaweb2.libraryPaths | Libraries to add to the Icingaweb2 library path
|
| services.davis.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.slskd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.movim.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| containers.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| services.prometheus.exporters.mqtt.mqttUsername | Username which should be used to authenticate against the MQTT broker.
|
| networking.wg-quick.interfaces.<name>.autostart | Whether to bring up this interface automatically during boot.
|
| services.kapacitor.defaultDatabase.username | The username to connect to the remote InfluxDB server
|
| services.varnish.listen.*.user | User name who owns the socket file.
|
| services.wakapi.database.user | The name of the user to use for Wakapi.
|
| networking.wg-quick.interfaces.<name>.configFile | wg-quick .conf file, describing the interface
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| services.mjpg-streamer.group | mjpg-streamer group name.
|
| networking.vswitches.<name>.interfaces | The physical network interfaces connected by the vSwitch.
|
| services.mailman.enablePostfix | Enable Postfix integration
|
| networking.supplicant.<name>.configFile.writable | Whether the configuration file at configFile.path should be written to by
wpa_supplicant.
|
| services.ghostunnel.servers.<name>.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.nextcloud.settings.mail_send_plaintext_only | Email will be sent by default with an HTML and a plain text body
|
| services.matrix-synapse.workers.<name>.worker_listeners | List of ports that this worker should listen on, their purpose and their configuration.
|
| networking.sits.<name>.encapsulation.port | Destination port when using UDP encapsulation.
|
| networking.wireguard.interfaces.<name>.preSetup | Commands called at the start of the interface setup.
|
| services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| services.wordpress.webserver | Whether to use apache2 or nginx for virtual host management
|
| services.gitlab.registry.host | GitLab container registry host name.
|
| services.baikal.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.postgresql.settings.shared_preload_libraries | List of libraries to be preloaded.
|
| services.snipe-it.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| services.pgpkeyserver-lite.hostname | Which hostname to set the vHost to that is proxying to sks.
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| services.openafsClient.cellName | Cell name.
|
| services.olivetin.extraConfigFiles | Config files to merge into the settings defined in services.olivetin.settings
|
| services.postgresqlWalReceiver.receivers.<name>.synchronous | Flush the WAL data to disk immediately after it has been received
|
| services.bird-lg.frontend.domain | Server name domain suffixes.
|
| containers.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| users.extraUsers.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| services.shellhub-agent.preferredHostname | Set the device preferred hostname
|
| systemd.user.generators | Definition of systemd generators; see systemd.generator(5)
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals | ESP proposals to offer for the CHILD_SA
|
| systemd.generators | Definition of systemd generators; see systemd.generator(5)
|
| services.echoip.virtualHost | Name of the nginx virtual host to use and setup
|
| systemd.network.networks.<name>.controlledDelayConfig | Each attribute in this set specifies an option in the
[ControlledDelay] section of the unit
|
| services.powerdns.enable | Whether to enable PowerDNS domain name server.
|
| services.mattermost.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) which sets config options
for mattermost (see the Mattermost documentation)
|
| services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| networking.interfaces.<name>.ipv4.routes.*.address | IPv4 address of the network.
|
| networking.interfaces.<name>.ipv6.routes.*.address | IPv6 address of the network.
|
| services.prometheus.scrapeConfigs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.warpgate.settings.http.trust_x_forwarded_headers | Trust X-Forwarded-* headers
|
| services.dovecot2.group | Dovecot group name.
|
| services.misskey.reverseProxy.webserver.nginx.serverName | Name of this virtual host
|
| networking.fqdn | The fully qualified domain name (FQDN) of this host
|
| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| services.weblate.localDomain | The domain name serving your Weblate instance.
|
| boot.loader.systemd-boot.windows.<name>.efiDeviceHandle | The device handle of the EFI System Partition (ESP) where the Windows bootloader is
located
|
| programs.zsh.ohMyZsh.theme | Name of the theme to be used by oh-my-zsh.
|
| systemd.network.networks.<name>.stochasticFairBlueConfig | Each attribute in this set specifies an option in the
[StochasticFairBlue] section of the unit
|
| networking.wireguard.interfaces.<name>.metric | Set the metric of routes related to this Wireguard interface.
|
| containers.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.type | The type of the listener, usually http.
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| networking.sits.<name>.encapsulation | Configures the type of encapsulation.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.port | The port to listen for HTTP(S) requests on.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.mode | File permissions on the UNIX domain socket.
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.mqtt2influxdb.mqtt.username | Username used to connect to the MQTT server.
|
| services.pfix-srsd.configurePostfix | Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
|
| services.strongswan-swanctl.swanctl.connections.<name>.over_time | Hard IKE_SA lifetime if rekey/reauth does not complete, as time
|
| services.openldap.mutableConfig | Whether to allow writable on-line configuration
|
| programs.foot.theme | Theme name
|
| services.buffyboard.settings.quirks.ignore_unused_terminals | If true, buffyboard won't automatically update the layout of a new terminal and
draw the keyboard, if the terminal is not opened by any process
|
| services.bookstack.mail.fromName | Mail "from" name.
|