| services.icingaweb2.modules.monitoring.generalConfig.protectedVars | List of string patterns for custom variables which should be excluded from user’s view.
|
| services.gocd-server.environment | Additional environment variables to be passed to the gocd-server process
|
| services.librenms.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| boot.zfs.package | Configured ZFS userland tools package.
|
| services.apache-kafka.jvmOptions | Extra command line options for the JVM running Kafka.
|
| services.gitlab.pages.enable | Whether to enable the GitLab Pages service.
|
| programs.xastir.enable | Whether to enable Xastir Graphical APRS client.
|
| services.hadoop.hdfs.journalnode.restartIfChanged | Automatically restart the service on config change
|
| networking.vswitches | This option allows you to define Open vSwitches that connect
physical networks together
|
| services.asusd.animeConfig.source | Path of the source file.
|
| services.iperf3.rsaPrivateKey | Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.
|
| services.gammu-smsd.device.connection | Protocol which will be used to talk to the phone
|
| services.kanboard.nginx.locations | Declarative location config
|
| services.drupal.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.headscale.settings.database.postgres.host | Database host address.
|
| services.httpd.customLogFormat | Defines a custom Apache HTTPD access log format string
|
| services.discourse.redis.passwordFile | File containing the Redis password
|
| nix.buildMachines.*.speedFactor | The relative speed of this builder
|
| programs.niri.enable | Whether to enable Niri, a scrollable-tiling Wayland compositor.
|
| services.jitsi-meet.secureDomain.enable | Whether to enable Authenticated room creation.
|
| services.armagetronad.servers.<name>.host | Host to listen on
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| services.gitlab.sidekiq.memoryKiller.maxMemory | The maximum amount of memory, in MiB, a Sidekiq worker is
allowed to consume before being killed.
|
| services.hostapd.radios.<name>.driver | The driver hostapd will use.
nl80211 is used with all Linux mac80211 drivers.
none is used if building a standalone RADIUS server that does
not control any wireless/wired driver
|
| services.hydra.useSubstitutes | Whether to use binary caches for downloading store paths
|
| programs.pay-respects.package | The pay-respects package to use.
|
| programs.kbdlight.enable | Whether to enable kbdlight.
|
| services.bookstack.settings.APP_URL | The root URL that you want to host BookStack on
|
| services.fediwall.nginx.root | The path of the web root directory.
|
| programs.chromium.extensions | List of chromium extensions to install
|
| services.anki-sync-server.users | List of user-password pairs to provide to the sync server.
|
| services.below.collect.diskStats | Whether to enable dist_stat collection.
|
| services.komodo-periphery.disableContainerExec | Disable remote container shell access through Periphery.
|
| services.athens.goBinaryEnvVars | Environment variables to pass to the Go binary.
|
| services.cjdns.UDPInterface.connectTo.<name>.hostname | Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
|
| services.firefox-syncserver.database.name | Database to use for storage
|
| services.grafana.settings.smtp.from_address | Address used when sending out emails.
|
| networking.stevenblack.whitelist | Domains to exclude from blocking.
|
| services.discourse.nginx.enable | Whether an nginx virtual host should be
set up to serve Discourse
|
| programs.river-classic.extraPackages | Extra packages to be installed system wide
|
| services.hadoop.yarn.nodemanager.restartIfChanged | Automatically restart the service on config change
|
| programs.git.package | The git package to use.
|
| services.gitlab.smtp.username | Username of the SMTP server for GitLab.
|
| programs.dsearch.enable | Whether to enable dsearch, a fast filesystem search service with fuzzy matching.
|
| services.iodine.server.enable | enable iodined server
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| services.ipp-usb.enable | Whether to enable ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner.
|
| services.gocd-agent.user | User the Go
|
| services.connman.extraConfig | Configuration lines appended to the generated connman configuration file.
|
| services.ddclient.protocol | Protocol to use with dynamic DNS provider (see https://ddclient.net/protocols.html ).
|
| services.dragonflydb.bind | The IP interface to bind to.
null means "all interfaces".
|
| services.dae.assets | Assets required to run dae.
|
| services.i2pd.inTunnels.<name>.inbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.firezone.server.smtp.passwordFile | File containing the password for the given username
|
| services.gmediarender.package | The gmediarender package to use.
|
| services.buildbot-master.configurators | Configurator Steps, see https://docs.buildbot.net/latest/manual/configuration/configurators.html
|
| services.hadoop.yarnSite | Additional options and overrides for yarn-site.xml
https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml
|
| services.hardware.lcd.server.usbPid | The product ID of the USB device to claim.
|
| fonts.fontconfig.defaultFonts.monospace | System-wide default monospace font(s)
|
| services.bacula-fd.tls.key | The path of a PEM encoded TLS private key
|
| services.automx2.domain | E-Mail-Domain for which mail client autoconfig/autoconfigure should be set up
|
| services.calibre-web.dataDir | Where Calibre-Web stores its data
|
| services.davis.mail.inviteFromAddress | Email address to send invitations from.
|
| services.caddy.enable | Whether to enable Caddy web server.
|
| services.fwupd.daemonSettings | Configurations for the fwupd daemon.
|
| security.apparmor.policies | AppArmor policies.
|
| services.lavalink.address | The network address to bind to.
|
| documentation.man.mandoc.settings.output.toc | Whether to enable printing a table of contents near the beginning of the HTML output
of mandoc(1) if an input file contains at least two
non-standard sections
.
|
| services.globalprotect.csdWrapper | A script that will produce a Host Integrity Protection (HIP) report,
as described at https://www.infradead.org/openconnect/hip.html
|
| services.cloudlog.upload-clublog.interval | Specification (in the format described by systemd.time(7)) of the time
at which the Clublog upload will occur.
|
| services.centrifugo.enable | Whether to enable Centrifugo messaging server.
|
| services.guacamole-server.package | The guacamole-server package to use.
|
| hardware.graphics.package | The package that provides the default driver set.
|
| services.displayManager.dms-greeter.configFiles | List of DankMaterialShell configuration files to copy into the greeter
data directory at /var/lib/dms-greeter
|
| services.foundationdb.enable | Whether to enable FoundationDB Server.
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| programs.digitalbitbox.package | The digitalbitbox package to use
|
| services.artalk.enable | Whether to enable artalk, a comment system.
|
| services.ircdHybrid.adminEmail | IRCD server administrator e-mail.
|
| security.pam.services.<name>.sssdStrictAccess | enforce sssd access control
|
| programs.steam.extraPackages | Additional packages to add to the Steam environment.
|
| services.davis.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.echoip.remoteIpHeader | Header to trust for remote IP, if present
|
| security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| services.gancio.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.alloy.enable | Whether to enable Grafana Alloy.
|
| services.caddy.openFirewall | Whether to enable opening the specified http(s) ports in the firewall
|
| services.disnix.enable | Whether to enable Disnix.
|
| services.gitea.database.createDatabase | Whether to create a local database automatically.
|
| boot.loader.grub.backgroundColor | Background color to be used for GRUB to fill the areas the image isn't filling.
|
| services.gns3-server.package | The gns3-server package to use.
|
| services.gitea.camoHmacKeyFile | Path to a file containing the camo HMAC key.
|
| networking.interfaces.<name>.ipv6.addresses.*.address | IPv6 address of the interface
|
| services.kapacitor.alerta.origin | Default origin of alert
|
| services.goxlr-utility.autoStart.xdg | Start the daemon automatically using XDG autostart
|
| services.foldingathome.extraArgs | Extra startup options for the FAHClient
|
| services.geth.<name>.websocket.enable | Whether to enable Go Ethereum WebSocket API.
|
| services.cloudflare-ddns.deleteOnStop | Whether to delete the managed DNS records and clear WAF lists when the service is stopped gracefully
|
| security.acme.defaults.dnsProvider | DNS Challenge provider
|
| programs.tsmClient.package | The tsm-client package to use
|