| services.soju.configFile | Path to config file
|
| services.syslogd.defaultConfig | The default syslog.conf file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig.
|
| services.dockerRegistry.configFile | Path to CNCF distribution config file
|
| services.rsyslogd.defaultConfig | The default syslog.conf file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig.
|
| services.bacula-sd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-fd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.oauth2-proxy.nginx.virtualHosts | Nginx virtual hosts to put behind the oauth2 proxy
|
| services.dockerRegistry.storagePath | Docker registry storage path for the filesystem storage backend
|
| services.bacula-sd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.thelounge.extraConfig | The Lounge's config.js contents as attribute set (will be
converted to JSON to generate the configuration file)
|
| services.cassandra.allowClients | Enables or disables the native transport server (CQL binary protocol)
|
| services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| services.librenms.environmentFile | File containing env-vars to be substituted into the final config
|
| services.slurm.enableSrunX11 | If enabled srun will accept the option "--x11" to allow for X11 forwarding
from within an interactive session or a batch job
|
| services.pipewire.wireplumber.extraScripts | Additional scripts for WirePlumber to be used by configuration files
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.znc.config | Configuration for ZNC, see
https://wiki.znc.in/Configuration for details
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.jupyterhub.jupyterhubEnv | Python environment to run jupyterhub
Customizing will affect the packages available in the hub and
proxy
|
| boot.kernelPatches | A list of additional patches to apply to the kernel
|
| services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|
| services.davis.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.slskd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.movim.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.snipe-it.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.akkoma.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fluidd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.gancio.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.monica.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.matomo.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| services.kanboard.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.dolibarr.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.librenms.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.agorakit.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fediwall.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.pixelfed.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.mainsail.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| services.radicle.httpd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.anuko-time-tracker.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.bookstack.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.jirafeau.nginxConfig.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.zabbixWeb.nginx.virtualHost.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| services.pipewire.wireplumber.extraConfig | Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
supported way to run WirePlumber configured via extraConfig)
|
| networking.tempAddresses | Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces._name_.tempAddress
|
| services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| services.filebeat.modules | Filebeat modules provide a quick way to get started
processing common log formats
|
| services.syncthing.overrideFolders | Whether to delete the folders which are not configured via the
folders option
|
| services.nncp.daemon.socketActivation.listenStreams | TCP sockets to bind to
|
| services.prometheus.exporters.dovecot.socketPath | Path under which the stats socket is placed
|
| services.limesurvey.nginx.virtualHost.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.misskey.reverseProxy.webserver.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.prometheus.scrapeConfigs.*.label_name_length_limit | Per-scrape limit on length of labels name that will be accepted for a sample
|