secrets.fullPaths
set of full paths to secrets
type
attribute set of path
default
{
secrets.fullPaths = {};
}
secrets.keys
Keys to upload to server
type
list of unspecified
default
{
secrets.keys = [];
}
secrets.location
Location where to put the keys
type
path
default
{
secrets.location = "/var/secrets";
}
services.duplyBackup.enable
Whether to enable remote backups.
type
boolean
default
{
services.duplyBackup.enable = false;
}
services.duplyBackup.profiles
type
attribute set of submodule
services.duplyBackup.profiles.<name>.excludeFile
Content to put in exclude file
type
strings concatenated with "\n"
default
{
services.duplyBackup.profiles.<name>.excludeFile = "";
}
services.duplyBackup.profiles.<name>.rootDir
Path to backup
type
path
services.fiche.enable
Whether to enable Enable fiche’s service.
type
boolean
example
{
services.fiche.enable = true;
}
default
{
services.fiche.enable = false;
}
services.fiche.dataDir
Directory where to place the pastes
type
path
default
{
services.fiche.dataDir = "/var/lib/fiche";
}
services.fiche.domain
Domain
type
string
services.fiche.https
Whether to enable Use https.
type
boolean
example
{
services.fiche.https = true;
}
default
{
services.fiche.https = false;
}
services.fiche.port
Port to listen to
type
16 bit unsigned integer; between 0 and 65535 (both inclusive)
services.filesWatcher
Files to watch and trigger service reload or restart of service when changed.
type
attribute set of submodule
default
{
services.filesWatcher = {};
}
services.filesWatcher.<name>.paths
Paths to watch that should trigger a reload of the service
type
list of string
services.filesWatcher.<name>.restart
Whether to enable Restart service rather than reloading it.
type
boolean
example
{
services.filesWatcher.<name>.restart = true;
}
default
{
services.filesWatcher.<name>.restart = false;
}
services.filesWatcher.<name>.waitTime
Time to wait before reloading/restarting the service. Set 0 to not wait.
type
signed integer
default
{
services.filesWatcher.<name>.waitTime = 5;
}
services.openarc.enable
Whether to enable the OpenARC sender authentication system.
type
boolean
default
{
services.openarc.enable = false;
}
services.openarc.configFile
Additional OpenARC configuration.
type
null or path
default
{
services.openarc.configFile = null;
}
services.openarc.group
Group for the daemon.
type
string
default
{
services.openarc.group = "opendmarc";
}
services.openarc.socket
Socket which is used for communication with OpenARC.
type
string
default
{
services.openarc.socket = "local:/run/openarc/openarc.sock";
}
services.openarc.user
User for the daemon.
type
string
default
{
services.openarc.user = "opendmarc";
}
services.opendmarc.enable
Whether to enable the OpenDMARC sender authentication system.
type
boolean
default
{
services.opendmarc.enable = false;
}
services.opendmarc.configFile
Additional OpenDMARC configuration.
type
null or path
default
{
services.opendmarc.configFile = null;
}
services.opendmarc.group
Group for the daemon.
type
string
default
{
services.opendmarc.group = "opendmarc";
}
services.opendmarc.socket
Socket which is used for communication with OpenDMARC.
type
string
default
{
services.opendmarc.socket = "local:/run/opendmarc/opendmarc.sock";
}
services.opendmarc.user
User for the daemon.
type
string
default
{
services.opendmarc.user = "opendmarc";
}
services.rsyncBackup.mountpoint
Path to the base folder for backups
type
path
services.rsyncBackup.profiles
Profiles to backup
type
attribute set of submodule
default
{
services.rsyncBackup.profiles = {};
}
services.rsyncBackup.profiles.<name>.host
host to connect to
type
string
services.rsyncBackup.profiles.<name>.host_key
Host key to use as known host
type
string
services.rsyncBackup.profiles.<name>.host_key_type
Host key type
type
string
services.rsyncBackup.profiles.<name>.keep
Number of backups to keep
type
signed integer
default
{
services.rsyncBackup.profiles.<name>.keep = 7;
}
services.rsyncBackup.profiles.<name>.login
login to connect to
type
string
services.rsyncBackup.profiles.<name>.parts
folders to backup in the host
type
attribute set of submodule
services.rsyncBackup.profiles.<name>.parts.<name>.args
additional arguments for rsync
type
null or string
default
{
services.rsyncBackup.profiles.<name>.parts.<name>.args = null;
}
services.rsyncBackup.profiles.<name>.parts.<name>.exclude_from
Paths to exclude from the backup
type
list of path
default
{
services.rsyncBackup.profiles.<name>.parts.<name>.exclude_from = [];
}
services.rsyncBackup.profiles.<name>.parts.<name>.files_from
Paths to take for the backup (if empty: whole folder minus exclude_from)
type
list of path
default
{
services.rsyncBackup.profiles.<name>.parts.<name>.files_from = [];
}
services.rsyncBackup.profiles.<name>.parts.<name>.remote_folder
Path to backup
type
path
services.rsyncBackup.profiles.<name>.port
port to connect to
type
string
default
{
services.rsyncBackup.profiles.<name>.port = "22";
}
services.rsyncBackup.ssh_key_private
Private key for the backup
type
string
services.rsyncBackup.ssh_key_public
Public key for the backup
type
string
services.websites.certs
Default websites configuration for certificates as accepted by acme
type
unspecified
services.websites.env
Each type of website to enable will target a distinct httpd server
type
attribute set of submodule
default
{
services.websites.env = {};
}
services.websites.env.<name>.enable
Whether to enable Enable websites of this type.
type
boolean
example
{
services.websites.env.<name>.enable = true;
}
default
{
services.websites.env.<name>.enable = false;
}
services.websites.env.<name>.adminAddr
Admin e-mail address of the instance
type
string
services.websites.env.<name>.extraConfig
Additional configuration to append to Apache
type
list of strings concatenated with "\n"
default
{
services.websites.env.<name>.extraConfig = [];
}
services.websites.env.<name>.fallbackVhost
The fallback vhost that will be defined as first vhost in Apache
type
submodule
services.websites.env.<name>.fallbackVhost.certName
type
string
services.websites.env.<name>.fallbackVhost.extraConfig
type
list of strings concatenated with "\n"
default
{
services.websites.env.<name>.fallbackVhost.extraConfig = [];
}
services.websites.env.<name>.fallbackVhost.forceSSL
Automatically create a corresponding non-ssl vhost that will only redirect to the ssl version
type
boolean
default
{
services.websites.env.<name>.fallbackVhost.forceSSL = true;
}
services.websites.env.<name>.fallbackVhost.hosts
type
list of string
services.websites.env.<name>.fallbackVhost.root
type
null or path
services.websites.env.<name>.httpdName
Name of the httpd instance to assign this type to
type
string
services.websites.env.<name>.ips
ips to listen to
type
list of string
default
{
services.websites.env.<name>.ips = [];
}
services.websites.env.<name>.modules
Additional modules to load in Apache
type
list of string
default
{
services.websites.env.<name>.modules = [];
}
services.websites.env.<name>.nosslVhost
A default nossl vhost for captive portals
type
submodule
default
{
services.websites.env.<name>.nosslVhost = {};
}
services.websites.env.<name>.nosslVhost.enable
Whether to enable Add default no-ssl vhost for this instance.
type
boolean
example
{
services.websites.env.<name>.nosslVhost.enable = true;
}
default
{
services.websites.env.<name>.nosslVhost.enable = false;
}
services.websites.env.<name>.nosslVhost.host
The hostname to use for this vhost
type
string
services.websites.env.<name>.nosslVhost.indexFile
The index file to show.
type
string
default
{
services.websites.env.<name>.nosslVhost.indexFile = "index.html";
}
services.websites.env.<name>.nosslVhost.root
The root folder to serve
type
path
default
{
services.websites.env.<name>.nosslVhost.root = "/nix/store/9igw1ny9f9bhlv98wlf91jr4n3r0ib98-nosslVhost";
}
services.websites.env.<name>.vhostConfs
List of vhosts to define for Apache
type
attribute set of submodule
default
{
services.websites.env.<name>.vhostConfs = {};
}
services.websites.env.<name>.vhostConfs.<name>.addToCerts
Use these to certificates. Is ignored (considered true) if certMainHost is not null
type
boolean
default
{
services.websites.env.<name>.vhostConfs.<name>.addToCerts = false;
}
services.websites.env.<name>.vhostConfs.<name>.certMainHost
Use that host as 'main host' for acme certs
type
null or string
default
{
services.websites.env.<name>.vhostConfs.<name>.certMainHost = null;
}
services.websites.env.<name>.vhostConfs.<name>.certName
type
string
services.websites.env.<name>.vhostConfs.<name>.extraConfig
type
list of strings concatenated with "\n"
default
{
services.websites.env.<name>.vhostConfs.<name>.extraConfig = [];
}
services.websites.env.<name>.vhostConfs.<name>.forceSSL
Automatically create a corresponding non-ssl vhost that will only redirect to the ssl version
type
boolean
default
{
services.websites.env.<name>.vhostConfs.<name>.forceSSL = true;
}
services.websites.env.<name>.vhostConfs.<name>.hosts
type
list of string
services.websites.env.<name>.vhostConfs.<name>.root
type
null or path
services.websites.env.<name>.vhostNoSSLConfs
List of no ssl vhosts to define for Apache
type
attribute set of submodule
default
{
services.websites.env.<name>.vhostNoSSLConfs = {};
}
services.websites.env.<name>.vhostNoSSLConfs.<name>.extraConfig
type
list of strings concatenated with "\n"
default
{
services.websites.env.<name>.vhostNoSSLConfs.<name>.extraConfig = [];
}
services.websites.env.<name>.vhostNoSSLConfs.<name>.hosts
type
list of string
services.websites.env.<name>.vhostNoSSLConfs.<name>.root
type
null or path
services.websites.env.<name>.watchPaths
Paths to watch that should trigger a reload of httpd
type
list of string
default
{
services.websites.env.<name>.watchPaths = [];
}
services.websites.webappDirs
Defines a symlink between /run/current-system/webapps and a store app directory to be used in http configuration. Permits to avoid restarting httpd when only the folder name changes.
type
attribute set of path
default
{
services.websites.webappDirs = {};
}
services.websites.webappDirsName
Name of the webapp dir to create in /run/current-system
type
string
default
{
services.websites.webappDirsName = "webapps";
}
services.websites.webappDirsPaths
Full paths of the webapp dir
type
attribute set of path
default
{
services.websites.webappDirsPaths = {};
}
services.webstats.dataDir
The directory where Goaccess stores its data.
type
path
default
{
services.webstats.dataDir = "/var/lib/goaccess";
}
services.webstats.sites
Sites to generate stats
type
list of submodule
default
{
services.webstats.sites = [];
}
services.webstats.sites.*.conf
use custom goaccess configuration file instead of the default one.
type
null or path
default
{
services.webstats.sites.*.conf = null;
}
services.webstats.sites.*.name
Domain name. Corresponds to the Apache file name and the folder name in which the state will be saved.
type
string