Whether to enable SSL (https) support.

Patterns to exclude when backing up

If the specified units are started, then this unit is stopped and vice versa.

If the specified units are started, then this unit is stopped and vice versa.

Per-user rules for creation, deletion and cleaning of volatile and temporary files automatically

Each attribute in this set specifies an option in the [Tun] section of the unit

A list of vxlan interfaces to be added to the network section of the unit

Each attribute in this set specifies an option in the [Tap] section of the unit

This optional key is used to control whether your job is launched once at the time the job is loaded

The unique identifier and name of this adapter; must only include a-z, 0-9, _

Whether to enable Go Ethereum WebSocket API.

List of IPs of relays that this node should allow traffic from.

An application timeout on receiving data from the TCP socket.

An application timeout on receiving data from the TCP socket.

If the specified units are started, then this unit is stopped and vice versa.

This required key uniquely identifies the job to launchd.

Extra arguments to pass to the podman build command.

DEPRECATED, use driverOptions

By default, nixos will check that programs

Append a .failed suffix to the archive name, which is only removed if borg create has a zero exit status.

Sets the number of worker threads to use

This optional key specifies the user to run the job as

Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).

16-bit port for listening

The path to a TLS certificate bundle used to verify the server's certificate.

Name to use for the device.

Whether to support proxying websocket connections with HTTP/1.1.

Verbatim contents of the config file

Email address to which to send feed items

Group account under which this instance of redis-server runs.

Listening address and listening port of the build runner (with HTTP port if not 80).

Data directory for errbot instance.

Whether the application is a system component or not.

The node where the rule should be applied.

A set of files to be copied to /boot

Specify the device name to attach

UUID of the stratis pool that the fs is located in

This is only relevant if you are using stratis.

If NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR.

Name of the cursor theme to use for the lightdm-gtk-greeter.

The php package to use.

File with password for the database.

Number of daily snapshots.

User under which this instance runs.

The command expanded by an abbreviation.

Domain name of this Gemini server, enables checking hostname and port in requests. (multiple occurrences means basic vhosts)

Ensure that only the given members are part of this group at every server start.

Path for mouse device

Whether to enable TPM2 PKCS#11 tool and shared library in system path (/run/current-system/sw/lib/libtpm2_pkcs11.so) .

HTTPFS_TEMP path used by HTTPFS

The path to the TLS key.

  nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"

DEPRECATED: Use services.harmonia.signKeyPaths instead

Path to dtb directory that overlays and other processing will be applied to

Path to the server's public key.

oauth2-proxy allows passing sensitive configuration via environment variables

File path that contains the Base64-encoded certificate for HTTPS termination

The path of the web root directory.

Path to a file containing the credential mapping (<keyname>: <secret>) to access LiveKit

The path to load the secretKey for signing narinfos

Path to RouteDNS TOML configuration file.

Path to the cert.pem file, which will be copied into Syncthing's configDir.

Path to file containing a secret for session store.

Path to a directory containing agent files for Claude Code

Path to a directory containing skill files for Claude Code

Don't send the password immediately after login, but store for PAM session.

Filesystem type

Whether the connection to the authentication agent (if any) will be forwarded to the remote machine.

Set the resolver to use for performing recursive DNS queries

Each attribute in this set specifies an option in the [Match] section of the unit

This optional key specifies whether the job can only be run once and only once

Command to run after sending the snapshot to the destination

The full name of the desktop entry file.

Working directory, available as $GITHUB_WORKSPACE during workflow runs and used as a default for repository checkouts

By default, nix-darwin will check that programs

This key maps to the first argument of execvp(3)

Commands that should be run right after we have mounted our LUKS device.

This required key uniquely identifies the job to launchd.

Extra arguments to pass to the podman image pull command.

Whether to start the network on boot (requires user lingering).

Text of the file.

Specify delay (in seconds) before sending snaps to the destination

Set the 'all targets ports' flag when registering keys with mpathpersist

INI sections and values to populate the Volume Quadlet.

Name of the database user to initialise the database with

Configuration blocks to add to i3status-rust config

Units that require (i.e. depend on and need to go down with) this unit

Units that require (i.e. depend on and need to go down with) this unit

Extra paths to link in kernel directory

Whether to enable ytdl-sub instance.

Extra settings to add to easytier-‹name›.toml.

An existing Let’s Encrypt certificate to use for this virtual host

Use this as the SNI while connecting via TLS

An arbitrary list of items such as derivations

An arbitrary list of items such as derivations

Units that require (i.e. depend on and need to go down with) this unit

Hostname of JMAP server

This configuration file only applies to hosts NOT listed with this key

Whether to configure nginx for fedimintd

The store paths to include in the partition.

Canonical hostname for the server.

Action for packets that doesn't match any rules.