Configuration settings for halloy

If enabled, start the Resilio Sync daemon

List of vim plugins to install optionally associated with configuration to be placed in init.vim

Whether to enable nginx or not

Added to config.dconf.settings under com/github/johnfactotum/Foliate, the scheme is defined at <https://github.com/johnfactotum/foliate/blob/gtk4/data/com.github.johnfactotum

The port Invidious should listen on

The name of the savegame that will be used by the server

The cron spec for cleaning the store to keep it under config.ncps.cache.maxSize

Additional configurations to be appended to coin.conf

Multiple GitHub Runners

Extra configuration written to $XDG_CONFIG_HOME/wezterm/wezterm.lua

If enabled, causes the following behavior:

• Passes the --ephemeral flag to the runner configuration script
• De-registers and stops the runner with GitHub after it has processed one job
• Restarts the service after its successful exit
• On start, wipes the state directory and configures a new runner

You should only enable this option if tokenFile points to a file which contains a personal access token (PAT)

Allow leaving config.boot.initrd.network.ssh.hostKeys empty, to deploy ssh host keys out of band.

Additional settings to add to upsmon.conf.

The prefix for MAC addresses to use, without the trailing ':'

Whether to enable Validate configuration file.

Whether to enable a Jibri instance and configure it to connect to Prosody

Whether to enable JiCoFo instance and configure it to connect to Prosody

Configuration options for the Stalwart server

Secret files to read into entries in config.php

Whether to enable jigasi instance and configure it to connect to Prosody

Configure Kanidm unix daemon

Picom settings

Shell commands to be executed at the end of the network-setup systemd service

Set unmailboxes * at the start of account configurations

Picom settings

If enabled, causes the following behavior:

• Passes the --ephemeral flag to the runner configuration script
• De-registers and stops the runner with GitHub after it has processed one job
• On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
• Restarts the service after its successful exit
• On start, wipes the state directory and configures a new runner

You should only enable this option if tokenFile points to a file which contains a personal access token (PAT)

If enabled, starts a Terraria server

Configure Kanidm unix daemon

Domain to use for the virtual host

Domain to use for the virtual host

Install the devicetree blob specified by config.hardware.deviceTree.name to the ESP and instruct systemd-boot to pass this DTB to linux.

Configuration options for the Stalwart email server

File path containing environment variables for configuring the GoToSocial service in the format of an EnvironmentFile as described by systemd.exec(5)

A file for storing secrets

A set of named specialized configurations

The settings Invidious should use

Whether to enable Hyprlock, Hyprland's GPU-accelerated lock screen utility

Path to sendmail program

What networks are allowed to use us as a resolver

Declarative configuration of firewall rules

Neo4j SSL policy for BOLT traffic

Settings to configure wiki-js

Configure Kanidm clients, needed for the PAM daemon

Enables support for IEEE 802.11be (WiFi 7, EHT)

Environment variables to set

Configure Kanidm clients, needed for the PAM daemon

Whether to enable configure the display manager to be able to use the outputs attached to the NVIDIA GPU

If both mutableConfig and this option are set, the Nix configuration will take precedence over any settings configured in the server console.

Whether to enable Howdy and its PAM module for face recognition

Upscale the default X cursor to be more visible on high-density displays

Whether to enable nginx or not

Arguments to the thanos rule command

Additional lines to append to config.php.

Arguments to the thanos store command

Whether to enable nginx or not

It is recommended you keep your secrets separate from the configuration

The lua5_4 package to use

Dns addon clusterIP

Whether to enable ZoneMinder

This will configure the default keybindings for text fields in macOS applications

List of paths to transcoder executables that should be accessible from Airsonic

List of paths to transcoder executables that should be accessible from Subsonic

Path to the key.pem file, which will be copied into Syncthing's configDir.

Extra configuration for service

Whether to enable swaylock

Your ui-lovelace.yaml managed as configuraton file

Access key of 5 to 20 characters in length that clients use to access the server

Arguments to the thanos sidecar command

Arguments to the thanos compact command

Arguments to the thanos receive command

Specify the Secret key of 8 to 40 characters in length that clients use to access the server

Path to the cert.pem file, which will be copied into Syncthing's configDir.

If false (the default), the desktop picture/wallpaper will be reset to the configured parameters on every system configuration change

Credentials envs used to configure Stalwart secrets

When not set to null this option defines the path at which the unbound remote control socket should be created at

Jitsi Videobridge instance and configure it to connect to Prosody

Arguments to the thanos query command

Database to use for storage

Which pinentry package to use

Open the firewall ports corresponding to FoundationDB processes and coordinators using config.networking.firewall.*.

Extra code to add to config.local.js's afterScan.

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on

Credentials envs used to configure Stalwart-Mail secrets

Preferences to set from about:config

File containing environment variables to be passed to the mautrix-signal service

Configure the launchd agent to manage the AeroSpace process

Whether to enable uwsm, which wraps standalone Wayland compositors with a set of Systemd units on the fly

Configuration, except ids section, that is written to /etc/keyd/.conf

The manual pages to generate caches for if documentation.man.generateCaches is enabled

Extra code to add to config.local.js's afterConfig.

List of ports that Synapse should listen on, their purpose and their configuration

Include the entire system's configuration

Command line options for pg_dumpall

config.ini contents

IP and port to listen on for HTTPS requests, in the format of ip:port

Whether to enable nginx or not

Actions to add to config.local.js's actions.