| options/nixos/services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| options/nixos/services.warpgate.settings.http.external_port | The HTTP listener is reachable via this port externally.
|
| options/nixos/services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| options/nixos/services.readarr.settings.update.automatically | Automatically download and install updates.
|
| options/nixos/services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| options/nixos/services.grafana.provision.datasources.settings | Grafana datasource configuration in Nix
|
| options/nixos/services.nextcloud-spreed-signaling.settings.https.listen | IP and port to listen on for HTTPS requests, in the format of ip:port
|
| options/nixos/services.wgautomesh.settings.gossip_port | wgautomesh gossip port, this MUST be the same number on all nodes in
the wgautomesh network.
|
| options/nixos/services.grafana.settings.users.allow_sign_up | Set to false to prohibit users from being able to sign up / create user accounts
|
| options/nixos/services.ferretdb.settings.FERRETDB_POSTGRESQL_URL | PostgreSQL URL for 'pg' handler
|
| options/nixos/services.anubis.instances.<name>.settings.DIFFICULTY | The difficulty required for clients to solve the challenge
|
| options/nixos/services.umurmur.settings.max_bandwidth | Maximum bandwidth (in bits per second) that clients may send
speech at.
|
| options/nixos/systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| options/nixos/services.grafana.provision.alerting.policies.settings.policies | List of contact points to import or update.
|
| options/nixos/services.matrix-appservice-irc.settings.ircService.mediaProxy.ttlSeconds | Lifetime in seconds, that generated URLs stay valid
|
| options/nixos/services.grafana.provision.alerting.contactPoints.settings.apiVersion | Config file version.
|
| options/nixos/services.headscale.settings.tls_key_path | Path to key for already created certificate.
|
| options/nixos/services.swapspace.settings.max_swapsize | Greatest allowed size for individual swapfiles
|
| options/nixos/services.swapspace.settings.min_swapsize | Smallest allowed size for individual swapfiles
|
| options/nixos/virtualisation.xen.store.settings.perms.enableWatch | Whether to enable the watch permission system
|
| options/nixos/services.your_spotify.settings.MONGO_ENDPOINT | The endpoint of the Mongo database.
|
| options/nixos/security.agnos.settings.accounts.*.certificates | Certificates for agnos to issue or renew.
|
| options/nixos/services.prometheus.alertmanager-ntfy.settings.http.addr | The address to listen on.
|
| options/nixos/services.veilid.settings.client_api.ipc_enabled | veilid-server will respond to Python and other JSON client requests.
|
| options/nixos/services.anubis.defaultOptions.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| options/nixos/services.tuned.settings.dynamic_tuning | Whether to enable dynamic tuning.
|
| options/nixos/services.postsrsd.settings.unprivileged-user | Unprivileged user to drop privileges to.
Our systemd unit never runs postsrsd as a privileged process, so this option is read-only.
|
| options/nixos/services.matrix-appservice-irc.settings.homeserver | Homeserver configuration
|
| options/nixos/services.matrix-synapse.settings.listeners.*.resources | List of HTTP resources to serve on this listener.
|
| options/nixos/services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.orgId | Organization ID, default = 1.
|
| options/nixos/virtualisation.xen.store.settings.xenstored.accessLog.file | Path to the Xen Store access log file.
|
| options/nixos/services.veilid.settings.core.network.dht.min_peer_count | Minimum number of nodes to keep in the peer table.
|
| options/nixos/services.matrix-appservice-irc.settings.ircService.mediaProxy.signingKeyPath | Path to the signing key file for authenticated media.
|
| options/nixos/services.olivetin.settings.ListenAddressSingleHTTPFrontend | The address to listen on for the internal "microproxy" frontend.
|
| options/nixos/services.your_spotify.settings.SPOTIFY_PUBLIC | The public client ID of your Spotify application
|
| options/nixos/services.sourcehut.settings."lists.sr.ht::worker".reject-mimetypes | Comma-delimited list of Content-Types to reject
|
| options/nixos/services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| options/nixos/services.prometheus.exporters.script.settings.scripts.*.script | Shell script to execute when metrics are requested.
|
| options/nixos/systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| options/nixos/services.stash.settings.parallel_tasks | Number of parallel tasks to start during scan/generate
|
| options/nixos/services.headscale.settings.prefixes.allocation | Strategy used for allocation of IPs to nodes, available options:
- sequential (default): assigns the next free IP from the previous given IP.
- random: assigns the next free IP from a pseudo-random IP generator (crypto/rand).
|
| options/nixos/services.grafana.provision.alerting.templates.settings.apiVersion | Config file version.
|
| options/nixos/services.homebridge.settings.accessories.*.name | Name of the accessory
|
| options/nixos/services.warpgate.settings.mysql.external_port | The MySQL listener is reachable via this port externally.
|
| options/nixos/services.filesender.settings.admin_email | Email address of FileSender administrator(s)
|
| options/nixos/services.firewalld.settings.NftablesFlowtable | This may improve forwarded traffic throughput by enabling nftables flowtable
|
| options/nixos/services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| options/nixos/services.mackerel-agent.settings.host_status.on_start | Host status after agent startup.
|
| options/nixos/services.system76-scheduler.settings.cfsProfiles.default.latency | sched_latency_ns.
|
| options/nixos/services.tuned.settings.sleep_interval | Interval in which the TuneD daemon is waken up and checks for events (in seconds).
|
| options/nixos/services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.system76-scheduler.settings.cfsProfiles.default.preempt | Preemption mode.
|
| options/nixos/services.livekit.settings.rtc.port_range_end | End of UDP port range for WebRTC
|
| options/nixos/services.tuned.settings.reapply_sysctl | Whether to enable the reapplying of global sysctls after TuneD sysctls are applied.
|
| options/nixos/services.crowdsec-firewall-bouncer.settings.api_key | API key to authenticate with a local crowdsec API
|
| options/nixos/services.nvme-rs.settings.thresholds.wear_warning | Wear warning threshold (%)
|
| options/nixos/services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitID | See torrc manual.
|
| options/nixos/services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.name | Name of the mute time interval, must be unique
|
| options/nixos/services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| options/nixos/services.homebridge.settings.platforms.*.platform | Platform type
|
| options/nixos/services.system76-scheduler.settings.cfsProfiles.default.nr-latency | sched_nr_latency.
|
| options/nixos/services.nvme-rs.settings.thresholds.temp_warning | Temperature warning threshold (°C)
|
| options/nixos/services.pgbouncer.settings.pgbouncer.pool_mode | Specifies when a server connection can be reused by other clients.
session
Server is released back to pool after client disconnects
|
| options/nixos/services.epgstation.settings.concurrentEncodeNum | The maximum number of encoding jobs that EPGStation would run at the
same time.
|
| options/nixos/services.suricata.settings.dpdk.interfaces.*.interface | See upstream docs: docs/capture-hardware/dpdk and docs/configuration/suricata-yaml.html#data-plane-development-kit-dpdk.
|
| options/nixos/services.listmonk.database.settings."privacy.exportable" | List of fields which can be exported through an automatic export request
|
| options/nixos/services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| options/nixos/services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| options/nixos/services.veilid.settings.core.network.routing_table.node_id | Base64-encoded public key for the node, used as the node's ID.
|
| options/nixos/services.headscale.settings.dns.extra_records | Extra DNS records to expose to clients.
|
| options/nixos/services.sabnzbd.settings.ntfosd.ntfosd_enable | Whether to enable NotifyOSD alerts
|
| options/nixos/services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes-in-home | Path prefixes to ignore under home directory
|
| options/nixos/services.consul-template.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| options/home-manager/programs.zed-editor.mutableUserSettings | Whether user settings (settings.json) can be updated by zed.
|
| options/nixos/services.your_spotify.settings.API_ENDPOINT | The endpoint of your server
This api has to be reachable from the device you use the website from not from the server
|
| options/nixos/services.slskd.settings.retention.transfers.download.succeeded | Lifespan of succeeded download tasks.
|
| options/nixos/services.slskd.settings.retention.transfers.download.cancelled | Lifespan of cancelled download tasks.
|
| options/nixos/services.borgmatic.settings.repositories.*.path | Path to the repository
|
| options/nixos/services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| options/darwin/services.aerospace.settings.default-root-container-layout | Default layout for the root container.
|
| options/nixos/services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| options/nixos/security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| options/nixos/services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| options/nixos/services.kerberos_server.settings | Settings for the kerberos server of choice
|
| options/nixos/services.warpgate.settings.sso_providers | Configure OIDC single sign-on providers.
|
| options/nixos/services.opensearch.settings."plugins.security.disabled" | Whether to enable the security plugin,
plugins.security.ssl.transport.keystore_filepath or
plugins.security.ssl.transport.server.pemcert_filepath and
plugins.security.ssl.transport.client.pemcert_filepath
must be set for this plugin to be enabled.
|
| options/nixos/virtualisation.xen.store.settings.ringScanInterval | Perodic scanning for all the rings as a safenet for lazy clients
|
| options/nixos/services.evdevremapkeys.settings | config.yaml for evdevremapkeys
|
| options/nixos/services.grafana.provision.datasources.settings.apiVersion | Config file version.
|
| options/nixos/services.postfix-tlspol.settings.server.socket-permissions | Permissions to the UNIX socket, if configured.
Due to hardening on the systemd unit the socket can never be created world readable/writable.
|
| options/nixos/services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPorts | See torrc manual.
|
| options/nixos/services.nextcloud.settings.enabledPreviewProviders | The preview providers that should be explicitly enabled.
|
| options/nixos/services.prowlarr.settings.update.automatically | Automatically download and install updates.
|
| options/nixos/services.whisparr.settings.update.automatically | Automatically download and install updates.
|
| options/nixos/services.headscale.settings.oidc.allowed_users | Users allowed to authenticate even if not in allowedDomains.
|
| options/nixos/services.easytier.instances.<name>.settings.listeners | Listener addresses to accept connections from other peers
|
| options/nixos/services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| options/nixos/services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|
| options/home-manager/services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|