| nix.daemonCPUSchedPolicy | Nix daemon process CPU scheduling policy
|
| services.nncp.daemon.enable | Whether to enable NNCP TCP synronization daemon
|
| services.nncp.daemon.extraArgs | Extra command-line arguments to pass to daemon.
|
| nix.daemonIOSchedClass | Nix daemon process I/O scheduling class
|
| services.clamav.daemon.enable | Whether to enable ClamAV clamd daemon.
|
| nix.daemonIOSchedPriority | Nix daemon process I/O scheduling priority
|
| services.tuned.settings.daemon | Whether to enable the use of a daemon for TuneD.
|
| services.icecream.daemon.user | User to run the icecream daemon as
|
| services.bee.daemonNiceLevel | Daemon process priority for bee.
0 is the default Unix process priority, 19 is the lowest.
|
| services.canto-daemon.enable | Whether to enable the canto RSS daemon.
|
| services.icecream.daemon.enable | Whether to enable Icecream Daemon.
|
| services.icecream.daemon.noRemote | Prevent jobs from other nodes being scheduled on this daemon.
|
| services.icecream.daemon.nice | The level of niceness to use.
|
| services.scion.scion-daemon.enable | Whether to enable the scion-daemon service.
|
| services.deepin.dde-daemon.enable | Whether to enable daemon for handling the deepin session settings.
|
| services.handheld-daemon.user | The user to run Handheld Daemon with.
|
| users.ldap.daemon.enable | Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM
|
| users.ldap.daemon.extraConfig | Extra configuration options that will be added verbatim at
the end of the nslcd configuration file (nslcd.conf(5)).
|
| services.fwupd.daemonSettings | Configurations for the fwupd daemon.
|
| services.icecream.daemon.netName | Network name to connect to
|
| services.pulseaudio.daemon.logLevel | The log level that the system-wide pulseaudio daemon should use,
if activated.
|
| services.icecream.daemon.hostname | Hostname of the daemon in the icecream infrastructure
|
| services.power-profiles-daemon.enable | Whether to enable power-profiles-daemon, a DBus daemon that allows
changing system behavior based upon user-selected power profiles.
|
| services.pulseaudio.daemon.config | Config of the pulse daemon
|
| services.icecream.daemon.extraArgs | Additional command line parameters.
|
| services.handheld-daemon.enable | Whether to enable Handheld Daemon.
|
| services.handheld-daemon.ui.enable | Whether to enable Handheld Daemon UI.
|
| services.clamav.daemon.settings | ClamAV configuration
|
| i18n.inputMethod.kime.daemonModules | List of enabled daemon modules
|
| services.icecream.daemon.package | The icecream package to use.
|
| services.handheld-daemon.package | The handheld-daemon package to use.
|
| services.scion.scion-daemon.settings | scion-daemon configuration
|
| services.handheld-daemon.ui.package | The handheld-daemon-ui package to use.
|
| services.icecream.daemon.maxProcesses | Maximum number of compile jobs started in parallel for this daemon
|
| services.icecream.daemon.cacheLimit | Maximum size in Megabytes of cache used to store compile environments of compile clients.
|
| services.nncp.daemon.socketActivation.enable | Whether to enable socket activation for nncp-daemon.
|
| services.power-profiles-daemon.package | The power-profiles-daemon package to use.
|
| services.gnome.gnome-settings-daemon.enable | Whether to enable GNOME Settings Daemon.
|
| services.icecream.daemon.openFirewall | Whether to automatically open receive port in the firewall.
|
| services.crossmacro.daemonPackage | The crossmacro-daemon package to use.
|
| services.icecream.daemon.openBroadcast | Whether to automatically open the firewall for scheduler discovery.
|
| services.handheld-daemon.adjustor.enable | Whether to enable Handheld Daemon TDP control plugin.
|
| services.icecream.daemon.schedulerHost | Explicit scheduler hostname, useful in firewalled environments
|
| users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| hardware.system76.power-daemon.enable | Whether to enable the system76 power daemon
|
| services.accounts-daemon.enable | Whether to enable AccountsService, a DBus service for accessing
the list of user accounts and information attached to those accounts.
|
| boot.nixStoreMountOpts | Defines the mount options used on a bind mount for the /nix/store
|
| users.ldap.daemon.rootpwmodpwFile | The path to a file containing the credentials with which to bind to
the LDAP server if the root user tries to change a user's password.
|
| services.fail2ban.daemonSettings | The contents of Fail2ban's main configuration file
|
| services.nncp.daemon.socketActivation.listenStreams | TCP sockets to bind to
|
| hardware.system76.firmware-daemon.enable | Whether to enable the system76 firmware daemon
|
| services.foldingathome.daemonNiceLevel | Daemon process priority for FAHClient.
0 is the default Unix process priority, 19 is the lowest.
|
| services.tor.enable | Whether to enable Tor daemon
|
| services.fwupd.daemonSettings.EspLocation | The EFI system partition (ESP) path used if UDisks is not available
or if this partition is not mounted at /boot/efi, /boot, or /efi
|
| services.handheld-daemon.adjustor.package | The adjustor package to use.
|
| virtualisation.docker.daemon.settings | Configuration for docker daemon
|
| virtualisation.libvirtd.hooks.daemon | Hooks that will be placed under /var/lib/libvirt/hooks/daemon.d/
and called for daemon start/shutdown/SIGHUP events
|
| services.ceph.osd.daemons | A list of OSD daemons that should have a service created
|
| services.ceph.mon.daemons | A list of monitor daemons that should have a service created
|
| hardware.rasdaemon.enable | Whether to enable RAS logging daemon.
|
| services.ceph.mds.daemons | A list of metadata service daemons that should have a service created
|
| services.ceph.mgr.daemons | A list of names for manager daemons that should have a service created
|
| services.fwupd.daemonSettings.DisabledPlugins | List of plugins to be disabled.
|
| services.fwupd.daemonSettings.DisabledDevices | List of device GUIDs to be disabled.
|
| services.emacs.enable | Whether to enable a user service for the Emacs daemon
|
| services.nixops-dns.user | The user the nixops-dns daemon should run as
|
| services.gitDaemon.exportAll | Publish all directories that look like Git repositories (have the objects
and refs subdirectories), even if they do not have the git-daemon-export-ok file
|
| services.handheld-daemon.adjustor.loadAcpiCallModule | Whether to load the acpi_call kernel module
|
| services.lorri.enable | Enables the daemon for lorri, a nix-shell replacement for project
development
|
| nix.firewall.enable | Whether to enable firewalling for outgoing traffic of the nix daemon.
|
| services.spiped.config | Configuration for a secure pipe daemon
|
| virtualisation.docker.rootless.daemon.settings | Configuration for docker daemon
|
| services.ceph.rgw.daemons | A list of rados gateway daemons that should have a service created
|
| services.boinc.enable | Whether to enable the BOINC distributed computing client
|
| services.nncp.caller.enable | Whether to enable cron'ed NNCP TCP daemon caller
|
| hardware.opentabletdriver.daemon.enable | Whether to start OpenTabletDriver daemon as a systemd user service.
|
| services.avahi.enable | Whether to run the Avahi daemon, which allows Avahi clients
to use Avahi's service discovery facilities and also allows
the local machine to advertise its presence and services
(through the mDNS responder implemented by avahi-daemon).
|
| services.emacs.install | Whether to install a user service for the Emacs daemon
|
| services.kubo.user | User under which the Kubo daemon runs
|
| security.auditd.settings.space_left | If the free space in the filesystem containing log_file drops below this value, the audit daemon takes the action specified by
space_left_action
|
| services.aria2.enable | Whether or not to enable the headless Aria2 daemon service
|
| services.xrdp.port | Specifies on which port the xrdp daemon listens.
|
| services.tt-rss.user | User account under which both the update daemon and the web-application run.
|
| services.dspam.user | User for the dspam daemon.
|
| services.movim.port | Movim daemon port.
|
| services.amule.user | The user the aMule daemon should run as
|
| services.hound.user | User the hound daemon should execute under.
|
| services.kubo.group | Group under which the Kubo daemon runs
|
| services.usbmuxd.enable | Enable the usbmuxd ("USB multiplexing daemon") service
|
| virtualisation.docker.daemon.settings.live-restore | Allow dockerd to be restarted without affecting running container
|
| services.cntlm.port | Specifies on which ports the cntlm daemon listens.
|
| services.openafsClient.daemons | Number of daemons to serve user requests
|
| services.kanidm.unix.settings | Configure Kanidm unix daemon
|
| services.dspam.group | Group for the dspam daemon.
|
| services.kanidm.unixSettings | Configure Kanidm unix daemon
|
| services.mpdscribble.port | Port for the mpdscribble daemon to search for a mpd daemon on.
|
| services.mpdscribble.host | Host for the mpdscribble daemon to search for a mpd daemon on.
|
| services.psd.enable | Whether to enable the Profile Sync daemon.
|
| services.hound.group | Group the hound daemon should execute under.
|
| services.atd.enable | Whether to enable the at daemon, a command scheduler.
|
| services.mpd.enable | Whether to enable MPD, the music player daemon.
|
| services.tlp.enable | Whether to enable the TLP power management daemon.
|
| services.goss.enable | Whether to enable Goss daemon.
|
| services.ttyd.enable | Whether to enable ttyd daemon.
|
| services.cron.enable | Whether to enable the Vixie cron daemon.
|
| services.rsyncd.port | TCP port the daemon will listen on.
|
| services.bacula-sd.name | Specifies the Name of the Storage daemon.
|
| services.gpsd.enable | Whether to enable gpsd, a GPS service daemon.
|
| services.bird.enable | Whether to enable BIRD Internet Routing Daemon.
|
| services.guix.extraArgs | Extra flags to pass to the Guix daemon service.
|
| services.guix.enable | Whether to enable Guix build daemon service.
|
| services.keyd.enable | Whether to enable keyd, a key remapping daemon.
|
| services.sssd.enable | Whether to enable the System Security Services Daemon.
|
| services.mmsd.enable | Whether to enable Multimedia Messaging Service Daemon.
|
| services.gitDaemon.user | User under which Git daemon would be running.
|
| services.bacula-fd.tls | TLS Options for the File Daemon
|
| services.bacula-sd.tls | TLS Options for the Storage Daemon
|
| services.ceph.rgw.enable | Whether to enable Ceph RadosGW daemon.
|
| services.ceph.mgr.enable | Whether to enable Ceph MGR daemon.
|
| services.ceph.osd.enable | Whether to enable Ceph OSD daemon.
|
| services.ceph.mon.enable | Whether to enable Ceph MON daemon.
|
| services.ceph.mds.enable | Whether to enable Ceph MDS daemon.
|
| services.bird.config | BIRD Internet Routing Daemon configuration file.
http://bird.network.cz/
|
| services.tlp.pd.enable | Whether to enable the power-rofiles-daemon like DBus interface for TLP.
|
| virtualisation.xen.store.path | Path to the Xen Store Daemon
|
| services.amule.enable | Whether to enable aMule daemon.
|
| services.acpid.enable | Whether to enable the ACPI daemon.
|
| services.vault.enable | Whether to enable Vault daemon.
|
| services.lirc.enable | Whether to enable the LIRC daemon, to receive and send infrared signals.
|
| services.kubo.extraFlags | Extra flags passed to the Kubo daemon
|
| services.dunst.enable | Whether to enable Dunst notification daemon.
|
| services.fcron.enable | Whether to enable the fcron daemon.
|
| services.neard.enable | Whether to enable neard, an NFC daemon.
|
| services.rqbit.enable | Whether to enable rqbit BitTorrent daemon.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets | The subnets which this tinc daemon will serve
|
| services.usbguard.rules | The USBGuard daemon will load this as the policy rule set
|
| services.prometheus.exporters.rasdaemon.databasePath | Path to the RAS daemon machine check event database.
|
| hardware.ckb-next.gid | Limit access to the ckb daemon to a particular group.
|
| services.bacula-sd.port | Specifies port number on which the Storage daemon listens for
Director connections.
|
| services.gpm.enable | Whether to enable GPM, the General Purpose Mouse daemon,
which enables mouse support in virtual consoles.
|
| nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| services.rspamd.debug | Whether to run the rspamd daemon in debug mode.
|
| services.yandex-disk.user | The user the yandex-disk daemon should run as.
|
| nix.settings.allowed-users | A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon
|
| services.gitDaemon.group | Group under which Git daemon would be running.
|
| services.pcscd.extraArgs | Extra command line arguments to be passed to the PCSC daemon.
|
| services.mstpd.enable | Whether to enable the multiple spanning tree protocol daemon.
|
| services.lldpd.enable | Whether to enable Link Layer Discovery Protocol Daemon.
|
| services.rumno.extraArgs | Extra command-line arguments to pass to the rumno daemon.
|
| services.ivpn.enable | This option enables iVPN daemon
|
| services.nscd.config | Configuration to use for Name Service Cache Daemon
|
| services.freenet.nice | Set the nice level for the Freenet daemon
|
| services.murmur.logFile | Path to the log file for Murmur daemon
|
| services.slurm.user | Set this option when you want to run the slurmctld daemon
as something else than the default slurm user "slurm"
|
| services.consul.enable | Enables the consul daemon.
|
| services.kea.dhcp-ddns.extraArgs | List of additional arguments to pass to the daemon.
|
| services.ebusd.enable | Whether to enable ebusd, a daemon for communication with eBUS heating systems.
|
| services.illum.enable | Enable illum, a daemon for controlling screen brightness with brightness buttons.
|
| services.iptsd.enable | Whether to enable the userspace daemon for Intel Precise Touch & Stylus.
|
| services.pptpd.enable | Whether to enable pptpd, the Point-to-Point Tunneling Protocol daemon.
|
| services.frr.ldpd.options | Options for the FRR ldpd daemon.
|
| services.frr.pimd.options | Options for the FRR pimd daemon.
|
| services.frr.ripd.options | Options for the FRR ripd daemon.
|
| services.frr.bfdd.options | Options for the FRR bfdd daemon.
|
| services.frr.pbrd.options | Options for the FRR pbrd daemon.
|
| services.frr.bgpd.options | Options for the FRR bgpd daemon.
|
| services.pfix-srsd.enable | Whether to run the postfix sender rewriting scheme daemon.
|
| services.kea.dhcp4.extraArgs | List of additional arguments to pass to the daemon.
|
| services.kea.dhcp6.extraArgs | List of additional arguments to pass to the daemon.
|
| security.rtkit.args | Command-line options for rtkit-daemon.
|
| services.a2boot.enable | Whether to enable the a2boot daemon.
|
| services.deluge.enable | Whether to enable Deluge daemon.
|
| services.brltty.enable | Whether to enable the BRLTTY daemon.
|
| services.docuum.enable | Whether to enable docuum daemon.
|
| services.atalkd.enable | Whether to enable the AppleTalk daemon.
|
| services.todesk.enable | Whether to enable ToDesk daemon.
|
| services.rsyncd.enable | Whether to enable the rsync daemon.
|
| services.zenohd.enable | Whether to enable Zenoh daemon..
|
| services.samba.smbd.enable | Whether to enable Samba's smbd daemon.
|
| services.slurm.rest.enable | Whether to enable slurm REST daemon.
|
| hardware.rasdaemon.record | record events via sqlite3, required for ras-mc-ctl
|
| services.ulogd.enable | Whether to enable ulogd, a userspace logging daemon for netfilter/iptables related logging.
|
| services.ndppd.enable | Whether to enable daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces.
|
| services.quorum.enable | Whether to enable Quorum blockchain daemon.
|
| services.gammu-smsd.enable | Whether to enable gammu-smsd daemon.
|
| services.gobgpd.enable | Whether to enable GoBGP Routing Daemon.
|
| services.monero.enable | Whether to enable Monero node daemon.
|
| services.amule.package | The amule-daemon package to use.
|
| hardware.rasdaemon.labels | Additional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels
|
| hardware.rasdaemon.package | The rasdaemon package to use.
|
| services.tt-rss.phpPackage | php package to use for php fpm and update daemon.
|
| services.babeld.enable | Whether to enable the babeld network routing daemon.
|
| services.irkerd.enable | Whether to enable irker, an IRC notification daemon.
|
| services.colord.enable | Whether to enable colord, the color management daemon.
|
| services.mopidy.enable | Whether to enable Mopidy, a music player daemon.
|
| services.smartd.enable | Whether to enable smartd daemon from smartmontools package.
|
| services.xinetd.enable | Whether to enable the xinetd super-server daemon.
|
| services.mpd.network.port | This setting is the TCP port that is desired for the daemon to get assigned
to.
|
| services.bacula-sd.enable | Whether to enable Bacula Storage Daemon.
|
| services.bacula-fd.enable | Whether to enable the Bacula File Daemon.
|
| services.syslog-ng.enable | Whether to enable the syslog-ng daemon.
|
| services.openssh.ports | Specifies on which ports the SSH daemon listens.
|
| services.deluge.web.enable | Whether to enable Deluge Web daemon.
|
| services.kea.ctrl-agent.extraArgs | List of additional arguments to pass to the daemon.
|
| services.frr.zebra.options | Options for the FRR zebra daemon.
|
| services.frr.isisd.options | Options for the FRR isisd daemon.
|
| services.frr.nhrpd.options | Options for the FRR nhrpd daemon.
|
| services.frr.mgmtd.options | Options for the FRR mgmtd daemon.
|
| services.frr.ospfd.options | Options for the FRR ospfd daemon.
|
| services.frr.pathd.options | Options for the FRR pathd daemon.
|
| services.frr.vrrpd.options | Options for the FRR vrrpd daemon.
|
| services.frr.pim6d.options | Options for the FRR pim6d daemon.
|
| services.opendkim.user | User for the daemon.
|
| services.postsrsd.user | User for the daemon
|
| hardware.rasdaemon.testing | Whether to enable error injection infrastructure.
|
| services.devmon.enable | Whether to enable devmon, an automatic device mounting daemon.
|
| services.sftpgo.extraArgs | Additional command line arguments to pass to the sftpgo daemon.
|
| services.mptcpd.enable | Whether to enable the Multipath TCP path management daemon.
|
| services.akkoma.dist.epmdPort | TCP port to bind Erlang Port Mapper Daemon to.
|
| hardware.rasdaemon.config | rasdaemon configuration, currently only used for CE PFA
for details, read rasdaemon.outPath/etc/sysconfig/rasdaemon's comments
|
| services.bacula-dir.enable | Whether to enable Bacula Director Daemon.
|
| services.guix.package | The guix package to use
|
| services.pcscd.enable | Whether to enable PCSC-Lite daemon, to access smart cards using SCard API (PC/SC).
|
| services.epmd.enable | Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),
which acts as a name server on all hosts involved in distributed
Erlang computations.
|
| services.greetd.enable | Whether to enable greetd, a minimal and flexible login manager daemon.
|
| services.xl2tpd.enable | Whether to enable xl2tpd, the Layer 2 Tunnelling Protocol Daemon.
|
| services.bacula-sd.device | This option defines Device resources in Bacula Storage Daemon.
|
| services.mbpfan.enable | Whether to enable mbpfan, fan controller daemon for Apple Macs and MacBooks.
|
| services.nohang.enable | Whether to enable nohang, a daemon that keeps system responsiveness when Linux is out of memory.
|
| services.urxvtd.enable | Enable urxvtd, the urxvt terminal daemon
|
| services.htpdate.enable | Enable htpdate daemon.
|
| services.scx.enable | Whether to enable SCX service, a daemon to run schedulers from userspace.
This service requires a kernel with the Sched-ext feature
|
| services.quassel.user | The existing user the Quassel daemon should run as
|
| services.davfs2.davUser | When invoked by root the mount.davfs daemon will run as this user
|
| services.gns3-server.enable | Whether to enable GNS3 Server daemon.
|
| services.freenet.enable | Whether to enable Freenet daemon.
|
| services.flexget.enable | Whether to enable FlexGet daemon.
|
| services.lokinet.enable | Whether to enable Lokinet daemon.
|
| services.openbao.enable | Whether to enable OpenBao daemon.
|
| services.osquery.enable | Whether to enable osqueryd daemon.
|
| services.opendkim.group | Group for the daemon.
|
| services.postsrsd.group | Group for the daemon
|
| services.rkvm.server.enable | Whether to enable the rkvm server daemon (input transmitter).
|
| services.rkvm.client.enable | Whether to enable the rkvm client daemon (input receiver).
|
| services.clipcat.enable | Whether to enable Clipcat clipboard daemon.
|
| services.sysprof.enable | Whether to enable sysprof profiling daemon.
|
| services.solanum.enable | Whether to enable Solanum IRC daemon.
|
| virtualisation.incus.enable | Whether to enable incusd, a daemon that manages containers and virtual machines
|
| services.ceph.global.maxOpenFiles | Max open files for each OSD daemon.
|
| services.kubo.settings.Addresses.API | Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on
|
| services.frr.ospf6d.options | Options for the FRR ospf6d daemon.
|
| services.frr.ripngd.options | Options for the FRR ripngd daemon.
|
| services.frr.eigrpd.options | Options for the FRR eigrpd daemon.
|
| services.frr.babeld.options | Options for the FRR babeld daemon.
|
| services.frr.sharpd.options | Options for the FRR sharpd daemon.
|
| services.ipp-usb.enable | Whether to enable ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner.
|
| services.nscd.enable | Whether to enable the Name Service Cache Daemon
|
| services.ncdns.enable | Whether to enable ncdns, a Go daemon to bridge Namecoin to DNS
|
| services.https-dns-proxy.enable | Whether to enable https-dns-proxy daemon.
|
| services.ananicy.enable | Whether to enable Ananicy, an auto nice daemon.
|
| services.quassel.enable | Whether to enable the Quassel IRC client daemon.
|
| services.riemann.enable | Whether to enable Riemann network monitoring daemon.
|
| services.slurm.client.enable | Whether to enable slurm client daemon.
|
| services.tcsd.enable | Whether to enable tcsd, a Trusted Computing management service
that provides TCG Software Stack (TSS)
|
| hardware.rasdaemon.extraModules | extra kernel modules to load
|
| services.tuned.ppdSupport | Whether to enable translation of power-profiles-daemon API calls to TuneD.
|
| services.gnunet.enable | Whether to run the GNUnet daemon
|
| services.bacula-sd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.bacula-fd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.mpd.settings.port | This setting is the TCP port that is desired for the daemon to get assigned
to.
|
| services.siproxd.enable | Whether to enable the Siproxd SIP
proxy/masquerading daemon.
|
| services.corerad.enable | Whether to enable CoreRAD IPv6 NDP RA daemon.
|
| services.kthxbye.enable | Whether to enable kthxbye alert acknowledgement management daemon.
|
| services.speechd.enable | Whether to enable speech-dispatcher speech synthesizer daemon.
|
| services.redsocks.log | Where to send logs
|
| services.mullvad-vpn.enable | This option enables Mullvad VPN daemon.
|
| services.hdapsd.enable | Whether to enable Hard Drive Active Protection System Daemon,
devices are detected and managed automatically by udev and systemd
.
|
| services.kubo.settings | Attrset of daemon configuration
|
| services.tinc.networks | Defines the tinc networks which will be started
|
| services.wastebin.stateDir | State directory of the daemon.
|
| services.solanum.config | Solanum IRC daemon configuration file.
check https://github.com/solanum-ircd/solanum/blob/main/doc/reference.conf for all options.
|
| services.slurm.server.flags | Flags passed to slurmctld daemon, see slurmctld(8)
|
| services.frr.bgpd.extraOptions | Extra options to be appended to the FRR bgpd daemon options.
|
| services.frr.ripd.extraOptions | Extra options to be appended to the FRR ripd daemon options.
|
| services.frr.pimd.extraOptions | Extra options to be appended to the FRR pimd daemon options.
|
| services.frr.ldpd.extraOptions | Extra options to be appended to the FRR ldpd daemon options.
|
| services.frr.bfdd.extraOptions | Extra options to be appended to the FRR bfdd daemon options.
|
| services.frr.pbrd.extraOptions | Extra options to be appended to the FRR pbrd daemon options.
|
| services.saned.enable | Enable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
|
| services.gitDaemon.options | Extra configuration options to be passed to Git daemon.
|
| services.fprintd.enable | Whether to enable fprintd daemon and PAM module for fingerprint readers handling.
|
| services.trezord.enable | Enable Trezor bridge daemon, for use with Trezor hardware bitcoin wallets.
|
| services.octoprint.user | User for the daemon.
|
| services.incron.enable | Whether to enable the incron daemon
|
| services.bacula-dir.extraConfig | Extra configuration for Bacula Director Daemon.
|
| services.riemann-dash.enable | Enable the riemann-dash dashboard daemon.
|
| services.auto-cpufreq.enable | Whether to enable auto-cpufreq daemon.
|
| services.openssh.enable | Whether to enable the OpenSSH secure shell daemon, which
allows secure remote logins.
|
| services.rdnssd.enable | Whether to enable the RDNSS daemon
(rdnssd), which configures DNS servers in
/etc/resolv.conf from RDNSS
advertisements sent by IPv6 routers.
|
| services.nscd.enableNsncd | Whether to use nsncd instead of nscd from glibc
|
| services.quassel.portNumber | The port number the Quassel daemon will be listening to.
|
| services.mpd.startWhenNeeded | If set, mpd is socket-activated; that
is, instead of having it permanently running as a daemon,
systemd will start it on the first incoming connection.
|
| services.frr.staticd.options | Options for the FRR staticd daemon.
|
| services.frr.fabricd.options | Options for the FRR fabricd daemon.
|
| services.charybdis.user | Charybdis IRC daemon user.
|
| services.easytier.enable | Whether to enable EasyTier daemon.
|
| services.postgrey.enable | Whether to run the Postgrey daemon
|
| services.subsonic.enable | Whether to enable Subsonic daemon.
|
| services.usbguard.enable | Whether to enable USBGuard daemon.
|
| services.endlessh.port | Specifies on which port the endlessh daemon listens for SSH
connections
|
| services.frr.pathd.extraOptions | Extra options to be appended to the FRR pathd daemon options.
|
| services.frr.nhrpd.extraOptions | Extra options to be appended to the FRR nhrpd daemon options.
|
| services.frr.ospfd.extraOptions | Extra options to be appended to the FRR ospfd daemon options.
|
| services.frr.zebra.extraOptions | Extra options to be appended to the FRR zebra daemon options.
|
| services.frr.mgmtd.extraOptions | Extra options to be appended to the FRR mgmtd daemon options.
|
| services.frr.isisd.extraOptions | Extra options to be appended to the FRR isisd daemon options.
|
| services.frr.vrrpd.extraOptions | Extra options to be appended to the FRR vrrpd daemon options.
|
| services.frr.pim6d.extraOptions | Extra options to be appended to the FRR pim6d daemon options.
|
| services.tuned.ppdSettings | Settings for TuneD's power-profiles-daemon compatibility service.
|
| services.ergochat.enable | Whether to enable Ergo IRC daemon.
|
| services.twingate.enable | Whether to enable Twingate Client daemon.
|
| services.radicale.extraArgs | Extra arguments passed to the Radicale daemon.
|
| services.akkoma.dist.address | Listen address for Erlang distribution protocol and Port Mapper Daemon (epmd).
|
| services.slurm.procTrackType | Plugin to be used for process tracking on a job step basis
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| services.openssh.allowSFTP | Whether to enable the SFTP subsystem in the SSH daemon
|
| services.octoprint.group | Group for the daemon.
|
| services.bitlbee.hostName | Normally, BitlBee gets a hostname using getsockname()
|
| services.clipmenu.enable | Whether to enable clipmenu, the clipboard management daemon.
|
| services.hypridle.enable | Whether to enable hypridle, Hyprland's idle daemon.
|
| services.printing.enable | Whether to enable printing support through the CUPS daemon.
|
| services.spotifyd.enable | Whether to enable spotifyd, a Spotify playing daemon.
|
| services.thermald.enable | Whether to enable thermald, the temperature management daemon.
|
| services.znapzend.enable | Whether to enable ZnapZend ZFS backup daemon.
|
| services.lvm.dmeventd.enable | Whether to enable the LVM dmevent daemon.
|
| services.kubo.enable | Whether to enable the Interplanetary File System (WARNING: may cause severe network degradation)
|
| security.auditd.enable | Whether to enable the Linux Audit daemon.
|
| services.endlessh-go.port | Specifies on which port the endlessh-go daemon listens for SSH
connections
|
| services.haveged.enable | Whether to enable haveged entropy daemon, which refills /dev/random when low
|
| services.resilio.enable | If enabled, start the Resilio Sync daemon
|
| services.prometheus.exporters.rasdaemon.port | Port to listen on.
|
| services.ipfs-cluster.enable | Whether to enable Pinset orchestration for IPFS - requires ipfs daemon to be useful.
|
| services.tuned.ppdSettings.main | Core configuration for power-profiles-daemon support.
|
| services.sniproxy.config | sniproxy.conf configuration excluding the daemon username and pid file.
|
| services.dspam.domainSocket | Path to local domain socket which is used for communication with the daemon
|
| services.transmission.enable | Whether to enable the headless Transmission BitTorrent daemon
|
| services.rkvm.server.settings | Structured server daemon configuration
|
| services.rkvm.client.settings | Structured client daemon configuration
|
| services.radvd.enable | Whether to enable the Router Advertisement Daemon
(radvd), which provides link-local
advertisements of IPv6 router addresses and prefixes using
the Neighbor Discovery Protocol (NDP)
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.charybdis.group | Charybdis IRC daemon group.
|
| services.samba-wsdd.enable | Whether to enable Web Services Dynamic Discovery host daemon
|
| services.prometheus.exporters.rasdaemon.user | User name under which the rasdaemon exporter shall be run.
|
| services.printing.extraConf | Extra contents of the configuration file of the CUPS daemon
(cupsd.conf).
|
| services.resolved.enable | Whether to enable the Systemd DNS resolver daemon (systemd-resolved).
|
| services.bacula-sd.director | This option defines Director resources in Bacula Storage Daemon.
|
| services.bacula-fd.director | This option defines director resources in Bacula File Daemon.
|
| services.spice-webdavd.enable | Whether to enable the spice guest webdav proxy daemon.
|
| hardware.rasdaemon.mainboard | Custom mainboard description, see ras-mc-ctl(8) for more details.
|
| services.cross-seed.settings.port | Port the cross-seed daemon listens on.
|
| services.usbguard.dbus.enable | Whether to enable USBGuard dbus daemon.
|
| services.gitDaemon.basePath | Remap all the path requests as relative to the given path
|
| services.bitbox-bridge.enable | Whether to enable Bitbox bridge daemon, for use with Bitbox hardware wallets..
|
| services.frr.eigrpd.extraOptions | Extra options to be appended to the FRR eigrpd daemon options.
|
| services.frr.babeld.extraOptions | Extra options to be appended to the FRR babeld daemon options.
|
| services.frr.sharpd.extraOptions | Extra options to be appended to the FRR sharpd daemon options.
|
| services.frr.ospf6d.extraOptions | Extra options to be appended to the FRR ospf6d daemon options.
|
| services.frr.ripngd.extraOptions | Extra options to be appended to the FRR ripngd daemon options.
|
| services.octoprint.stateDir | State directory of the daemon.
|
| services.prometheus.exporters.rasdaemon.group | Group under which the rasdaemon exporter shall be run.
|
| services.zfs.zed.settings | ZFS Event Daemon /etc/zfs/zed.d/zed.rc content
See
zed(8)
for details on ZED and the scripts in /etc/zfs/zed.d to find the possible variables
|
| services.tahoe.nodes.<name>.sftpd.port | The port on which the SFTP server will listen
|
| services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| services.ax25.axlisten.config | Options that will be passed to the axlisten daemon.
|
| services.speedify.enable | This option enables Speedify daemon
|
| services.glusterfs.logLevel | Log level used by the GlusterFS daemon
|
| services.sslmate-agent.enable | Whether to enable sslmate-agent, a daemon for managing SSL/TLS certificates on a server.
|
| services.bacula-dir.port | Specify the port (a positive integer) on which the Director daemon
will listen for Bacula Console connections
|
| services.deluge.web.openFirewall | Open ports in the firewall for deluge web daemon
|
| services.kubo.serviceFdlimit | The fdlimit for the Kubo systemd unit or null to have the daemon attempt to manage it
|
| services.ax25.axlisten.enable | Whether to enable AX.25 axlisten daemon.
|
| services.prometheus.exporters.rasdaemon.enable | Whether to enable the prometheus rasdaemon exporter.
|
| services.glusterfs.enable | Whether to enable GlusterFS Daemon.
|
| services.netclient.enable | Whether to enable Netclient Daemon.
|
| services.miniupnpd.enable | Whether to enable MiniUPnP daemon.
|
| services.tinyproxy.enable | Whether to enable Tinyproxy daemon.
|
| services.goxlr-utility.autoStart.xdg | Start the daemon automatically using XDG autostart
|
| security.tpm2.abrmd.enable | Whether to enable Trusted Platform 2 userspace resource manager daemon
.
|
| services.smartd.extraOptions | Extra command-line options passed to the smartd
daemon on startup.
(See man 8 smartd.)
|
| services.charybdis.enable | Whether to enable Charybdis IRC daemon.
|
| services.charybdis.config | Charybdis IRC daemon configuration file.
|
| services.shellhub-agent.enable | Whether to enable ShellHub Agent daemon.
|
| services.openiscsi.enable | Whether to enable the openiscsi iscsi daemon.
|
| services.tailscale.enable | Whether to enable Tailscale client daemon.
|
| services.timesyncd.enable | Enables the systemd NTP client daemon.
|
| services.avahi.cacheEntriesMax | Number of resource records to be cached per interface
|
| services.bitcoind.<name>.enable | Whether to enable Bitcoin daemon.
|
| services.scion.scion-ip-gateway.config | scion-ip-gateway daemon configuration
|
| services.prometheus.exporters.rasdaemon.extraFlags | Extra commandline options to pass to the rasdaemon exporter.
|
| services.slurm.server.enable | Whether to enable the slurm control daemon
|
| services.spice-vdagentd.enable | Whether to enable Spice guest vdagent daemon.
|
| services.saslauthd.config | Configuration to use for Cyrus SASL authentication daemon.
|
| services.usbrelayd.enable | Whether to enable USB Relay MQTT daemon.
|
| services.avahi.nssmdns4 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
|
| services.frr.staticd.extraOptions | Extra options to be appended to the FRR staticd daemon options.
|
| services.frr.fabricd.extraOptions | Extra options to be appended to the FRR fabricd daemon options.
|
| services.geoclue2.enable | Whether to enable GeoClue 2 daemon, a DBus service
that provides location information for accessing.
|
| services.moosefs.master.enable | Enable MooseFS master daemon
|
| services.saslauthd.enable | Whether to enable saslauthd, the Cyrus SASL authentication daemon.
|
| services.slurm.enableStools | Whether to provide a slurm.conf file
|
| services.ebusd.extraArguments | Extra arguments to the ebus daemon
|
| services.multipath.enable | Whether to enable the device mapper multipath (DM-MP) daemon.
|
| services.orangefs.client.enable | Whether to enable OrangeFS client daemon.
|
| services.glusterfs.extraFlags | Extra flags passed to the GlusterFS daemon
|
| services.printing.extraFilesConf | Extra contents of the configuration file of the CUPS daemon
(cups-files.conf).
|
| services.kthxbye.openFirewall | Whether to open ports in the firewall needed for the daemon to function.
|
| services.hound.settings | The full configuration of the Hound daemon
|
| services.riemann-tools.enableHealth | Enable the riemann-health daemon.
|
| services.mpd.network.listenAddress | The address for the daemon to listen on
|
| programs.gnome-disks.enable | Whether to enable GNOME Disks daemon, a program designed to
be a UDisks2 graphical front-end.
|
| services.saunafs.master.enable | Enable Saunafs master daemon
|
| services.ergochat.settings | Ergo IRC daemon configuration file.
https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
|
| services.printing.browsedConf | The contents of the configuration. file of the CUPS Browsed daemon
(cups-browsed.conf)
|
| services.lact.settings | Settings for LACT
|
| services.hostapd.enable | Whether to enable hostapd, a user space daemon for access point and
authentication servers
|
| services.usbguard.ruleFile | This tells the USBGuard daemon which file to load as policy rule set
|
| services.netbird.clients.<name>.logLevel | Log level of the NetBird daemon.
|
| services.netbird.tunnels.<name>.logLevel | Log level of the NetBird daemon.
|
| services.prometheus.exporters.rasdaemon.listenAddress | Address to listen on.
|
| services.openssh.startWhenNeeded | If set, sshd is socket-activated; that
is, instead of having it permanently running as a daemon,
systemd will start an instance for each incoming connection.
|
| services.hardware.bolt.enable | Whether to enable Bolt, a userspace daemon to enable
security levels for Thunderbolt 3 on GNU/Linux
|
| services.expressvpn.enable | Enable the ExpressVPN daemon.
|
| services.prometheus.exporters.rasdaemon.openFirewall | Open port in firewall for incoming connections.
|
| services.endlessh.extraOptions | Additional command line options to pass to the endlessh daemon.
|
| services.usbguard.restoreControllerDeviceState | The USBGuard daemon modifies some attributes of controller
devices like the default authorization state of new child device
instances
|
| services.cloudflare-warp.rootDir | Working directory for the warp-svc daemon.
|
| services.usbmuxd.package | Which package to use for the usbmuxd daemon.
|
| services.gnome.gnome-keyring.enable | Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords
.
|
| services.irqbalance.enable | Whether to enable irqbalance daemon.
|
| services.nullmailer.enable | Whether to enable nullmailer daemon.
|
| services.picosnitch.enable | Whether to enable picosnitch daemon.
|
| services.playerctld.enable | Whether to enable the playerctld daemon.
|
| services.wgautomesh.enable | Whether to enable the wgautomesh daemon.
|
| services.apcupsd.enable | Whether to enable the APC UPS daemon. apcupsd monitors your UPS and
permits orderly shutdown of your computer in the event of a power
failure
|
| virtualisation.docker.enable | This option enables docker, a daemon that manages
linux containers
|
| services.prometheus.enable | Whether to enable Prometheus monitoring daemon.
|
| services.mozillavpn.enable | Whether to enable Mozilla VPN daemon.
|
| services.endlessh-go.extraOptions | Additional command line options to pass to the endlessh-go daemon.
|
| services.usbguard.IPCAllowedUsers | A list of usernames that the daemon will accept IPC connections from.
|
| programs.atop.atopgpu.enable | Whether to install and enable the atopgpud daemon to get information about
NVIDIA gpus.
|
| services.teamviewer.enable | Whether to enable TeamViewer daemon & system package.
|
| services.xe-guest-utilities.enable | Whether to enable the XenServer guest utilities daemon.
|
| services.hqplayerd.config | HQplayer daemon configuration, written to /etc/hqplayer/hqplayerd.xml
|
| services.fwupd.uefiCapsuleSettings | UEFI capsule configurations for the fwupd daemon.
|
| services.prometheus.exporters.rasdaemon.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.rasdaemon.openFirewall is true.
|
| services.irkerd.listenAddress | Specifies the bind address on which the irker daemon listens
|
| services.gitDaemon.enable | Enable Git daemon, which allows public hosting of git repositories
without any access controls
|
| virtualisation.lxd.enable | This option enables lxd, a daemon that manages
containers
|
| services.kanidm.client.settings | Configure Kanidm clients, needed for the PAM daemon
|
| services.infnoise.fillDevRandom | Whether to run the infnoise driver as a daemon to refill /dev/random
|
| services.printing.browsed.enable | Whether to enable the CUPS Remote Printer Discovery (browsed) daemon.
|
| services.kubo.localDiscovery | Whether to enable local discovery for the Kubo daemon
|
| services.shairport-sync.enable | Enable the shairport-sync daemon
|
| services.actkbd.enable | Whether to enable the actkbd key mapping daemon
|
| services.ddclient.extraConfig | Extra configuration
|
| programs.corefreq.enable | Whether to enable Whether to enable the corefreq daemon and kernel module.
|
| services.graphite.carbon.enableCache | Whether to enable carbon cache, the graphite storage daemon.
|
| services.toxBootstrapd.enable | Whether to enable the Tox DHT bootstrap daemon.
|
| services.lifecycled.enable | Whether to enable lifecycled, a daemon for responding to AWS AutoScaling Lifecycle Hooks.
|
| services.kanidm.clientSettings | Configure Kanidm clients, needed for the PAM daemon
|
| services.printing.startWhenNeeded | If set, CUPS is socket-activated; that is,
instead of having it permanently running as a daemon,
systemd will start it on the first incoming connection.
|
| hardware.sensor.hddtemp.extraArgs | Additional arguments passed to the daemon.
|
| services.tt-rss.updateDaemon.commandFlags | Command-line flags passed to the update daemon
|
| services.endlessh-go.listenAddress | Interface address to bind the endlessh-go daemon to SSH connections.
|
| services.usbguard.IPCAllowedGroups | A list of groupnames that the daemon will accept IPC connections
from.
|
| services.prometheus.exporters.rasdaemon.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.rasdaemon.openFirewall
is true
|
| services.teamspeak3.enable | Whether to run the Teamspeak3 voice communication server daemon.
|
| services.cloudflare-warp.enable | Whether to enable Cloudflare Zero Trust client daemon.
|
| services.icecream.scheduler.port | Server port to listen for icecream daemon requests.
|
| programs.gnupg.dirmngr.enable | Enables GnuPG network certificate management daemon with socket-activation for every user session.
|
| services.bitlbee.interface | The interface the BitlBee daemon will be listening to
|
| services.openssh.generateHostKeys | Whether to generate SSH host keys
|
| services.deluge.openFirewall | Whether to open the firewall for the ports in
services.deluge.config.listen_ports
|
| virtualisation.libvirtd.enable | This option enables libvirtd, a daemon that manages
virtual machines
|
| services.tinc.networks.<name>.settings | Configuration of the Tinc daemon for this network
|
| services.autosuspend.enable | Whether to enable the autosuspend daemon.
|
| services.meshtasticd.enable | Whether to enable Meshtastic daemon.
|
| services.displayManager.gdm.settings | Options passed to the gdm daemon
|
| hardware.openrazer.users | Usernames to be added to the "openrazer" group, so that they
can start and interact with the OpenRazer userspace daemon.
|
| hardware.openrazer.enable | Whether to enable OpenRazer drivers and userspace daemon
.
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| services.slurm.rest.environment | Environment variables to set for the slurmrestd daemon, see slurmrestd(8).
|
| virtualisation.docker.rootless.enable | This option enables docker in a rootless mode, a daemon that manages
linux containers
|
| services.toxBootstrapd.extraConfig | Configuration for bootstrap daemon
|
| services.cachefilesd.enable | Whether to enable cachefilesd network filesystems caching daemon.
|
| services.spiped.config.<name>.keyfile | Name of a file containing the spiped key
|
| services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| services.bacula-sd.autochanger | This option defines Autochanger resources in Bacula Storage Daemon.
|
| services.tor.torsocks.onionAddrRange | Tor hidden sites do not have real IP addresses
|
| services.netbird.clients.<name>.autoStart | Start the service with the system
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.avahi.denyInterfaces | List of network interfaces that should be ignored by the
avahi-daemon
|
| services.cloudflared.enable | Whether to enable Cloudflare Tunnel client daemon (formerly Argo Tunnel).
|
| services.prometheus.exporters.rasdaemon.enabledCollectors | List of error types to collect from the event database.
|
| services.mpdscribble.verbose | Log level for the mpdscribble daemon.
|
| services.saunafs.metalogger.enable | Whether to enable Saunafs metalogger daemon.
|
| services.gnome.gnome-online-accounts.enable | Whether to enable GNOME Online Accounts daemon, a service that provides
a single sign-on framework for the GNOME desktop.
|
| services.avahi.allowInterfaces | List of network interfaces that should be used by the avahi-daemon
|
| services.quassel.interfaces | The interfaces the Quassel daemon will be listening to
|
| services.shairport-sync.arguments | Arguments to pass to the daemon
|
| services.spamassassin.debug | Whether to run the SpamAssassin daemon in debug mode
|
| services.endlessh-go.prometheus.port | Specifies on which port the endlessh-go daemon listens for Prometheus
queries.
|
| services.guix.substituters.urls | A list of substitute servers' URLs for the Guix daemon to download
substitutes from.
|
| services.postfix.masterConfig.<name>.command | A program name specifying a Postfix service/daemon process
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.watchdogd.settings.safe-exit | With safeExit enabled, the daemon will ask the driver to disable the WDT before exiting
|
| services.moosefs.metalogger.enable | Whether to enable MooseFS metalogger daemon that maintains a backup copy of the master's metadata.
|
| services.traefik.dynamic.files | Dynamic configuration files to write
|
| services.collabora-online.settings | Configuration for Collabora Online WebSocket Daemon, see
https://sdk.collaboraonline.com/docs/installation/Configuration.html, or
https://github.com/CollaboraOnline/online/blob/master/coolwsd.xml.in for the default
configuration.
|
| services.spamassassin.enable | Whether to enable the SpamAssassin daemon.
|
| services.neo4j.directories.home | Path of the Neo4j home directory
|
| services.gocd-agent.environment | Additional environment variables to be passed to the Go
|
| services.cron.systemCronJobs | A list of Cron jobs to be appended to the system-wide
crontab
|
| hardware.bumblebee.enable | Enable the bumblebee daemon to manage Optimus hybrid video cards
|
| services.triggerhappy.enable | Whether to enable the triggerhappy hotkey daemon.
|
| services.knot-resolver.settings.workers | The number of running kresd (Knot Resolver daemon) workers
|
| services.tailscale.derper.verifyClients | Whether to verify clients against a locally running tailscale daemon if they are allowed to connect to this node or not.
|
| services.bacula-sd.device.<name>.mediaType | The specified name-string names the type of media supported by this
device, for example, DLT7000
|
| services.xserver.displayManager.gdm.settings | Options passed to the gdm daemon
|
| services.saunafs.chunkserver.enable | Whether to enable Saunafs chunkserver daemon.
|
| services.cgit.<name>.gitHttpBackend.enable | Whether to bypass cgit and use git-http-backend for HTTP clones
|
| services.neo4j.directories.data | Path of the data directory
|
| services.gocd-server.environment | Additional environment variables to be passed to the gocd-server process
|
| services.fastnetmon-advanced.enable | Whether to enable the fastnetmon-advanced DDoS Protection daemon.
|
| services.usbguard.insertedDevicePolicy | How to treat USB devices that are already connected after the daemon
starts
|
| services.sourcehut.settings."todo.sr.ht::mail".sock-group | The lmtp daemon will make the unix socket group-read/write
for users in this group.
|
| services.transmission.home | The directory where Transmission will create .config/transmission-daemon.
as well as Downloads/ unless
services.transmission.settings.download-dir is changed,
and .incomplete/ unless
services.transmission.settings.incomplete-dir is changed.
|
| services.postfix.settings.master.<name>.command | A program name specifying a Postfix service/daemon process
|
| services.moosefs.chunkserver.enable | Whether to enable MooseFS chunkserver daemon that stores file data.
|
| services.icecream.scheduler.openFirewall | Whether to automatically open the daemon port in the firewall.
|
| services.pantheon.parental-controls.enable | Whether to enable Pantheon parental controls daemon.
|
| services.matrix-appservice-irc.needBindingCap | Whether the daemon needs to bind to ports below 1024 (e.g. for the ident service)
|
| services.hardware.deepcool-digital-linux.enable | Whether to enable DeepCool Digital monitoring daemon.
|
| services.localtimed.enable | Enable localtimed, a simple daemon for keeping the
system timezone up-to-date based on the current location
|
| services.usbguard.presentDevicePolicy | How to treat USB devices that are already connected when the daemon
starts
|
| services.hddfancontrol.enable | Whether to enable hddfancontrol daemon.
|
| services.torrentstream.enable | Whether to enable TorrentStream daemon.
|
| services.nullidentdmod.enable | Whether to enable the nullidentdmod identd daemon.
|
| services.hardware.deepcool-digital-linux.extraArgs | Extra command line arguments to be passed to the deepcool-digital-linux daemon.
|
| services.neo4j.ssl.policies.<name>.revokedDir | Path to directory of CRLs (Certificate Revocation Lists) in
PEM format
|
| security.auditd.plugins.<name>.format | Binary passes the data exactly as the audit event dispatcher gets it from
the audit daemon
|
| services.jenkins.environment | Additional environment variables to be passed to the jenkins process
|
| services.mjolnir.pantalaimon.options.logLevel | Set the log level of the daemon.
|
| services.sourcehut.settings."lists.sr.ht::worker".sock-group | The lmtp daemon will make the unix socket group-read/write
for users in this group.
|
| hardware.nvidia.dynamicBoost.enable | Whether to enable dynamic Boost balances power between the CPU and the GPU for improved
performance on supported laptops using the nvidia-powerd daemon
|
| services.neo4j.directories.imports | The root directory for file URLs used with the Cypher
LOAD CSV clause
|
| services.neo4j.ssl.policies.<name>.trustedDir | Path to directory of X.509 certificates in PEM format for
trusted parties
|
| services.neo4j.directories.plugins | Path of the database plugin directory
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.endlessh-go.prometheus.listenAddress | Interface address to bind the endlessh-go daemon to answer Prometheus
queries.
|
| services.nixseparatedebuginfod.nixPackage | The version of nix that nixseparatedebuginfod should use as client for the nix daemon
|
| services.transmission.settings | Settings whose options overwrite fields in
.config/transmission-daemon/settings.json
(each time the service starts)
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.mpdscribble.passwordFile | File containing the password for the mpd daemon
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.torrentstream.openFirewall | Open ports in the firewall for TorrentStream daemon.
|
| services.evdevremapkeys.enable | Whether to enable evdevremapkeys, a daemon to remap events on linux input devices.
|
| services.cyrus-imap.imapdSettings.notifysocket | Unix domain socket that the mail notification daemon listens on.
|
| services.usbguard.presentControllerPolicy | How to treat USB controller devices that are already connected when
the daemon starts
|
| services.mjolnir.pantalaimon.options.listenPort | The port where the daemon will listen to client connections for
this homeserver
|
| programs.ssh.forwardX11 | Whether to request X11 forwarding on outgoing connections by default
|
| security.auditd.settings.admin_space_left | This is a numeric value in mebibytes (MiB) that tells the audit daemon when to perform a configurable action because the system is running
low on disk space
|
| services.bacula-sd.device.<name>.archiveDevice | The specified name-string gives the system file name of the storage
device managed by this storage daemon
|
| services.mjolnir.pantalaimon.options.listenAddress | The address where the daemon will listen to client connections
for this homeserver.
|
| services.dbus.implementation | The implementation to use for the message bus defined by the D-Bus specification
|
| networking.dhcpcd.persistent | Whether to leave interfaces configured on dhcpcd daemon
shutdown
|
| services.automatic-timezoned.enable | Enable automatic-timezoned, simple daemon for keeping the system
timezone up-to-date based on the current location
|
| services.firewalld.settings.IndividualCalls | Whether to use individual -restore calls to apply changes to the firewall
|
| services.tuned.settings.sleep_interval | Interval in which the TuneD daemon is waken up and checks for events (in seconds).
|
| services.gotosocial.environmentFile | File path containing environment variables for configuring the GoToSocial service
in the format of an EnvironmentFile as described by systemd.exec(5)
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.netbird.tunnels.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| services.netbird.clients.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.pantalaimon-headless.instances.<name>.logLevel | Set the log level of the daemon.
|
| services.mpd.settings.bind_to_address | The address for the daemon to listen on
|
| virtualisation.vswitch.enable | Whether to enable Open vSwitch
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| virtualisation.xen.store.settings.pidFile | Path to the Xen Store Daemon PID file.
|
| virtualisation.xen.store.settings | The OCaml-based Xen Store Daemon configuration
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.glusterfs.enableGlustereventsd | Whether to enable the GlusterFS Events Daemon
|
| virtualisation.docker.extraOptions | The extra command-line options to pass to
docker daemon.
|
| virtualisation.docker.extraPackages | Extra packages to add to PATH for the docker daemon process.
|
| services.pantalaimon-headless.instances.<name>.listenPort | The port where the daemon will listen to client connections for
this homeserver
|
| services.strongswan-swanctl.swanctl.authorities.<name>.file | Absolute path to the certificate to load
|
| services.pantalaimon-headless.instances.<name>.listenAddress | The address where the daemon will listen to client connections
for this homeserver.
|
| networking.wireless.enableHardening | Whether to apply security hardening measures to wpa_supplicant
|
| services.pipewire.wireplumber.extraConfig | Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
supported way to run WirePlumber configured via extraConfig)
|
| services.strongswan-swanctl.swanctl.connections.<name>.encap | To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
NAT detection payloads
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.neo4j.directories.certificates | Directory for storing certificates to be used by Neo4j for
TLS connections
|
| virtualisation.docker.rootless.extraPackages | Extra packages to add to PATH for the docker daemon process.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| services.transmission.downloadDirPermissions | If not null, is used as the permissions
set by system.activationScripts.transmission-daemon
on the directories services.transmission.settings.download-dir,
services.transmission.settings.incomplete-dir.
and services.transmission.settings.watch-dir
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies | Whether to install IPsec policies or not
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.host | Address of the Docker daemon.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| services.strongswan-swanctl.swanctl.connections.<name>.fragmentation | Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation)
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.host | Address of the Docker daemon.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts | List of local traffic selectors to include in CHILD_SA
|
| services.wgautomesh.settings.upnp_forward_external_port | Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD.
|