| services.buffyboard.settings.input.pointer | Enable or disable the use of a hardware mouse or other pointing device.
|
| services.suricata.settings.app-layer.protocols | app-layer protocols, see upstream docs.
|
| services.parsedmarc.settings.mailbox.watch | Use the IMAP IDLE command to process messages as they arrive.
|
| services.prometheus.exporters.script.settings.scripts | All settings expressed as an Nix attrset
|
| services.mosquitto.listeners.*.settings | Additional settings for this listener.
|
| services.xonotic.settings.maxplayers | Number of player slots on the server, including spectators.
|
| services.suricata.settings.unix-command | Unix command socket that can be used to pass commands to Suricata
|
| services.sourcehut.settings."lists.sr.ht::worker".reject-url | Reject URL.
|
| services.postgresql.settings | PostgreSQL configuration
|
| services.cryptpad.settings.blockDailyCheck | Disable telemetry
|
| services.sabnzbd.settings.servers.<name>.timeout | Time, in seconds, to wait for a response before
attempting error recovery.
|
| services.sourcehut.settings."builds.sr.ht".oauth-client-id | builds.sr.ht's OAuth client id for meta.sr.ht.
|
| services.sourcehut.settings."hg.sr.ht".oauth-client-secret | hg.sr.ht's OAuth client secret for meta.sr.ht.
|
| services.watchdogd.settings.loadavg.enabled | Whether to enable watchdogd plugin loadavg.
|
| services.watchdogd.settings.meminfo.enabled | Whether to enable watchdogd plugin meminfo.
|
| services.libeufin.nexus.settings.nexus-ebics.BANK_DIALECT | Name of the following combination: EBICS version and ISO20022
recommendations that Nexus would honor in the communication with the
bank
|
| services.postfix-tlspol.settings.server.prefetch | Whether to prefetch DNS records when the TTL of a cached record is about to expire.
|
| services.grafana-image-renderer.settings | Configuration attributes for grafana-image-renderer.
|
| services.suricata.settings.vars.address-groups.ENIP_SERVER | ENIP_SERVER variable.
|
| services.suricata.settings.vars.address-groups.ENIP_CLIENT | ENIP_CLIENT variable.
|
| services.sslh.settings.transparent | Whether the services behind sslh (Apache, sshd and so on) will see the
external IP and ports as if the external world connected directly to
them.
|
| services.sftpgo.settings.httpd.bindings.*.address | Network listen address
|
| services.sftpgo.settings.sftpd.bindings.*.address | Network listen address
|
| services.saunafs.metalogger.settings.DATA_PATH | Data storage directory
|
| services.prowlarr.settings.update.mechanism | which update mechanism to use
|
| services.whisparr.settings.update.mechanism | which update mechanism to use
|
| services.litellm.settings.model_list | List of supported models on the server, with model-specific configs.
|
| services.mautrix-telegram.settings | config.yaml configuration as a Nix attribute set
|
| services.tor.relay.onionServices.<name>.settings.RendPostPeriod | See torrc manual.
|
| services.watchdogd.settings.loadavg.warning | The high watermark level
|
| services.watchdogd.settings.meminfo.warning | The high watermark level
|
| services.logrotate.settings.<name>.enable | Whether to enable setting individual kill switch.
|
| services.languagetool.settings | Configuration file options for LanguageTool, see
'languagetool-http-server --help'
for supported settings.
|
| services.buffyboard.settings.theme.default | Selects the default theme on boot
|
| services.grafana.settings.users.login_hint | Text used as placeholder text on login page for login/username input.
|
| services.postsrsd.settings.separator | SRS tag separator used in generated sender addresses
|
| services.go-csp-collector.settings.output-format | Define how the violation reports are formatted for output.
|
| services.reposilite.settings.cachedLogSize | Amount of messages stored in the cache logger.
|
| services.sourcehut.settings."git.sr.ht".post-update-script | A post-update script which is installed in every git repo
|
| services.waagent.settings.ResourceDisk.MountPoint | This option specifies the path at which the resource disk is mounted
|
| services.spacecookie.settings.root | The directory spacecookie should serve via gopher
|
| services.headscale.settings.oidc.client_id | OpenID Connect client ID.
|
| services.moosefs.metalogger.settings.DATA_PATH | Directory for storing metalogger data.
|
| services.tlsrpt.collectd.settings.log_level | Level of log messages to emit.
|
| services.watchdogd.settings.filenr.interval | Amount of seconds between every poll.
|
| services.reposilite.settings.keyPath | Path to the .jsk KeyStore or paths to the PKCS#8 certificate and private key, separated by a space (see example)
|
| services.saunafs.metalogger.settings | Contents of metalogger config file (see sfsmetalogger.cfg(5)).
|
| services.syncthing.settings.folders.<name>.type | Controls how the folder is handled by Syncthing
|
| services.watchdogd.settings.meminfo.logmark | Whether to log current stats every poll interval.
|
| services.watchdogd.settings.loadavg.logmark | Whether to log current stats every poll interval.
|
| services.fediwall.settings.loadFederated | Load federated posts
|
| services.immich-kiosk.settings.immich_url | URL of the immich instance.
|
| services.bluesky-pds.settings.PDS_DATA_DIRECTORY | Directory to store state
|
| services.sourcehut.settings.objects.s3-secret-key | An absolute file path (which should be outside the Nix-store)
to the secret key of the S3-compatible object storage service.
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.postfix.settings.main.mynetworks | List of trusted remote SMTP clients, that are allowed to relay mail
|
| services.waagent.settings.ResourceDisk.EnableSwap | If enabled, the agent creates a swap file (/swapfile) on the resource disk
and adds it to the system swap space
|
| services.sourcehut.settings."git.sr.ht".oauth-client-secret | git.sr.ht's OAuth client secret for meta.sr.ht.
|
| services.sourcehut.settings."hub.sr.ht".oauth-client-secret | hub.sr.ht's OAuth client secret for meta.sr.ht.
|
| services.sourcehut.settings."man.sr.ht".oauth-client-secret | man.sr.ht's OAuth client secret for meta.sr.ht.
|
| services.keyd.keyboards.<name>.settings | Configuration, except ids section, that is written to /etc/keyd/.conf
|
| services.opensnitch.settings.Ebpf.ModulesPath | Configure eBPF modules path
|
| services.cryptpad.settings.websocketPort | Port for the websocket that needs to be separate
|
| services.filebrowser.settings.cache-dir | The directory where FileBrowser stores its cache.
|
| services.tor.settings.ServerDNSDetectHijacking | See torrc manual.
|
| services.tor.settings.PaddingStatistics | See torrc manual.
|
| services.tor.settings.ControlPortFileGroupReadable | See torrc manual.
|
| services.suricata.settings.threshold-file | Suricata threshold configuration file.
|
| services.reposilite.settings.enforceSsl | Whether to redirect all traffic to SSL.
|
| services.sourcehut.settings."lists.sr.ht::worker".sock-group | The lmtp daemon will make the unix socket group-read/write
for users in this group.
|
| services.evremap.settings.dual_role.*.input | The key that should be remapped
|
| services.suricata.settings.outputs | Configure the type of alert (and other) logging you would like
|
| services.froide-govplan.settings.ALLOWED_HOSTS | A list of valid fully-qualified domain names (FQDNs) and/or IP
addresses that can be used to reach the Froide-Govplan service.
|
| services.nextcloud.settings.log_type | Logging backend to use.
systemd automatically adds the php-systemd extensions to services.nextcloud.phpExtraExtensions
|
| services.misskey.settings.redisForTimelines | ioredis options for timelines
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.path | Stream URL
|
| services.logrotate.settings.<name>.files | Single or list of files for which rules are defined
|
| services.rkvm.client.settings.certificate | TLS ceritficate path.
This should be generated with rkvm-certificate-gen.
|
| services.rkvm.server.settings.certificate | TLS certificate path.
This should be generated with rkvm-certificate-gen.
|
| services.stash.settings.stash_boxes | Stash-box facilitates automated tagging of scenes and performers based on fingerprints and filenames
|
| services.suricata.settings.logging.outputs.syslog.format | Logformat for logs send to syslog.
|
| services.suricata.settings.logging.outputs.syslog.enable | Whether to enable logging to syslog.
|
| services.vmalert.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| services.fediwall.settings.hideSensitive | Hide sensitive (potentially NSFW) posts
|
| services.openssh.settings.X11Forwarding | Whether to allow X11 connections to be forwarded.
|
| services.wastebin.settings.WASTEBIN_BASE_URL | Base URL for the QR code display
|
| services.readarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.warpgate.settings.recordings.path | Path to store session recordings.
|
| <imports = [ pkgs.php.services.default ]>.php-fpm.settings.log_level | Error log level.
|
| services.sourcehut.settings."sr.ht".network-key | An absolute file path (which should be outside the Nix-store)
to a secret key to encrypt internal messages with
|
| services.immichframe.settings | Configuration for ImmichFrame
|
| services.autosuspend.settings | Configuration for autosuspend, see
https://autosuspend.readthedocs.io/en/latest/configuration_file.html#general-configuration
for supported values.
|
| services.mollysocket.settings | Configuration for MollySocket
|
| services.libeufin.nexus.settings.nexus-ebics.BANK_PUBLIC_KEYS_FILE | Filesystem location where Nexus should store the bank public keys.
|
| services.snapserver.settings.http.doc_root | Path to serve from the HTTP servers root.
|
| services.reposilite.settings.sslEnabled | Whether to listen for encrypted connections on settings.sslPort.
|
| services.wgautomesh.settings.peers.*.pubkey | Wireguard public key of this peer.
|
| services.suricata.settings.vars.address-groups.DC_SERVERS | DC_SERVERS variable.
|
| services.firezone.server.settingsSecret | This is a convenience option which allows you to set secret values for
environment variables by specifying a file which will contain the value
at runtime
|
| services.routinator.settings.rtr-listen | An array of string values each providing an address and port on which the RTR server should listen in TCP mode
|