| services.authelia.instances.<name>.settings.log.level | Level of verbosity for logs.
|
| services.pretalx.settings.filesystem.static | Path to the directory that contains static files.
|
| services.transmission.settings.watch-dir | Watch a directory for torrent files and add them to transmission.
|
| services.parsedmarc.settings.mailbox.delete | Delete messages after processing them, instead of archiving them.
|
| services.opensnitch.settings.Audit.AudispSocketPath | Configure audit socket path
|
| services.journald.remote.settings.Remote.SplitMode | With "host", a separate output file is used, based on the
hostname of the other endpoint of a connection
|
| services.suricata.settings.unix-command | Unix command socket that can be used to pass commands to Suricata
|
| services.sourcehut.settings."git.sr.ht".post-update-script | A post-update script which is installed in every git repo
|
| services.taler.merchant.settings.merchant.SERVE | Whether the HTTP server should listen on a UNIX domain socket ("unix") or on a TCP socket ("tcp").
|
| services.wgautomesh.settings.peers.*.address | Wireguard address of this peer (a single IP address, multiple
addresses or address ranges are not supported).
|
| services.yggdrasil.settings.AllowedPublicKeys | List of peer public keys to allow incoming peering connections from
|
| services.sourcehut.settings."meta.sr.ht".welcome-emails | Whether to enable sending stock sourcehut welcome emails after signup.
|
| services.epgstation.settings.socketioPort | Socket.io port for EPGStation to listen on
|
| services.canaille.settings.PREFERRED_URL_SCHEME | The url scheme by which canaille will be served.
|
| services.grafana-image-renderer.settings.browser.path | Path to the executable of the chromium to use.
|
| services.globalprotect.settings | GlobalProtect-openconnect configuration
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| services.yggdrasil.settings.PrivateKeyPath | Path to the private key file on the host system
|
| services.sourcehut.settings."lists.sr.ht::worker".sock-group | The lmtp daemon will make the unix socket group-read/write
for users in this group.
|
| services.reposilite.settings.keyPath | Path to the .jsk KeyStore or paths to the PKCS#8 certificate and private key, separated by a space (see example)
|
| services.opensnitch.settings.DefaultAction | Default action whether to block or allow application internet
access.
|
| services.misskey.settings.meilisearch.apiKey | The Meilisearch API key.
|
| services.tor.settings.CacheDirectoryGroupReadable | See torrc manual.
|
| services.kerberos_server.settings | Settings for the kerberos server of choice
|
| services.scrutiny.settings.web.listen.basepath | If Scrutiny will be behind a path prefixed reverse proxy, you can override this
value to serve Scrutiny on a subpath.
|
| services.anuko-time-tracker.settings.email.smtpPasswordFile | Path to file containing the MTA authentication password.
|
| services.omnom.settings.activitypub.pubkey | ActivityPub public key
|
| services.matrix-appservice-irc.settings.ircService | IRC bridge configuration
|
| services.sourcehut.settings.objects.s3-secret-key | An absolute file path (which should be outside the Nix-store)
to the secret key of the S3-compatible object storage service.
|
| services.hercules-ci-agent.settings.workDirectory | The directory in which temporary subdirectories are created for task state
|
| services.grafana-image-renderer.settings.service.port | The TCP port to use for the rendering server.
|
| services.mackerel-agent.settings.diagnostic | Whether to enable collecting memory usage for the agent itself.
|
| services.headscale.settings.prefixes.v4 | Each prefix consists of either an IPv4 or IPv6 address,
and the associated prefix length, delimited by a slash
|
| services.headscale.settings.prefixes.v6 | Each prefix consists of either an IPv4 or IPv6 address,
and the associated prefix length, delimited by a slash
|
| services.schleuder.settings.keyserver | Key server from which to fetch and update keys
|
| services.swapspace.settings.cooldown | Duration (roughly in seconds) of the moratorium on swap allocation that is instated if disk space runs out, or the cooldown time after a new swapfile is successfully allocated before swapspace will consider deallocating swap space again
|
| services.headscale.settings.database.type | Database engine to use
|
| services.grafana.settings.smtp.skip_verify | Verify SSL for SMTP server.
|
| services.libeufin.nexus.settings.nexus-ebics.CURRENCY | Name of the fiat currency.
|
| services.suwayomi-server.settings.server.localSourcePath | Path to the local source folder.
|
| services.ocsinventory-agent.settings | Configuration for /etc/ocsinventory-agent/ocsinventory-agent.cfg
|
| services.angrr.settings.profile-policies.<name>.keep-latest-n | Keep the latest N GC roots in this profile.
|
| services.listmonk.database.settings.smtp.*.enabled | Whether to enable this SMTP server for listmonk.
|
| services.filebrowser.settings.database | The path to FileBrowser's Bolt database.
|
| services.opensnitch.settings.ProcMonitorMethod | Which process monitoring method to use.
|
| services.matrix-tuwunel.settings.global.address | Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
|
| services.watchdogd.settings.filenr.critical | The critical watermark level
|
| services.sourcehut.settings."hg.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| programs.openvpn3.log-service.settings.log_level | How verbose should the logging be
|
| services.ocsinventory-agent.settings.ca | Path to CA certificates file in PEM format, for server
SSL certificate validation.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| services.filesender.settings.site_url | Site URL
|
| services.easytier.instances.<name>.settings.ipv4 | IPv4 cidr address of this peer in the virtual network
|
| services.evremap.settings.device_name | The name of the device that should be remapped
|
| services.privoxy.settings.actionsfile | List of paths to Privoxy action files
|
| services.maubot.settings.homeservers | Known homeservers
|
| services.slskd.settings.shares.directories | Paths to shared directories
|
| virtualisation.podman.defaultNetwork.settings | Settings for podman's default network.
|
| services.sourcehut.settings."meta.sr.ht::billing".enabled | Whether to enable the billing system.
|
| services.omnom.settings.smtp.send_timeout | Send timeout duration in seconds.
|
| services.watchdogd.settings.meminfo.interval | Amount of seconds between every poll.
|
| services.watchdogd.settings.loadavg.interval | Amount of seconds between every poll.
|
| services.syncthing.settings.folders.<name>.enable | Whether to share this folder
|
| services.reposilite.settings.ioThreadPool | The IO thread pool handles all tasks that may benefit from non-blocking IO. (min: 2)
Because most tasks are redirected to IO thread pool, it might be a good idea to keep it at least equal to web thread pool.
|
| services.suricata.settings.af-packet.*.interface | af-packet capture interface, see upstream docs reagrding tuning.
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.firewalld.settings.CleanupModulesOnExit | Whether to unload all firewall-related kernel modules when firewalld stops.
|
| services.matrix-continuwuity.settings | Generates the continuwuity.toml configuration file
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles | List of roles for this stream
|
| services.tor.settings.AuthDirHasIPv6Connectivity | See torrc manual.
|
| services.suricata.settings.vars.address-groups.DNP3_SERVER | DNP3_SERVER variable.
|
| services.suricata.settings.vars.address-groups.DNP3_CLIENT | DNP3_CLIENT variable.
|
| services.firezone.server.domain.settings | Environment variables for this component of the Firezone server
|
| services.grafana.settings.database.ssl_mode | For Postgres, use either disable, require or verify-full
|
| services.hercules-ci-agent.settings.binaryCachesPath | Path to a JSON file containing binary cache secret keys
|
| services.reposilite.settings.webThreadPool | Maximum amount of threads used by the core thread pool. (min: 5)
The web thread pool handles the first few steps of incoming HTTP connections, tasks are redirected as soon as possible to the IO thread pool.
|
| services.sourcehut.settings."git.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."man.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."hub.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.slskd.settings.retention.files.complete | Lifespan of completely downloaded files in minutes.
|
| services.veilid.settings.logging.terminal.enabled | Events of type 'terminal' will be logged.
|
| services.epgstation.settings.mirakurunPath | URL to connect to Mirakurun.
|
| services.opensearch.settings."discovery.type" | The type of discovery to use.
|
| services.misskey.settings.meilisearch.scope | The search scope.
|
| services.inadyn.settings.provider.<name>.password | Password for this DDNS provider
|
| networking.networkmanager.settings | Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this
|
| services.sftpgo.settings.httpd.bindings.*.address | Network listen address
|
| services.sftpgo.settings.sftpd.bindings.*.address | Network listen address
|
| services.sourcehut.settings."lists.sr.ht".oauth-client-secret | lists.sr.ht's OAuth client secret for meta.sr.ht.
|
| services.sourcehut.settings."paste.sr.ht".oauth-client-secret | paste.sr.ht's OAuth client secret for meta.sr.ht.
|
| services.sourcehut.settings."pages.sr.ht".oauth-client-secret | pages.sr.ht's OAuth client secret for meta.sr.ht.
|
| services.headscale.settings.database.sqlite.path | Path to the sqlite3 database file.
|
| services.immichframe.settings.Accounts | Accounts configuration, multiple are permitted
|
| services.nextcloud-spreed-signaling.settings | Declarative configuration
|
| services.radicle.ci.broker.settings.triggers.*.adapter | Adapter name.
|
| services.radicle.ci.broker.settings.triggers.*.filters | Trigger filter.
|
| services.anubis.defaultOptions.settings.POLICY_FNAME | The policy file to use
|
| services.pretix.settings.memcached.location | The host:port combination or the path to the UNIX socket of a memcached instance
|
| services.postfix.settings.main.mynetworks | List of trusted remote SMTP clients, that are allowed to relay mail
|
| services.waagent.settings.ResourceDisk.EnableSwap | If enabled, the agent creates a swap file (/swapfile) on the resource disk
and adds it to the system swap space
|