| services.bluesky-pds.settings.PDS_RATE_LIMITS_ENABLED | Enable rate limiting
|
| services.geth.<name>.package | The geth package to use.
|
| services.cgit.<name>.package | The cgit package to use.
|
| services.uhub.<name>.plugins | Uhub plugin configuration.
|
| services.suricata.settings.vars.address-groups.HOME_NET | HOME_NET variable.
|
| services.scion.scion-dispatcher.settings | scion-dispatcher configuration
|
| services.postgrest.settings.admin-server-port | Specifies the port for the admin server, which can be used for healthchecks.
https://docs.postgrest.org/en/stable/references/admin_server.html#admin-server
|
| services.postsrsd.settings.socketmap | Listener configuration in socket map format native to Postfix configuration.
|
| services.tor.settings.ServerTransportPlugin.exec | Command of pluggable transport.
|
| services.mautrix-telegram.settings | config.yaml configuration as a Nix attribute set
|
| services.firewalld.settings.LogDenied | Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.
|
| services.neard.settings.General.ConstantPoll | Enable constant polling
|
| services.prometheus.remoteWrite.*.name | Name of the remote write config, which if specified must be unique among remote write configs
|
| services.postgresql.settings | PostgreSQL configuration
|
| services.tsidp.settings.useLocalTailscaled | Use local tailscaled instead of tsnet.
|
| services.stash.settings.theme_color | Sets the theme-color property in the UI
|
| services.watchdogd.settings.filenr.enabled | Whether to enable watchdogd plugin filenr.
|
| services.linkwarden.database.name | The name of the Linkwarden database.
|
| services.szurubooru.database.name | Name of the PostgreSQL database.
|
| services.bitmagnet.settings.postgres.host | Address, hostname or Unix socket path of the database server
|
| services.immich.settings.server.externalDomain | Domain for publicly shared links, including http(s)://.
|
| services.canaille.settings.CANAILLE_LDAP.BIND_PW | The LDAP bind password
|
| services.misskey.settings.redisForTimelines.port | The Redis port.
|
| services.misskey.settings.redisForTimelines.host | The Redis host.
|
| services.pretalx.settings.database.backend | Database backend to use
|
| services.opensnitch.settings.Stats.MaxEvents | Max events to send to the GUI.
|
| services.pretalx.settings.filesystem.data | Base path for all other storage paths.
|
| services.sabnzbd.settings.misc.email_from | 'From:' field for emails (needs to be an address)
|
| services.litellm.settings.router_settings | LiteLLM Router settings
|
| services.evremap.settings.dual_role.*.tap | The key sequence that should be output when the input key is tapped
|
| services.xonotic.settings.maxplayers | Number of player slots on the server, including spectators.
|
| services.mbpfan.settings.general.high_temp | If temperature is above this, fan speed will gradually increase.
|
| services.watchdogd.settings.filenr.warning | The high watermark level
|
| services.waagent.settings.OS.RootDeviceScsiTimeout | Configures the SCSI timeout in seconds on the OS disk and data drives
|
| services.grafana.settings.server.cdn_url | Specify a full HTTP URL address to the root of your Grafana CDN assets
|
| services.waagent.settings.ResourceDisk.SwapSizeMB | Specifies the size of the swap file in MiB (1024×1024 bytes)
|
| services.bluesky-pds.settings.PDS_DATA_DIRECTORY | Directory to store state
|
| services.immich-kiosk.settings.immich_url | URL of the immich instance.
|
| services.fediwall.settings.loadFederated | Load federated posts
|
| services.syncthing.settings | Extra configuration options for Syncthing
|
| services.prometheus.xmpp-alerts.settings | Configuration for prometheus xmpp-alerts, see
https://github.com/jelmer/prometheus-xmpp-alerts/blob/master/xmpp-alerts.yml.example
for supported values.
|
| services.sharkey.settings.mediaDirectory | Path to the folder where Sharkey stores uploaded media such as images and attachments.
|
| services.nvme-rs.settings.email.smtp_server | SMTP server address
|
| services.postgrest.settings.server-host | Where to bind the PostgREST web server.
The admin server will also bind here, but potentially exposes sensitive information
|
| services.bacula-fd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.bacula-sd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.scrutiny.collector.settings.log.level | Log level for Scrutiny collector.
|
| services.postgresql.ensureUsers.*.name | Name of the user to ensure.
|
| services.mattermost.database.name | Local Mattermost database name.
|
| services.hedgedoc.settings.protocolUseSSL | Use https:// for all links
|
| services.opensnitch.settings.Server.LogFile | File to write logs to (use /dev/stdout to write logs to standard
output).
|
| services.postfix.settings.main.relayhost | List of hosts to use for relaying outbound mail.
Putting the hostname in angled brackets, e.g. [relay.example.com], turns off MX and SRV lookups for the hostname.
https://www.postfix.org/postconf.5.html#relayhost
|
| services.watchdogd.settings.interval | The kick interval, i.e. how often watchdogd(8) should reset the WDT timer.
|
| services.go-csp-collector.settings.output-format | Define how the violation reports are formatted for output.
|
| services.reposilite.settings.cachedLogSize | Amount of messages stored in the cache logger.
|
| services.sourcehut.settings."meta.sr.ht".webhooks | The Redis connection used for the webhooks worker.
|
| services.sourcehut.settings."todo.sr.ht".webhooks | The Redis connection used for the webhooks worker.
|
| services.sourcehut.settings."lists.sr.ht".oauth-client-id | lists.sr.ht's OAuth client id for meta.sr.ht.
|
| services.sourcehut.settings."pages.sr.ht".oauth-client-id | pages.sr.ht's OAuth client id for meta.sr.ht.
|
| services.sourcehut.settings."paste.sr.ht".oauth-client-id | paste.sr.ht's OAuth client id for meta.sr.ht.
|
| services.sabnzbd.settings.misc.email_full | Whether to send alerts for full disks
|
| services.snapserver.settings.http.enabled | Whether to enable the HTTP JSON-RPC.
|
| users.extraUsers.<name>.home | The user's home directory.
|
| services.pgbackrest.stanzas.<name>.jobs.<name>.type | Backup type as described in:
https://pgbackrest.org/command.html#command-backup/category-command/option-type
|
| hardware.sata.timeout.drives.*.name | Drive name without the full path.
|
| services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| services.watchdogd.settings.filenr.logmark | Whether to log current stats every poll interval.
|
| services.litellm.settings.model_list | List of supported models on the server, with model-specific configs.
|
| services.matrix-appservice-irc.settings | Configuration for the appservice, see
https://github.com/matrix-org/matrix-appservice-irc/blob/4.0.0/config.sample.yaml
for supported values
|
| services.filebrowser.settings.cache-dir | The directory where FileBrowser stores its cache.
|
| services.cryptpad.settings.websocketPort | Port for the websocket that needs to be separate
|
| services.reposilite.settings.enforceSsl | Whether to redirect all traffic to SSL.
|
| services.tor.settings.ServerDNSDetectHijacking | See torrc manual.
|
| services.tor.settings.ControlPortFileGroupReadable | See torrc manual.
|
| services.suricata.settings.threshold-file | Suricata threshold configuration file.
|
| services.tor.settings.PaddingStatistics | See torrc manual.
|
| services.lidarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.radarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.suricata.settings.unix-command.enabled | Enable unix-command socket.
|
| services.sonarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| xdg.terminal-exec.settings | Configuration options for the Default Terminal Execution Specification
|
| services.i2pd.inTunnels.<name>.type | Tunnel type.
|
| services.pretalx.settings.filesystem.logs | Path to the log directory, that pretalx logs message to.
|
| services.gemstash.settings.base_path | Path to store the gem files and the sqlite database
|
| services.sftpgo.settings.webdavd.bindings.*.port | The port for serving WebDAV requests
|
| services.rke2.manifests.<name>.target | Name of the symlink (relative to /var/lib/rancher/rke2/server/manifests)
|
| programs.starship.settings | Configuration included in starship.toml
|
| services.sourcehut.settings."pages.sr.ht".gemini-certs | An absolute file path (which should be outside the Nix-store)
to Gemini certificates.
|
| services.sourcehut.settings.mail.smtp-password | Outgoing SMTP password.
|
| services.saunafs.metalogger.settings | Contents of metalogger config file (see sfsmetalogger.cfg(5)).
|
| services.sourcehut.settings."builds.sr.ht".api-origin | Origin URL for the API
|
| services.gitlab.pages.settings.artifacts-server | API URL to proxy artifact requests to.
|
| services.typesense.settings.server.api-address | Address to which Typesense API service binds.
|
| services.vmalert.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| services.fediwall.settings.hideSensitive | Hide sensitive (potentially NSFW) posts
|
| services.openssh.settings.X11Forwarding | Whether to allow X11 connections to be forwarded.
|
| services.journald.remote.settings.Remote.SplitMode | With "host", a separate output file is used, based on the
hostname of the other endpoint of a connection
|
| services.suricata.settings.app-layer.error-policy | The error-policy setting applies to all app-layer parsers
|
| services.spacecookie.settings.log.hide-ips | If enabled, spacecookie will hide personal
information of users like IP addresses from
log output.
|
| services.homebridge.uiSettings.name | Name of the homebridge UI platform
|