| services.headscale.settings.database.postgres.host | Database host address.
|
| services.tor.settings.FetchUselessDescriptors | See torrc manual.
|
| services.swapspace.settings.freetarget | Percentage of free space swapspace should aim for when adding swapspace
|
| services.wgautomesh.settings.interface | Wireguard interface to manage (it is NOT created by wgautomesh, you
should use another NixOS option to create it such as
networking.wireguard.interfaces.wg0 = {...};).
|
| virtualisation.xen.store.settings | The OCaml-based Xen Store Daemon configuration
|
| services.wgautomesh.settings.peers.*.endpoint | Bootstrap endpoint for connecting to this Wireguard peer if no
other address is known or none are working.
|
| services.scrutiny.collector.settings.api.endpoint | Scrutiny app API endpoint for sending metrics to.
|
| security.googleOsLogin.enable | Whether to enable Google OS Login
|
| services.suricata.settings.logging.outputs.file.filename | Filename of the logfile.
|
| services.mautrix-discord.settings.appservice | Appservice configuration
|
| services.suricata.settings.vars.address-groups.EXTERNAL_NET | EXTERNAL_NET variable.
|
| services.grafana.settings.security.admin_user | Default admin username.
|
| services.sourcehut.settings."meta.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| services.anuko-time-tracker.settings.defaultCurrency | Defines a default currency symbol for new groups
|
| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| services.anubis.instances.<name>.settings.BIND | The address that Anubis listens to
|
| services.waagent.settings.ResourceDisk.Format | If set to true, waagent formats and mounts the resource disk that the platform provides,
unless the file system type in `ResourceDisk
|
| services.tor.settings.ConnDirectionStatistics | See torrc manual.
|
| services.tor.settings.ExitPolicyRejectLocalInterfaces | See torrc manual.
|
| services.slskd.settings.soulseek.listen_port | The port on which to listen for incoming connections.
|
| services.slskd.settings.soulseek.description | The user description for the Soulseek network.
|
| services.warpgate.settings.mysql.certificate | Path to MySQL listener certificate.
|
| services.globalprotect.settings | GlobalProtect-openconnect configuration
|
| services.reposilite.settings.keyPassword | Plaintext password used to unlock the Java KeyStore set in services.reposilite.settings.keyPath
|
| services.dependency-track.settings."alpine.oidc.client.id" | Defines the client ID to be used for OpenID Connect
|
| services.geoipupdate.settings.EditionIDs | List of database edition IDs
|
| services.keycloak.settings.http-relative-path | The path relative to / for serving
resources.
In versions of Keycloak using Wildfly (<17),
this defaulted to /auth
|
| services.syncthing.settings.options.relaysEnabled | When true, relays will be connected to and potentially used for device to device connections.
|
| services.stash.settings.blobs_storage | Where to store blobs
|
| services.stash.settings.scrapers_path | Path to scrapers
|
| services.matrix-synapse.settings.listeners | List of ports that Synapse should listen on, their purpose and their configuration
|
| services.pid-fan-controller.settings.heatSources.*.pidParams.D | K_d of PID controller.
|
| services.pid-fan-controller.settings.heatSources.*.pidParams.P | K_p of PID controller.
|
| services.pid-fan-controller.settings.heatSources.*.pidParams.I | K_i of PID controller.
|
| virtualisation.xen.store.settings.quota.maxSize | Size limit for transactions.
|
| services.sourcehut.settings."builds.sr.ht::worker".bind-address | HTTP bind address for serving local build information/monitoring.
|
| services.stash.settings.stash.*.excludevideo | Whether to exclude video files from being scanned into Stash
|
| services.stash.settings.stash.*.excludeimage | Whether to exclude image files from being scanned into Stash
|
| services.kerberos_server.settings | Settings for the kerberos server of choice
|
| services.tor.settings.GuardfractionFile | See torrc manual.
|
| services.suricata.settings.logging.default-log-format | The default output format
|
| services.crowdsec.settings.capi.credentialsFile | The CAPI credential file to use.
|
| services.crowdsec.settings.lapi.credentialsFile | The LAPI credential file to use.
|
| services.grafana.settings.smtp.from_address | Address used when sending out emails.
|
| services.sftpgo.settings.webdavd.bindings.*.address | Network listen address
|
| services.anubis.instances.<name>.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| services.rosenpass.settings.public_key | Path to a file containing the public key of the local Rosenpass peer
|
| services.rosenpass.settings.secret_key | Path to a file containing the secret key of the local Rosenpass peer
|
| services.geoipupdate.settings.LicenseKey | A file containing the MaxMind license key
|
| services.hickory-dns.settings.zones.*.zone_type | One of:
- "Primary" (the master, authority for the zone).
- "Secondary" (the slave, replicated from the primary).
- "External" (a cached zone that queries other nameservers)
|
| services.suricata.settings.logging.outputs.console.enable | Whether to enable logging to console.
|
| services.vault-agent.instances.<name>.settings.template | Template section of vault-agent
|
| services.ocsinventory-agent.settings | Configuration for /etc/ocsinventory-agent/ocsinventory-agent.cfg
|
| services.sourcehut.settings."builds.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."meta.sr.ht::billing".stripe-public-key | Public key for Stripe
|
| services.suwayomi-server.settings.server.systemTrayEnabled | Whether to enable a system tray icon, if possible.
|
| services.libinput.touchpad.accelStepScroll | Sets the step between the points of the scroll acceleration function
|
| virtualisation.xen.store.settings.quota.maxPath | Path limit for the quota system.
|
| services.tlsrpt.reportd.settings.http_script | Call to an HTTPS client, that accepts the URL on the commandline and the request body from stdin.
|
| services.anubis.instances.<name>.settings.BIND_NETWORK | The network family that Anubis should bind to
|
| services.taler.exchange.settings.exchange.MASTER_PUBLIC_KEY | Used by the exchange to verify information signed by the offline system.
|
| services.suricata.settings.outputs | Configure the type of alert (and other) logging you would like
|
| services.matrix-synapse.settings.database.args.database | Name of the database when using the psycopg2 backend,
path to the database location when using sqlite3.
|
| services.nezha-agent.settings.report_delay | The interval between system status reportings
|
| services.sabnzbd.settings.misc.email_server | SMTP server for email alerts (server:host)
|
| services.sabnzbd.settings.misc.enable_https | Whether to enable HTTPS for the web UI
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| services.grafana.provision.alerting.rules.settings | Grafana rules configuration in Nix
|
| services.sourcehut.settings."sr.ht".service-key | An absolute file path (which should be outside the Nix-store)
to a key used for encrypting session cookies
|
| services.matrix-synapse.settings.listeners.*.path | Unix domain socket path to bind this listener to.
|
| services.suwayomi-server.settings.server.basicAuthUsername | The username value that you have to provide when authenticating.
|
| services.stash.settings.preview_audio | Include audio stream in previews
|
| services.suricata.settings.vars.address-groups.TELNET_SERVERS | TELNET_SERVERS variable.
|
| services.maubot.settings.server.ui_base_path | The base path for the UI.
|
| services.sourcehut.settings."pages.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| services.netbird.server.dashboard.settings | An attribute set that will be used to substitute variables when building the dashboard
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes | List of path prefixes to ignore
|
| services.spacecookie.settings.hostname | The hostname the service is reachable via
|
| services.libinput.touchpad.accelStepMotion | Sets the step between the points of the (pointer) motion acceleration function
|
| services.firewalld.settings.NftablesCounters | Whether to add a counter to every nftables rule.
|
| system.build.separateActivationScript | A separate activation script package that's not part of the system profile
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.matrix-continuwuity.settings | Generates the continuwuity.toml configuration file
|
| services.grafana.settings.database.password | The database user's password (not applicable for sqlite3)
|
| services.nvme-rs.settings.email.smtp_username | SMTP username
|
| services.grafana.settings.database.cache_mode | For sqlite3 only.
Shared cache setting used for connecting to the database.
|
| services.nextcloud-spreed-signaling.settings.mcu.type | The type of MCU to use
|
| services.wastebin.settings.WASTEBIN_DATABASE_PATH | Path to the sqlite3 database file
|
| services.suwayomi-server.settings.server.basicAuthEnabled | Whether to enable basic access authentication for Suwayomi-Server
|
| services.moosefs.cgiserver.settings.GUISERV_LISTEN_PORT | Port for GUI server to listen on.
|
| services.draupnir.settings.rawHomeserverUrl | Public base URL of the Matrix homeserver that provides the Client-Server API when using the Draupnir's
Report forwarding feature.
When using Pantalaimon, do not set this to the Pantalaimon URL!
|
| services.tor.settings.ClientRejectInternalAddresses | See torrc manual.
|
| services.nextcloud-spreed-signaling.settings | Declarative configuration
|
| services.slskd.settings.retention.files.incomplete | Lifespan of incomplete downloading files in minutes.
|
| services.crab-hole.settings.blocklist.allow_list | List of allowlists
|
| documentation.man.mandoc.settings.output.style | Path to the file used for an external style-sheet
|
| networking.networkmanager.settings | Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this
|
| services.waagent.settings.Provisioning.Agent | Which provisioning agent to use.
|
| services.invoiceplane.sites.<name>.settings | Structural InvoicePlane configuration
|
| services.crowdsec-firewall-bouncer.settings.api_url | URL of the local API.
|