| services.suricata.settings.vars.address-groups.DNS_SERVERS | DNS_SERVERS variable.
|
| services.parsedmarc.settings.imap.password | The IMAP server password
|
| services.parsedmarc.settings.smtp.password | The SMTP server password
|
| services.libeufin.nexus.settings.nexus-ebics.BANK_PUBLIC_KEYS_FILE | Filesystem location where Nexus should store the bank public keys.
|
| services.szurubooru.server.settings.data_url | Full URL to the data endpoint.
|
| services.warpgate.settings.recordings.enable | Whether to enable session recording.
|
| services.anubis.defaultOptions.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| services.send.redis.passwordFile | The path to the file containing the Redis password
|
| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| i18n.inputMethod.fcitx5.settings.inputMethod | The input method configure in profile file in ini format.
|
| services.tor.settings.AuthDirHasIPv6Connectivity | See torrc manual.
|
| services.anubis.defaultOptions.settings.BIND_NETWORK | The network family that Anubis should bind to
|
| services.omnom.settings.activitypub.privkey | ActivityPub private key
|
| services.suricata.settings.outputs | Configure the type of alert (and other) logging you would like
|
| services.canaille.settings.CANAILLE.SMTP.PASSWORD | SMTP Password
|
| services.pantalaimon-headless.instances.<name>.extraSettings | Extra configuration options
|
| services.kanidm.unix.settings.hsm_pin_path | Path to a HSM pin.
|
| services.wastebin.settings.WASTEBIN_HTTP_TIMEOUT | Maximum number of seconds a request can be processed until wastebin responds with 408
|
| services.libeufin.nexus.settings.nexus-ebics.BANK_DIALECT | Name of the following combination: EBICS version and ISO20022
recommendations that Nexus would honor in the communication with the
bank
|
| services.tinyproxy.settings.Anonymous | If an Anonymous keyword is present, then anonymous proxying is enabled
|
| nix.settings.auto-optimise-store | If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy
|
| services.immichframe.settings.Accounts | Accounts configuration, multiple are permitted
|
| services.epgstation.settings.mirakurunPath | URL to connect to Mirakurun.
|
| services.opensearch.settings."discovery.type" | The type of discovery to use.
|
| services.szurubooru.server.settings.show_sql | Whether to show SQL in server logs.
|
| services.tlsrpt.collectd.settings.socketname | Path at which the UNIX socket will be created.
|
| services.gitlab.pages.settings.internal-gitlab-server | Internal GitLab server used for API requests, useful
if you want to send that traffic over an internal load
balancer
|
| services.misskey.redis.createLocally | Create and use a local Redis instance
|
| services.suricata.settings.stats.decoder-events-prefix | Decoder event prefix in stats
|
| services.watchdogd.settings.meminfo.critical | The critical watermark level
|
| services.watchdogd.settings.loadavg.critical | The critical watermark level
|
| services.garage.settings.metadata_dir | The metadata directory, put this on a fast disk (e.g
|
| services.fastnetmon-advanced.traffic_db.settings | Additional settings for /etc/fastnetmon/traffic_db.conf
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.host | The hostname.
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.port | The port.
|
| services.redis.servers.<name>.group | Group account under which this instance of redis-server runs.
If left as the default value this group will automatically be
created on system activation, otherwise you are responsible for
ensuring the group exists before the redis service starts.
|
| services.canaille.settings.CANAILLE_OIDC.JWT.PRIVATE_KEY | JWT private key
|
| services.saunafs.chunkserver.settings.DATA_PATH | Directory for chunck meta data
|
| services.draupnir.settings.homeserverUrl | Base URL of the Matrix homeserver that provides the Client-Server API.
|
| services.epgstation.settings.encodeProcessNum | The maximum number of processes that EPGStation would allow to run
at the same time for encoding or streaming videos.
|
| services.homebridge.settings.platforms.*.name | Name of the platform
|
| services.glitchtip.settings.GLITCHTIP_DOMAIN | The URL under which GlitchTip is externally reachable.
|
| services.tor.settings.PublishHidServDescriptors | See torrc manual.
|
| services.opensearch.settings."transport.port" | The port to listen on for transport traffic.
|
| services.tor.settings.MaxAdvertisedBandwidth | See torrc manual.
|
| services.ocsinventory-agent.settings.debug | Whether to enable debug mode.
|
| services.prometheus.exporters.ping.settings | Configuration for ping_exporter, see
https://github.com/czerwonk/ping_exporter
for supported values.
|
| services.waagent.settings.AutoUpdate.UpdateToLatestVersion | Whether or not to enable auto-update of the Extension Handler.
|
| services.globalprotect.settings | GlobalProtect-openconnect configuration
|
| services.adguardhome.settings | AdGuard Home configuration
|
| services.keycloak.settings.http-relative-path | The path relative to / for serving
resources.
In versions of Keycloak using Wildfly (<17),
this defaulted to /auth
|
| services.sourcehut.settings."git.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| services.mautrix-discord.settings.homeserver | fullDataDiration
|
| security.loginDefs.settings.TTYPERM | The terminal permissions: the login tty will be owned by the TTYGROUP group,
and the permissions will be set to TTYPERM
|
| services.sourcehut.settings."builds.sr.ht".oauth-client-secret | builds.sr.ht's OAuth client secret for meta.sr.ht.
|
| services.moosefs.chunkserver.settings.DATA_PATH | Directory for lock files and other runtime data.
|
| services.snapserver.settings.tcp-control.enabled | Whether to enable the TCP JSON-RPC.
|
| services.suricata.settings.dpdk.interfaces | See upstream docs: docs/capture-hardware/dpdk and docs/configuration/suricata-yaml.html#data-plane-development-kit-dpdk.
|
| services.swapspace.settings.freetarget | Percentage of free space swapspace should aim for when adding swapspace
|
| services.wgautomesh.settings.interface | Wireguard interface to manage (it is NOT created by wgautomesh, you
should use another NixOS option to create it such as
networking.wireguard.interfaces.wg0 = {...};).
|
| services.wgautomesh.settings.peers.*.endpoint | Bootstrap endpoint for connecting to this Wireguard peer if no
other address is known or none are working.
|
| services.suricata.settings.vars.address-groups.SMTP_SERVERS | SMTP_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.HTTP_SERVERS | HTTP_SERVERS variable.
|
| services.minidlna.settings.enable_tivo | Support for streaming .jpg and .mp3 files to a TiVo supporting HMO.
|
| services.ocsinventory-agent.settings | Configuration for /etc/ocsinventory-agent/ocsinventory-agent.cfg
|
| services.pgmanage.superOnly | This tells pgmanage whether or not to only allow super users to
login
|
| services.listmonk.database.settings.smtp.*.tls_type | Type of TLS authentication with the SMTP server
|
| services.dendrite.settings.sync_api.search.enabled | Whether to enable Dendrite's full-text search engine.
|
| services.matrix-appservice-irc.settings.database | Configuration for the database
|
| services.anuko-time-tracker.settings.defaultCurrency | Defines a default currency symbol for new groups
|
| services.snapserver.settings.tcp-streaming.port | Port to listen on for snapclient connections.
|
| services.warpgate.settings.http.certificate | Path to HTTPS listener certificate.
|
| services.matrix-synapse.settings.listeners | List of ports that Synapse should listen on, their purpose and their configuration
|
| services.journald.upload.settings.Upload.ServerKeyFile | SSL key in PEM format
|
| networking.ifstate.settings | Content of IfState's configuration file
|
| services.mautrix-discord.settings.appservice | Appservice configuration
|
| security.loginDefs.settings.DEFAULT_HOME | Indicate if login is allowed if we can't cd to the home directory.
|
| services.tor.settings.FetchUselessDescriptors | See torrc manual.
|
| services.sabnzbd.settings.misc.cache_limit | Size of the RAM cache, in bytes (prefixes supported)
|
| services.sourcehut.settings."pages.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."lists.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."paste.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.suricata.settings.logging.default-log-level | The default log level: can be overridden in an output section
|
| services.oncall.settings.db.conn.require_auth | Whether authentication is required to access the web app.
|
| services.sourcehut.settings."sr.ht".service-key | An absolute file path (which should be outside the Nix-store)
to a key used for encrypting session cookies
|
| services.reposilite.settings.keyPassword | Plaintext password used to unlock the Java KeyStore set in services.reposilite.settings.keyPath
|
| services.hickory-dns.settings.zones.*.zone_type | One of:
- "Primary" (the master, authority for the zone).
- "Secondary" (the slave, replicated from the primary).
- "External" (a cached zone that queries other nameservers)
|
| services.bitmagnet.settings.postgres.password | Password for database user
|
| services.amule.settings.ExternalConnect.ECPassword | MD5 hash of the password, obtainaible with echo "<password>" | md5sum | cut -d ' ' -f 1
|
| services.matrix-synapse.settings.presence.enabled | Whether to enable presence tracking
|
| services.waagent.settings.ResourceDisk.MountOptions | This option specifies disk mount options to be passed to the mount -o command
|
| services.opensnitch.settings.Audit.AudispSocketPath | Configure audit socket path
|
| services.waagent.settings.ResourceDisk.Format | If set to true, waagent formats and mounts the resource disk that the platform provides,
unless the file system type in `ResourceDisk
|
| services.opengfw.settings.workers.tcpMaxBufferedPagesTotal | TCP max total buffered pages.
|
| services.quickwit.settings.rest.listen_port | The port to listen on for HTTP REST traffic.
|
| services.anubis.defaultOptions.enable | Whether to enable this instance of Anubis.
|
| services.geoipupdate.settings.EditionIDs | List of database edition IDs
|
| services.opengfw.settings.workers.tcpMaxBufferedPagesPerConn | TCP max total bufferd pages per connection.
|
| boot.initrd.systemd.settings.Manager | Options for the global systemd service manager used in initrd
|
| services.taler.exchange.settings.exchange.CURRENCY | The currency which the exchange will operate with
|