| services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|
| services.tor.settings.ServerTransportPlugin.transports | List of pluggable transports.
|
| services.wgautomesh.settings.gossip_port | wgautomesh gossip port, this MUST be the same number on all nodes in
the wgautomesh network.
|
| services.dendrite.settings.global.private_key | The path to the signing private key file, used to sign
requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
|
| services.libinput.touchpad.accelStepFallback | Sets the step between the points of the fallback acceleration function
|
| services.tuned.settings.dynamic_tuning | Whether to enable dynamic tuning.
|
| services.reposilite.settings.databaseThreadPool | Maximum amount of concurrent connections to the database. (one per thread)
Embedded databases (sqlite, h2) do not support truly concurrent connections, so the value will always be 1 if they are used.
|
| services.matrix-synapse.settings.log_config | The file that holds the logging configuration.
|
| services.immichframe.settings.Accounts.*.ApiKey | API key to talk to the Immich server
|
| services.engelsystem.settings | Options to be added to config.php, as a nix attribute set
|
| services.dendrite.settings.sync_api.search.index_path | The path the search index will be created in.
|
| services.firewalld.settings.IndividualCalls | Whether to use individual -restore calls to apply changes to the firewall
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.uid | Unique identifier for the rule
|
| hardware.tuxedo-drivers.settings.charging-priority | These options manage the trade-off between battery charging and CPU performance when the USB-C power supply cannot provide sufficient power for both simultaneously:
charge_battery prioritizes battery charging (driver default)performance prioritizes maximum CPU performance
|
| security.agnos.settings.accounts.*.certificates | Certificates for agnos to issue or renew.
|
| services.sourcehut.settings."builds.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.warpgate.settings.postgres.certificate | Path to PostgreSQL listener certificate.
|
| services.kanidm.server.settings.online_backup.path | Path to the output directory for backups.
|
| services.umurmur.settings.max_bandwidth | Maximum bandwidth (in bits per second) that clients may send
speech at.
|
| services.olivetin.settings.ListenAddressSingleHTTPFrontend | The address to listen on for the internal "microproxy" frontend.
|
| services.grafana.provision.alerting.muteTimings.settings | Grafana mute timings configuration in Nix
|
| services.nextcloud-spreed-signaling.settings.http.listen | IP and port to listen on for HTTP requests, in the format of ip:port
|
| environment.variables | A set of environment variables used in the global environment
|
| services.libeufin.bank.settings.libeufin-bankdb-postgres.CONFIG | The database connection string for the libeufin-bank database.
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| services.homebridge.settings.accessories.*.name | Name of the accessory
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.matrix-synapse.settings.listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.hostapd.radios.<name>.networks.<name>.settings | Extra configuration options to put at the end of this BSS's defintion in the
hostapd.conf for the associated interface
|
| services.slskd.settings.directories.incomplete | Directory where incomplete downloading files are stored.
|
| services.prometheus.exporters.fritz.settings.devices.*.name | Name to use for the device.
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.orgId | Organization ID, default = 1
|
| services.authelia.instances.<name>.settings.log.file_path | File path where the logs will be written
|
| services.stash.settings.parallel_tasks | Number of parallel tasks to start during scan/generate
|
| services.mackerel-agent.settings.host_status.on_stop | Host status after agent shutdown.
|
| documentation.man.mandoc.settings.output.width | The ASCII and UTF-8 output width, default is 78
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| services.headscale.settings.oidc.extra_params | Custom query parameters to send with the Authorize Endpoint request.
|
| services.matrix-appservice-irc.settings.homeserver.url | The URL to the home server for client-server API calls
|
| security.apparmor.enable | Whether to enable the AppArmor Mandatory Access Control system
|
| services.syncthing.settings.folders.<name>.versioning.type | The type of versioning
|
| services.headscale.settings.dns.base_domain | Defines the base domain to create the hostnames for MagicDNS
|
| services.homebridge.settings.platforms.*.platform | Platform type
|
| services.anubis.instances.<name>.settings.DIFFICULTY | The difficulty required for clients to solve the challenge
|
| services.tuned.settings.sleep_interval | Interval in which the TuneD daemon is waken up and checks for events (in seconds).
|
| services.your_spotify.settings.SPOTIFY_PUBLIC | The public client ID of your Spotify application
|
| virtualisation.xen.store.settings.quota.maxWatchEvents | Maximum number of outstanding watch events per watch.
|
| services.grafana.settings.security.secret_key | Secret key used for signing
|
| services.grafana.provision.alerting.policies.settings | Grafana notification policies configuration in Nix
|
| security.unprivilegedUsernsClone | When disabled, unprivileged users will not be able to create new namespaces
|
| services.warpgate.settings.ssh.external_port | The SSH listener is reachable via this port externally.
|
| services.tuned.settings.reapply_sysctl | Whether to enable the reapplying of global sysctls after TuneD sysctls are applied.
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.nextcloud-spreed-signaling.settings.grpc.targets | For target type static: List of GRPC targets to connect to for clustering mode.
|
| services.borgmatic.settings.repositories.*.path | Path to the repository
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.publicUrl | URL under which the media proxy is publicly acccessible.
|
| services.postsrsd.settings.unprivileged-user | Unprivileged user to drop privileges to.
Our systemd unit never runs postsrsd as a privileged process, so this option is read-only.
|
| services.epgstation.settings.concurrentEncodeNum | The maximum number of encoding jobs that EPGStation would run at the
same time.
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| documentation.man.mandoc.settings.output.man | A template for linked manuals (usually via the Xr macro) in HTML
output
|
| services.consul-template.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| services.dependency-track.settings."alpine.oidc.teams.default" | Defines one or more team names that auto-provisioned OIDC users shall be added to
|
| services.nextcloud-spreed-signaling.settings.turn.servers | A list of TURN servers to use
|
| services.sharkey.settings.fulltextSearch.provider | Which provider to use for full text search
|
| services.warpgate.settings.sso_providers | Configure OIDC single sign-on providers.
|
| services.grafana.settings.users.default_theme | Sets the default UI theme. system matches the user's system theme.
|
| services.nextcloud.settings.enabledPreviewProviders | The preview providers that should be explicitly enabled.
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes | List of mute time intervals to import or update.
|
| services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| services.filesender.settings.admin_email | Email address of FileSender administrator(s)
|
| services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| services.draupnir.settings.managementRoom | The room ID or alias where moderators can use the bot's functionality
|
| services.sourcehut.settings."hg.sr.ht".changegroup-script | A changegroup script which is installed in every mercurial repo
|
| services.prometheus.exporters.script.settings.scripts.*.name | Name of the script.
|
| services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| services.readarr.settings.update.automatically | Automatically download and install updates.
|
| services.syncthing.settings.options.localAnnounceEnabled | Whether to send announcements to the local LAN, also use such announcements to find other devices.
|
| services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| services.warpgate.settings.http.external_port | The HTTP listener is reachable via this port externally.
|
| services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| virtualisation.xen.store.settings.quota.maxRequests | Maximum number of requests per transaction.
|
| services.grafana.settings.server.read_timeout | Sets the maximum time using a duration format (5s/5m/5ms)
before timing out read of an incoming request and closing idle connections.
0 means there is no timeout for reading the request.
|
| services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| services.nextcloud-spreed-signaling.settings.turn.apikeyFile | The path to the file containing the value for turn.apikey
|
| services.nextcloud-spreed-signaling.settings.turn.secretFile | The path to the file containing the value for turn.secret
|
| services.armagetronad.servers.<name>.settings | Armagetron Advanced server rules configuration
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| services.taler.exchange.settings.exchangedb-postgres.CONFIG | Database connection URI.
|
| services.taler.merchant.settings.merchantdb-postgres.CONFIG | Database connection URI.
|
| services.sabnzbd.settings.misc.bandwidth_max | Maximum bandwidth in bytes(!)/sec (supports prefixes)
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.journald.upload.settings.Upload.NetworkTimeoutSec | When network connectivity to the server is lost, this option
configures the time to wait for the connectivity to get restored
|
| services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.borgmatic.settings.repositories.*.label | Label to the repository
|
| services.tor.settings.CookieAuthentication | See torrc manual.
|
| virtualisation.xen.store.settings.xenstored.log.file | Path to the Xen Store log file.
|