| services.syncthing.settings.options.limitBandwidthInLan | Whether to apply bandwidth limits to devices in the same broadcast domain as the local device.
|
| services.nextcloud-spreed-signaling.settings.grpc.listen | IP and port to listen on for GRPC requests
|
| services.grafana-image-renderer.settings.service.logging.level | The log-level of the grafana-image-renderer.service-unit.
|
| services.syncthing.settings.options.urAccepted | Whether the user has accepted to submit anonymous usage data
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams | See torrc manual.
|
| services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| services.omnom.settings.app.disable_signup | Whether to enable restricting user creation.
|
| hardware.tuxedo-drivers.settings.charging-priority | These options manage the trade-off between battery charging and CPU performance when the USB-C power supply cannot provide sufficient power for both simultaneously:
charge_battery prioritizes battery charging (driver default)performance prioritizes maximum CPU performance
|
| services.engelsystem.settings | Options to be added to config.php, as a nix attribute set
|
| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.lidarr.settings.update.automatically | Automatically download and install updates.
|
| services.hddfancontrol.settings.<drive-bay-name>.extraArgs | Extra commandline arguments for hddfancontrol
|
| services.suricata.settings.logging.outputs.syslog.facility | Facility to log to.
|
| services.radarr.settings.update.automatically | Automatically download and install updates.
|
| services.sonarr.settings.update.automatically | Automatically download and install updates.
|
| services.tor.settings.ServerTransportPlugin.transports | List of pluggable transports.
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| services.postsrsd.settings.unprivileged-user | Unprivileged user to drop privileges to.
Our systemd unit never runs postsrsd as a privileged process, so this option is read-only.
|
| services.grafana.provision.dashboards.settings | Grafana dashboard configuration in Nix
|
| services.radicle.ci.adapters.native.instances.<name>.settings | Configuration of radicle-native-ci
|
| services.grafana.settings.smtp.ehlo_identity | Name to be used as client identity for EHLO in SMTP dialog.
|
| services.grafana.provision.alerting.rules.settings.groups | List of rule groups to import or update.
|
| services.postfix.settings.main.relay_domains | List of domains delivered via the relay transport.
https://www.postfix.org/postconf.5.html#relay_domains
|
| services.firewalld.settings.StrictForwardPorts | If enabled, the generated destination NAT (DNAT) rules will NOT accept traffic that was DNAT'd by other entities, e.g. docker
|
| services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.hickory-dns.configFile | Path to an existing toml file to configure hickory-dns with
|
| services.sourcehut.settings."builds.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.warpgate.settings.postgres.certificate | Path to PostgreSQL listener certificate.
|
| services.borgmatic.settings.repositories.*.label | Label to the repository
|
| services.tor.settings.CookieAuthentication | See torrc manual.
|
| services.filesender.settings.admin_email | Email address of FileSender administrator(s)
|
| virtualisation.containerd.settings | Verbatim lines to add to containerd.toml
|
| services.nextcloud.settings.loglevel | Log level value between 0 (DEBUG) and 4 (FATAL).
-
0 (debug): Log all activity.
-
1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
-
2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
-
3 (error): Log failed operations and fatal errors.
-
4 (fatal): Log only fatal errors that cause the server to stop.
|
| services.matrix-synapse.settings.log_config | The file that holds the logging configuration.
|
| services.grafana.settings.paths.provisioning | Folder that contains provisioning config files that grafana will apply on startup and while running
|
| services.headscale.settings.dns.nameservers.global | List of nameservers to pass to Tailscale clients.
|
| services.anubis.defaultOptions.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| services.slskd.settings.directories.incomplete | Directory where incomplete downloading files are stored.
|
| services.anubis.defaultOptions.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| services.immichframe.settings.Accounts.*.ImmichServerUrl | The URL of your Immich server.
|
| services.mackerel-agent.settings.host_status.on_stop | Host status after agent shutdown.
|
| services.consul-template.instances.<name>.settings.template | Template section of consul-template
|
| services.dendrite.settings.sync_api.search.language | The language most likely to be used on the server - used when indexing, to
ensure the returned results match expectations
|
| services.nextcloud-spreed-signaling.settings.app.debug | Set to "true" to install pprof debug handlers
|
| services.headscale.settings.oidc.extra_params | Custom query parameters to send with the Authorize Endpoint request.
|
| services.your_spotify.settings.CLIENT_ENDPOINT | The endpoint of your web application
|
| services.matrix-appservice-irc.settings.homeserver.url | The URL to the home server for client-server API calls
|
| services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| services.prometheus.exporters.fritz.settings.devices | Fritz!-devices to monitor using the exporter.
|
| services.syncthing.settings.folders.<name>.versioning.type | The type of versioning
|
| services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.bindPort | Port that the media proxy binds to.
|
| services.nextcloud-spreed-signaling.settings.http.listen | IP and port to listen on for HTTP requests, in the format of ip:port
|
| services.authelia.instances.<name>.settings.log.file_path | File path where the logs will be written
|
| services.sourcehut.settings.webhooks.private-key | An absolute file path (which should be outside the Nix-store)
to a base64-encoded Ed25519 key for signing webhook payloads
|
| programs.clash-verge.tunMode | Whether to enable Setcap for TUN Mode
|
| services.warpgate.settings.external_host | Configure the domain name of this Warpgate instance
|
| services.dendrite.settings.global.private_key | The path to the signing private key file, used to sign
requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
|
| services.navidrome.settings.EnableInsightsCollector | Enable anonymous usage data collection, see https://www.navidrome.org/docs/getting-started/insights/ for details.
|
| services.warpgate.settings.ssh.external_port | The SSH listener is reachable via this port externally.
|
| services.warpgate.settings.sso_providers.*.name | Internal identifier of SSO provider.
|
| services.searx.limiterSettings | Limiter settings for SearXNG.
|
| services.radicle.ci.adapters.native.instances.<name>.settings.log | File where radicle-native-ci should write the run log.
|
| services.veilid.settings.core.capabilities.disable | A list of capabilities to disable (for example, DHTV to say you cannot store DHT information).
|
| services.nextcloud-spreed-signaling.settings.grpc.targets | For target type static: List of GRPC targets to connect to for clustering mode.
|
| services.automysqlbackup.settings | automysqlbackup configuration
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.veilid.settings.core.block_store.directory | The filesystem directory to store blocks for the block store.
|
| services.matrix-synapse.settings.listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.veilid.settings.core.table_store.directory | The filesystem directory to store your table store within.
|
| services.mpd.settings.bind_to_address | The address for the daemon to listen on
|
| services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| services.readarr.settings.update.automatically | Automatically download and install updates.
|
| services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|
| services.headscale.settings.tls_cert_path | Path to already created certificate.
|
| security.apparmor.killUnconfinedConfinables | Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes)
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| services.firewalld.settings.NftablesFlowtable | This may improve forwarded traffic throughput by enabling nftables flowtable
|
| services.nextcloud-spreed-signaling.settings.turn.servers | A list of TURN servers to use
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| services.grafana.settings.users.default_theme | Sets the default UI theme. system matches the user's system theme.
|
| services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.grafana.provision.alerting.rules.settings.groups.*.name | Name of the rule group
|
| services.dendrite.settings.sync_api.search.index_path | The path the search index will be created in.
|
| services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| services.warpgate.settings.http.external_port | The HTTP listener is reachable via this port externally.
|
| services.grafana.provision.alerting.rules.settings.apiVersion | Config file version.
|
| services.kanidm.server.settings.online_backup.path | Path to the output directory for backups.
|
| services.journald.remote.settings.Remote.ServerKeyFile | A path to a SSL secret key file in PEM format
|
| services.taler.exchange.settings.exchange.CURRENCY_ROUND_UNIT | Smallest amount in this currency that can be transferred using the underlying RTGS
|
| services.lldap.settings.ldap_user_email | Admin email.
|
| services.netbird.server.management.settings | Configuration of the netbird management server
|
| services.sourcehut.settings."hg.sr.ht".changegroup-script | A changegroup script which is installed in every mercurial repo
|
| services.syncthing.settings.options.localAnnounceEnabled | Whether to send announcements to the local LAN, also use such announcements to find other devices.
|
| services.libeufin.bank.settings.libeufin-bankdb-postgres.CONFIG | The database connection string for the libeufin-bank database.
|
| services.logind.settings.Login.KillUserProcesses | Specifies whether the processes of a user should be killed
when the user logs out
|
| services.prometheus.exporters.fritz.settings.devices.*.name | Name to use for the device.
|