| services.lldap.settings.jwt_secret_file | Path to a file containing the JWT secret.
|
| services.tuned.settings.update_interval | Update interval for dynamic tuning (in seconds).
|
| services.grafana.settings.users.allow_sign_up | Set to false to prohibit users from being able to sign up / create user accounts
|
| services.waagent.settings.Provisioning.Enable | Whether to enable provisioning functionality in the agent
|
| services.tor.settings.V3AuthoritativeDirectory | See torrc manual.
|
| services.autosuspend.settings.suspend_cmd | The command to execute in case the host shall be suspended
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitID | See torrc manual.
|
| services.quickwit.settings.listen_address | Listen address of Quickwit.
|
| services.prometheus.exporters.script.settings.scripts.*.name | Name of the script.
|
| services.headscale.settings.dns.extra_records | Extra DNS records to expose to clients.
|
| services.dependency-track.settings."alpine.oidc.teams.default" | Defines one or more team names that auto-provisioned OIDC users shall be added to
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.uid | Unique identifier for the rule
|
| services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| services.listmonk.database.settings."privacy.exportable" | List of fields which can be exported through an automatic export request
|
| services.mobilizon.settings.":mobilizon".":instance".hostname | Your instance's hostname
|
| services.suricata.settings.exception-policy | Define a common behavior for all exception policies
|
| services.openssh.settings.AuthorizedPrincipalsFile | Specifies a file that lists principal names that are accepted for certificate authentication
|
| services.prometheus.exporters.script.settings | Free-form configuration for script_exporter, expressed as a Nix attrset and rendered to YAML.
Migration note:
The previous format using script = "sleep 5" is no longer supported
|
| services.anubis.defaultOptions.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.orgId | Organization ID, default = 1
|
| services.prowlarr.settings.update.automatically | Automatically download and install updates.
|
| services.taler.exchange.settings.exchangedb-postgres.CONFIG | Database connection URI.
|
| services.taler.merchant.settings.merchantdb-postgres.CONFIG | Database connection URI.
|
| services.whisparr.settings.update.automatically | Automatically download and install updates.
|
| services.grafana-image-renderer.settings.rendering.mode | Rendering mode of grafana-image-renderer:
default: Creates on browser-instance
per rendering request.reusable: One browser instance
will be started and reused for each rendering request.clustered: allows to precisely
configure how many browser-instances are supposed to be used
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPorts | See torrc manual.
|
| services.anubis.instances.<name>.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.biboumi.settings.xmpp_server_ip | The IP address to connect to the XMPP server on
|
| services.autosuspend.settings.wakeup_cmd | The command to execute for scheduling a wake up of the system
|
| services.headscale.settings.oidc.allowed_users | Users allowed to authenticate even if not in allowedDomains.
|
| services.nextcloud-spreed-signaling.settings.https.listen | IP and port to listen on for HTTPS requests, in the format of ip:port
|
| services.grafana.provision.dashboards.settings.apiVersion | Config file version.
|
| services.nextcloud-spreed-signaling.settings.backend.timeout | Timeout in seconds for requests to the backend
|
| services.kerberos_server.settings.module | Modules to obtain Kerberos configuration from.
|
| services.kerberos_server.settings.realms | The realm(s) to serve keys for.
|
| services.factorio.mods-dat | Mods settings can be changed by specifying a dat file, in the mod
settings file
format.
|
| services.opensearch.settings."plugins.security.disabled" | Whether to enable the security plugin,
plugins.security.ssl.transport.keystore_filepath or
plugins.security.ssl.transport.server.pemcert_filepath and
plugins.security.ssl.transport.client.pemcert_filepath
must be set for this plugin to be enabled.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable | See torrc manual.
|
| services.hddfancontrol.settings.<drive-bay-name>.pwmPaths | PWM filepath(s) to control fan speed (under /sys), followed by initial and fan-stop PWM values
Can also use command substitution to ensure the correct hwmonX is selected on every boot
|
| services.public-inbox.settings.publicinbox.imapserver | IMAP URLs to this public-inbox instance
|
| services.public-inbox.settings.publicinbox.pop3server | POP3 URLs to this public-inbox instance
|
| services.public-inbox.settings.publicinbox.nntpserver | NNTP URLs to this public-inbox instance
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| services.journald.upload.settings.Upload.NetworkTimeoutSec | When network connectivity to the server is lost, this option
configures the time to wait for the connectivity to get restored
|
| services.sabnzbd.settings.misc.bandwidth_perc | Percentage of bandwidth_max that sabnzbd is allowed to use.
0 means no limit.
|
| services.minidlna.settings.root_container | Use a different container as the root of the directory tree presented to clients.
|
| services.grafana.provision.alerting.contactPoints.settings | Grafana contact points configuration in Nix
|
| services.dependency-track.settings."alpine.database.mode" | Defines the database mode of operation
|
| services.chhoto-url.settings.redirect_method | The redirect method to use.
|
| documentation.man.mandoc.settings | Configuration for man.conf(5)
|
| services.headscale.settings.dns.extra_records.*.name | DNS record name.
|
| services.headscale.settings.dns.extra_records.*.type | DNS record type.
|
| services.nextcloud-spreed-signaling.settings.etcd.endpoints | List of static etcd endpoints to connect to.
|
| services.lasuite-docs.collaborationServer.settings.PORT | Port used by collaboration server to listen to
|
| services.sabnzbd.settings.ntfosd.ntfosd_enable | Whether to enable NotifyOSD alerts
|
| services.sourcehut.settings."lists.sr.ht::worker".reject-mimetypes | Comma-delimited list of Content-Types to reject
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes | List of mute time intervals to import or update.
|
| services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| services.libeufin.nexus.settings.libeufin-nexusdb-postgres.CONFIG | The database connection string for the libeufin-nexus database.
|
| services.suricata.settings.classification-file | Suricata classification configuration file.
|
| services.grafana.provision.alerting.templates.settings | Grafana templates configuration in Nix
|
| services.suricata.settings.dpdk.interfaces.*.interface | See upstream docs: docs/capture-hardware/dpdk and docs/configuration/suricata-yaml.html#data-plane-development-kit-dpdk.
|
| services.prometheus.exporters.fritz.settings.log_level | Log level to use for the exporter.
|
| services.nipap.settings.auth.default_backend | Name of auth backend to use by default.
|
| services.postfix-tlspol.settings.server.socket-permissions | Permissions to the UNIX socket, if configured.
Due to hardening on the systemd unit the socket can never be created world readable/writable.
|
| services.archisteamfarm.settings | The ASF.json file, all the options are documented here
|
| virtualisation.cri-o.settings | Configuration for cri-o, see
https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md.
|
| services.grafana.provision.datasources.settings.prune | When true, provisioned datasources from this file will be deleted
automatically when removed from
services.grafana.provision.datasources.settings.datasources.
|
| services.wgautomesh.settings.lan_discovery | Enable discovery of peers on the same LAN using UDP broadcast.
|
| services.matrix-appservice-irc.settings.homeserver.domain | The 'domain' part for user IDs on this home server
|
| services.headscale.settings.prefixes.allocation | Strategy used for allocation of IPs to nodes, available options:
- sequential (default): assigns the next free IP from the previous given IP.
- random: assigns the next free IP from a pseudo-random IP generator (crypto/rand).
|
| services.bonsaid.settings.*.delay_duration | Nanoseconds to wait after the previous state change before performing this transition
|
| services.public-inbox.settings.publicinbox.wwwlisting | Controls which lists (if any) are listed for when the root
public-inbox URL is accessed over HTTP.
|
| services.transmission.settings.script-torrent-done-enabled | Whether to run
services.transmission.settings.script-torrent-done-filename
at torrent completion.
|
| services.crowdsec.settings.console.configuration | Attributes inside the console.yaml file.
|
| services.warpgate.settings.http.cookie_max_age | How long until logged in cookie expires.
|
| services.matrix-synapse.settings.enable_metrics | Enable collection and rendering of performance metrics
|
| security.pam.u2f.settings.interactive | Set to prompt a message and wait before testing the presence of a U2F device
|
| services.prometheus.exporters.nginxlog.settings.consul | Consul integration options
|
| services.prometheus.alertmanager-ntfy.settings.http.addr | The address to listen on.
|
| services.pgbouncer.settings.pgbouncer.listen_port | Which port to listen on
|
| services.transmission.settings.incomplete-dir | When enabled with
services.transmission.home
services.transmission.settings.incomplete-dir-enabled,
new torrents will download the files to this directory
|
| services.grafana.settings.database.max_open_conn | The maximum number of open connections to the database.
|
| services.authelia.instances.<name>.settings.log.keep_stdout | Whether to also log to stdout when a file_path is defined.
|
| services.tlsrpt.reportd.settings.sender_address | Sender address used for reports.
|
| services.matrix-synapse.settings.listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| services.transmission.settings.incomplete-dir-enabled | |
| services.kerberos_server.settings.include | Files to include in the Kerberos configuration.
|
| services.matrix-continuwuity.settings.global.address | Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
|
| services.maubot.settings.crypto_database | Separate database URL for the crypto database
|
| services.grafana.settings.security.cookie_secure | Set to true if you host Grafana behind HTTPS.
|
| services.grafana.settings.database.max_idle_conn | The maximum number of connections in the idle connection pool.
|
| services.slskd.settings.retention.transfers.download.errored | Lifespan of errored download tasks.
|
| services.system76-scheduler.settings.cfsProfiles.default.latency | sched_latency_ns.
|
| services.mpd.settings.music_directory | The directory or URI where MPD reads music from
|
| services.umurmur.settings.default_channel | The channel in which users will appear in when connecting.
|
| services.mchprs.settings.block_in_hitbox | Allow placing blocks inside of players
(hitbox logic is simplified)
|
| services.headscale.settings.dns.extra_records.*.value | DNS record value (IP address).
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.signingKeyPath | Path to the signing key file for authenticated media.
|
| services.matrix-synapse.settings.public_baseurl | The public-facing base URL for the client API (not including _matrix/...)
|