| services.suricata.settings.dpdk.interfaces.*.interface | See upstream docs: docs/capture-hardware/dpdk and docs/configuration/suricata-yaml.html#data-plane-development-kit-dpdk.
|
| services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes | List of mute time intervals that should be deleted.
|
| services.lasuite-docs.collaborationServer.settings | Configuration options of collaboration server
|
| services.postfix-tlspol.settings.server.socket-permissions | Permissions to the UNIX socket, if configured.
Due to hardening on the systemd unit the socket can never be created world readable/writable.
|
| services.radicle.ci.adapters.native.instances.<name>.settings.base_url | Base URL for build logs (mandatory for access from CI broker page).
|
| services.lldap.settings.jwt_secret_file | Path to a file containing the JWT secret.
|
| services.tuned.settings.update_interval | Update interval for dynamic tuning (in seconds).
|
| services.nipap.settings.auth.default_backend | Name of auth backend to use by default.
|
| virtualisation.xen.store.settings.persistent | Whether to activate the filed base backend.
|
| services.suricata.settings.exception-policy | Define a common behavior for all exception policies
|
| services.autosuspend.settings.suspend_cmd | The command to execute in case the host shall be suspended
|
| documentation.man.mandoc.settings.output.fragment | Whether to omit the declaration and the , , and
elements and only emit the subtree below the element in HTML
output of mandoc(1)
|
| services.headscale.settings.prefixes.allocation | Strategy used for allocation of IPs to nodes, available options:
- sequential (default): assigns the next free IP from the previous given IP.
- random: assigns the next free IP from a pseudo-random IP generator (crypto/rand).
|
| virtualisation.docker.daemon.settings.live-restore | Allow dockerd to be restarted without affecting running container
|
| services.tor.settings.V3AuthoritativeDirectory | See torrc manual.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.quickwit.settings.listen_address | Listen address of Quickwit.
|
| services.matrix-appservice-irc.settings.homeserver.domain | The 'domain' part for user IDs on this home server
|
| services.public-inbox.settings.publicinbox.wwwlisting | Controls which lists (if any) are listed for when the root
public-inbox URL is accessed over HTTP.
|
| services.grafana.provision.datasources.settings.apiVersion | Config file version.
|
| services.grafana.provision.alerting.contactPoints.settings.apiVersion | Config file version.
|
| services.crowdsec.settings.console.configuration | Attributes inside the console.yaml file.
|
| services.warpgate.settings.http.cookie_max_age | How long until logged in cookie expires.
|
| programs.starship.presets | Presets files to be merged with settings in order.
|
| services.openssh.settings.AuthorizedPrincipalsFile | Specifies a file that lists principal names that are accepted for certificate authentication
|
| virtualisation.docker.rootless.daemon.settings | Configuration for docker daemon
|
| services.grafana.provision.alerting.policies.settings.policies | List of contact points to import or update.
|
| services.automysqlbackup.settings | automysqlbackup configuration
|
| services.pgbouncer.settings.pgbouncer.listen_port | Which port to listen on
|
| services.grafana.settings.database.max_open_conn | The maximum number of open connections to the database.
|
| services.matrix-continuwuity.settings.global.address | Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
|
| services.authelia.instances.<name>.settings.log.keep_stdout | Whether to also log to stdout when a file_path is defined.
|
| services.autosuspend.settings.wakeup_cmd | The command to execute for scheduling a wake up of the system
|
| services.tlsrpt.reportd.settings.sender_address | Sender address used for reports.
|
| services.anubis.instances.<name>.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.kea.dhcp-ddns.configFile | Kea DHCP-DDNS configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/ddns.html
|
| services.biboumi.settings.xmpp_server_ip | The IP address to connect to the XMPP server on
|
| services.hddfancontrol.settings.<drive-bay-name>.disks | Drive(s) to get temperature from
Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| services.grafana.settings.security.cookie_secure | Set to true if you host Grafana behind HTTPS.
|
| services.grafana.settings.database.max_idle_conn | The maximum number of connections in the idle connection pool.
|
| services.grafana.provision.alerting.templates.settings.apiVersion | Config file version.
|
| services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.orgId | Organization ID, default = 1.
|
| virtualisation.xen.store.settings.xenstored.accessLog.file | Path to the Xen Store access log file.
|
| services.veilid.settings.core.network.dht.min_peer_count | Minimum number of nodes to keep in the peer table.
|
| services.prometheus.exporters.script.settings.scripts.*.timeout | Optional timeout for the script in seconds.
|
| services.kerberos_server.settings.module | Modules to obtain Kerberos configuration from.
|
| services.kerberos_server.settings.realms | The realm(s) to serve keys for.
|
| services.headscale.settings.dns.extra_records.*.value | DNS record value (IP address).
|
| security.agnos.settings.accounts.*.certificates.*.domains | Domains the certificate represents
|
| services.parsedmarc.settings.elasticsearch.ssl | Whether to use an encrypted SSL/TLS connection.
|
| services.pgbouncer.settings.pgbouncer.pool_mode | Specifies when a server connection can be reused by other clients.
session
Server is released back to pool after client disconnects
|
| services.grafana.provision.dashboards.settings.providers | List of dashboards to insert/update.
|
| services.kanidm.server.settings.online_backup.schedule | The schedule for backups in cron format.
|
| security.auditd.settings.space_left | If the free space in the filesystem containing log_file drops below this value, the audit daemon takes the action specified by
space_left_action
|
| services.minidlna.settings.root_container | Use a different container as the root of the directory tree presented to clients.
|
| services.nvme-rs.settings.thresholds.wear_critical | Wear critical threshold (%)
|
| services.chhoto-url.settings.redirect_method | The redirect method to use.
|
| services.system76-scheduler.settings.processScheduler.enable | Tweak scheduling of individual processes in real time.
|
| services.nextcloud-spreed-signaling.settings.backend.allowall | Allow any hostname as backend endpoint
|
| services.parsedmarc.settings.elasticsearch.user | Username to use when connecting to Elasticsearch, if
required.
|
| services.opentelemetry-collector.settings | Specify the configuration for Opentelemetry Collector in Nix
|
| services.prometheus.exporters.fritz.settings.devices.*.hostname | Hostname under which the target device is reachable.
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| services.nvme-rs.settings.thresholds.temp_critical | Temperature critical threshold (°C)
|
| services.nvme-rs.settings.thresholds.spare_warning | Available spare warning threshold (%)
|
| services.suricata.settings.classification-file | Suricata classification configuration file.
|
| services.gitea.settings.service.DISABLE_REGISTRATION | By default any user can create an account on this gitea instance
|
| nix.checkAllErrors | If enabled, checks the nix.conf parsing for any kind of error
|
| services.slskd.settings.retention.transfers.download.succeeded | Lifespan of succeeded download tasks.
|
| services.slskd.settings.retention.transfers.download.cancelled | Lifespan of cancelled download tasks.
|
| services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.name | Name of the mute time interval, must be unique
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.grafana.settings.database.query_retries | This setting applies to sqlite3 only and controls the number of times the system retries a query when the database is locked.
|
| services.veilid.settings.core.network.routing_table.node_id | Base64-encoded public key for the node, used as the node's ID.
|
| services.angrr.settings.temporary-root-policies.<name>.filter.arguments | Extra command-line arguments pass to the external filter program.
|
| services.wgautomesh.settings.lan_discovery | Enable discovery of peers on the same LAN using UDP broadcast.
|
| services.headscale.settings.dns.search_domains | Search domains to inject to Tailscale clients.
|
| services.transmission.settings.script-torrent-done-enabled | Whether to run
services.transmission.settings.script-torrent-done-filename
at torrent completion.
|
| services.matrix-synapse.settings.enable_metrics | Enable collection and rendering of performance metrics
|
| services.grafana.settings.server.enforce_domain | Redirect to correct domain if the host header does not match the domain
|
| services.transmission.settings.incomplete-dir | When enabled with
services.transmission.home
services.transmission.settings.incomplete-dir-enabled,
new torrents will download the files to this directory
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit | See torrc manual.
|
| services.kanidm.server.settings.online_backup.versions | Number of backups to keep
|
| services.grafana.provision.alerting.policies.settings.resetPolicies | List of orgIds that should be reset to the default policy.
|
| services.journald.upload.settings.Upload.TrustedCertificateFile | SSL CA certificate
|
| virtualisation.xen.store.settings.perms.enableWatch | Whether to enable the watch permission system
|
| services.matrix-synapse.settings.listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| services.grafana.provision.dashboards.settings.providers.*.name | A unique provider name.
|
| services.grafana.provision.dashboards.settings.providers.*.type | Dashboard provider type.
|
| services.mobilizon.settings.":mobilizon".":instance".hostname | Your instance's hostname
|
| services.kerberos_server.settings.include | Files to include in the Kerberos configuration.
|
| services.maubot.settings.crypto_database | Separate database URL for the crypto database
|
| services.transmission.settings.incomplete-dir-enabled | |
| services.authelia.instances.<name>.settings.telemetry.metrics.enabled | Enable Metrics.
|
| services.parsedmarc.settings.elasticsearch.hosts | A list of Elasticsearch hosts to push parsed reports
to.
|
| services.warpgate.settings.postgres.external_port | The PostgreSQL listener is reachable via this port externally.
|
| services.mpd.settings.music_directory | The directory or URI where MPD reads music from
|
| security.agnos.settings.dns_listen_addr | Address for agnos to listen on
|