| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| services.tor.settings.ServerTransportPlugin.transports | List of pluggable transports.
|
| hardware.tuxedo-drivers.settings.fn-lock | Enables or disables the laptop keyboard's Function (Fn) lock at boot
|
| services.your_spotify.settings.SPOTIFY_PUBLIC | The public client ID of your Spotify application
|
| services.armagetronad.servers.<name>.settings | Armagetron Advanced server rules configuration
|
| services.tuned.settings.sleep_interval | Interval in which the TuneD daemon is waken up and checks for events (in seconds).
|
| services.homebridge.settings.platforms.*.platform | Platform type
|
| services.slskd.settings.retention.transfers.upload.errored | Lifespan of errored upload tasks.
|
| services.nextcloud-spreed-signaling.settings.http.listen | IP and port to listen on for HTTP requests, in the format of ip:port
|
| services.taler.exchange.settings.exchange.CURRENCY_ROUND_UNIT | Smallest amount in this currency that can be transferred using the underlying RTGS
|
| services.veilid.settings.core.block_store.directory | The filesystem directory to store blocks for the block store.
|
| services.veilid.settings.core.table_store.directory | The filesystem directory to store your table store within.
|
| services.headscale.settings.dns.base_domain | Defines the base domain to create the hostnames for MagicDNS
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| services.sourcehut.settings."builds.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.warpgate.settings.postgres.certificate | Path to PostgreSQL listener certificate.
|
| services.postsrsd.settings.unprivileged-user | Unprivileged user to drop privileges to.
Our systemd unit never runs postsrsd as a privileged process, so this option is read-only.
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.pretix.database.createLocally | Whether to automatically set up the database on the local DBMS instance
|
| services.tuned.settings.reapply_sysctl | Whether to enable the reapplying of global sysctls after TuneD sysctls are applied.
|
| services.grafana.provision.alerting.rules.settings.deleteRules | List of alert rule UIDs that should be deleted.
|
| services.grafana.settings.security.secret_key | Secret key used for signing
|
| services.epgstation.settings.concurrentEncodeNum | The maximum number of encoding jobs that EPGStation would run at the
same time.
|
| services.slskd.settings.directories.incomplete | Directory where incomplete downloading files are stored.
|
| services.borgmatic.settings.repositories.*.path | Path to the repository
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| services.sharkey.settings.fulltextSearch.provider | Which provider to use for full text search
|
| services.headscale.settings.oidc.extra_params | Custom query parameters to send with the Authorize Endpoint request.
|
| services.matrix-appservice-irc.settings.homeserver.url | The URL to the home server for client-server API calls
|
| services.mackerel-agent.settings.host_status.on_stop | Host status after agent shutdown.
|
| services.prometheus.exporters.process.settings.process_names | All settings expressed as an Nix attrset
|
| services.filesender.settings.admin_email | Email address of FileSender administrator(s)
|
| services.syncthing.settings.folders.<name>.versioning.type | The type of versioning
|
| services.grafana.provision.alerting.muteTimings.settings | Grafana mute timings configuration in Nix
|
| services.dendrite.settings.sync_api.search.index_path | The path the search index will be created in.
|
| services.warpgate.settings.sso_providers | Configure OIDC single sign-on providers.
|
| services.ncps.cache.lock.backend | Lock backend to use: 'local' (single instance), 'redis'
(distributed), 'postgres' (distributed, requires PostgreSQL)
|
| services.kanidm.server.settings.online_backup.path | Path to the output directory for backups.
|
| services.nextcloud.settings.enabledPreviewProviders | The preview providers that should be explicitly enabled.
|
| services.tandoor-recipes.enable | Enable Tandoor Recipes
|
| services.libeufin.bank.settings.libeufin-bankdb-postgres.CONFIG | The database connection string for the libeufin-bank database.
|
| services.nextcloud-spreed-signaling.settings.grpc.targets | For target type static: List of GRPC targets to connect to for clustering mode.
|
| services.warpgate.settings.ssh.external_port | The SSH listener is reachable via this port externally.
|
| services.prometheus.exporters.fritz.settings.devices.*.name | Name to use for the device.
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.uid | Unique identifier for the rule
|
| services.nextcloud-spreed-signaling.settings.turn.servers | A list of TURN servers to use
|
| hardware.nvidia.datacenter.settings | Additional configuration options for fabricmanager.
|
| services.firewalld.settings.NftablesFlowtable | This may improve forwarded traffic throughput by enabling nftables flowtable
|
| services.grafana.settings.users.default_theme | Sets the default UI theme. system matches the user's system theme.
|
| services.grafana.provision.alerting.policies.settings | Grafana notification policies configuration in Nix
|
| services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.sourcehut.settings."hg.sr.ht".changegroup-script | A changegroup script which is installed in every mercurial repo
|
| services.dependency-track.settings."alpine.oidc.teams.default" | Defines one or more team names that auto-provisioned OIDC users shall be added to
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.grafana.settings.server.read_timeout | Sets the maximum time using a duration format (5s/5m/5ms)
before timing out read of an incoming request and closing idle connections.
0 means there is no timeout for reading the request.
|
| services.borgmatic.settings.repositories.*.label | Label to the repository
|
| services.tor.settings.CookieAuthentication | See torrc manual.
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.orgId | Organization ID, default = 1
|
| services.syncthing.settings.options.localAnnounceEnabled | Whether to send announcements to the local LAN, also use such announcements to find other devices.
|
| services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| services.lasuite-meet.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| services.readarr.settings.update.automatically | Automatically download and install updates.
|
| services.scrutiny.influxdb.enable | Enables InfluxDB on the host system using the services.influxdb2 NixOS module
with default options
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.publicUrl | URL under which the media proxy is publicly acccessible.
|
| services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| services.warpgate.settings.http.external_port | The HTTP listener is reachable via this port externally.
|
| services.nextcloud-spreed-signaling.settings.turn.apikeyFile | The path to the file containing the value for turn.apikey
|
| services.nextcloud-spreed-signaling.settings.turn.secretFile | The path to the file containing the value for turn.secret
|
| services.your_spotify.settings.CLIENT_ENDPOINT | The endpoint of your web application
|
| services.immichframe.settings.Accounts.*.ImmichServerUrl | The URL of your Immich server.
|
| services.sabnzbd.settings.misc.bandwidth_max | Maximum bandwidth in bytes(!)/sec (supports prefixes)
|
| services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|
| services.synapse-auto-compressor.settings.levels | Sizes of each new level in the compression algorithm, as a comma-separated list
|
| services.mjolnir.pantalaimon | pantalaimon options (enables E2E Encryption support)
|
| services.journald.upload.settings.Upload.NetworkTimeoutSec | When network connectivity to the server is lost, this option
configures the time to wait for the connectivity to get restored
|
| services.suricata.settings.logging.stacktrace-on-signal | Requires libunwind to be available when Suricata is configured and built
|
| services.navidrome.settings.EnableInsightsCollector | Enable anonymous usage data collection, see https://www.navidrome.org/docs/getting-started/insights/ for details.
|
| services.your_spotify.settings.API_ENDPOINT | The endpoint of your server
This api has to be reachable from the device you use the website from not from the server
|
| services.dependency-track.settings."alpine.data.directory" | Defines the path to the data directory
|
| services.prometheus.exporters.script.settings.scripts.*.name | Name of the script.
|
| services.postfix.settings.main.mydestination | List of domain names intended for local delivery using /etc/passwd and /etc/aliases.
Do not include virtual domains in this list.
https://www.postfix.org/postconf.5.html#mydestination
|
| services.waagent.settings.Provisioning.Enable | Whether to enable provisioning functionality in the agent
|
| services.grafana.provision.datasources.settings | Grafana datasource configuration in Nix
|
| services.warpgate.settings.sso_providers.*.name | Internal identifier of SSO provider.
|
| services.hercules-ci-agent.settings.staticSecretsDirectory | This is the default directory to look for statically configured secrets like cluster-join-token.key
|
| services.matrix-synapse.settings.listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.prometheus.exporters.script.settings | Free-form configuration for script_exporter, expressed as a Nix attrset and rendered to YAML.
Migration note:
The previous format using script = "sleep 5" is no longer supported
|
| services.hddfancontrol.settings.<drive-bay-name>.extraArgs | Extra commandline arguments for hddfancontrol
|
| services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| services.veilid.settings.client_api.ipc_enabled | veilid-server will respond to Python and other JSON client requests.
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes | List of mute time intervals to import or update.
|
| services.taler.exchange.settings.exchangedb-postgres.CONFIG | Database connection URI.
|
| services.taler.merchant.settings.merchantdb-postgres.CONFIG | Database connection URI.
|
| services.crowdsec-firewall-bouncer.settings.api_key | API key to authenticate with a local crowdsec API
|
| services.grafana.settings.users.allow_sign_up | Set to false to prohibit users from being able to sign up / create user accounts
|
| services.mackerel-agent.settings.host_status.on_start | Host status after agent startup.
|
| services.suricata.settings.exception-policy | Define a common behavior for all exception policies
|