| security.googleOsLogin.enable | Whether to enable Google OS Login
|
| services.pgbouncer.settings.pgbouncer.listen_port | Which port to listen on
|
| services.transmission.settings.incomplete-dir | When enabled with
services.transmission.home
services.transmission.settings.incomplete-dir-enabled,
new torrents will download the files to this directory
|
| services.grafana.settings.database.max_open_conn | The maximum number of open connections to the database.
|
| services.tlsrpt.reportd.settings.sender_address | Sender address used for reports.
|
| services.matrix-synapse.settings.listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| services.transmission.settings.incomplete-dir-enabled | |
| services.kerberos_server.settings.include | Files to include in the Kerberos configuration.
|
| services.matrix-continuwuity.settings.global.address | Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
|
| services.hydra.useSubstitutes | Whether to use binary caches for downloading store paths
|
| services.maubot.settings.crypto_database | Separate database URL for the crypto database
|
| services.grafana.settings.security.cookie_secure | Set to true if you host Grafana behind HTTPS.
|
| services.grafana.settings.database.max_idle_conn | The maximum number of connections in the idle connection pool.
|
| services.slskd.settings.retention.transfers.download.errored | Lifespan of errored download tasks.
|
| services.system76-scheduler.settings.cfsProfiles.default.latency | sched_latency_ns.
|
| services.mpd.settings.music_directory | The directory or URI where MPD reads music from
|
| services.umurmur.settings.default_channel | The channel in which users will appear in when connecting.
|
| services.mchprs.settings.block_in_hitbox | Allow placing blocks inside of players
(hitbox logic is simplified)
|
| services.headscale.settings.dns.extra_records.*.value | DNS record value (IP address).
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.signingKeyPath | Path to the signing key file for authenticated media.
|
| services.matrix-synapse.settings.public_baseurl | The public-facing base URL for the client API (not including _matrix/...)
|
| services.system76-scheduler.settings.cfsProfiles.default.preempt | Preemption mode.
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| services.parsedmarc.settings.elasticsearch.ssl | Whether to use an encrypted SSL/TLS connection.
|
| services.system76-scheduler.settings.cfsProfiles.default.nr-latency | sched_nr_latency.
|
| services.grafana.provision.alerting.muteTimings.settings.apiVersion | Config file version.
|
| services.n8n.environment.GENERIC_TIMEZONE | The n8n instance timezone
|
| services.prometheus.exporters.script.settings.scripts.*.script | Shell script to execute when metrics are requested.
|
| services.kerberos_server.settings.realms.<name>.acl | The privileges granted to a user.
|
| programs.openvpn3.log-service.settings.journald | Use systemd-journald
|
| services.hddfancontrol.settings.<drive-bay-name>.logVerbosity | Verbosity of the log level
|
| services.tor.settings.UseMicrodescriptors | See torrc manual.
|
| services.nvme-rs.settings.thresholds.wear_critical | Wear critical threshold (%)
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.ttlSeconds | Lifetime in seconds, that generated URLs stay valid
|
| services.slskd.settings.retention.transfers.upload.cancelled | Lifespan of cancelled upload tasks.
|
| services.system76-scheduler.settings.processScheduler.enable | Tweak scheduling of individual processes in real time.
|
| services.slskd.settings.retention.transfers.upload.succeeded | Lifespan of succeeded upload tasks.
|
| services.transmission.settings.trash-original-torrent-files | Whether to delete torrents added from the
services.transmission.settings.watch-dir.
|
| services.nextcloud-spreed-signaling.settings.backend.allowall | Allow any hostname as backend endpoint
|
| services.pgbouncer.settings.pgbouncer.pool_mode | Specifies when a server connection can be reused by other clients.
session
Server is released back to pool after client disconnects
|
| services.parsedmarc.settings.elasticsearch.user | Username to use when connecting to Elasticsearch, if
required.
|
| services.nvme-rs.settings.thresholds.temp_critical | Temperature critical threshold (°C)
|
| services.nvme-rs.settings.thresholds.spare_warning | Available spare warning threshold (%)
|
| services.simplesamlphp.<name>.localDomain | The domain serving your SimpleSAMLphp instance
|
| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes.*.name | Name of the mute time interval, must be unique
|
| services.grafana.provision.alerting.policies.settings.apiVersion | Config file version.
|
| services.geoipupdate.settings.DatabaseDirectory | The directory to store the database files in
|
| services.grafana.provision.datasources.settings.apiVersion | Config file version.
|
| services.warpgate.settings.sso_providers.*.provider | SSO provider configurations.
|
| services.grafana.settings.database.query_retries | This setting applies to sqlite3 only and controls the number of times the system retries a query when the database is locked.
|
| services.homebridge.settings.accessories.*.accessory | Accessory type
|
| services.nextcloud.settings.mail_smtphost | This depends on mail_smtpmode
|
| services.nitter.preferences.replaceTwitter | Replace Twitter links with links to this instance (blank to disable).
|
| services.angrr.settings.temporary-root-policies.<name>.filter.arguments | Extra command-line arguments pass to the external filter program.
|
| services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in)
|
| services.headscale.settings.dns.search_domains | Search domains to inject to Tailscale clients.
|
| virtualisation.podman.defaultNetwork.settings | Settings for podman's default network.
|
| nix.settings.trusted-substituters | List of binary cache URLs that non-root users can use (in
addition to those specified using
nix.settings.substituters) by passing
--option binary-caches to Nix commands.
|
| services.grafana.settings.server.enforce_domain | Redirect to correct domain if the host header does not match the domain
|
| services.stash.settings.sound_on_preview | Enable sound on mouseover previews
|
| services.stash.settings.preview_segments | Number of segments in a preview file
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit | See torrc manual.
|
| services.libretranslate.domain | The domain serving your LibreTranslate instance
|
| services.nextcloud.settings.mail_smtpdebug | Enable SMTP class debugging.
loglevel will likely need to be adjusted too.
See docs.
|
| services.prometheus.exporters.script.settings.scripts.*.timeout | Optional timeout for the script in seconds.
|
| services.parsedmarc.settings.elasticsearch.hosts | A list of Elasticsearch hosts to push parsed reports
to.
|
| services.warpgate.settings.postgres.external_port | The PostgreSQL listener is reachable via this port externally.
|
| services.grafana.provision.alerting.rules.settings.groups.*.interval | Interval that the rule group should be evaluated at
|
| services.grafana.provision.dashboards.settings.providers | List of dashboards to insert/update.
|
| services.mollysocket.settings.allowed_uuids | UUIDs of Signal accounts that may use this server
|
| services.kanidm.server.settings.online_backup.schedule | The schedule for backups in cron format.
|
| services.listmonk.database.settings."app.notify_emails" | Administrator emails for system notifications
|
| networking.networkmanager.settings | Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this
|
| services.keycloak.settings.hostname-backchannel-dynamic | Enables dynamic resolving of backchannel URLs,
including hostname, scheme, port and context path
|
| services.mediagoblin.settings.mediagoblin.plugins | Plugins to enable
|
| services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes | List of mute time intervals that should be deleted.
|
| services.grafana.settings.server.router_logging | Set to true for Grafana to log all HTTP requests (not just errors)
|
| services.matrix-synapse.package | Reference to the matrix-synapse wrapper with all extras
(e.g. for oidc or saml2) added to the PYTHONPATH of all executables
|
| services.syncthing.settings.options.maxFolderConcurrency | This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning
|
| services.dovecot2.pluginSettings | Plugin settings for dovecot in general, e.g. sieve, sieve_default, etc
|
| services.mpdscribble.passwordFile | File containing the password for the mpd daemon
|
| services.misskey.meilisearch.createLocally | Create and use a local Meilisearch instance
|
| services.prometheus.exporters.fritz.settings.devices.*.hostname | Hostname under which the target device is reachable.
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| services.grafana.provision.alerting.contactPoints.settings.apiVersion | Config file version.
|
| security.pam.u2f.settings.authfile | By default pam-u2f module reads the keys from
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set)
|
| services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| services.omnom.settings.app.results_per_page | Number of results per page.
|
| services.grafana.provision.alerting.policies.settings.policies | List of contact points to import or update.
|
| services.warpgate.settings.config_provider | Source of truth of users
|
| services.matrix-conduit.settings.global.database_path | Path to the conduit database, the directory where conduit will save its data
|
| services.openldap.configDir | Use this config directory instead of generating one from the
settings option
|
| services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| services.glitchtip.settings.ENABLE_USER_REGISTRATION | When true, any user will be able to register
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.firefox-syncserver.settings.tokenserver.enabled | Whether to enable the token service as well.
|
| services.veilid.settings.client_api.ipc_directory | IPC directory where file sockets are stored.
|
| services.synapse-auto-compressor.settings.chunk_size | The number of state groups to work on at once
|
| services.openssh.settings.PasswordAuthentication | Specifies whether password authentication is allowed.
|