| nix.settings.trusted-substituters | List of binary cache URLs that non-root users can use (in
addition to those specified using
nix.settings.substituters) by passing
--option binary-caches to Nix commands.
|
| services.pgbouncer.settings.pgbouncer.listen_addr | Specifies a list (comma-separated) of addresses where to listen for TCP connections
|
| services.kanidm.server.settings.ldapbindaddress | Address and port the LDAP server is bound to
|
| services.warpgate.settings.http.session_max_age | How long until a logged in session expires.
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints | List of contact points to import or update.
|
| services.syncthing.settings.folders.<name>.ignorePatterns | Syncthing can be configured to ignore certain files in a folder using ignore patterns
|
| services.prometheus.alertmanagerIrcRelay.settings | Configuration for Alertmanager IRC Relay as a Nix attribute set
|
| services.warpgate.settings.config_provider | Source of truth of users
|
| services.matrix-appservice-irc.settings.database.connectionString | The database connection string
|
| services.sabnzbd.settings.misc.inet_exposure | Restrictions for access from non-local IP addresses
|
| services.matrix-synapse.settings.listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.kea.dhcp-ddns.configFile | Kea DHCP-DDNS configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/ddns.html
|
| services.openssh.settings.PasswordAuthentication | Specifies whether password authentication is allowed.
|
| services.nitter.preferences.replaceReddit | Replace Reddit links with links to this instance (blank to disable).
|
| services.livekit.settings.rtc.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| services.system76-scheduler.settings.cfsProfiles.default.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| services.tlsrpt.reportd.settings.sendmail_script | Path to a sendmail-compatible executable for delivery reports.
|
| services.slskd.settings.flags.force_share_scan | Force a rescan of shares on every startup.
|
| services.chhoto-url.settings.disable_frontend | Whether to disable the frontend.
|
| virtualisation.podman.defaultNetwork.settings | Settings for podman's default network.
|
| services.parsedmarc.settings.general.save_forensic | Save forensic report data to Elasticsearch and/or Splunk.
|
| services.grafana.provision.alerting.templates.settings.templates | List of templates to import or update.
|
| services.kmonad.keyboards.<name>.extraGroups | Extra permission groups to attach to the KMonad instance for
this keyboard
|
| services.nezha-agent.settings.skip_procs_count | Do not monitor the number of processes.
|
| services.prometheus.exporters.fritz.settings.devices.*.host_info | Enable extended host info for this device. Warning: This will heavily increase scrape time.
|
| services.matrix-synapse.settings.max_upload_size | The largest allowed upload size in bytes
|
| programs.openvpn3.log-service.settings.log_level | How verbose should the logging be
|
| services.hydra.useSubstitutes | Whether to use binary caches for downloading store paths
|
| services.chhoto-url.settings.try_longer_slugs | Whether to try a longer UID upon collision.
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.name | Name of the contact point
|
| services.nextcloud-spreed-signaling.settings.sessions.hashkeyFile | The path to the file containing the value for sessions.hashkey
|
| services.filebeat.settings.output.elasticsearch.hosts | The list of Elasticsearch nodes to connect to
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| services.system76-scheduler.settings.cfsProfiles.responsive.latency | sched_latency_ns.
|
| programs.openvpn3.log-service.settings.timestamp | Add timestamp log file
|
| services.kerberos_server.settings.realms.<name>.acl.*.target | The principals that 'access' applies to.
|
| services.n8n.environment.GENERIC_TIMEZONE | The n8n instance timezone
|
| services.livekit.settings.rtc.port_range_start | Start of UDP port range for WebRTC
|
| services.system76-scheduler.settings.cfsProfiles.responsive.preempt | Preemption mode.
|
| services.system76-scheduler.settings.cfsProfiles.responsive.nr-latency | sched_nr_latency.
|
| services.lifecycled.cloudwatchStream | Write logs to a specific Cloudwatch Logs stream
|
| services.nextcloud.settings.mail_smtpmode | Which mode to use for sending mail
|
| services.prometheus.exporters.nginxlog.settings.namespaces | Namespaces to collect the metrics for
|
| networking.networkmanager.settings | Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this
|
| services.openldap.configDir | Use this config directory instead of generating one from the
settings option
|
| services.nextcloud-spreed-signaling.settings.https.certificate | Path to the certificate used for the HTTPS listener
|
| services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| services.matrix-synapse.package | Reference to the matrix-synapse wrapper with all extras
(e.g. for oidc or saml2) added to the PYTHONPATH of all executables
|
| virtualisation.xen.store.settings | The OCaml-based Xen Store Daemon configuration
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| services.nextcloud.settings.trusted_domains | Trusted domains, from which the nextcloud installation will be
accessible
|
| services.nextcloud.settings.trusted_proxies | Trusted proxies, to provide if the nextcloud installation is being
proxied to secure against e.g. spoofing.
|
| services.kea.ctrl-agent.configFile | Kea Control Agent configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/agent.html
|
| services.veilid.settings.core.network.routing_table.bootstrap | Host name of existing well-known Veilid bootstrap servers for the network to connect to.
|
| services.grafana.provision.alerting.templates.settings.templates.*.name | Name of the template, must be unique
|
| services.nitter.preferences.replaceTwitter | Replace Twitter links with links to this instance (blank to disable).
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints | List of receivers that should be deleted.
|
| services.mediagoblin.settings.mediagoblin.sql_engine | Database to use.
|
| services.simplesamlphp.<name>.phpfpmPool | The PHP-FPM pool that serves SimpleSAMLphp instance.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".database | Name of the database
|
| services.nextcloud-spreed-signaling.settings.sessions.blockkeyFile | The path to the file containing the value for sessions.blockkey
|
| services.maubot.settings.plugin_databases.sqlite | The directory where SQLite plugin databases should be stored.
|
| services.swapspace.settings.lower_freelimit | Lower free-space threshold: if the percentage of free space drops below this number, additional swapspace is allocated
|
| services.firezone.server.settingsSecret.RELEASE_COOKIE | A file containing a unique secret identifier for the Erlang
cluster
|
| virtualisation.xen.store.settings.pidFile | Path to the Xen Store Daemon PID file.
|
| services.system76-scheduler.settings.processScheduler.useExecsnoop | Use execsnoop (otherwise poll the precess list periodically).
|
| services.glitchtip.settings.ENABLE_ORGANIZATION_CREATION | When false, only superusers will be able to create new organizations after the first
|
| services.nextcloud-spreed-signaling.settings.stats.allowed_ips | List of IP addresses that are allowed to access the debug, stats and metrics endpoints
|
| services.adguardhome.settings.schema_version | Schema version for the configuration
|
| services.headscale.settings.oidc.allowed_domains | Allowed principal domains. if an authenticated user's domain
is not in this list authentication request will be rejected.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".username | User used to connect to the database
|
| services.postfix.settings.main.mynetworks_style | The method used for generating the default value for mynetworks, if that option is unset.
https://www.postfix.org/postconf.5.html#mynetworks_style
|
| services.swapspace.settings.upper_freelimit | Upper free-space threshold: if the percentage of free space exceeds this number, swapspace will attempt to free up swapspace
|
| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| services.biboumi.settings.policy_directory | A directory that should contain the policy files,
used to customize Botan’s behaviour
when negotiating the TLS connections with the IRC servers.
|
| services.quickwit.settings.grpc_listen_port | The port to listen on for gRPC traffic.
|
| services.tuned.settings.recommend_command | Whether to enable recommend functionality.
|
| services.matrix-conduit.settings.global.trusted_servers | Servers trusted with signing server keys.
|
| services.grafana.settings.users.auto_assign_org | Set to true to automatically add new users to the main organization (id 1)
|
| services.grafana.settings.users.allow_org_create | Set to false to prohibit users from creating new organizations.
|
| services.snapserver.settings.tcp.bind_to_address | Address to listen on for snapclient connections.
|
| services.pixelfed.secretFile | A secret file to be sourced for the .env settings
|
| services.public-inbox.settings.publicinboxmda.spamcheck | If set to spamc, public-inbox-watch(1) will filter spam
using SpamAssassin.
|
| services.prometheus.exporters.pihole.timeout | Controls the timeout to connect to a Pi-Hole instance
|
| services.misskey.meilisearch.createLocally | Create and use a local Meilisearch instance
|
| services.minidlna.settings.notify_interval | The interval between announces (in seconds)
|
| services.minidlna.settings.enable_subtitles | Enable subtitle support on unknown clients.
|
| services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints.*.uid | Unique identifier for the receiver
|
| services.grafana.provision.dashboards.settings.providers.*.options.path | Path grafana will watch for dashboards
|
| services.mbpfan.settings.general.polling_interval | The polling interval.
|
| services.grafana.settings.database.client_key_path | The path to the client key
|
| services.grafana.settings.security.admin_password | Default admin password
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints.*.orgId | Organization ID, default = 1.
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates | List of alert rule UIDs that should be deleted.
|
| services.firezone.server.settingsSecret.LIVE_VIEW_SIGNING_SALT | A file containing a unique base64 encoded secret for the
LIVE_VIEW_SIGNING_SALT
|
| services.plausible.database.clickhouse.setup | Whether to enable creating a clickhouse instance.
|
| services.libretranslate.domain | The domain serving your LibreTranslate instance
|
| services.mpdscribble.passwordFile | File containing the password for the mpd daemon
|