| services.nezha-agent.settings.skip_connection_count | Do not monitor the number of connections.
|
| services.veilid.settings.core.network.detect_address_changes | Should veilid-core detect and notify on network address changes?
|
| services.nezha-agent.settings.use_ipv6_country_code | Use ipv6 countrycode to report location.
|
| services.dendrite.settings.federation_api.database.connection_string | Database for the Federation API.
|
| services.litellm.settings.environment_variables | Environment variables to pass to the Lite
|
| services.xonotic.settings.sv_termsofservice_url | URL for the Terms of Service for playing on your server.
|
| services.kea.ctrl-agent.configFile | Kea Control Agent configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/agent.html
|
| services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| services.nextcloud.settings.default_phone_region | An ISO 3166-1
country code which replaces automatic phone-number detection
without a country code
|
| services.doh-server.settings.log_guessed_client_ip | Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP
Note: http uri/useragent log cannot be controlled by this config
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Web.Endpoint".has_reverse_proxy | Whether you use a reverse proxy
|
| services.mediagoblin.settings.mediagoblin.allow_registration | Whether to enable user self registration
|
| services.maubot.settings.server.override_resource_path | Override path from where to load UI resources.
|
| services.dendrite.settings.app_service_api.database.connection_string | Database for the Appservice API.
|
| services.dendrite.settings.user_api.device_database.connection_string | Database for the User API, devices.
|
| services.biboumi.settings.persistent_by_default | Whether all rooms will be persistent by default:
the value of the “persistent” option in the global configuration of each
user will be “true”, but the value of each individual room will still
default to false
|
| services.factorio.mods-dat | Mods settings can be changed by specifying a dat file, in the mod
settings file
format.
|
| services.stash.settings.write_image_thumbnails | Write image thumbnails to disk when generating on the fly
|
| services.slskd.settings.remote_file_management | Whether to enable modification of share contents through the web ui.
|
| services.sourcehut.settings."hg.sr.ht".clone_bundle_threshold | .hg/store size (in MB) past which the nightly job generates clone bundles.
|
| nix.checkAllErrors | If enabled, checks the nix.conf parsing for any kind of error
|
| services.matrix-synapse.settings.trusted_key_servers.*.server_name | Hostname of the trusted server.
|
| services.dendrite.settings.user_api.account_database.connection_string | Database for the User API, accounts.
|
| services.dendrite.settings.client_api.registration_disabled | Whether to disable user registration to the server
without the shared secret.
|
| services.biboumi.settings.realname_customization | Whether the users will be able to use
the ad-hoc commands that lets them configure
their realname and username.
|
| services.pgbouncer.settings.pgbouncer.max_user_connections | Do not allow more than this many server connections per user (regardless of database)
|
| services.postfix.settings.main.smtp_tls_security_level | The client TLS security level.
Use dane with a local DNSSEC validating DNS resolver enabled.
https://www.postfix.org/postconf.5.html#smtp_tls_security_level
|
| services.grafana.settings.analytics.feedback_links_enabled | Set to false to remove all feedback links from the UI.
|
| services.grafana.settings.security.x_content_type_options | Set to false to disable the X-Content-Type-Options response header
|
| services.kanidm.unix.settings.kanidm.pam_allowed_login_groups | Kanidm groups that are allowed to login using PAM.
|
| services.mediagoblin.settings.mediagoblin.email_sender_address | Email address which notices are sent from.
|
| services.nextcloud.settings.mail_smtpstreamoptions | This depends on mail_smtpmode
|
| services.headscale.settings.tls_letsencrypt_listen | When HTTP-01 challenge is chosen, letsencrypt must set up a
verification endpoint, and it will be listening on:
:http = port 80.
|
| services.openldap.configDir | Use this config directory instead of generating one from the
settings option
|
| services.nezha-agent.settings.disable_command_execute | Disable executing the command from dashboard.
|
| services.grafana.settings.security.csrf_additional_headers | List of allowed headers to be set by the user
|
| services.matrix-conduit.settings.global.allow_check_for_updates | Whether to allow Conduit to automatically contact
https://conduit.rs hourly to check for important Conduit news
|
| services.grafana.settings.security.content_security_policy | Set to true to add the Content-Security-Policy header to your requests
|
| services.postfix.settings.main.smtpd_tls_security_level | The server TLS security level
|
| services.pixelfed.secretFile | A secret file to be sourced for the .env settings
|
| services.radicale.config | Radicale configuration, this will set the service
configuration file
|
| services.snipe-it.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.stash.settings.preview_segment_duration | Preview segment duration, in seconds
|
| services.ergochat.configFile | Path to configuration file
|
| services.hickory-dns.configFile | Path to an existing toml file to configure hickory-dns with
|
| services.doh-server.settings.ecs_allow_non_global_ip | By default, non global IP addresses are never forwarded to upstream servers
|
| services.chhoto-url.settings.custom_landing_directory | The path of a directory which contains a custom landing page.
|
| services.chhoto-url.settings.public_mode_expiry_delay | The maximum expiry delay in seconds to force in public mode.
|
| services.xray.enable | Whether to run xray server
|
| services.wordpress.sites.<name>.extraConfig | Any additional text to be appended to the wp-config.php
configuration file
|
| services.filesender.settings.storage_filesystem_path | When using storage type filesystem this is the absolute path to the file system where uploaded files are stored until they expire
|
| services.buffyboard.settings.quirks.ignore_unused_terminals | If true, buffyboard won't automatically update the layout of a new terminal and
draw the keyboard, if the terminal is not opened by any process
|
| services.tt-rss.auth.autoLogin | Automatically login user on remote or other kind of externally supplied
authentication, otherwise redirect to login form as normal
|
| services.monica.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.warpgate.settings.http.trust_x_forwarded_headers | Trust X-Forwarded-* headers
|
| services.maubot.configMutable | Whether maubot should write updated config into extraConfigFile. This will make your Nix module settings have no effect besides the initial config, as extraConfigFile takes precedence over NixOS settings!
|
| services.matrix-synapse.settings.app_service_config_files | A list of application service config file to use
|
| services.discourse.siteSettings | Discourse site settings
|
| security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| services.headscale.settings.tls_letsencrypt_hostname | Domain name to request a TLS certificate for.
|
| services.tuned.settings.default_instance_priority | Default instance (unit) priority.
|
| services.undervolt.useTimer | Whether to set a timer that applies the undervolt settings every 30s
|
| services.grafana.settings.analytics.check_for_plugin_updates | When set to false, disables checking for new versions of installed plugins from https://grafana.com
|
| services.nextcloud.settings.mail_send_plaintext_only | Email will be sent by default with an HTML and a plain text body
|
| services.searx.limiterSettings | Limiter settings for SearXNG.
|
| services.veilid.settings.core.protected_store.allow_insecure_fallback | If we can't use system-provided secure storage, should we proceed anyway?
|
| services.minio.configDir | The config directory, for the access keys and other settings.
|
| services.postgresql.settings.shared_preload_libraries | List of libraries to be preloaded.
|
| console.useXkbConfig | If set, configure the virtual console keymap from the xserver
keyboard settings.
|
| services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| services.h2o.hosts | The hosts config to be merged with the settings
|
| services.nsd.zones | Define your zones here
|
| services.movim.secretFile | The secret file to be sourced for the .env settings.
|
| hardware.cpu.amd.ryzen-smu.enable | Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors
|
| services.matrix-synapse.settings.url_preview_url_blacklist | Optional list of URL matches that the URL preview spider is
denied from accessing.
|
| services.searx.faviconsSettings | Favicons settings for SearXNG.
|
| services.cloud-init.config | raw cloud-init configuration
|
| services.pgbouncer.settings.pgbouncer.ignore_startup_parameters | By default, PgBouncer allows only parameters it can keep track of in startup packets:
client_encoding, datestyle, timezone and standard_conforming_strings
|
| services.gatus.configFile | Path to the Gatus configuration file
|
| services.dovecot2.pluginSettings | Plugin settings for dovecot in general, e.g. sieve, sieve_default, etc
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| services.matrix-continuwuity.settings.global.allow_announcements_check | If enabled, continuwuity will send a simple GET request periodically to
https://continuwuity.org/.well-known/continuwuity/announcements for any new announcements made.
|
| services.quorum.genesis | Blockchain genesis settings.
|
| services.stash.settings.video_file_naming_algorithm | Hash algorithm to use for generated file naming
|
| services.matrix-synapse.settings.registration_shared_secret | If set, allows registration by anyone who also has the shared
secret, even if registration is otherwise disabled
|
| services.kmscon.useXkbConfig | Whether to configure keymap from xserver keyboard settings.
|
| services.grafana.settings.database.locking_attempt_timeout_sec | For mysql, if the migrationLocking feature toggle is set,
specify the time (in seconds) to wait before failing to lock the database for the migrations.
|
| services.jitsi-meet.config | Client-side web application settings that override the defaults in config.js
|
| services.deepin.dde-daemon.enable | Whether to enable daemon for handling the deepin session settings.
|
| services.zitadel.extraSettingsPaths | A list of paths to extra settings files
|
| services.grafana.settings.security.data_source_proxy_whitelist | Define a whitelist of allowed IP addresses or domains, with ports,
to be used in data source URLs with the Grafana data source proxy
|
| services.wgautomesh.settings.upnp_forward_external_port | Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD.
|
| services.buffyboard.configFile | Path to an INI format configuration file to provide Buffyboard
|
| services.jupyter.user | Name of the user used to run the jupyter service
|
| services.cgit.<name>.repos | cgit repository settings, see cgitrc(5)
|
| services.hardware.lcd.server.usbGroup | The group to use for settings permissions
|
| services.bluemap.maps | Settings for files in maps/
|
| services.fediwall.nginx | Allows customizing the nginx virtualHost settings
|
| services.cgit.<name>.gitHttpBackend.enable | Whether to bypass cgit and use git-http-backend for HTTP clones
|
| services.cross-seed.useGenConfigDefaults | Whether to use the option defaults from the configuration generated by
cross-seed gen-config
|