| security.agnos.settings.accounts.*.certificates | Certificates for agnos to issue or renew.
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_admin | Enable the built-in web admin for this interface binding.
|
| services.nipap.settings.auth.auth_cache_timeout | Seconds to store cached auth entries for.
|
| hardware.tuxedo-drivers.settings.charging-profile | The maximum charge level to help reduce battery wear:
high_capacity charges to 100% (driver default)balanced charges to 90%stationary charges to 80% (maximum lifespan)
Note: Regardless of the configured charging profile, the operating system will always report the battery as being charged to 100%.
|
| services.nvme-rs.settings.email.smtp_password_file | File containing SMTP password
|
| services.matrix-conduit.settings.global.allow_encryption | Whether new encrypted rooms can be created
|
| services.matrix-tuwunel.settings.global.allow_encryption | Whether new encrypted rooms can be created
|
| services.omnom.settings.smtp.tls_allow_insecure | Whether to enable Whether to allow insecure TLS..
|
| services.grafana.provision.datasources.settings.datasources.*.access | Access mode. proxy or direct (Server or Browser in the UI)
|
| services.jibri.xmppEnvironments.<name>.control.login.domain | The domain part of the JID for this Jibri instance.
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.orgId | Organization ID of the datasource to delete.
|
| services.librenms.useDistributedPollers | Enables distributed pollers
for this LibreNMS instance
|
| services.headscale.settings.derp.server.private_key_path | Path to derp private key file, generated automatically if it does not exist.
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.name | Name of the datasource to delete.
|
| hardware.tuxedo-drivers.settings.charging-priority | These options manage the trade-off between battery charging and CPU performance when the USB-C power supply cannot provide sufficient power for both simultaneously:
charge_battery prioritizes battery charging (driver default)performance prioritizes maximum CPU performance
|
| services.maubot.settings.plugin_directories | Plugin directory paths
|
| services.searx.limiterSettings | Limiter settings for SearXNG.
|
| services.maubot.configMutable | Whether maubot should write updated config into extraConfigFile. This will make your Nix module settings have no effect besides the initial config, as extraConfigFile takes precedence over NixOS settings!
|
| services.matrix-continuwuity.settings.global.database_path | Path to the continuwuity database, the directory where continuwuity will save its data
|
| services.grafana.settings.security.cookie_samesite | Sets the SameSite cookie attribute and prevents the browser from sending this cookie along with cross-site requests
|
| services.swapspace.settings.buffer_elasticity | Percentage of buffer space considered to be "free"
|
| services.undervolt.useTimer | Whether to set a timer that applies the undervolt settings every 30s
|
| services.headscale.settings.database.sqlite.write_ahead_log | Enable WAL mode for SQLite
|
| services.prometheus.exporters.ecoflow.prefix | The prefix that will be added to all metrics
|
| services.mpd.settings.playlist_directory | The directory where MPD stores playlists
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| services.maubot.settings.plugin_directories.load | The directories from which plugins should be loaded
|
| services.nezha-agent.settings.disable_send_query | Disable sending TCP/ICMP/HTTP requests.
|
| services.public-inbox.settings.publicinboxwatch.watchspam | If set, mail in this maildir will be trained as spam and
deleted from all watched inboxes
|
| services.jibri.xmppEnvironments.<name>.control.muc.nickname | The nickname for this Jibri instance in the MUC.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.matchers | Process matchers.
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.tags | Tags to add to ntfy.sh messages
|
| services.public-inbox.settings.publicinboxwatch.spamcheck | If set to spamc, public-inbox-watch(1) will filter spam
using SpamAssassin.
|
| services.grafana.provision.datasources.settings.datasources.*.editable | Allow users to edit datasources from the UI.
|
| services.postfix.settings.main.message_size_limit | Maximum size of an email message in bytes.
https://www.postfix.org/postconf.5.html#message_size_limit
|
| virtualisation.xen.store.settings.quota.maxWatchEvents | Maximum number of outstanding watch events per watch.
|
| services.nextcloud.settings.mail_from_address | FROM address that overrides the built-in sharing-noreply and lostpassword-noreply FROM addresses
|
| services.matrix-tuwunel.settings.global.unix_socket_path | Listen on a UNIX socket at the specified path
|
| users.mysql.nss | Settings for libnss-mysql
|
| services.maubot.settings.plugin_directories.upload | The directory where uploaded new plugins should be stored.
|
| documentation.man.mandoc.settings.output.width | The ASCII and UTF-8 output width, default is 78
|
| services.prometheus.exporters.fritz.settings.devices.*.password_file | Path to a file which contains the password to authenticate with the target device
|
| services.snapserver.settings.tcp-streaming.bind_to_address | Address to listen on for snapclient connections.
|
| services.mediagoblin.settings.mediagoblin.email_debug_mode | Disable email debug mode to start sending outgoing mails
|
| services.snipe-it.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.maubot.settings.plugin_directories.trash | The directory where old plugin versions and conflicting plugins should be moved
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.enable | Boost foreground process priorities.
(And de-boost background ones)
|
| services.matrix-tuwunel.settings.global.unix_socket_perms | The default permissions (in octal) to create the UNIX socket with.
|
| services.grafana.settings.security.x_xss_protection | Set to true to enable the X-XSS-Protection header,
which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Note: this is the default in Grafana, it's turned off here
since it's recommended to not use this header anymore.
|
| services.parsedmarc.provision.grafana.dashboard | Whether the official parsedmarc grafana dashboard should
be provisioned to the local grafana instance.
|
| services.etebase-server.settings.allowed_hosts.allowed_host1 | The main host that is allowed access.
|
| services.nextcloud.settings.skeletondirectory | The directory where the skeleton files are located
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.tags.*.tag | The tag to add
|
| virtualisation.containerd.settings | Verbatim lines to add to containerd.toml
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.nvme-rs.settings.check_interval_secs | Check interval in seconds
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".socket_dir | Path to the postgres socket directory
|
| virtualisation.xen.store.settings.quota.maxRequests | Maximum number of requests per transaction.
|
| networking.wireless.interfaces | The interfaces wpa_supplicant will use
|
| services.firezone.server.settingsSecret.COOKIE_ENCRYPTION_SALT | A file containing a unique base64 encoded secret for the
COOKIE_ENCRYPTION_SALT
|
| services.warpgate.settings.ssh.inactivity_timeout | How long can user be inactive until Warpgate terminates the connection.
|
| documentation.man.mandoc.settings.output.man | A template for linked manuals (usually via the Xr macro) in HTML
output
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_client | Enable the built-in web client for this interface binding.
|
| services.victoriatraces.basicAuthUsername | Basic Auth username used to protect VictoriaTraces instance by authorization
|
| services.system76-scheduler.settings.cfsProfiles.responsive.wakeup-granularity | sched_wakeup_granularity_ns.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.warpgate.settings.ssh.keepalive_interval | If nothing is received from the client for this amount of time, server will send a keepalive message.
|
| services.nextcloud.settings.mail_sendmailmode | For smtp, the sendmail binary is started with the parameter -bs: Use the SMTP protocol on standard input and output
|
| services.dendrite.settings.mscs.database.connection_string | Database for exerimental MSC's.
|
| services.stash.settings.preview_exclude_end | Duration of start of video to exclude when generating previews
|
| services.stash.settings.gallery_cover_regex | Regex used to identify images as gallery covers
|
| services.searx.faviconsSettings | Favicons settings for SearXNG.
|
| documentation.man.mandoc.settings.manpath | Override the default search path for man(1),
apropos(1), and makewhatis(8)
|
| virtualisation.xen.store.settings.xenstored.log.file | Path to the Xen Store log file.
|
| security.apparmor.enable | Whether to enable the AppArmor Mandatory Access Control system
|
| services.listmonk.database.settings."privacy.domain_blocklist" | E-mail addresses with these domains are disallowed from subscribing.
|
| services.livekit.ingress.settings.rtc_config.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| services.libeufin.bank.settings.libeufin-bank.SUGGESTED_WITHDRAWAL_EXCHANGE | Exchange that is suggested to wallets when withdrawing
|
| services.grafana.settings.database.conn_max_lifetime | Sets the maximum amount of time a connection may be reused
|
| services.nextcloud.settings.overwriteprotocol | Force Nextcloud to always use HTTP or HTTPS i.e. for link generation
|
| services.grafana.settings.users.auto_assign_org_id | Set this value to automatically add new users to the provided org
|
| services.mollysocket.settings.allowed_endpoints | List of UnifiedPush servers
|
| virtualisation.xen.store.settings.xenstored.log.level | Logging level for the Xen Store.
|
| services.grafana.provision.datasources.settings.datasources.*.secureJsonData | Datasource specific secure configuration
|
| services.xray.enable | Whether to run xray server
|
| services.stash.settings.sequential_scanning | Modifies behaviour of the scanning functionality to generate support files (previews/sprites/phash) at the same time as fingerprinting/screenshotting
|
| virtualisation.xen.store.settings.ringScanInterval | Perodic scanning for all the rings as a safenet for lazy clients
|
| virtualisation.xen.store.settings.persistent | Whether to activate the filed base backend.
|
| documentation.man.mandoc.settings.output.includes | A string of relative path used as a template for the output path of
linked header files (usually via the In macro) in HTML output
|
| services.matrix-synapse.settings.turn_shared_secret | The shared secret used to compute passwords for the TURN server
|
| virtualisation.docker.daemon.settings.live-restore | Allow dockerd to be restarted without affecting running container
|
| security.agnos.settings.accounts.*.certificates.*.domains | Domains the certificate represents
|
| services.headscale.settings.oidc.strip_email_domain | Whether the domain part of the email address should be removed when generating namespaces.
|
| services.livekit.ingress.settings.rtc_config.port_range_start | Start of UDP port range for WebRTC
|
| services.victoriatraces.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization
|
| documentation.man.mandoc.settings.output.indent | Number of blank characters at the left margin for normal text,
default of 5 for mdoc(7) and 7 for
man(7)
|
| services.monica.nginx | With this option, you can customize the nginx virtualHost settings.
|