| services.kmscon.useXkbConfig | Whether to configure keymap from xserver keyboard settings.
|
| services.matrix-continuwuity.settings.global.unix_socket_path | Listen on a UNIX socket at the specified path
|
| services.invidious.extraSettingsFile | A file including Invidious settings
|
| services.nezha-agent.settings.use_ipv6_country_code | Use ipv6 countrycode to report location.
|
| security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| services.litellm.settings.environment_variables | Environment variables to pass to the Lite
|
| services.pipewire.wireplumber.extraConfig | Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
supported way to run WirePlumber configured via extraConfig)
|
| services.xonotic.settings.sv_termsofservice_url | URL for the Terms of Service for playing on your server.
|
| services.jellyfin.forceEncodingConfig | Whether to overwrite Jellyfin's encoding.xml configuration file on each service start
|
| services.grafana.settings.security.csrf_trusted_origins | List of additional allowed URLs to pass by the CSRF check
|
| services.scrutiny.settings.web.influxdb.tls.insecure_skip_verify | Whether to enable skipping TLS verification when connecting to InfluxDB.
|
| virtualisation.containers.containersConf.settings | containers.conf configuration
|
| services.nsd.zones | Define your zones here
|
| services.dependency-track.database.type | h2 database is not recommended for a production setup.
postgresql this settings it recommended for production setups.
manual the module doesn't handle database settings.
|
| services.jitsi-meet.config | Client-side web application settings that override the defaults in config.js
|
| services.doh-server.settings.log_guessed_client_ip | Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP
Note: http uri/useragent log cannot be controlled by this config
|
| services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| services.fediwall.nginx | Allows customizing the nginx virtualHost settings
|
| services.nextcloud.settings.default_phone_region | An ISO 3166-1
country code which replaces automatic phone-number detection
without a country code
|
| services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|
| services.warpgate.settings.ssh.host_key_verification | Specify host key verification action when connecting to a SSH target with unknown/differing host key.
|
| console.useXkbConfig | If set, configure the virtual console keymap from the xserver
keyboard settings.
|
| services.tt-rss.auth.autoLogin | Automatically login user on remote or other kind of externally supplied
authentication, otherwise redirect to login form as normal
|
| virtualisation.xen.store.settings.conflict.maxHistorySeconds | Limits applied to domains whose writes cause other domains' transaction
commits to fail
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.templates.description | The ntfy.sh message description template.
|
| services.peertube.settings.video_transcription.engine_path | Custom engine path for local transcription.
|
| services.agorakit.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.librenms.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.stash.settings.write_image_thumbnails | Write image thumbnails to disk when generating on the fly
|
| services.nextcloud-spreed-signaling.settings.backend.connectionsperhost | Maximum number of concurrent backend connections per host
|
| services.slskd.settings.remote_file_management | Whether to enable modification of share contents through the web ui.
|
| programs.openvpn3.netcfg.settings.systemd_resolved | Whether to use systemd-resolved integration
|
| services.artalk.allowModify | allow Artalk store the settings to config file persistently
|
| services.matrix-continuwuity.settings.global.allow_registration | Whether new users can register on this server
|
| services.biboumi.settings.persistent_by_default | Whether all rooms will be persistent by default:
the value of the “persistent” option in the global configuration of each
user will be “true”, but the value of each individual room will still
default to false
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.region | The AWS Region
|
| services.pgbouncer.settings.pgbouncer.max_db_connections | Do not allow more than this many server connections per database (regardless of user)
|
| services.jupyter.user | Name of the user used to run the jupyter service
|
| virtualisation.docker.rootless.setSocketVariable | Point DOCKER_HOST to rootless Docker instance for
normal users by default.
|
| services.matrix-synapse.settings.trusted_key_servers.*.server_name | Hostname of the trusted server.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Web.Endpoint".has_reverse_proxy | Whether you use a reverse proxy
|
| services.maubot.settings.server.override_resource_path | Override path from where to load UI resources.
|
| services.bluemap.maps | Settings for files in maps/
|
| services.mediagoblin.settings.mediagoblin.allow_registration | Whether to enable user self registration
|
| services.tuned.ppdSettings | Settings for TuneD's power-profiles-daemon compatibility service.
|
| services.rmfakecloud.extraSettings | Extra settings in the form of a set of key-value pairs
|
| security.auditd.settings.admin_space_left | This is a numeric value in mebibytes (MiB) that tells the audit daemon when to perform a configurable action because the system is running
low on disk space
|
| services.biboumi.settings.realname_customization | Whether the users will be able to use
the ad-hoc commands that lets them configure
their realname and username.
|
| programs.openvpn3.log-service.settings.log_dbus_details | Add D-Bus details in log file/syslog
|
| services.doh-server.configFile | The config file for the doh-server
|
| services.dendrite.settings.federation_api.database.connection_string | Database for the Federation API.
|
| networking.usePredictableInterfaceNames | Whether to assign predictable names to network interfaces
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters | Filters can be used optionally to filter the instance list by other criteria.
|
| services.veilid.settings.core.network.detect_address_changes | Should veilid-core detect and notify on network address changes?
|
| services.movim.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.opendkim.keyPath | The path that opendkim should put its generated private keys into
|
| services.crab-hole.configFile | The config file of crab-hole
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| programs.rush.global | The global statement defines global settings.
|
| services.prometheus.scrapeConfigs.*.gce_sd_configs.*.filter | Filter can be used optionally to filter the instance list by other
criteria Syntax of this filter string is described here in the filter
query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list.
|
| services.anuko-time-tracker.nginx | With this option, you can customize the Nginx virtualHost settings.
|
| services.sabnzbd.configFile | Path to config file (deprecated, use settings instead and set this value to null)
|
| services.sourcehut.settings."hg.sr.ht".clone_bundle_threshold | .hg/store size (in MB) past which the nightly job generates clone bundles.
|
| services.coturn.realm | The default realm to be used for the users when no explicit
origin/realm relationship was found in the database, or if the TURN
server is not using any database (just the commands-line settings
and the userdb file)
|
| services.deepin.dde-daemon.enable | Whether to enable daemon for handling the deepin session settings.
|
| virtualisation.tpm.provisioning | Script to provision the TPM before control is handed off to the VM.
TPM2TOOLS_TCTI will be provided to configure tpm2-tools to use the
swtpm instance transparently.
TCTI is also provided as a generic value, consumer is expected to
re-export it however it may need (TPM2OPENSSL_TCTI, TPM2_PKCS11_TCTI,
...).
|
| services.nextcloud.settings.mail_smtpstreamoptions | This depends on mail_smtpmode
|
| services.newt.blueprint | Blueprint for declarative settings, see Newt Blueprint docs for more information.
|
| services.nezha-agent.settings.disable_command_execute | Disable executing the command from dashboard.
|
| services.headscale.settings.tls_letsencrypt_listen | When HTTP-01 challenge is chosen, letsencrypt must set up a
verification endpoint, and it will be listening on:
:http = port 80.
|
| services.dendrite.settings.app_service_api.database.connection_string | Database for the Appservice API.
|
| services.dendrite.settings.user_api.device_database.connection_string | Database for the User API, devices.
|
| services.dendrite.settings.client_api.registration_disabled | Whether to disable user registration to the server
without the shared secret.
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.bookstack.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.timekpr.adminUsers | All listed users will become part of the timekpr group so they can manage timekpr settings without requiring sudo.
|
| services.longview.apiKey | Longview API key
|
| services.grafana.settings.analytics.feedback_links_enabled | Set to false to remove all feedback links from the UI.
|
| services.geoclue2.appConfig | Specify extra settings per application.
|
| security.agnos.settings.accounts.*.private_key_path | Path of the PEM-encoded private key for this account
|
| services.grav.systemSettings | Settings written to user/config/system.yaml.
|
| services.postfix.settings.main.smtp_tls_security_level | The client TLS security level.
Use dane with a local DNSSEC validating DNS resolver enabled.
https://www.postfix.org/postconf.5.html#smtp_tls_security_level
|
| services.akkoma.config | Configuration for Akkoma
|
| services.dolibarr.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.xandikos.nginx.enable | Configure the nginx reverse proxy settings.
|
| services.mediagoblin.settings.mediagoblin.email_sender_address | Email address which notices are sent from.
|
| services.longview.apiKeyFile | A file containing the Longview API key
|
| services.grafana.settings.security.x_content_type_options | Set to false to disable the X-Content-Type-Options response header
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.prometheus.scrapeConfigs.*.honor_labels | Controls how Prometheus handles conflicts between labels
that are already present in scraped data and labels that
Prometheus would attach server-side ("job" and "instance"
labels, manually configured target labels, and labels
generated by service discovery implementations)
|
| services.dendrite.settings.user_api.account_database.connection_string | Database for the User API, accounts.
|
| services.stash.settings.preview_segment_duration | Preview segment duration, in seconds
|
| services.factorio.saveName | The name of the savegame that will be used by the server
|
| services.bonsaid.configFile | Path to a .json file specifying the state transitions
|
| services.pgbouncer.settings.pgbouncer.max_user_connections | Do not allow more than this many server connections per user (regardless of database)
|
| services.mailman.webSettings | Overrides for the default mailman-web Django settings.
|
| services.graphite.web.extraConfig | Graphite webapp settings
|
| virtualisation.xen.store.settings.conflict.rateLimitIsAggregate | If the conflict.rateLimitIsAggregate option is true, then after each
tick one point of conflict-credit is given to just one domain: the
one at the front of the queue
|
| services.chhoto-url.settings.custom_landing_directory | The path of a directory which contains a custom landing page.
|
| services.neo4j.extraServerConfig | Extra configuration for Neo4j Community server
|