| services.sourcehut.settings."paste.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.sourcehut.settings."lists.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.sourcehut.settings."sr.ht".environment | Values other than "production" adds a banner to each page.
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.grafana.provision.datasources.settings.prune | When true, provisioned datasources from this file will be deleted
automatically when removed from
services.grafana.provision.datasources.settings.datasources.
|
| services.icingaweb2.resources | resources.ini contents
|
| services.filebeat.modules | Filebeat modules provide a quick way to get started
processing common log formats
|
| virtualisation.xen.dom0Resources.maxVCPUs | Amount of virtual CPU cores allocated to Domain 0 on boot
|
| services.sourcehut.settings."builds.sr.ht".connection-string | SQLAlchemy connection string for the database.
|
| services.sourcehut.settings."hg.sr.ht".changegroup-script | A changegroup script which is installed in every mercurial repo
|
| services.traefik.dynamic.dir | Path to the directory Traefik should watch for configuration files.
Files in this directory matching the glob _nixos-* (reserved for Nix-managed dynamic configurations) will be deleted as part of
systemd-tmpfiles-resetup.service, regardless of their origin..
|
| services.grafana.provision.datasources.settings | Grafana datasource configuration in Nix
|
| services.sourcehut.settings."lists.sr.ht::worker".reject-mimetypes | Comma-delimited list of Content-Types to reject
|
| services.limesurvey.nginx.virtualHost.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.nncp.daemon.socketActivation.listenStreams | TCP sockets to bind to
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| services.hadoop.yarn.resourcemanager.extraEnv | Extra environment variables
|
| services.hadoop.yarn.resourcemanager.enable | Whether to enable Hadoop YARN ResourceManager.
|
| virtualisation.xen.dom0Resources.memory | Amount of memory (in MiB) allocated to Domain 0 on boot
|
| services.firezone.server.provision.accounts.<name>.resources | All resources to provision
|
| virtualisation.xen.dom0Resources.maxMemory | Maximum amount of memory (in MiB) that Domain 0 can
dynamically allocate to itself
|
| services.matrix-synapse.settings.listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.grafana.provision.datasources.settings.apiVersion | Config file version.
|
| services.misskey.reverseProxy.webserver.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.parsedmarc.provision.grafana.datasource | Whether the automatically provisioned Elasticsearch
instance should be added as a grafana datasource
|
| services.hadoop.yarn.resourcemanager.extraFlags | Extra command line flags to pass to the service
|
| services.prometheus.exporters.pve.collectors.resources | Collect PVE resources info
|
| services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| boot.kernel.sysctl | Runtime parameters of the Linux kernel, as set by
sysctl(8)
|
| services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.name | The name of this resource
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.type | The resource type
|
| services.hadoop.yarn.nodemanager.resource.maximumAllocationMB | The maximum physical memory any container can be allocated.
|
| services.matrix-synapse.settings.listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.syncthing.overrideFolders | Whether to delete the folders which are not configured via the
folders option
|
| services.monado.defaultRuntime | Whether to enable Monado as the default OpenXR runtime on the system
|
| services.wivrn.defaultRuntime | Whether to enable WiVRn as the default OpenXR runtime on the system
|
| services.hadoop.yarn.nodemanager.resource.maximumAllocationVCores | The maximum virtual CPU cores any container can be allocated.
|
| services.hadoop.yarn.resourcemanager.openFirewall | Open firewall ports for resourcemanager
|
| services.postsrsd.settings.chroot-dir | Path to chroot into at runtime as an additional layer of protection.
We confine the runtime environment through systemd hardening instead, so this option is read-only.
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.galene.keyFile | Path to the server's private key
|
| services.scx.extraArgs | Parameters passed to the chosen scheduler at runtime.
Run chosen-scx-scheduler --help to see the available options
|
| services.sourcehut.settings."meta.sr.ht::settings".registration | Whether to enable public registration.
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| services.node-red.withNpmAndGcc | Give Node-RED access to NPM and GCC at runtime, so 'Nodes' can be
downloaded and managed imperatively via the 'Palette Manager'.
|
| services.sourcehut.settings."meta.sr.ht::settings".onboarding-redirect | Where to redirect new users upon registration.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters | A list of filter to restrict traffic
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| services.galene.certFile | Path to the server's certificate
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| services.traefik.dynamic.files | Dynamic configuration files to write
|
| services.outline.azureAuthentication.resourceAppId | Authentication application resource ID.
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.hadoop.yarn.resourcemanager.restartIfChanged | Automatically restart the service on config change
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| services.matrix-synapse.settings.listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from | The start of the port range, inclusive.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups | A list of gateway groups (sites) which can reach the resource and may be used to connect to it.
|
| virtualisation.rosetta.mountTag | The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.icingaweb2.modules.monitoring.backends.<name>.resource | Name of the IDO resource
|
| hardware.amdgpu.opencl.enable | Whether to enable OpenCL support using ROCM runtime library.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| services.wiki-js.settings.logLevel | Define how much detail is supposed to be logged at runtime.
|
| services.linyaps.enable | Whether to enable linyaps, a cross-distribution package manager with sandboxed apps and shared runtime.
|
| services.borgmatic.settings.source_directories | List of source directories and files to backup
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.bird.preCheckConfig | Commands to execute before the config file check
|
| services.athens.goBinary | The Go package used by Athens at runtime
|
| services.couchdb.configFile | Configuration file for persisting runtime changes
|
| services.maddy.tls.loader | TLS certificates are obtained by modules called "certificate
loaders"
|
| services.szurubooru.server.settings.delete_source_files | Whether to delete thumbnails and source files on post delete.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.addressDescription | An optional description for resource address, usually a full link to the resource including a schema.
|
| services.forgejo.customDir | Base directory for custom templates and other options
|
| services.lighttpd.cgit.configText | Verbatim contents of the cgit runtime configuration file
|
| services.zitadel.settings | Contents of the runtime configuration file
|
| services.unifi.maximumJavaHeapSize | Set the maximum heap size for the JVM in MB
|
| services.unifi.initialJavaHeapSize | Set the initial heap size for the JVM in MB
|
| system.nixos.label | NixOS version name to be used in the names of generated
outputs and boot labels
|
| hardware.amdgpu.amdvlk.settings | Runtime settings for AMDVLK to be configured /etc/amd/amdVulkanSettings.cfg
|
| services.wivrn.config.json | Configuration for WiVRn
|
| services.prometheus.rules | Alerting and/or Recording rules to evaluate at runtime.
|
| services.rkvm.server.settings.switch-keys | A key list specifying a host switch combination.
A list of key names is available in https://github.com/htrefil/rkvm/blob/master/switch-keys.md.
|
| services.riemann.configFiles | Extra files containing Riemann configuration
|
| services.jupyter.extraPackages | Extra packages to be available in the jupyter runtime environment
|
| services.firezone.server.provision.accounts.<name>.features.internet_resource | Whether to enable the internet_resource feature for this account.
|
| services.flannel.storageBackend | Determines where flannel stores its configuration at runtime
|
| hardware.alsa.defaultDevice.capture | The default capture device (i.e. microphone)
|
| services.apcupsd.configText | Contents of the runtime configuration file, apcupsd.conf
|
| services.netdata.python.extraPackages | Extra python packages available at runtime
to enable additional python plugins.
|
| services.deluge.extraPackages | Extra packages available at runtime to enable Deluge's plugins
|
| services.prometheus.scrapeConfigs.*.relabel_configs.*.source_labels | The source labels select values from existing labels
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| services.activemq.extraJavaOptions | Add extra options here that you want to be sent to the
Java runtime when the broker service is started.
|