| services.litellm.settings.general_settings | LiteLLM Server settings
|
| services.vdirsyncer.jobs.<name>.config.general | general configuration
|
| services.acme-dns.settings.general.nsname | Zone name server.
|
| services.acme-dns.settings.general.domain | Domain name to serve the requests off of.
|
| services.acme-dns.settings.general.listen | IP+port combination to bind and serve the DNS server on.
|
| services.acme-dns.settings.general.nsadmin | Zone admin email address for SOA.
|
| services.crowdsec.settings.general | Settings for the main CrowdSec configuration file
|
| services.acme-dns.settings.general.records | Predefined DNS records served in addition to the _acme-challenge TXT records.
|
| services.acme-dns.settings.general.protocol | Protocols to serve DNS responses on.
|
| services.youtrack.generalParameters | General configuration parameters and other JVM options
|
| services.mbpfan.settings.general.low_temp | If temperature is below this, fans will run at minimum speed.
|
| services.mbpfan.settings.general.max_temp | If temperature is above this, fans will run at maximum speed.
|
| services.mbpfan.settings.general.high_temp | If temperature is above this, fan speed will gradually increase.
|
| services.icingaweb2.generalConfig | config.ini contents
|
| services.parsedmarc.settings.general.save_forensic | Save forensic report data to Elasticsearch and/or Splunk.
|
| services.mbpfan.settings.general.polling_interval | The polling interval.
|
| services.parsedmarc.settings.general.save_aggregate | Save aggregate report data to Elasticsearch and/or Splunk.
|
| services.icingaweb2.modules.monitoring.generalConfig.mutable | Make config.ini of the monitoring module mutable (e.g. via the web interface).
|
| services.icingaweb2.modules.monitoring.generalConfig.protectedVars | List of string patterns for custom variables which should be excluded from user’s view.
|
| services.gpm.enable | Whether to enable GPM, the General Purpose Mouse daemon,
which enables mouse support in virtual consoles.
|
| services.nfs.settings | General configuration for NFS daemons and tools
|
| services.avahi.publish.enable | Whether to allow publishing in general.
|
| security.sudo.extraRules | Define specific rules to be in the sudoers file
|
| security.sudo-rs.extraRules | Define specific rules to be in the sudoers file
|
| services.gitea.settings.log.LEVEL | General log level.
|
| security.doas.extraRules | Define specific rules to be set in the
/etc/doas.conf file
|
| services.forgejo.settings.log.LEVEL | General log level.
|
| services.strongswan.setup | A set of options for the ‘config setup’ section of the
ipsec.conf file
|
| programs.television.enable | Whether to enable Blazingly fast general purpose fuzzy finder TUI.
|
| services.movim.podConfig.description | General description of the instance
|
| services.dovecot2.pluginSettings | Plugin settings for dovecot in general, e.g. sieve, sieve_default, etc
|
| services.jitsi-meet.prosody.lockdown | Whether to disable Prosody features not needed by Jitsi Meet
|
| environment.memoryAllocator.provider | The system-wide memory allocator
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| services.matrix-synapse.workers | Options for configuring workers
|
| hardware.block.scheduler | Assign block I/O scheduler by device name pattern
|
| services.pipewire.wireplumber.extraConfig | Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
supported way to run WirePlumber configured via extraConfig)
|
| services.bacula-sd.device.<name>.mediaType | The specified name-string names the type of media supported by this
device, for example, DLT7000
|
| services.movim.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.dolibarr.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.scx.extraArgs | Parameters passed to the chosen scheduler at runtime.
Run chosen-scx-scheduler --help to see the available options
|
| services.scx.enable | Whether to enable SCX service, a daemon to run schedulers from userspace.
This service requires a kernel with the Sched-ext feature
|
| services.bacula-fd.name | The client name that must be used by the Director when connecting
|
| boot.loader.grub.mirroredBoots.*.path | The path to the boot directory where GRUB will be written
|
| security.auditd.plugins.<name>.args | This allows you to pass arguments to the child program
|
| services.resilio.storagePath | Where BitTorrent Sync will store it's database files (containing
things like username info and licenses)
|
| services.fail2ban.daemonSettings | The contents of Fail2ban's main configuration file
|
| services.tt-rss.simpleUpdateMode | Enables fallback update mode where tt-rss tries to update feeds in
background while tt-rss is open in your browser
|
| system.extraDependencies | A list of paths that should be included in the system
closure but generally not visible to users
|
| hardware.alsa.enablePersistence | Whether to enable ALSA sound card state saving on shutdown
|
| services.mirakurun.openFirewall | Open ports in the firewall for Mirakurun.
Exposing Mirakurun to the open internet is generally advised
against
|
| services.epgstation.openFirewall | Open ports in the firewall for the EPGStation web interface.
Exposing EPGStation to the open internet is generally advised
against
|
| networking.resolvconf.package | The package that provides the system-wide resolvconf command
|
| networking.getaddrinfo.reload | Determines whether a process should detect changes to the configuration file since it was last read
|
| hardware.block.defaultSchedulerExclude | Device name pattern to exclude from default scheduler assignment
through config.hardware.block.defaultScheduler and
config.hardware.block.defaultSchedulerRotational
|
| boot.kernelPatches | A list of additional patches to apply to the kernel
|
| services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| services.foundationdb.locality.machineId | Machine identifier key
|
| services.prosody.xmppComplianceSuite | The XEP-0423 defines a set of recommended XEPs to implement
for a server
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| system.stateVersion | This option defines the first version of NixOS you have installed on this particular machine,
and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions
|
| services.hercules-ci-agent.settings.concurrentTasks | Number of tasks to perform simultaneously
|
| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| services.mediagoblin.settings.mediagoblin.allow_registration | Whether to enable user self registration
|