| services.strongswan-swanctl.swanctl.secrets.token.<name>.handle | Hex-encoded CKA_ID or handle of the private key on the token or TPM,
respectively.
|
| services.acpid.handlers | Event handlers.
Handler can be a single command.
|
| services.lifecycled.handler | The script to invoke to handle events.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.acpid.handlers.<name>.event | Event type.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.acpid.handlers.<name>.action | Shell commands to execute when the event is triggered.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| boot.loader.systemd-boot.windows.<name>.efiDeviceHandle | The device handle of the EFI System Partition (ESP) where the Windows bootloader is
located
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.systemd-lock-handler.enable | Whether to enable systemd-lock-handler.
|
| services.systemd-lock-handler.package | The systemd-lock-handler package to use.
|
| services.mastodon.sidekiqProcesses | How many Sidekiq processes should be used to handle background jobs, and which job classes they handle. Read the upstream documentation before configuring this!
|
| services.dawarich.sidekiqProcesses | How many Sidekiq processes should be used to handle background jobs, and which job classes they handle
|
| power.ups.schedulerRules | File which contains the rules to handle UPS events.
|
| security.audit.failureMode | How to handle critical errors in the auditing system
|
| services.mastodon.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class
|
| services.siproxd.sipDscp | DSCP (differentiated services) value to be assigned
to SIP packets
|
| services.siproxd.rtpDscp | DSCP (differentiated services) value to be assigned
to RTP packets
|
| services.prosody.uploadHttp | Configures the old Prosody builtin HTTP server to handle user uploads.
|
| hardware.pcmcia.firmware | List of firmware used to handle specific PCMCIA card.
|
| services.prosody.httpFileShare | Configures the http_file_share module to handle user uploads
|
| services.diod.nwthreads | Sets the (fixed) number of worker threads created to handle 9P
requests for a unique aname.
|
| services.pixiecore.dhcpNoBind | Handle DHCP traffic without binding to the DHCP server port
|
| services.multipath.devices.*.hardware_handler | The hardware handler to use for this device type
|
| security.pam.krb5.enable | Enables Kerberos PAM modules (pam-krb5,
pam-ccreds)
|
| services.umami.settings.BASE_PATH | Allows you to host Umami under a subdirectory
|
| services.hardware.pommed.enable | Whether to use the pommed tool to handle Apple laptop
keyboard hotkeys.
|
| services.hardware.bolt.enable | Whether to enable Bolt, a userspace daemon to enable
security levels for Thunderbolt 3 on GNU/Linux
|
| networking.bonds.<name>.miimon | DEPRECATED, use driverOptions
|
| users.ldap.daemon.enable | Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM
|
| services.redsocks.redsocks | Local port to proxy associations to be performed
|
| services.borgbackup.jobs.<name>.extraArgs | Additional arguments for all borg calls the
service has
|
| services.input-remapper.enableUdevRules | Whether to enable udev rules added by input-remapper to handle hotplugged devices
|
| services.chrony.dispatcherScript | Whether to install the chrony NetworkManager dispatcher script
to handle connectivity changes.
|
| services.discourse.unicornTimeout | Time in seconds before a request to Unicorn times out
|
| services.cyrus-imap.cyrusSettings.SERVICES | This section is the heart of the cyrus.conf file
|
| services.prosody.httpFileShare.http_host | To avoid an additional DNS record and certificate, you may set this option to your primary domain (e.g. "example.com")
or use a reverse proxy to handle the HTTP for that domain.
|
| services.dependency-track.database.type | h2 database is not recommended for a production setup.
postgresql this settings it recommended for production setups.
manual the module doesn't handle database settings.
|
| services.sanoid.datasets.<name>.recursive | Whether to recursively snapshot dataset children
|
| networking.nftables.flattenRulesetFile | Use builtins.readFile rather than include to handle networking.nftables.rulesetFile
|
| programs.light.brightnessKeys.enable | Whether to enable brightness control with keyboard keys
|
| services.recyclarr.configuration | Recyclarr YAML configuration as a Nix attribute set
|
| services.prometheus.alertmanagerGotify.webhookPath | The URL path to handle requests on.
|
| services.xserver.desktopManager.runXdgAutostartIfNone | Whether to run XDG autostart files for sessions without a desktop manager
(with only a window manager), these sessions usually don't handle XDG
autostart files by default
|
| services.strongswan-swanctl.swanctl.authorities.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.schleuder.lists | List of list addresses that should be handled by Schleuder
|
| services.httpd.mpm | Multi-processing module to be used by Apache
|
| services.sympa.domains | Email domains handled by this instance
|
| system.switch.enable | Whether to include the capability to switch configurations
|
| security.audit.backlogLimit | The maximum number of outstanding audit buffers allowed; exceeding this is
considered a failure and handled in a manner specified by failureMode.
|
| systemd.network.links.<name>.enable | Whether to enable this .link unit
|
| services.pinchflat.extraConfig | The configuration of Pinchflat is handled through environment variables
|
| services.matrix-synapse.settings.log_config | The file that holds the logging configuration.
|
| services.taskserver.pki.auto.bits | The bit size for generated keys.
|
| services.gitlab-runner.services.<name>.limit | Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit.
|
| services.keter.globalKeterConfig.rotate-logs | emits keter logs and it's applications to stderr.
which allows journald to capture them
|
| services.n8n.environment | Environment variables to pass to the n8n service
|
| services.postfix.recipientDelimiter | Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
|
| services.syncthing.settings.folders.<name>.type | Controls how the folder is handled by Syncthing
|
| programs.calls.enable | Whether to enable GNOME calls: a phone dialer and call handler
.
|
| services.kapacitor.loadDirectory | Directory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)
|
| services.mx-puppet-discord.enable | Whether to enable mx-puppet-discord is a discord puppeting bridge for matrix
|
| services.parsedmarc.settings.imap.password | The IMAP server password
|
| services.parsedmarc.settings.smtp.password | The SMTP server password
|
| services.geoipupdate.settings.LicenseKey | A file containing the MaxMind license key
|
| services.taskserver.pki.auto.expiration.ca | The expiration time of the CA certificate in days or null for no
expiration time.
|
| services.taskserver.pki.auto.expiration.crl | The expiration time of the certificate revocation list (CRL) in days or null for no
expiration time.
|
| virtualisation.libvirtd.hooks.libxl | Hooks that will be placed under /var/lib/libvirt/hooks/libxl.d/
and called for libxl-handled xen domains begin/end events
|
| services.matrix-synapse.workers.<name>.worker_log_config | The file for log configuration
|
| services.taskserver.pki.auto.expiration.client | The expiration time of client certificates in days or null for no
expiration time.
|
| services.taskserver.pki.auto.expiration.server | The expiration time of the server certificate in days or null for no
expiration time.
|
| services.nextcloud-spreed-signaling.settings.app.debug | Set to "true" to install pprof debug handlers
|
| services.vaultwarden.config | The configuration of vaultwarden is done through environment variables,
therefore it is recommended to use upper snake case (e.g. DISABLE_2FA_REMEMBER)
|
| services.syncthing.settings.folders.<name>.ignorePatterns | Syncthing can be configured to ignore certain files in a folder using ignore patterns
|
| services.parsedmarc.settings.elasticsearch.password | The password to use when connecting to Elasticsearch,
if required
|
| services.reposilite.settings.webThreadPool | Maximum amount of threads used by the core thread pool. (min: 5)
The web thread pool handles the first few steps of incoming HTTP connections, tasks are redirected as soon as possible to the IO thread pool.
|
| services.reposilite.settings.ioThreadPool | The IO thread pool handles all tasks that may benefit from non-blocking IO. (min: 2)
Because most tasks are redirected to IO thread pool, it might be a good idea to keep it at least equal to web thread pool.
|
| virtualisation.oci-containers.containers.<name>.log-driver | Logging driver for the container
|
| services.ferretdb.settings.FERRETDB_HANDLER | Backend handler
|
| services.ferretdb.settings.FERRETDB_SQLITE_URL | SQLite URI (directory) for 'sqlite' handler
|
| services.earlyoom.enableNotifications | Send notifications about killed processes via the system d-bus
|
| services.waagent.settings.AutoUpdate.UpdateToLatestVersion | Whether or not to enable auto-update of the Extension Handler.
|
| services.ferretdb.settings.FERRETDB_POSTGRESQL_URL | PostgreSQL URL for 'pg' handler
|
| services.prometheus.exporters.varnish.withGoMetrics | Export go runtime and http handler metrics.
|
| services.smartd.notifications.systembus-notify.enable | Whenever to send systembus-notify notifications
|
| services.bacula-sd.device.<name>.mediaType | The specified name-string names the type of media supported by this
device, for example, DLT7000
|
| services.prometheus.scrapeConfigs.*.honor_labels | Controls how Prometheus handles conflicts between labels
that are already present in scraped data and labels that
Prometheus would attach server-side ("job" and "instance"
labels, manually configured target labels, and labels
generated by service discovery implementations)
|
| services.pgbouncer.settings.pgbouncer.ignore_startup_parameters | By default, PgBouncer allows only parameters it can keep track of in startup packets:
client_encoding, datestyle, timezone and standard_conforming_strings
|
| services.matrix-conduit.settings.global.allow_check_for_updates | Whether to allow Conduit to automatically contact
https://conduit.rs hourly to check for important Conduit news
|