| options/nixos/services.firezone.relay.openFirewall | Opens up the main STUN port and the TURN allocation range.
|
| options/nixos/services.prometheus.exporters.unpoller.log.prometheusErrors | Whether to enable emitting errors to prometheus.
|
| options/nixos/virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| options/nixos/services.prometheus.exporters.node.disabledCollectors | Collectors to disable which are enabled by default.
|
| options/nixos/services.prometheus.exporters.storagebox.listenAddress | Address to listen on.
|
| options/nixos/services.prometheus.exporters.scaphandre.listenAddress | Address to listen on.
|
| options/nixos/services.chromadb.openFirewall | Whether to automatically open the specified TCP port in the firewall.
|
| options/nixos/services.factorio.openFirewall | Whether to automatically open the specified UDP port in the firewall.
|
| options/nixos/services.prometheus.exporters.modemmanager.group | Group under which the modemmanager exporter shall be run.
|
| options/nixos/services.prometheus.exporters.sql.configuration.jobs | An attrset of metrics scraping jobs to run.
|
| options/home-manager/wayland.windowManager.hyprland.portalPackage | The xdg-desktop-portal-hyprland package to use.
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowPasswordFile | Path to the file with your personal ecoflow app login email password
|
| options/nixos/services.endlessh-go.openFirewall | Whether to open a firewall port for the SSH listener.
|
| options/nixos/services.firezone.server.smtp.implicitTls | Whether to use implicit TLS instead of STARTTLS (usually port 465)
|
| options/nixos/services.prometheus.exporters.restic.environmentFile | File containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| options/darwin/services.prometheus.exporters.node.disabledCollectors | Collectors to disable from the list of collectors that are enabled by default.
|
| options/nixos/services.scollector.bosunHost | Host and port of the bosun server that will store the collected
data.
|
| options/nixos/services.usbguard.deviceRulesWithPort | Generate device specific rules including the "via-port" attribute.
|
| options/nixos/services.nghttpx.backends.*.params.redirect-if-not-tls | If true, a backend match requires the frontend connection be
TLS encrypted
|
| options/nixos/services.prometheus.exporters.imap-mailstat.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.imap-mailstat.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.chrony.enabledCollectors | Collectors to enable
|
| options/nixos/services.bookstack.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| options/nixos/services.pingvin-share.openFirewall | Whether to open the firewall for the port in services.pingvin-share.frontend.port.
|
| options/darwin/services.dnsmasq.servers | List of upstream DNS servers to forward queries to
|
| options/nixos/services.prometheus.exporters.mailman3.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.mailman3.openFirewall is true.
|
| options/nixos/services.quicktun.<name>.remotePort | Remote UDP port
|
| options/nixos/services.prometheus.exporters.rtl_433.channels.*.channel | Channel to match.
|
| options/nixos/services.taskserver.listenPort | Port number of the Taskserver.
|
| options/nixos/services.nextjs-ollama-llm-ui.ollamaUrl | The address (including host and port) under which we can access the Ollama backend server.
!Note that if the the UI service is running under a domain "https://ui.example.org",
the Ollama backend service must allow "CORS" requests from this domain, e.g. by adding
"services.ollama.environment
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowDevicesFile | File must contain one line, example: R3300000,R3400000,NC430000,...
|
| options/nixos/services.prometheus.exporters.rtl_433.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.rtl_433.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.wireguard.singleSubnetPerField | By default, all allowed IPs and subnets are comma-separated in the
allowed_ips field
|
| options/nixos/services.nextcloud.config.dbhost | Database host (+port) or socket path
|
| options/nixos/services._3proxy.services.*.bindPort | Override default port used for service.
|
| options/nixos/services.grafana_reporter.addr | Listening address.
|
| options/nixos/services.prometheus.exporters.borgmatic.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.borgmatic.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.surfboard.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.surfboard.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.wireguard.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.wireguard.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.smokeping.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.smokeping.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.pgbouncer.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.pgbouncer.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.nextcloud.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.nextcloud.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.rasdaemon.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.rasdaemon.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.tailscale.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.tailscale.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.modemmanager.enable | Whether to enable the prometheus modemmanager exporter.
|
| options/nixos/services.prometheus.exporters.buildkite-agent.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.buildkite-agent.openFirewall is true.
|
| options/nixos/services.prometheus.exporters.junos-czerwonk.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.junos-czerwonk.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.ecoflow.scrapingInterval | Scrapping interval in seconds
|
| options/nixos/services.prometheus.exporters.unbound.unbound.certificate | Path to the Unbound control socket certificate
|
| options/nixos/services.prometheus.exporters.storagebox.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.storagebox.openFirewall is true.
|
| options/nixos/services.prometheus.exporters.scaphandre.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.scaphandre.openFirewall is true.
|
| options/nixos/services.icecream.daemon.openFirewall | Whether to automatically open receive port in the firewall.
|
| options/nixos/services.gitlab.registry.externalPort | External port used to access registry from the internet
|
| options/nixos/services.xinetd.services.*.unlisted | Whether this server is listed in
/etc/services
|
| options/nixos/services.prometheus.exporters.unpoller.controllers | List of Unifi controllers to poll
|
| options/nixos/services.prometheus.exporters.scaphandre.telemetryPath | Path under which to expose metrics.
|
| options/nixos/services.prometheus.exporters.wireguard.interfaces | Specifies the interface(s) passed to the wg show dump parameter
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.url | URL of the Unifi controller.
|
| options/nixos/services.grafana_reporter.grafana.addr | Grafana address.
|
| options/nixos/services.prometheus.exporters.modemmanager.extraFlags | Extra commandline options to pass to the modemmanager exporter.
|
| options/nixos/services.unpoller.prometheus.report_errors | Whether to report errors.
|
| options/nixos/services.mediawiki.httpd.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| options/nixos/services.prometheus.exporters.sql.configuration | Exporter configuration as nix attribute set
|
| options/nixos/services.prometheus.exporters.mail.configuration | Specify the mailexporter configuration file to use.
|
| options/nixos/services.prometheus.exporters.artifactory.artiAccessToken | Access token for authentication against JFrog Artifactory API
|
| options/nixos/services.pangolin.openFirewall | Whether to enable opening TCP ports 80 and 443, and UDP port 51820 in the firewall for the Pangolin service(s).
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| options/nixos/services.amule.openExternalConnectPort | Whether to enable open the external connect port.
|
| options/nixos/services.mailpit.instances.<name>.smtp | SMTP bind interface and port.
|
| options/nixos/services.prometheus.exporters.collectd.collectdBinary.listenAddress | Address to listen on for binary network packets.
|
| options/nixos/services.prometheus.exporters.rtl_433.channels.*.location | Location to match.
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.proxyPort | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| options/nixos/services.prometheus.exporters.artifactory.listenAddress | Address to listen on.
|
| options/nixos/services.prometheus.exporters.opnsense.opnsenseServerAddress | Opnsense IP address of the opnsense appliance
|
| options/nixos/services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| options/nixos/services.jirafeau.nginxConfig.http2 | Whether to enable the HTTP/2 protocol
|
| options/nixos/services.icingaweb2.modules.monitoring.transports | Command transports to define
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.user | Unifi service user name.
|
| options/nixos/services.prometheus.exporters.mailman3.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.mailman3.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.imap-mailstat.accounts.<name>.password | |
| options/nixos/services.librechat.openFirewall | Whether to open the port in the firewall.
|
| options/nixos/services.prometheus.exporters.snmp.configuration | Snmp exporter configuration as nix attribute set
|
| options/nixos/services.prometheus.exporters.chrony.disabledCollectors | Collectors to disable which are enabled by default
|
| options/nixos/services.prometheus.exporters.collectd.collectdBinary.securityLevel | Minimum required security level for accepted packets.
|
| options/nixos/services.prometheus.exporters.pve.collectors.replication | Collect PVE replication info
|
| options/nixos/power.ups.upsmon.monitor.<name>.system | Identifier of the UPS to monitor, in this form: <upsname>[@<hostname>[:<port>]]
See upsmon.conf for details.
|
| options/nixos/services.immich-public-proxy.openFirewall | Whether to open the IPP port in the firewall
|
| options/nixos/services.navidrome.openFirewall | Whether to open the TCP port in the firewall
|
| options/nixos/services.tailscale.openFirewall | Whether to open the firewall for the specified port.
|
| options/nixos/services.prometheus.exporters.buildkite-agent.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.buildkite-agent.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.artifactory.artiPassword | Password for authentication against JFrog Artifactory API
|
| options/nixos/services.prometheus.exporters.scaphandre.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.scaphandre.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.storagebox.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.storagebox.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| options/nixos/services.wstunnel.clients.<name>.addNetBind | Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.
|
| options/nixos/services.overseerr.openFirewall | Open a port in the firewall for the Overseerr web interface.
|
| options/nixos/services.patroni.postgresqlPort | The port on which PostgreSQL listens.
|
| options/nixos/services.zeronet.fileserverPort | Zeronet fileserver port.
|
| options/nixos/services.grafana_reporter.enable | Whether to enable grafana_reporter.
|
| options/nixos/services.fedimintd.<name>.nginx.config.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|