Path of the source file.

Set of files that have to be linked in runtime.

Text of the file.

Whether this runtime directory should be generated

Name of symlink

List of rules to be added to /etc/xdg/pay-respects/rules. pay-respects will read the contents of these generated rules to recommend command corrections

Source of the plugin package or path

DID of bsky frontend

URL of bsky frontend

URL of DID PLC directory

DID of bsky frontend

URL of bsky frontend

Runtime directory of the movim user which holds the application’s caches & temporary files.

Runtime directory shared between the taler services

URL of DID PLC directory

Size limit of uploaded blobs in bytes

Directory for lock files and other runtime data.

DID of mod service

URL of mod service

A runtime directory used by NetBird client.

A runtime directory used by NetBird client.

Size limit of uploaded blobs in bytes

Range of user IDs used for the creation of system users by useradd or newusers.

Range of user IDs used for the creation of system users by useradd or newusers.

Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers

Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers

Ruutime directory of the pixelfed user which holds the application's caches and temporary files.

The amount of time which can elapse before a watchdog hardware device will automatically reboot the system

DID of mod service

The path to the file containing Django's secret key

The path to the file containing Django's secret key

URL of mod service

Enable rate limiting

Whether to enable IPv6 Privacy Extensions for interfaces not configured explicitly in networking.interfaces._name_.tempAddress

Number of bytes to accept for POST requests

The URL where you will access the app.

Filesystem location where Nexus should store the bank public keys.

Store blobs at this location, set to null to use e.g

Host where hatsu should listen for incoming requests.

Port where hatsu should listen for incoming requests.

Override the default runtime

The path to your appkey

A file containing a secure random string

The path to the nixpkgs sources used to build the system

Upper level of template and static files path.

Filesystem location where Nexus should store the subscriber private keys.

Directory to store state

Path to the data directory

Database URL.

Packages available to renovate.

A file containing a unique base64 encoded secret for the LIVE_VIEW_SIGNING_SALT

The internal SSH address of the service

Allows you to assign a custom name to the tracker script different from the default script.js.

Store blobs at this location, set to null to use e.g

URL to the livekit server

A file containing a connection string for the database

The internal HTTP address of the service

The path to your appkey

Upper level of template and static files path.

The object to make available inside the initrd.

URL of the redis backend for celery

URL of the redis backend for celery

Smallest amount in this currency that can be transferred using the underlying RTGS

URL of the EBICS server.

The primary account of your instance (eg 'example.com').

Whether to enable webapps.

Provide the path where n8n will create the .n8n folder

Allows you to send metrics to a location different than the default /api/send.

Path of the source file.

The LDAP bind password

Port to listen on

Api runtime configuration

Path of the source file.

Path of the source file.

Sets the directory for the data.

Base URL for the QR code display

Directory to store state

Heapster metric source

Comma-separated list of hosts that are able to connect to the server

Comma-separated list of hosts that are able to connect to the server

Limits for timeline cleanup.

The file containing your mysql/mariadb database password.

Number of rendered syntax highlight items to cache

SQLite URI (directory) for 'sqlite' handler

Sets the directory for the config file.

JWT private key

Limits for timeline cleanup.

Limits for timeline cleanup.

Limits for timeline cleanup.

Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.

Sets the filename for the config file.

Root path for log files.

Path of the source file.

Path of the source file.

Path of the source file.

A file containing a unique base64 encoded secret for the TOKENS_KEY_BASE

A file containing a unique base64 encoded secret for the SECRET_KEY_BASE

Address and port to bind to

The url scheme by which canaille will be served.

The URL where you will access the app.

Limits for timeline cleanup.

Maximum number of seconds a request can be processed until wastebin responds with 408

Range of user IDs used for the creation of regular users by useradd or newusers.

Range of user IDs used for the creation of regular users by useradd or newusers.

Path of the source file.

Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.

Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.

Used by the exchange to verify information signed by the offline system.

Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.

Allows you to host Umami under a subdirectory

Path of the source file.

The SQL server URI

Path of the source file.

Port for GUI server to listen on.

Path to the sqlite3 database file

IP address to bind GUI server to (* means any).

Enable logging

Add programs to the buildkite-agent environment

Full public URL of gitea server.

Path to a file containing the secret key.

The source code for your fork of sr.ht.

Smallest amount in this currency that can be transferred using the underlying RTGS

Root path for log files.

A file containing a unique base64 encoded secret for the COOKIE_SIGNING_SALT

The network family that the metrics server should bind to

Listen port

Listen address

When enabled, n8n sends notifications of new versions and security updates.

Path of the source .yaml file.

Port to listen on

The port to listen on.

The app environment

SSH port displayed in clone URL

The port your database is listening at. sqlite does not require this value to be filled.

Limits for timeline cleanup.

Path of the source file.

Host of the database

User of the database

Host of the database

Name of the database

Name of the database

User of the database

Path of the source file.

Path of the source file.

The domain name of your instance (eg 'hatsu.local').

URL of crawlers

Path to the data directory

PostgreSQL URL for 'pg' handler

The APP_URL used by firefly-iii internally

Instance hostname (base domain name)

Whether the app is behind a reverse proxy.

Packages added to the adapter's PATH.

The network family that the metrics server should bind to

The absolute path to the program to be wrapped.

The machine which hosts your database

Address on which spiped should listen for incoming connections

Address to listen on

URL of the redis backend

URL of the redis backend

Full public URL of Forgejo server.

Create an admin user from environment variables.

Data storage directory.

The postgresql database server to connect to

Directory for storing master metadata.

Listen port

Listen address

Disable external SSH feature.

Indicate if login is allowed if we can't cd to the home directory.

Path of the source file.

Source ZFS dataset

Connection string for the database

SSH port displayed in clone URL

libpq connection parameters as documented in:

https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS

Influences logging

Whether to share selected, anonymous telemetry with n8n

Path of the source .yaml file.

The HTTP port n8n runs on.

The port your database is listening at.

A file containing a unique base64 encoded secret for the COOKIE_ENCRYPTION_SALT

The IP or hostname which hosts your database.

The default source address.

Enable logging

Flask Secret Key

Postgresql connection parameters

The root URL that you want to host BookStack on

A list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the NetBox service.

Path of the source file.

List of users allowed to operate with the config. "root" is always implicitly included

The domain name on which canaille will be served.

Name of the EBICS host.

Path to sendmail binary or script.

This defines the system default encryption algorithm for encrypting passwords.

Disables the check for new versions of Umami.

When true, any user will be able to register

This variable must be set to use JWT token authentication.

Disable external SSH feature.

User ID of the EBICS subscriber

List of groups allowed to operate with the config

Source definitions

Refer to the Tuliprox documentation for available attributes

URL of crawlers

The hostname to listen on.

Per-scrape limit on length of labels name that will be accepted for a sample

Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS

The absolute path to the program to be wrapped.

Instance hostname (base domain name)

Source port of the external interface; to specify a port range, use a string with a colon (e.g. "60000:61000")

URL to the backend server base

Source ports to allow in the zone.

Define the source of randomness to obtain a random key for encryption.

The default source address.

Directory for lock files.

IP address to bind CGI server to.

HOME_NET variable.

When false, only superusers will be able to create new organizations after the first

OpenID Connect settings

NNCP configuration, see http://www.nncpgo.org/Configuration.html

Configuration for the LDAP backend

Sets the port of the service.

Run database migrations.

Source directories.

Default environment variables available to the GameScope process, overridable at runtime.

Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS

Partner ID of the EBICS subscriber

Seahub public URL.

Overrides the HTML page title

Path of the source file.

A list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the Froide-Govplan service.

One or multiple URIs to PCM input streams.

Name of the following combination: EBICS version and ISO20022 recommendations that Nexus would honor in the communication with the bank

Data storage directory

Directory for storing metalogger data.

Umami collects completely anonymous telemetry data in order help improve the application

The hosts that the Open Web Calendar permits

Defines whether hourly snapshots should be created.

ENIP_SERVER variable.

ENIP_CLIENT variable.

Exchange that is suggested to wallets when withdrawing

The policy file to use

DC_SERVERS variable.

The type of database you wish to use

All accounts to provision

A list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the peering manager service.

AIM_SERVERS variable.

SQL_SERVERS variable.

DNS_SERVERS variable.

A file containing a unique base64 encoded secret for the TOKENS_SALT

The network family that Anubis should bind to

Source ports for the service.

Backend handler

HTTP_SERVERS variable.

SMTP_SERVERS variable.

Database name.

Defines whether the timeline cleanup algorithm should be run for the config.

MODBUS_SERVER variable.

MODBUS_CLIENT variable

Directory for chunck meta data

EXTERNAL_NET variable.

Whether to disable analytics

User for hg.sr.ht.

The policy file to use

Port on which the "hg" backend should listen.

The n8n instance timezone

User for git.sr.ht.

User for man.sr.ht.

User for hub.sr.ht.

TELNET_SERVERS variable.

Port on which the "git" backend should listen.

Port on which the "hub" backend should listen.

Port on which the "man" backend should listen.

The network family that Anubis should bind to

The URL under which GlitchTip is externally reachable.

User for todo.sr.ht.

User for meta.sr.ht.

A file containing a unique secret identifier for the Erlang cluster

Port on which the "meta" backend should listen.

Port on which the "todo" backend should listen.

Group for hg.sr.ht

Enable or disable basic telemetry

Set debug level explicitly

If set, shows a contact email address when rendering error pages

The redis host URL

Group for man.sr.ht

Group for git.sr.ht

Group for hub.sr.ht

User for lists.sr.ht.

User for pages.sr.ht.

User for paste.sr.ht.

Port on which the "lists" backend should listen.

Port on which the "paste" backend should listen.

Port on which the "pages" backend should listen.

Comma-delimited list of host:port pairs or unix sockets to listen on.

The redis host URL

The redis host URL

The redis host URL

The address Anubis' metrics server listens to

Whether to enable hg service.

Group for todo.sr.ht

Group for meta.sr.ht

Origins allowed to connect to the collaboration server

The host/domain names that this site can serve.

Whether to enable git service.

Whether to enable man service.

Whether to enable hub service.

The redis host URL

The redis host URL

Whether to enable Free and open source software for video recording and live streaming.

Whether fish should source configuration snippets provided by other packages.

User for builds.sr.ht.

Whether to enable meta service.

Whether to enable todo service.

Port on which the "builds" backend should listen.

If set, shows a contact email address when rendering error pages

Group for paste.sr.ht

Group for lists.sr.ht

Group for pages.sr.ht

The public client ID of your Spotify application

Whether to enable Open Graph tag passthrough

The endpoint of the Mongo database.

The redis host URL

The redis host URL

The redis host URL

The endpoint of your server This api has to be reachable from the device you use the website from not from the server

The hgsrht package to use.

Extra global default configuration for htop which is read on first startup only

The resource that is protected.

The gitsrht package to use.

The mansrht package to use.

The hubsrht package to use.

Whether to enable lists service.

Whether to enable paste service.

Whether to enable pages service.

Whether to enable local nginx integration.

Whether to enable local minio integration.

The endpoint of your web application

Whether to enable local redis integration in a dedicated redis-server.

By default any user can create an account on this gitea instance

Address the server will listen for websocket connections.

The redis host URL

Group for builds.sr.ht

The metasrht package to use.

The git package to use.

The todosrht package to use.

Whether to enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking, wiki and account management services .

Whether to enable Open Graph tag passthrough

Source addresses, address ranges, MAC addresses or ipsets to bind.

Whether to enable builds service.

Source port when using UDP encapsulation

How long to keep data in the database for tax audits after the transaction has completed.

The listssrht package to use.

The pagessrht package to use.

The pastesrht package to use.

Images for builds.sr.ht

OpenPGP key identifier.

Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories).

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Specify the rules for which files to read on the host

Outgoing SMTP FROM.

Path to mercurial repositories on disk

Outgoing SMTP port.

Outgoing SMTP host.

Outgoing SMTP user.

The buildsrht package to use.

Address receiving application exceptions

Extra arguments passed to Gunicorn.

Whether to enable local postfix integration.

Extra arguments passed to the Celery responsible for webhooks.

Whether to listen for and reject all HTTPS connections to this vhost

Extra arguments passed to the Celery responsible for processing mails.

Path to git repositories on disk

Require TLS or TLS-PSK encryption

Require TLS or TLS-PSK encryption

Virtual-host configuration merged with all Sourcehut's virtual-hosts.

Extra arguments passed to Gunicorn.

Extra arguments passed to Gunicorn.

Extra arguments passed to Gunicorn.

Extra arguments passed to the Celery responsible for webhooks.

URL hg.sr.ht is being served at (protocol://domain)

Path to hg-ssh (if not in $PATH).

Address to bind the debug server to.

Port to bind the debug server to.

Verify peer certificate

Verify peer certificate

Address sending application exceptions

Port to bind the debug server to.

Extra arguments passed to Gunicorn.

Address to bind the debug server to.

Port to bind the debug server to.

Extra arguments passed to Gunicorn.

Port to bind the debug server to.

Address to bind the debug server to.

URL man.sr.ht is being served at (protocol://domain)

Address to bind the debug server to.

URL git.sr.ht is being served at (protocol://domain)

URL hub.sr.ht is being served at (protocol://domain)

Extra arguments passed to the Celery responsible for webhooks.

Extra arguments passed to the Celery responsible for webhooks.

Source file on the host containing the credential data.

The configuration for the sourcehut network.

The Redis connection used for the Celery worker.

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Path for the lmtp daemon's unix socket

OpenPGP public key.

URL todo.sr.ht is being served at (protocol://domain)

Port to bind the debug server to.

Port to bind the debug server to.

Address to bind the debug server to.

Address to bind the debug server to.

URL meta.sr.ht is being served at (protocol://domain)

Origin URL for the API

Extra arguments passed to Gunicorn.

Extra arguments passed to Gunicorn.

Extra arguments passed to Gunicorn.

The top-level info page for your site.

The name of your network of sr.ht-based sites.

Origin URL for the API

Origin URL for the API

Origin URL for the API

Extra arguments passed to the Celery responsible for webhooks.

List of source IP range, use empty list for any.

Maximum size of any given site (post-gunzip), in MiB.

Path to the srht mercurial extension (defaults to where the hgsrht code is)

Port to bind the debug server to.

Port to bind the debug server to.

URL pages.sr.ht is being served at (protocol://domain)

Port to bind the debug server to.

URL paste.sr.ht is being served at (protocol://domain)

Address to bind the debug server to.

URL lists.sr.ht is being served at (protocol://domain)

Address to bind the debug server to.

Address to bind the debug server to.

Origin URL for the API

Origin URL for the API

The Redis connection used for the Celery worker.

Whether to enable localsend, an open source cross-platform alternative to AirDrop.

Blurb for your site.

Owner's name.

Outgoing email for notifications generated by users.

Address to bind to.

Extra arguments passed to Gunicorn.

hg.sr.ht's OAuth client id for meta.sr.ht.

The lmtp daemon will make the unix socket group-read/write for users in this group.

Aliases for the client IDs of commonly used OAuth clients.

A boolean that controls whether site visitors can create new accounts

Origin URL for the API

Origin URL for the API

Origin URL for the API

man.sr.ht's OAuth client id for meta.sr.ht.

git.sr.ht's OAuth client id for meta.sr.ht.

hub.sr.ht's OAuth client id for meta.sr.ht.

Content of the celeryconfig.py used by the Celery of listssrht-process.

Content of the celeryconfig.py used by the Celery responsible for webhooks.

Scripts used to launch on SSH connection. /usr/bin/master-shell on master, /usr/bin/runner-shell on runner

Owner's email.

Address to bind the debug server to.

URL builds.sr.ht is being served at (protocol://domain)

Port to bind the debug server to.

Specifies the size of the swap file in MiB (1024×1024 bytes)

Whether to enable worker for builds.sr.ht

Outgoing email for notifications generated by users.

Content of the celeryconfig.py used by the Celery responsible for webhooks.

Whether to enable nonpaying users to submit builds.

Configures the user domain, if enabled

Whether to listen for and reject all HTTPS connections to this vhost

A MAC address.

The Redis connection used for the webhooks worker.

Whether to enable creation of new lists.

todo.sr.ht's OAuth client id for meta.sr.ht.

The Redis connection used for the webhooks worker.

Content of the celeryconfig.py used by the Celery responsible for webhooks.

Content of the celeryconfig.py used by the Celery responsible for webhooks.

Path for the lmtp daemon's unix socket

An absolute file path (which should be outside the Nix-store) to an OpenPGP private key

Origin URL for the API

An absolute file path (which should be outside the Nix-store) to Gemini certificates.

The Redis connection used for the webhooks worker.

The Redis connection used for the webhooks worker.

lists.sr.ht's OAuth client id for meta.sr.ht.

pages.sr.ht's OAuth client id for meta.sr.ht.

paste.sr.ht's OAuth client id for meta.sr.ht.

Listening address and listening port of the build runner (with HTTP port if not 80).

Content of the celeryconfig.py used by the Celery responsible for webhooks.

List of datasources to insert/update.

If set to true, waagent formats and mounts the resource disk that the platform provides, unless the file system type in `ResourceDisk

Outgoing SMTP password.

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

This option specifies the path at which the resource disk is mounted

Access key to the S3-compatible object storage service

Url of the datasource.

If enabled, the agent creates a swap file (/swapfile) on the resource disk and adds it to the system swap space

An ipset.

The Redis connection used for the webhooks worker.

A post-update script which is installed in every git repo

The file system type for the resource disk

An absolute file path (which should be outside the Nix-store) to the secret key of the S3-compatible object storage service.

Custom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically.

Datasource type

Name of the datasource

builds.sr.ht's OAuth client id for meta.sr.ht.

hg.sr.ht's OAuth client secret for meta.sr.ht.

An absolute file path (which should be outside the Nix-store) to a secret key to encrypt internal messages with

The lmtp daemon will make the unix socket group-read/write for users in this group.

Reject URL.

The mercurial package to use.

Global domain name.

The path of the directory to share, can be a shell variable

git.sr.ht's OAuth client secret for meta.sr.ht.

hub.sr.ht's OAuth client secret for meta.sr.ht.

man.sr.ht's OAuth client secret for meta.sr.ht.

Whether to enable sending stock sourcehut welcome emails after signup.

Number of vcores that can be allocated for containers.

Number of fcgiwrap processes to prefork.

Extra data for datasource plugins.

todo.sr.ht's OAuth client secret for meta.sr.ht.

Datasource compatible with Prometheus HTTP API.

Whether to enable local postgresql integration.

Posting domain.

An absolute file path (which should be outside the Nix-store) to a key used for encrypting session cookies

List of datasources that should be deleted from the database.

Whether to listen for and reject all HTTPS connections to this vhost

Amount of physical memory, in MB, that can be allocated for containers.

Whether to listen for and reject all HTTPS connections to this vhost

Whether to enable automatic migrations on package upgrade.

Outgoing domain.

Posting domain.

Access mode. proxy or direct (Server or Browser in the UI)

Set of IP subnets which are permitted to utilize internal API authentication

Whether to enable automatic migrations on package upgrade.

Whether to enable automatic migrations on package upgrade.

Whether to enable automatic migrations on package upgrade.

Specifies if TLS should be enabled

Specifies if TLS should be enabled

Organization ID of the datasource to delete.

Whether to enable the billing system.

lists.sr.ht's OAuth client secret for meta.sr.ht.

paste.sr.ht's OAuth client secret for meta.sr.ht.

pages.sr.ht's OAuth client secret for meta.sr.ht.

Inputs specify how Filebeat locates and processes input data

This option specifies disk mount options to be passed to the mount -o command

Name of the datasource to delete.

Whether to listen for and reject all HTTPS connections to this vhost

PostgreSQL database name for the hg.sr.ht service, used if services.sourcehut.postgresql.enable is true.

Set of IP subnets which are permitted to utilize internal API authentication

Configure the S3-compatible object storage service.

Whether to enable automatic migrations on package upgrade.

Whether to enable automatic migrations on package upgrade.

Path to the hook script.

PostgreSQL database name for the man.sr.ht service, used if services.sourcehut.postgresql.enable is true.

PostgreSQL database name for the git.sr.ht service, used if services.sourcehut.postgresql.enable is true.

PostgreSQL database name for the hub.sr.ht service, used if services.sourcehut.postgresql.enable is true.

Max build duration

PostgreSQL database name for the todo.sr.ht service, used if services.sourcehut.postgresql.enable is true.

PostgreSQL database name for the meta.sr.ht service, used if services.sourcehut.postgresql.enable is true.

builds.sr.ht's OAuth client secret for meta.sr.ht.

Set of IP subnets which are permitted to utilize internal API authentication

Whether to enable automatic migrations on package upgrade.

Whether to enable automatic migrations on package upgrade.

Whether to enable automatic migrations on package upgrade.

Allow users to edit datasources from the UI.

Whether to listen for and reject all HTTPS connections to this vhost

Datasource specific secure configuration

An absolute file path (which should be outside the Nix-store) to a base64-encoded Ed25519 key for signing webhook payloads

HTTP bind address for serving local build information/monitoring.

PostgreSQL database name for the lists.sr.ht service, used if services.sourcehut.postgresql.enable is true.

PostgreSQL database name for the paste.sr.ht service, used if services.sourcehut.postgresql.enable is true.

PostgreSQL database name for the pages.sr.ht service, used if services.sourcehut.postgresql.enable is true.

Whether to enable automatic migrations on package upgrade.

Public key for Stripe

Path to YAML datasource configuration

Whether to listen for and reject all HTTPS connections to this vhost

An IP address or a network IP address with a mask for IPv4 or IPv6

An absolute file path (which should be outside the Nix-store) to a secret key for Stripe

Configures the syscall filter for postgresql.service

PostgreSQL database name for the builds.sr.ht service, used if services.sourcehut.postgresql.enable is true.

How many invites each user is issued upon registration (only applicable if open registration is disabled).

Declaratively provision Grafana's datasources.

SQLAlchemy connection string for the database.

Open ports in the firewall for Source Dedicated Server.

SQLAlchemy connection string for the database.

SQLAlchemy connection string for the database.

SQLAlchemy connection string for the database.

Path to write build logs.

SQLAlchemy connection string for the database.

SQLAlchemy connection string for the database.

SQLAlchemy connection string for the database.

SQLAlchemy connection string for the database.

SQLAlchemy connection string for the database.

Whether to listen for and reject all HTTPS connections to this vhost

Values other than "production" adds a banner to each page.

Common name attribute of allowed peer certificates

Common name attribute of allowed peer certificates

When true, provisioned datasources from this file will be deleted automatically when removed from services.grafana.provision.datasources.settings.datasources.

resources.ini contents

Filebeat modules provide a quick way to get started processing common log formats

Amount of virtual CPU cores allocated to Domain 0 on boot

SQLAlchemy connection string for the database.

A changegroup script which is installed in every mercurial repo

Path to the directory Traefik should watch for configuration files.

Grafana datasource configuration in Nix

Comma-delimited list of Content-Types to reject

Whether to listen for and reject all HTTPS connections to this vhost

TCP sockets to bind to

Metricbeat modules are responsible for reading metrics from the various sources

Extra environment variables

Whether to enable Hadoop YARN ResourceManager.

Amount of memory (in MiB) allocated to Domain 0 on boot

All resources to provision

Maximum amount of memory (in MiB) that Domain 0 can dynamically allocate to itself

List of HTTP resources to serve on this listener.

Config file version.

Whether to listen for and reject all HTTPS connections to this vhost

Whether the automatically provisioned Elasticsearch instance should be added as a grafana datasource

Extra command line flags to pass to the service

Collect PVE resources info

Datasource compatible with Prometheus HTTP API.

Runtime parameters of the Linux kernel, as set by sysctl(8)

Enables the use of the ~/.ssh/authorized_keys file

The name of this resource

The resource type

The maximum physical memory any container can be allocated.

List of resources to host on this listener.

Whether to delete the folders which are not configured via the folders option

Whether to enable Monado as the default OpenXR runtime on the system

Whether to enable WiVRn as the default OpenXR runtime on the system

The maximum virtual CPU cores any container can be allocated.

Open firewall ports for resourcemanager

Path to chroot into at runtime as an additional layer of protection.

Default configuration for the loggers used by matrix-synapse and its workers

Path to the server's private key

Parameters passed to the chosen scheduler at runtime.

Whether to enable public registration.

The resource to which access should be allowed.

Give Node-RED access to NPM and GCC at runtime, so 'Nodes' can be downloaded and managed imperatively via the 'Palette Manager'.

Where to redirect new users upon registration.

A list of filter to restrict traffic

The address of this resource

Path to the server's certificate

An attribute set of options as described in: https://pgbackrest.org/configuration.html

All options can be used

Dynamic configuration files to write

Authentication application resource ID.

The full path to the PEM encoded TLS certificate

The full path to the PEM encoded TLS certificate

Automatically restart the service on config change

Either a single port or port range to allow

The end of the port range, inclusive.

Whether synapse should compress HTTP responses to clients that support it

The start of the port range, inclusive.

A list of gateway groups (sites) which can reach the resource and may be used to connect to it.

The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software

The path specifying a PEM encoded TLS CA certificate(s)

The path specifying a PEM encoded TLS CA certificate(s)

Name of the IDO resource

Whether to enable OpenCL support using ROCM runtime library.

The protocol to allow

Define how much detail is supposed to be logged at runtime.

Whether to enable linyaps, a cross-distribution package manager with sandboxed apps and shared runtime.

List of source directories and files to backup

SSH identity resource for the remote transport

Commands to execute before the config file check

The Go package used by Athens at runtime

Configuration file for persisting runtime changes

TLS certificates are obtained by modules called "certificate loaders"

Whether to delete thumbnails and source files on post delete.

An optional description for resource address, usually a full link to the resource including a schema.

Base directory for custom templates and other options

Verbatim contents of the cgit runtime configuration file

Contents of the runtime configuration file

Set the maximum heap size for the JVM in MB

Set the initial heap size for the JVM in MB

NixOS version name to be used in the names of generated outputs and boot labels

Runtime settings for AMDVLK to be configured /etc/amd/amdVulkanSettings.cfg

Configuration for WiVRn

Alerting and/or Recording rules to evaluate at runtime.

A key list specifying a host switch combination.

A list of key names is available in https://github.com/htrefil/rkvm/blob/master/switch-keys.md.

Extra files containing Riemann configuration

Extra packages to be available in the jupyter runtime environment

Whether to enable the internet_resource feature for this account.

Determines where flannel stores its configuration at runtime

The default capture device (i.e. microphone)

Contents of the runtime configuration file, apcupsd.conf

Extra python packages available at runtime to enable additional python plugins.

Extra packages available at runtime to enable Deluge's plugins

The source labels select values from existing labels

List of HTTP resources to serve on this listener.

Add extra options here that you want to be sent to the Java runtime when the broker service is started.

Whether to enable Runtime analysis with klipper-estimator.

The default playback device

The name of the directory below /var/lib where gotify stores its runtime data.

Resolves domains of uwsgi targets at runtime and not only at start, you have to set services.nginx.resolver, too.

List of resources to host on this listener.

A set of files to be copied to /boot

Whether to enable exposing OpenSSH public keys defined in userdb

Whether to ensure that Monado is the active runtime set for the current user

Verbatim advanced configuration file contents using the Erlang syntax

File with environment variables to pass into the runtime environment

List of source directories and files to backup

Override path from where to load UI resources.

Whether to flush all runtime rules on a reload.

Whether to enable the multi_site_resources feature for this account.

Options which are added to tuners.yml

Whether synapse should compress HTTP responses to clients that support it

Where to store runtime data (save files, persistent items, etc)

Selects the default theme on boot

Resolves domains of proxyPass targets at runtime and not only at startup

.hg/store size (in MB) past which the nightly job generates clone bundles.

Additional arguments for borg init

YAML file to merge into the schleuder config at runtime

Additional arguments for borg prune

Define a whitelist of allowed IP addresses or domains, with ports, to be used in data source URLs with the Grafana data source proxy

Configuration options in RabbitMQ's new config file format, which is a simple key-value format that can not express nested data structures

Whether to enable the open source NVIDIA kernel module.

Options which are added to channels.yml

Whether to enable odoo, an open source ERP and CRM system.

The external Thanos Query URL that would be set in all alerts 'Source' field.

Additional arguments for borg create

Whether to enable Container Runtime Interface for OCI (CRI-O).

This is a convenience option which allows you to set secret values for environment variables by specifying a file which will contain the value at runtime

Stream source configuration

Directory below /var/lib to store runtime data

Additional arguments for borg compact

Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).

Whether to enable Maddy, a free an open source mail server.

Export go runtime and http handler metrics.

List of paths to files containing environment variables for Sharkey to use at runtime

Whether to enable Komga, a free and open source comics/mangas media server.

Labels to be applied to all generated metrics

The source labels select values from existing labels

Whether to enable snipe-it, a free open source IT asset/license management system.

If set, all the required runtime store paths for this service are bind-mounted into a tmpfs-based chroot(2).

How to name the created archives

It is recommended you keep your secrets separate from the configuration

A set of files to be copied to $BOOT

Whether to enable Zammad, a web-based, open source user support/ticketing solution.

Source (real) IP address of this host.

The source labels select values from existing labels

UDP port for eD2k traffic (searches, source exchange) and all Kad network communication

If set, the pkgs argument to all NixOS modules is the value of this option, extended with nixpkgs.overlays, if that is also set

Labels used to map jobs to their runtime environment

Whether to enable experimental power management of PRIME offload

The source IPv4 address of the TAYGA server.

The source IPv6 address of the TAYGA server.

The timestamp format to use for constructing snapshot names

The name of the machine

List of devices that gpsd should subscribe to

Whether to enable Traccar, an open source GPS tracking system.

Extra environment variables to be set in the runtime context of jupyter notebook

API key to authenticate with a local crowdsec API

Whether to enable OpenGFW, A flexible, easy-to-use, open source implementation of GFW on Linux .

Specify the strategy for generating device names, passed to nvidia-ctk cdi generate

Extra runtime packages to be installed in the Podman wrapper

Whether to allow creation of user namespaces

Endpoint at which to find the container runtime api interface/socket

Whether to enable containerd container runtime.

Whether to enable Firefly III: A free and open source personal finance manager.

qui configuration options

Wether to enable VictoriaMetrics's vmalert.

vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.

Environment file to be passed to the systemd service

Environment file to be passed to the systemd service

Whether to enable FerretDB, an Open Source MongoDB alternative.

Whether to enable DocuSeal, open source document signing.

Source directory (will be symlinked, if not null) for the files the built-in webserver should serve

Whether to enable ChromaDB, an open-source AI application database..

A list of full paths to trusted applications that will be loaded at runtime by tee-supplicant.

Use DEV as eBUS device [/dev/ttyUSB0]

Names of the fallback cursor themes, in order of preference, to be used when no other icon source can be found

Whether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).

The cockroachdb package to use

Signing salt

Additional arguments passed to grub-install

Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app

The restriction flags to be set on source

Whether to enable Discourse, an open source discussion platform.

A set of files to be copied to /boot

A set of files to be copied to /boot

Whether to enable headscale, Open Source coordination server for Tailscale.

The location of the output journal

Whether to enable the static source

If enabled, causes the following behavior:

• Passes the --ephemeral flag to the runner configuration script
• De-registers and stops the runner with GitHub after it has processed one job
• On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
• Restarts the service after its successful exit
• On start, wipes the state directory and configures a new runner

You should only enable this option if tokenFile points to a file which contains a personal access token (PAT)

JWT signing secret

LiveView signing salt

Environment variables which are read by healthchecks (local)_settings.py

Whether to enable Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync.

Networking-related command-line options that should be passed to qemu

Whether to include the build closure of the whole system in its runtime closure

Use these credentials to authenticate during the HTTP upgrade request (Basic authorization type, USER:[PASS]).

Whether to enable this source.

Permissions granted for the services.syncoid.user user for local source datasets

Environment variables which are read by healthchecks (local)_settings.py

Parameters added to the Memtest86+ command line

Whether to enable LogMeIn Hamachi, a proprietary (closed source) commercial VPN software.

Take unencrypted connections from the source socket and send encrypted connections to the target socket.

Take encrypted connections from the source socket and send unencrypted connections to the target socket.

Kernel package where device tree include directory is from

Whether to enable Suwayomi, a free and open source manga reader server that runs extensions built for Tachiyomi.

The dataset to use for this source.

Whether to automatically reboot after an update

Max qps allowed from any query source. 0 means unlimited

Wait for DNS

Labels to attach to the container at runtime.

Whether to enable The tuxedo-drivers driver enables access to the following on TUXEDO notebooks:

• Driver for Fn-keys
• SysFS control of brightness/color/mode for most TUXEDO keyboards
• Hardware I/O driver for TUXEDO Control Center

For more inforation it is best to check at the source code description: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers .

Whether to enable sendRaw feature which adds the options -w to the zfs send command

By default we create the sabnzbd configuration read-only, which keeps the nixos configuration as the single source of truth

The definition for an input source.

Whether to enable Privatebin: A minimalist, open source online pastebin where the server has zero knowledge of pasted data..

Whether to enable LubeLogger, a self-hosted, open-source, web-based vehicle maintenance and fuel milage tracker.

Secret key used as a base to generate further secrets for encrypting and signing data

Whether to enable destroying snapshots one by one instead of using one long argument list

Whether to enable Jool, an Open Source implementation of IPv4/IPv6 translation on Linux

Command to run before snapshots are taken on the source dataset, e.g. for database locking/flushing

List of derivations that provide container images

Whether to enable WiFi source.

Whether to enable CDMA source.

Path to the local source folder.

Enable automatic adjustment (step / 5) to what source of data should be used in store gateways if no max_source_resolution param is specified.

Whether to enable 3G source.

Performs reverse path filtering (RPF) on IPv6 packets as per RFC 3704

Command to run after snapshots are taken on the source dataset, e.g. for database unlocking

Additional YAML configuration for OpenCloud services

Extra arguments passed to qbittorrent

The znapzend backup plan to use for the source

Whether to enable Libravatar as profile picture source on your instance

Whether to enable the skipIntermediates feature to send a single increment between latest common snapshot and the newly made one

The manual pages to generate caches for if documentation.man.generateCaches is enabled

Whether to enable Modem-GPS source.

A list of additional patches to apply to the kernel

Use source time servers from networking.timeServers in config.

Additional configurations to build

Wether to enable VictoriaMetrics's vmalert.

vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.

Name of the heat source.

Configuration from which XMonad gets compiled

Extra configuration options to put at the end of global initialization, before defining BSSs

Whether to enable VictoriaLogs is an open source user-friendly database for logs from VictoriaMetrics.

Whether to enable Silverbullet, an open-source, self-hosted, offline-capable Personal Knowledge Management (PKM) web application.

Additional configuration that exists before the first start and later overrides the existing values in config.json

Additional configuration that exists before the first start and later overrides the existing values in config.json

Permissions granted for the services.syncoid.user user for local source datasets

Additional configuration for shadowsocks that is not covered by the provided options

Capabilities to configure for the container

The device as passed to mount

Environment variables to set for the service

Altitude in meters to use for the static source.

When IPv6 is enabled with SLAAC, this option controls the use of temporary address (aka privacy extensions) on this interface

Accuracy radius in meters to use for the static source.

Latitude to use for the static source

Whether to allow SMT/hyperthreading

A list of signing keys for each substitute server to be authorized as a source of substitutes

Performs a reverse path filter test on a packet

Set the encryption key size for the plain device

Longitude to use for the static source

Whether to enable VictoriaTraces is an open source distributed traces storage and query engine from VictoriaMetrics.

Whether to overwrite Jellyfin's encoding.xml configuration file on each service start

Extra configuration options to put at the end of this BSS's defintion in the hostapd.conf for the associated interface

Configuration for Alertmanager IRC Relay as a Nix attribute set

Source of truth of users

Enable per-CPU CHILD_SAs

The znapzend backup plan to use for the source

The device as passed to mount

Text content of the credential

Remote address(es) to use for IKE communication

Modulus to take of the hash of the source label values.

Separator placed between concatenated source label values

Whether to enable separatedebuginfod, a debuginfod server providing source and debuginfo for nix packages.

The device as passed to mount

Source port of the external interface on host

Modulus to take of the hash of the source label values.

Source port of the external interface on host

Separator placed between concatenated source label values

Modulus to take of the hash of the source label values.

Whether to enable nixseparatedebuginfod2, a debuginfod server providing source and debuginfo for nix packages.

Separator placed between concatenated source label values