Additional environment variables to provide to authelia

Name is used as a suffix for the service name, user, and group

Multi-domain protection currently requires multiple instances of Authelia

It is recommended you keep your secrets separate from the configuration

Here you can provide authelia with configuration files or directories

Configuring authelia's secret files via the secrets attribute set is intended to be convenient and help catch cases where values are required to run at all

Path to your JWT secret used during identity verificaton.

Path to your HMAC secret used to sign OIDC JWTs.

Path to your session secret

Path to your private key file used to encrypt OIDC JWTs.

Path to your storage encryption key.

LiveKit key file holding one or multiple application secrets

A list of files containing the various secrets

LiveKit key file holding one or multiple application secrets

config.xml configuration as a Nix attribute set

List of paths files that follows systemd environmentfile structure

Secrets to append to the initrd

Secrets to run PeerTube

A list of files containing the various secrets

File containing environment variables to substitute when copying the configuration out of Nix store to the services.mautrix-meta.dataDir

The name of the user for this authelia instance.

The name of the group for this authelia instance.

Whether to enable Authelia instance.

A list of files containing the various secrets

A file containing the secrets for the dynamic DNS provider

A file containing the secret used to encrypt secrets for OTP tokens

A file containing the various secrets

yaml file containing all secrets. this needs to be in the same structure as the configuration

A list of paths to NNCP configuration files that should not be in the Nix store

Path of a file with extra environment variables to be loaded from disk

Path to file containing secrets for Pomerium, in systemd EnvironmentFile format

This is a small wrapper over systemd's LoadCredential

Secret files to read into entries in config.php

A file containing the secret used to encrypt variables in the DB

A file containing the secret used to encrypt session keys

Default location for kubernetes secrets

The authelia package to use.

Attribute set of filesystem paths

A list of paths to IPSec secret files

File containing the access token for Draupnir's Matrix account to be used in place of services.draupnir.settings.accessToken.

A file containing the secret used to encrypt variables in the DB

The secret data used to encode the SRS address. to generate, use a command like: for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done

File consisting of lines of the form varname=value to define variables for the wireless configuration

Your Authelia config.yml as a Nix attribute set

The theme to display.

Secret keys used for signing and verification.

Level of verbosity for logs.

EAP secret section for a specific secret

A list of files containing the various secrets

Path to the file containing the secret keys.

A file containing the salt for active record encryption in the DB

Format the logs are written as.

NTLM secret section for a specific secret

EAP secret section for a specific secret

Secrets like SECRET_KEY_BASE and BASIC_AUTH_PASSWORD should be passed to the service without adding them to the world-readable Nix store

uWSGI configuration

Instance ID for when running multiple processes (default null).

Instance name used to distinguish between different instances

Path to a JSON file containing secrets for effects

The address to listen on.

A file containing the secret used to encrypt some rails data in the DB

Private key decryption passphrase for a key in the rsa folder.

File path where the logs will be written

Postquantum Preshared Key (PPK) section for a specific secret

IKE preshared secret section for a specific secret

The instance ID to listen for events for.

Private key decryption passphrase for a key in the ecdsa folder.

Definition for a private key that's stored on a token/smartcard/TPM.

Private key decryption passphrase for a key in the pkcs8 folder.

JSON file containing secret keys

File name in the rsa folder for which this passphrase should be used.

PKCS#12 decryption passphrase for a container in the pkcs12 folder.

Instance name.

PPK identity the PPK belongs to

The instance url to which the provisioning tool should connect.

Identity the EAP/XAuth secret belongs to

Path to the API key to authenticate with a local CrowdSec API

IKE identity the IKE preshared secret belongs to

Optional slot number to access the token.

TLS certificates are obtained by modules called "certificate loaders"

Identity the NTLM secret belongs to

File name in the ecdsa folder for which this passphrase should be used.

File name in the pkcs8 folder for which this passphrase should be used.

Private key decryption passphrase for a key in the private folder.

Value of decryption passphrase for RSA key.

Instance administrator email.

Optional PIN required to access the key on the token

Identity the EAP/XAuth secret belongs to

File name in the pkcs12 folder for which this passphrase should be used.

Whether to also log to stdout when a file_path is defined.

Value of decryption passphrase for ECDSA key.

Value of decryption passphrase for PKCS#8 key.

Optional PKCS#11 module name to access the token.

Path to file that contains LDAP password for user in {option}`ldap.username

Hex-encoded CKA_ID or handle of the private key on the token or TPM, respectively.

File name in the private folder for which this passphrase should be used.

Value of the EAP/XAuth secret

Value of the IKE preshared secret

Value of decryption passphrase for PKCS#12 container.

Value of the PPK

Enable Metrics.

Set of btrbk instances

Value of decryption passphrase for private key.

Value of the EAP/XAuth secret

File containing the password for Draupnir's Matrix account when used in conjunction with Pantalaimon to be used in place of services.draupnir.settings.pantalaimon.password.

Errbot instance configs

The address to listen on for metrics

Permits to raise one or more cups-pdf instances

Value of the NTLM secret, which is the NT Hash of the actual secret, that is, MD4(UTF-16LE(secret))

How often this btrbk instance is started

The name identifying the runner instance towards the Gitea/Forgejo instance.

A file containing the secret used to encrypt some rails data in a deterministic way in the DB

Attribute set of vault-agent instances

A list of secrets to provide to NetworkManager by reading their values from configured files

Data directory for errbot instance.

User under which this instance runs.

Whether to enable a CUPS printer queue for this instance

The name of the instance.

Whether to enable ytdl-sub instance.

Group under which this instance runs.

varnishstat -n value.

Specify SSH host keys to import into the initrd

Whether to enable this instance of Anubis.

File containing the secret token when using the Synapse HTTP Antispam module to be used in place of services.draupnir.settings.web.synapseHTTPAntispam.authorization

Instance description.

Whether to enable this vault-agent instance.

The fallback instance name if not configured into the admin UI

Whether to enable this v4l2-relayd instance.

Options for Bookstack configuration

Configure the instance from config server

Frp instances.

Enable the instance.

Assign a icinga instance to this transport

Attribute set of consul-template instances

Configuration options for cross-seed

Path to file containing environment variables

Settings to configure wiki-js

User under which this instance runs.

Base URL of your Gitea/Forgejo instance.

Default 2FA method for new users and fallback for preferred but disabled methods.

name of the setting section for which secrets are requested

Group under which this instance runs.

Whether to enable this cups-pdf instance.

Configuration for ytdl-sub instances.

Environment file as defined in systemd.exec(5)

Path to easytier config file

Plain token to register at the configured Gitea/Forgejo instance.

Whether to enable this consul-template instance.

A YAML file containing secrets such as database or user passwords

Group as which this instance of fcgiwrap will be run.

Extra packages to add to GST_PLUGIN_PATH for the instance.

Whether to enable Gitea Actions Runner instance.

Directory where Akkoma will put uploaded files.

User as which this instance of fcgiwrap will be run

This will contain the contents of cups-pdf.conf for this instance, derived from settings

Path to file that contains Client ID.

Path to file containing environment variables

Path to an environment file, containing the TOKEN environment variable, that holds a token to register at the configured Gitea/Forgejo instance.

The nm-file-secret-agent package to use.

This option specifies the Nix package instance to use throughout the system.

v4l2-relayd instances to be created.

key in the setting section for which this entry provides a value

file from which the secret value is read

Define multiple instances of vmalert.

whether leading and trailing whitespace should be stripped from the files content before being passed to NetworkManager

The number of instances to start

The address that Anubis listens to

URL of the PeerTube instance.

Whether to enable frp.

Directory of static files

An attribute set of Anubis instances

interface name of the NetworkManager connection

The frp consists of client and server

Whether to enable this radicle-native-ci instance.

EasyTier instances.

UUID of the connection profile

UUIDs are assigned once on connection creation and should never change as long as the connection still applies to the same network.

Whether to initialise non‐existent secrets with random values

Instances of clamsmtp to run.

Configuration for fcgiwrap instances.

NetworkManager connection type

The NetworkManager configuration settings reference roughly corresponds to connection types

connection id used by NetworkManager

Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package

Configuration for ytdl-sub

Configure mailpit instances

Your instance's hostname

Environment variables to pass to the n8n service

Errbot log level

Credentials envs used to configure Stalwart secrets

SMTP bind interface and port.

Home directory of the Nexus3 instance.

An attribute set of database instances as described in: https://pgbackrest.org/configuration.html#section-stanza

Each instance defaults to set pg-host to the attribute's name

Runner name declared to the PeerTube instance.

The user under which Anubis is run

Path to configuration file

List of identifiers of errbot admins.

Declarative instance config

Configuration of multiple mautrix-meta instances. services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram come preconfigured with network.mode, appservice.id, bot username, display name and avatar.

Credentials envs used to configure Stalwart-Mail secrets

Path to file that contains Client Secret.

Path to a file containing the logo of your Hydra instance.

Anubis policy configuration

The group under which Anubis is run

Maximum number of emails to keep

Environment files for this instance

List of paths that ytdl-sub can write to.

A list of extra flags to be passed to Anubis.

The name the camera will show up as.

Whether to enable the actkbd key mapping daemon

FQDN for the grocy instance.

Automatic backup of important data to a AWS S3 (or compatible) instance

Errbot backend name.

The email for the From: header in emails

List of errbot plugin derivations.

HTTP bind interface and port for UI.

Frp configuration, for configuration options see the example of client or server on github.

The width to read from input-stream.

Identify different instances on same host

The name of this nylon instance.

Gitea Actions Runner instances.

String to be appended to the config verbatim

The vault package to use.

Only allow read operations from this Neo4j instance.

The address Anubis' metrics server listens to

configuration options for btrbk

Environment variables to set for the service

How often to run ytdl-sub

A list of the given alerting or recording rules against configured "datasource.url" compatible with Prometheus HTTP API for vmalert to execute

Local Redis instance name

The height to read from input-stream.

Path to the directory with database, registration, and other data for the bridge service

Errbot identity configuration

Address to wait for incoming SMTP connections on

The video-format to read from input-stream.

Wether to enable VictoriaMetrics's vmalert.

vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.

Time-out for network connections.

Whether to enable a Movim instance.

A header to add to scanned messages

Extra args append to the easytier command-line.

Action to take when a virus is detected

FQDN of the Jitsi Meet instance.

Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}

Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.

.env settings for Movim

Send the XCLIENT command to the receiving server, for forwarding client addresses and connection information if the receiving server supports this feature.

The base URL for the Hydra webserver instance

User to be set as owner of the UNIX socket.

Socket type: 'unix', 'tcp' or 'tcp6'.

The video-format to write to output-stream.

Anubis policy configuration in Nix syntax

Address of the SMTP server to send email to once it has been scanned.

Location of the server instance files

evcc configuration as a Nix attribute set

Whether to enable hub instance.

Mode to be set on the UNIX socket

Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}

Fully-qualified domain name (FQDN) for the Movim instance.

Freeform configuration via environment variables for Anubis

Additional bot rules appended to the policy

Group to be set as owner of the UNIX socket.

The ntfy-sh user to use for authenticating with the ntfy-sh instance

Id of the MySQL server instance

YAML settings for maubot

Number of seconds to wait between each NOOP sent to the sending server. 0 to disable

Command to run when a virus is found

vmalert configuration, passed via command line flags

radicle-native-ci adapter instances.

The gstreamer-pipeline to use for the input-stream.

Base directory for custom templates and other options

A file containing secrets as environment variables

Settings to generate easytier-‹name›.toml

Additional prosody configuration

The generated file is processed by envsubst to allow secrets to be passed securely via environment variables.

Extra environment files to pass to all Dawarich services

Extra environment files to pass to all mastodon services

Runner description declared to the PeerTube instance.

Timezone of your SOGo instance

Free-form settings written directly to the config.json file

Group for hg.sr.ht

Allows loading of public environment variables, these are emitted to the log so it shouldn't contain secrets.

Extra environment files to pass to DocuSeal services

The consul-template package to use.

Environment file to be passed to the systemd service

Environment file to be passed to the systemd service

Group for man.sr.ht

Group for git.sr.ht

Group for hub.sr.ht

The reverse proxy target that Anubis is protecting

The email for the Reply-To: header in emails

Socket address

Automatically determine the IPv4 address of this peer based on existing peers on network.

The framerate to read from input-stream.

The systemd unit (a service or a target) for other services to depend on if they need to be started after matrix-synapse

Path to the files with alerting and/or recording rules.

The primary patroni configuration

Specify the local database filename to store persistent data

PeerTube instances to register this runner with.

Whether to run in snapshot only mode

config.yaml configuration as a Nix attribute set

Email domains handled by this instance

Group for todo.sr.ht

Group for meta.sr.ht

Peers to connect initially

Number of processes to prefork.

Temporary directory that needs to be accessible to both clamd and clamsmtpd.

Path to a JSON file containing settings that will be merged with the settings option

.env settings for Pixelfed

Title of the instance.

Additional policy settings merged into the policy file

Extra settings to add to easytier-‹name›.toml.

Attribute set of arbitrary config options

Attribute set of arbitrary config options

Attribute set of arbitrary config options

IPv4 cidr address of this peer in the virtual network

Port to bind local redis instance to.

Address to bind local redis instance to.

spool directory

Environment variables to set for the service

Whether this is the master instance of your Graylog cluster

Adapter name that is used in the radicle-ci-broker configuration

output directory; ${HOME} will be expanded to the user's home directory, ${USER} will be expanded to the user name.

The policy file to use

Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers and UDP 21027 for discovery

A list of paths to extra steps files

Path to a file containing a registration token for the PeerTube instance

Group for paste.sr.ht

Group for lists.sr.ht

Group for pages.sr.ht

Path to use for the pid file.

Whether to quarantine files that contain viruses by leaving them in the temporary directory.

Path to config file to parse and append to settings

Path to the Django secret key

Path to the Django secret key

Additional configuration for MicroBin, see https://microbin.eu/docs/installation-and-configuration/configuration/ for supported values

Additional configuration for wastebin, see https://github.com/matze/wastebin#usage for supported values

Labels used to map jobs to their runtime environment

Configuration for act_runner daemon

Whether to include Anubis's default bot detection rules via the (data)/meta/default-config.yaml import

path for anonymously created PDF files

Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.

The network family that Anubis should bind to

URL of instance

Domain name of the docs instance.

Domain name of the meet instance.

Template section of vault-agent

A file for storing secrets

Path to the file containing your secret pleroma configuration.

DO NOT POINT THIS OPTION TO THE NIX STORE, the store being world-readable, it'll compromise all your secrets.

Attribute set of arbitrary config options

Additional configuration for transfer-sh, see https://github.com/dutchcoders/transfer.sh#usage-1 for supported values

Runtime directory shared between the taler services

Database url

This can be used to pass secrets to the systemd service without adding them to the nix store.

FQDN for the Kanboard instance.

FQDN for the Pixelfed instance.

Renovate's global configuration

The hosts config to be merged with the settings

Which package to use for the ownCloud Infinite Scale instance.

Group for builds.sr.ht

PostgreSQL host for operating remotely.

If this instance is part of a replica set, set its name here

Whether to enable a Pixelfed instance.

Server configuration, see https://maddy.email for more information

Credentials envs used to configure nomad secrets.

List of packages, that are available to actions, when the runner is configured with a host execution label.

Whether to add registration file to services.matrix-synapse.settings.app_service_config_files and make Synapse wait for registration service.

The radicle-native-ci package to use.

IMAP authentication configuration for rspamd-trainer

Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}

Static settings set in the config.toml, see https://github.com/knadh/listmonk/blob/master/config.toml.sample for details

location of GhostScript binary

Path of a file containing secrets (gpg passphrase, access key...) in the format of EnvironmentFile as described by systemd.exec(5)

Prometheus Alertmanager URL

Hostname shown in peer list and web console.

Environment file to inject e.g. secrets into the configuration.

Maximum number of connections to accept at once.

The domain name serving your Weblate instance.

FQDN for the froide-govplan instance.

Free-form settings written directly to the config.json file

File containing the Flask secret key

Config files to merge into the settings defined in services.olivetin.settings

The nextcloud-occ program preconfigured to target this Nextcloud instance.

Endpoint for the victorialogs instance

The primary synapse configuration

Attrset that is converted and passed as config file

Whether the configuration file specifies a remote mongo instance

Real name of the owner of the instance

NNCP configuration, see http://www.nncpgo.org/Configuration.html

FQDN for the nextcloud instance.

FQDN for the ruTorrent instance.

Attribute set of arbitrary config options

Attribute set of arbitrary config options

Mail transfer agent (MTA) integration

Configuration of radicle-native-ci

Name of the database instance to connect to

Environment file for specifying additional settings such as secrets

Definitions of SIIT instances of Jool

File where radicle-native-ci should write the run log.

User for anonymous PDF creation

Enable clamsmtp's transparent proxy support.

Whether or not SSL verification should be enabled for outgoing connections to the homeserver.

Home directory of the PlantUML server instance.

Override default chart values via Nix expressions

Environment variables to set for the service

The name of this installation.

The difficulty required for clients to solve the challenge

Environment variables to set for the service

IP and port to which this redis instance acts as a slave.

Path to a file containing sensitive environment as described in {manpage}`systemd.exec(5)

Subscriptions for ytdl-sub

Definitions of NAT64 instances of Jool

File with environment variables to pass into the runtime environment

Whether to enable a Jibri instance and configure it to connect to Prosody

Directory where per-run directories are stored.

Path to use for the pid file.

Configuration settings for the generated config file

If set, shows a contact email address when rendering error pages

Shell commands executed when the instance is starting.

The network family that the metrics server should bind to

Datasource compatible with Prometheus HTTP API.

Whether to enable JiCoFo instance and configure it to connect to Prosody

The domain serving your Dawarich instance.

The domain serving your CastoPod instance.

The domain serving your Mastodon instance.

The domain serving your PeerTube instance.

Mutual TLS - client certificate to call remote instance requiring client certs.

Set the log level of the daemon.

The directory where pantalaimon should store its state such as the database file.

Generates the conduit.toml configuration file

Template section of consul-template

Mutual TLS - client key to call remote instance requiring client certs

Whether to enable jigasi instance and configure it to connect to Prosody

Override default chart values via Nix expressions

A list of paths to extra settings files

Configure this LibreNMS instance as a distributed poller

URL of the Immich instance

Path to file containing environment variables

Your configuration.yaml as a Nix attribute set

Listener addresses to accept connections from other peers

Host or address that this Mattermost instance listens on.

Path to the yaml registration file of the appservice.

Hostname of the instance.

Whether to enable the Hologram agent for AWS instance credentials

Shell commands executed when the instance is shutting down.

Allowed users and their secrets

YAML file to merge into the schleuder config at runtime

Packages added to the adapter's PATH.

Settings serialized into user-data/conf.yml before build

Path to file containing sensitive environment variables

Location where RethinkDB stores its data, 1 data directory per instance.

Environment file to be passed to the systemd service

This file contains the full URI that can be used to access this instance of CouchDB

Salt to allow room operator passwords generated by this server instance to still work when the server is restarted

File to load as environment file

Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}

Whether to enable Open Graph tag passthrough

The full URL that the Sharkey instance will be publically accessible on

File to load as environment file

URL this Mattermost instance is reachable under, without trailing slash.

Files containing additional config environment variables for gotify-server

The base URI below which your pretalx instance will be reachable.

Extra config files to include

Whether to enable the Hologram server for AWS instance credentials

Settings serialized into config.yml before build

A system user name for this client instance.

A system user name for this client instance.

Path to an environment file loaded for the tsidp service

The port where the daemon will listen to client connections for this homeserver

Each attribute of this option defines a systemd service that runs an OpenVPN instance

Whether to install a wrapper around pleroma_ctl to simplify administration of the Akkoma instance.

If set, sshd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection.

Base URL for build logs (mandatory for access from CI broker page).

Path to the file that contains the server salt

Extra configuration for roundcube webmail instance

Environment file to be passed to the systemd service

Environment file to be passed to the systemd service

Environment file to be passed to the systemd service

The domain name of your instance

Path to a file containing extra ntfy environment variables in the systemd EnvironmentFile format

Environment variables made available to Patroni as files content, useful for providing secrets from files.

A file including Invidious settings

Whether to enable a local mongodb instance.

The domain name of your instance (eg 'hatsu.local').

List of Systemd services to require and wait for when starting the application service.

A system group name for this client instance.

A system group name for this client instance.

Whether this OpenVPN instance should be started automatically.

User account under which this instance of redis-server runs.

Instance hostname (base domain name)

Path to environment file

Path to environment file

The address where the daemon will listen to client connections for this homeserver.

Whether clients will access your PeerTube instance with HTTPS

EasyTier network name.

Whether to set up a local redis instance.

Files to load environment variables from in addition to services.chhoto-url.settings

Environment file (see systemd.exec(5) "EnvironmentFile=" section for the syntax) passed to the service

A system group name for this client instance.

A system group name for this client instance.

IP on which the server instance will listen for incoming ServerQuery connections

IP on which the server instance will listen for incoming voice connections

The domain name of your instance (eg 'lemmy.ml').

Files to load environment variables from (in addition to services.zipline.settings)

This can be used to pass secrets to the systemd service without adding them to the nix store

The path to the file containing the Redis password

File containing env-vars to be substituted into the final config

Rendering mode of grafana-image-renderer:

• default: Creates on browser-instance per rendering request.
• reusable: One browser instance will be started and reused for each rendering request.
• clustered: allows to precisely configure how many browser-instances are supposed to be used

Extra configuration options

Create and use a local Redis instance

Cryptpad configuration settings

Group account under which this instance of redis-server runs.

This tells pgmanage whether or not to only allow super users to login

Environment file to be passed to the systemd service

Attribute set containing paths to files to add to the environment of linkwarden

Whether to enable this instance of Anubis.

Path to file containing the secret key base

Environment variables which are loaded from the contents of the specified file paths

Environment file to inject e.g. secrets into the configuration

File to load as the environment file

Whether to enable this wstunnel instance.

Whether to enable this wstunnel instance.

Path to an EnvironmentFile for the monero service as defined in systemd.exec(5)

The domain serving your FileSender instance.

Whether to enable authenticating using a signature performed by the ssh-agent

List of paths to files containing environment variables for Sharkey to use at runtime

A list of host:port for the Redis servers that are part of a cluster

Files containing additional environment variables to pass to Stirling PDF

Environment file as defined in systemd.exec(5)

Extra settings in the form of a set of key-value pairs

Directory under which Actual runs and saves its data

Whether to enable starting this wstunnel instance automatically.

Whether to enable starting this wstunnel instance automatically.

The origin of your Kanidm instance

The origin of your Kanidm instance

Whether to enable creation of database on the instance.

Role of the MySQL server instance.

If set the URL specified in bitcoin.rpc.url will get the content of this file added as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com

State directory (secrets, work directory, etc) for agent

The registration service that generates the registration file

Additional environment file as defined in systemd.exec(5)

The URI of the homeserver that the pantalaimon proxy should forward requests to, without the matrix API path but including the http(s) schema.

FQDN for the OnlyOffice instance.

Whether to configure the required settings to use pfix-srsd in the local Postfix instance.

Path to an environment-file which may contain secrets.

Nextcloud's data storage path

Path to an environment file to be loaded

Enable the karakeep-browser service that runs a chromium instance in the background with debugging ports exposed

File to load as environment file

Overwrite the URL for the GitLab instance

Environment variables which are loaded from the contents of files at a file paths, mainly used for secrets

File to load environment variables from

Known homeservers

Path to the session tokens file

Configuration of this OpenVPN instance

Files to load environment variables from in addition to services.glitchtip.settings

Instance theme.

An environment file as defined in systemd.exec(5)

Make your The Lounge instance public

Whether to enable Paperless-ngx

Which package to use for the Nextcloud instance.

If you're running a self hosted instance and wish to serve public links, set this to the URL where your albums web app is running.

Host and port used to connect to a redis instance.

Shared folder list

File containing environment variables to substitute in the configuration before starting Traccar

An environment file as defined in systemd.exec(5)

A list of names of users that have additional rights when connecting to the Nix daemon, such as the ability to specify additional binary caches, or to import unsigned NARs

Compress the btrfs send stream before transferring it from/to remote locations using a compression command.

Whether to enable and configure a local Redis instance.

EasyTier network credential used for verification and encryption

Environment file as defined in systemd.exec(5)

General description of the instance

Instance hostname (base domain name)

Whether to automatically set up the database on the local DBMS instance

The path to the password for the specified ntfy-sh user

Lock backend to use: 'local' (single instance), 'redis' (distributed), 'postgres' (distributed, requires PostgreSQL)

Enable Tandoor Recipes

Configuration for the rclone remote being used for backup

Enables InfluxDB on the host system using the services.influxdb2 NixOS module with default options

pantalaimon options (enables E2E Encryption support)

Whether to enable captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.

The primary account of your instance (eg 'example.com').

Path to a file containing extra paperless config options in the systemd EnvironmentFile format

Specifies the platform on which NixOS should be built

The port of the InfluxDB instance.

This is the URL that users will enter to load your instance

Whether to configure the required settings to use postsrsd in the local Postfix instance.

Whether to automatically set up the database on the local DBMS instance

IP or hostname of the InfluxDB instance.

Enable billing Cron-Jobs on the local instance

IP on which the server instance will listen for incoming file transfer connections

URL of a cgit instance

lnd instance gRPC address:port.

Custom base path for this Reposilite instance

Environment file (see systemd.exec(5) "EnvironmentFile=" section for the syntax) passed to the service

File to load environment variables from

File to load environment variables from

Default instance (unit) priority.

Jitsi Videobridge instance and configure it to connect to Prosody

Configure Nginx as a reverse proxy for Cryptpad

The domain that Kanidm manages

Settings to configure backend server

Environment file as defined in systemd.exec(5)

The domain that Kanidm manages

URL of the immich instance.

Whether to enable a local mongodb instance.

File containing environment variables to substitute when copying the configuration out of Nix store to the services.mautrix-discord.dataDir

The hostname of this ncdns instance, which defaults to the machine hostname

Whether to configure the required settings to use postfix-tlspol in the local Postfix instance.

Path of a file with extra environment variables to be loaded from disk

The path to an environment file that contains environment variables to pass to the homepage-dashboard service, for the purpose of passing secrets to the service

FQDN for the Oncall instance.

Path to a file containing extra LubeLogger config options in the systemd EnvironmentFile format

Environment file as defined in systemd.exec(5)

Extra configuration for the postfixadmin instance, see postfixadmin's config.inc.php for available options.

How many invidious instances to run

Environment file as defined in systemd.exec(5)

Path to an environment file loaded for the rmfakecloud service

The port Conduit will be running on

Whether to enable creating a postgresql instance.

The port(s) tuwunel will be running on

Replace YouTube links with links to this instance (blank to disable).

This is the default directory to look for statically configured secrets like cluster-join-token.key

Use this option to configure advanced authentication methods like EAP

The hash algorithm to use for passwords and API keys

Environment file as defined in systemd.exec(5)

Whether to allow invalid certificates when provisioning the target instance

Domain name of the instance.

Whether to enable Libravatar as profile picture source on your instance

File to load environment variables from

Replace Reddit links with links to this instance (blank to disable).

File to load as environment file

Extra permission groups to attach to the KMonad instance for this keyboard

Additional environment file as defined in systemd.exec(5)

Custom environment variables injected to build environment

The configuration file for OpenVPN.

Whether to use binary caches for downloading store paths

Files to load as an environment file just before Traefik starts

The n8n instance timezone

Parameter-sets for each instance of hddfancontrol.

Write logs to a specific Cloudwatch Logs stream

The host:port combination or the path to the UNIX socket of a memcached instance

Reference to the matrix-synapse wrapper with all extras (e.g. for oidc or saml2) added to the PYTHONPATH of all executables

Replace Twitter links with links to this instance (blank to disable).

The PHP-FPM pool that serves SimpleSAMLphp instance.

Config files to merge into the settings defined in services.prometheus.alertmanager-ntfy.settings

Basic Auth username used to protect VictoriaLogs instance by authorization

Controls the timeout to connect to a Pi-Hole instance

Create and use a local Meilisearch instance

File to load as environment file

Whether to enable creating a clickhouse instance.

The domain serving your LibreTranslate instance

File containing the password for the mpd daemon

The domain serving your SimpleSAMLphp instance

This option allows you to override the Linux kernel used by NixOS

User name under which the chrony exporter shall be run

File that contains the Basic Auth password used to protect VictoriaLogs instance by authorization

Whether to automatically set up a local Meilisearch instance and configure Sharkey to use it

Configuration for the rclone remote being used for backup

Whether to enable Google OS Login

Grant capabilities to the uWSGI instance

Environment file as defined in systemd.exec(5)

Description of how to identify the filesystem to be duplicated by this instance of bees

Additional environment file or files as defined in systemd.exec(5)

List of URLs of the Nextcloud instance

Group under which the chrony exporter shall be run

Description of the homebridge instance.

Configure nginx as a reverse proxy for mastodon

The domain part of the JID for this Jibri instance.

Default configuration for the loggers used by matrix-synapse and its workers

Enables distributed pollers for this LibreNMS instance

Environment variables which are read by healthchecks (local)_settings.py

The prefix that will be added to all metrics

Environment variables which are read by healthchecks (local)_settings.py

The nickname for this Jibri instance in the MUC.

Whether the official parsedmarc grafana dashboard should be provisioned to the local grafana instance.

File containing additional config environment variables for alertmanager-gotify-bridge

The interfaces wpa_supplicant will use

Configure the domain name of this Warpgate instance

Basic Auth username used to protect VictoriaTraces instance by authorization

Environment variables to set for the service

EnvironmentFile as defined in systemd.exec(5)

Whether to enable the AppArmor Mandatory Access Control system

The port(s) continuwuity will be running on

Environment file as defined in systemd.exec(5)

File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization

NNTP URLs to this public-inbox instance

POP3 URLs to this public-inbox instance

IMAP URLs to this public-inbox instance

The IP address to connect to the XMPP server on

Whether to generate an extlinux-compatible configuration file under /boot/extlinux.conf

Whether the automatically provisioned Elasticsearch instance should be added as a grafana datasource

Basic Auth username used to protect VictoriaMetrics instance by authorization

Enable per-torrent metrics

The shell (/bin/sh) command executed once the proxy starts

Addresses of public STUN services to use to automatically find the public and local addresses of this Jitsi-Videobridge instance without the need for manual configuration

By default any user can create an account on this gitea instance

Environment file as defined in systemd.exec(5)

Whether to set up and use a local instance of Elasticsearch.

Compression algorithm used by this instance of Reposilite. none reduces usage of CPU & memory, but requires transfering more data.

File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization

The shared secret used to compute passwords for the TURN server

The base URL of the ntfy.sh instance.

Secret key used as a base to generate further secrets for encrypting and signing data

Conditions to make outbound packets go through this redsocks instance

Your instance's hostname for generating URLs throughout the app

File must contain one line, example: R3300000,R3400000,NC430000,...

Additional configuration for the WirePlumber daemon when run in single-instance mode (the default in nixpkgs and currently the only supported way to run WirePlumber configured via extraConfig)

The base path for plugin endpoints

Secret key for authentication tokens

The AWS Region

Point DOCKER_HOST to rootless Docker instance for normal users by default.

A boolean that controls whether site visitors can create new accounts

Whether to enable tweaking of kernel parameters to open many more connections at the same time

Whether to assign predictable names to network interfaces

Filters can be used optionally to filter the instance list by other criteria.

The database backend for the service

Filter can be used optionally to filter the instance list by other criteria Syntax of this filter string is described here in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list.

The read permissions to include for this token

Script to provision the TPM before control is handed off to the VM.

TPM2TOOLS_TCTI will be provided to configure tpm2-tools to use the swtpm instance transparently. TCTI is also provided as a generic value, consumer is expected to re-export it however it may need (TPM2OPENSSL_TCTI, TPM2_PKCS11_TCTI, ...).

The read permissions to include for this token

Controls how Prometheus handles conflicts between labels that are already present in scraped data and labels that Prometheus would attach server-side ("job" and "instance" labels, manually configured target labels, and labels generated by service discovery implementations)

XFRM interface ID set on inbound policies/SA

XFRM interface ID set on outbound policies/SA

Netfilter mark and mask for output traffic

Netfilter mark and mask for input traffic

Role of the targets to retrieve

The tag separator used to separate concatenated GCE instance network tags

The API server addresses

The AWS region

If set, allows registration by anyone who also has the shared secret, even if registration is otherwise disabled

Refresh interval to re-read the instance list

Refresh interval to re-read the cloud instance list

The string by which Linode Instance tags are joined into the tag label

Whether to include the parameters as meta labels

Refresh interval to re-read the instance list

Whether the service discovery should list all instances for all projects

Refresh interval to re-read the instance list

Refresh interval to re-read the instance list

Maximum number of connections per plugin instance.