| services.matomo.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.microbin.settings | Additional configuration for MicroBin, see
https://microbin.eu/docs/installation-and-configuration/configuration/
for supported values
|
| services.slskd.nginx.default | Makes this vhost the default.
|
| services.manticore.enable | Whether to enable Manticoresearch.
|
| services.mailman.settings | Settings for mailman.cfg
|
| services.prometheus.exporters.nginxlog.user | User name under which the nginxlog exporter shall be run.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.api_url | API URL to use when doing the server listing requests
|
| services.prometheus.exporters.mail.configFile | Specify the mailexporter configuration file to use.
|
| services.parsedmarc.settings.smtp.port | The SMTP server port.
|
| services.pinchflat.user | User account under which Pinchflat runs.
|
| services.nextcloud.https | Use HTTPS for generated links
|
| services.lk-jwt-service.package | The lk-jwt-service package to use.
|
| services.tor.settings.GuardfractionFile | See torrc manual.
|
| services.miredo.bindAddress | Depending on the local firewall/NAT rules, you might need to force
Miredo to use a fixed UDP port and or IPv4 address.
|
| services.prometheus.scrapeConfigs.*.relabel_configs.*.replacement | Replacement value against which a regex replace is performed if the
regular expression matches
|
| services.tigerbeetle.clusterId | The 128-bit cluster ID used to create the replica data file (if needed)
|
| services.nextcloud-spreed-signaling.settings.https.key | Path to the private key used for the HTTPS listener
|
| services.patroni.otherNodesIps | IP addresses of the other nodes.
|
| services.redmine.components.breezy | Whether to enable bazaar integration..
|
| services.prometheus.exporters.sabnzbd.servers.*.apiKeyFile | The path to a file containing the API key
|
| services.netatalk.settings | Configuration for Netatalk
|
| services.uhub.<name>.settings | Configuration of uhub
|
| services.snipe-it.nginx.acmeRoot | Directory for the ACME challenge, which is public
|
| services.nginx.uwsgiResolveWhileRunning | Resolves domains of uwsgi targets at runtime
and not only at start, you have to set
services.nginx.resolver, too.
|
| services.pretalx.environmentFiles | Environment files that allow passing secret configuration values
|
| services.thanos.store.index-cache-size | Maximum size of items held in the index cache
|
| services.quicktun.<name>.tunMode | Whether to operate in tun (IP) or tap (Ethernet) mode.
|
| services.tailscale.extraSetFlags | Extra flags to pass to tailscale set.
|
| services.torrentstream.openFirewall | Open ports in the firewall for TorrentStream daemon.
|
| services.tt-rss.email.security | Used to select a secure SMTP connection
|
| services.ncps.cache.secretKeyPath | The path to load the secretKey for signing narinfos
|
| services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.opensearch.settings."http.port" | The port to listen on for HTTP traffic.
|
| services.netbird.server.domain | The domain under which the netbird server runs.
|
| services.picom.backend | Backend to use: egl, glx, xrender or xr_glx_hybrid.
|
| services.nostr-rs-relay.port | Listen on this port.
|
| services.multipath.devices.*.max_sectors_kb | Sets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value
|
| services.prometheus.exporters.tailscale.group | Group under which the tailscale exporter shall be run.
|
| services.postgrey.IPv4CIDR | Strip N bits from IPv4 addresses if lookupBySubnet is true
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.softether.package | The softether package to use.
|
| services.shadowsocks.fastOpen | use TCP fast-open
|
| services.stargazer.enable | Whether to enable Stargazer Gemini server.
|
| services.scrutiny.settings.web.influxdb.bucket | InfluxDB bucket in which to store data.
|
| services.sanoid.templates | Templates for datasets.
|
| services.movim.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.multipath.devices.*.rr_weight | If set to priorities the multipath configurator will assign path weights
as "path prio * rr_min_io".
|
| services.trafficserver.logging | Configure logs
|
| services.prometheus.exporters.snmp.logLevel | Only log messages with the given severity or above.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.index | Adds index directive.
|
| services.prometheus.exporters.ping.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.ping.openFirewall
is true
|
| services.mpd.credentials.*.permissions | List of permissions that are granted with this password
|
| services.pgmanage.localOnly | This tells pgmanage whether or not to set the listening socket to local
addresses only.
|
| services.pict-rs.address | The IPv4 address to deploy the service to.
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.replacement | Replacement value against which a regex replace is performed if the
regular expression matches
|
| services.pipewire.extraConfig.pipewire | Additional configuration for the PipeWire server
|
| services.prometheus.exporters.redis.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.redis.openFirewall is true.
|
| services.syncthing.relay.providedBy | Human-readable description of the provider of the relay (you).
|
| services.odoo.autoInitExtraFlags | Extra flags passed to odoo when run for the first time by autoInit
|
| services.misskey.settings.redisForPubsub.port | The Redis port.
|
| services.maddy.secrets | A list of files containing the various secrets
|
| services.nextjs-ollama-llm-ui.package | The nextjs-ollama-llm-ui package to use.
|
| services.scion.scion-control.enable | Whether to enable the scion-control service.
|
| services.mastodon.webPort | TCP port used by the mastodon-web service.
|
| services.tt-rss.sphinx.server | Hostname:port combination for the Sphinx server.
|
| services.tmate-ssh-server.host | External host name
|
| services.shoko.plugins | The plugins to install
|
| services.rathole.credentialsFile | Path to a TOML file to be merged with the settings
|
| services.misskey.reverseProxy.webserver.caddy.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.moonraker.user | User account under which Moonraker runs.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| services.netbird.clients.<name>.interface | Name of the network interface managed by this client.
|
| services.scion.scion-daemon.settings | scion-daemon configuration
|
| services.mautrix-meta.instances.<name>.environmentFile | File containing environment variables to substitute when copying the configuration
out of Nix store to the services.mautrix-meta.dataDir
|
| services.surrealdb.extraFlags | Specify a list of additional command line flags.
|
| services.tor.settings.DownloadExtraInfo | See torrc manual.
|
| services.thinkfan.fans.*.indices | A list of fans to pick in case multiple fans match the query.
|
| services.smartd.defaults.autodetected | Like services.smartd.defaults.monitored, but for the
autodetected devices.
|
| services.maubot.settings.server | Listener config
|
| services.tt-rss.email.password | SMTP authentication password used when sending outgoing mail.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.technitium-dns-server.package | The technitium-dns-server package to use.
|
| services.meshcentral.enable | Whether to enable MeshCentral computer management server.
|
| services.redis.servers | Configuration of multiple redis-server instances.
|
| services.nextdns.enable | Whether to enable the NextDNS DNS/53 to DoH Proxy service.
|
| services.suwayomi-server.openFirewall | Whether to open the firewall for the port in services.suwayomi-server.settings.server.port.
|
| services.llama-swap.package | The llama-swap package to use.
|
| services.mysqlBackup.compressionLevel | Compression level to use for gzip, xz or zstd.
- For gzip: 1-9
- For xz: 0-9
- For zstd: 1-19
If compression level is also specified in gzipOptions, the gzipOptions value will be overwritten
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.action | Action to perform based on regex matching
|
| services.redshift.temperature.night | Colour temperature to use at night, between
1000 and 25000 K.
|
| services.nextcloud.settings.mail_smtpdebug | Enable SMTP class debugging.
loglevel will likely need to be adjusted too.
See docs.
|
| services.prometheus.exporters.ping.settings | Configuration for ping_exporter, see
https://github.com/czerwonk/ping_exporter
for supported values.
|
| services.syncthing.relay.listenAddress | Address to listen on for relay traffic.
|
| services.prometheus.exporters.unpoller.loki.url | URL of the Loki host.
|
| services.mozillavpn.enable | Whether to enable Mozilla VPN daemon.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.query | Puppet Query Language (PQL) query
|
| services.listmonk.database.settings.smtp.*.max_conns | Maximum number of simultaneous connections, defaults to 1
|
| services.prometheus.exporters.dnssec.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.dnssec.openFirewall is true.
|
| services.overseerr.port | The port which the Overseerr web UI should listen on.
|
| services.tandoor-recipes.extraConfig | Extra tandoor recipes config options
|