| services.outline.azureAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.osquery.enable | Whether to enable osqueryd daemon.
|
| services.prometheus.exporters.exportarr-sonarr.url | The full URL to Sonarr, Radarr, or Lidarr.
|
| services.tika.port | The Apache Tike port to listen on
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.newt.environmentFile | Path to a file containing sensitive environment variables for Newt
|
| services.opengfw.rulesFile | Path to file containing OpenGFW rules.
|
| services.spacecookie.settings.log.level | Log level for the spacecookie service.
|
| services.plausible.server.listenAddress | The IP address on which the server is listening.
|
| services.prometheus.remoteRead.*.proxy_url | Optional Proxy URL.
|
| services.localtimed.geoclue2Package | The Geoclue2 package to use.
|
| services.nebula.networks.<name>.lighthouses | List of IPs of lighthouse hosts this node should report to and query from
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config | TLS configuration.
|
| services.patroni.scope | Cluster name.
|
| services.prometheus.exporters.scaphandre.group | Group under which the scaphandre exporter shall be run.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| services.prometheus.exporters.junos-czerwonk.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.junos-czerwonk.openFirewall
is true
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.nipap.nipapd.enable | Whether to enable nipapd server.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.scopes | Scopes for the token request.
|
| services.outline.smtp.host | Host name or IP address of the SMTP server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority | Optional fixed priority for IPsec policies
|
| services.mediawiki.enable | Whether to enable MediaWiki.
|
| services.moonraker.port | The port to listen on.
|
| services.ttyd.maxClients | Maximum clients to support (0, no limit)
|
| services.murmur.bandwidth | Maximum bandwidth (in bits per second) that clients may send
speech at.
|
| services.nbd.server.listenAddress | Address to listen on
|
| services.riemann-dash.enable | Enable the riemann-dash dashboard daemon.
|
| services.movim.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.teeworlds.server.maxClients | The maximum amount of clients that can be connected to the server at the same time.
|
| services.prometheus.exporters.exportarr-readarr.environment | See the configuration guide for available options.
|
| services.matomo.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.ndppd.proxies.<name>.timeout | Controls how long to wait for a Neighbor Advertisement Message before
invalidating the entry, in milliseconds.
|
| services.thanos.receive.tsdb.retention | How long to retain raw samples on local storage.
0d - disables this retention
Defaults to 15d in Thanos
when set to null.
|
| services.prometheus.exporters.postfix.package | The prometheus-postfix-exporter package to use.
|
| services.prometheus.exporters.jitsi.openFirewall | Open port in firewall for incoming connections.
|
| services.prometheus.exporters.postgres.enable | Whether to enable the prometheus postgres exporter.
|
| services.mattermost.telemetry.enableDiagnostics | True if we should enable sending diagnostic data
|
| services.neo4j.enable | Whether to enable Neo4j Community Edition.
|
| services.promtail.configuration | Specify the configuration for Promtail in Nix
|
| services.prometheus.exporters.tibber.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.tibber.openFirewall is true.
|
| services.prosody.modules.bookmarks | Allows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP
|
| services.sanoid.templates | Templates for datasets.
|
| services.olivetin.user | The user account under which OliveTin runs.
|
| services.peertube.redis.enableUnixSocket | Use Unix socket.
|
| services.syncplay.maxUsernameLength | Maximum number of characters in a username.
|
| services.pixelfed.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.samba-wsdd.enable | Whether to enable Web Services Dynamic Discovery host daemon
|
| services.rmfakecloud.extraSettings | Extra settings in the form of a set of key-value pairs
|
| services.nextjs-ollama-llm-ui.hostname | The hostname under which the Ollama UI interface should be accessible
|
| services.taskserver.dataDir | Data directory for Taskserver.
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| services.mainsail.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.prometheus.exporters.fritz.settings.devices.*.password_file | Path to a file which contains the password to authenticate with the target device
|
| services.public-inbox.inboxes.<name>.coderepo | Nicknames of a 'coderepo' section associated with the inbox.
|
| services.nsd.statistics | Statistics are produced every number of seconds
|
| services.torrentstream.package | The torrentstream package to use.
|
| services.oauth2-proxy.reverseProxy | In case when running behind a reverse proxy, controls whether headers
like X-Real-Ip are accepted
|
| services.prometheus.exporters.idrac.openFirewall | Open port in firewall for incoming connections.
|
| services.prometheus.exporters.mysqld.group | Group under which the mysqld exporter shall be run.
|
| services.prometheus.exporters.php-fpm.listenAddress | Address to listen on.
|
| services.snipe-it.nginx.locations | Declarative location config
|
| services.monetdb.listenAddress | Address to listen on.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| services.peering-manager.extraConfig | Additional lines of configuration appended to the configuration.py
|
| services.radarr.user | User account under which Radarr runs.
|
| services.prometheus.exporters.process.port | Port to listen on.
|
| services.rqbit.downloadDir | Directory where to download torrents.
|
| services.netbox.enableLdap | Enable LDAP-Authentication for Netbox
|
| services.prometheus.exporters.node.port | Port to listen on.
|
| services.prometheus.exporters.fastly.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.fastly.openFirewall
is true
|
| services.sunshine.autoStart | Whether sunshine should be started automatically.
|
| services.saunafs.metalogger.settings.DATA_PATH | Data storage directory
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth | Optional HTTP basic authentication information.
|
| services.mongodb.initialRootPasswordFile | Path to the file containing the password for the root user if auth is enabled.
|
| services.pomerium.settings | The contents of Pomerium's config.yaml, in Nix expressions
|
| services.prometheus.exporters.nats.url | NATS monitor endpoint to query.
|
| services.softether.vpnserver.enable | Whether to enable SoftEther VPN Server.
|
| services.routinator.settings.retry | An integer value specifying the number of seconds an RTR client is requested to wait after it failed to receive a data set.
|
| services.moosefs.cgiserver.settings.GUISERV_LISTEN_HOST | IP address to bind GUI server to (* means any).
|
| services.rqbit.httpPort | The listen port for the HTTP API.
|
| services.suricata.settings.logging.outputs.syslog.format | Logformat for logs send to syslog.
|
| services.postgresql.settings.shared_preload_libraries | List of libraries to be preloaded.
|
| services.teeworlds.game.enableReadyMode | Whether to enable "ready mode"; where players can pause/unpause the game
and start the game in warmup, using their ready state.
|
| services.moodle.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.prometheus.exporters.fastly.user | User name under which the fastly exporter shall be run.
|
| services.reposilite.database.port | Database TCP port.
|
| services.terraria.maxPlayers | Sets the max number of players (between 1 and 255).
|
| services.miniflux.config.DATABASE_URL | Postgresql connection parameters
|
| services.opensearch.dataDir | Data directory for OpenSearch
|
| services.netbird.server.dashboard.managementServer | The address of the management server, used for the API endpoints.
|
| services.mastodon.sidekiqProcesses | How many Sidekiq processes should be used to handle background jobs, and which job classes they handle. Read the upstream documentation before configuring this!
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.port | The port to scrape metrics from
|
| services.mailman.ldap.serverUri | LDAP host to connect against.
|
| services.sunshine.applications.apps | Applications to be exposed to Moonlight.
|
| services.prometheus.exporters.mailman3.group | Group under which the mailman3 exporter shall be run.
|
| services.maubot.settings.database | The full URI to the database
|
| services.postgrest.settings.server-unix-socket | Unix domain socket where to bind the PostgREST web server.
|
| services.sshwifty.package | The sshwifty package to use.
|