| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config | Configures the Consul request's TLS settings.
|
| services.prosody.httpFileShare.size_limit | Maximum file size, in bytes.
|
| services.rspamd-trainer.secrets | A list of files containing the various secrets
|
| services.limesurvey.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| services.limesurvey.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.limesurvey.database.type | Database engine to use.
|
| services.movim.h2o.tls.quic | Enables HTTP/3 over QUIC on the UDP port for TLS
|
| services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.redmine.components.breezy | Whether to enable bazaar integration..
|
| services.step-ca.intermediatePasswordFile | Path to the file containing the password for the intermediate
certificate private key.
Make sure to use a quoted absolute path instead of a path literal
to prevent it from being copied to the globally readable Nix
store.
|
| services.trickster.log-level | Level of Logging to use (debug, info, warn, error) (default "info").
|
| services.opensnitch.settings | opensnitchd configuration
|
| services.microsocks.outgoingBindIp | Specifies which ip outgoing connections are bound to
|
| services.parsedmarc.settings.smtp.port | The SMTP server port.
|
| services.printing.drivers | CUPS drivers to use
|
| services.prometheus.exporters.fritz.settings | Configuration settings for fritz-exporter.
|
| services.rsnapshot.cronIntervals | Periodicity at which intervals should be run by cron
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups | Authorization group memberships to require
|
| services.sympa.mta.type | Mail transfer agent (MTA) integration
|
| services.pptpd.extraPppdOptions | Adds extra lines to the pppd options file.
|
| services.prometheus.exporters.ecoflow.extraFlags | Extra commandline options to pass to the ecoflow exporter.
|
| services.sympa.web.enable | Whether to enable Sympa web interface.
|
| services.telegraf.enable | Whether to enable telegraf server.
|
| services.tailscale.permitCertUid | Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.
|
| services.tor.settings.ProtocolWarnings | See torrc manual.
|
| services.tuned.settings | Configuration for TuneD
|
| services.trickster.configFile | Path to configuration file.
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.prometheus.exporters.snmp.port | Port to listen on.
|
| services.postgresqlBackup.compression | The type of compression to use on the generated database dump.
|
| services.prometheus.exporters.unpoller.loki.timeout | Should be increased in case of timeout errors.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.refresh_interval | The time after which the containers are refreshed
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_secret | The application_credential_secret field is required if using an application
credential to authenticate.
|
| services.thanos.rule.eval-interval | The default evaluation interval to use
|
| services.pantalaimon-headless.instances.<name>.listenPort | The port where the daemon will listen to client connections for
this homeserver
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name | See this list
for the available filters.
|
| services.synapse-auto-compressor.settings.chunks_to_compress | chunks_to_compress chunks of size chunk_size will be compressed
|
| services.prometheus.extraFlags | Extra commandline options when launching Prometheus.
|
| services.tor.settings.PerConnBWRate | See torrc manual.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| services.lubelogger.port | The TCP port LubeLogger will listen on.
|
| services.openafsServer.roles.database.ptserverArgs | Arguments to the ptserver process
|
| services.ttyd.socket | UNIX domain socket path to bind.
|
| services.turn-rs.settings | Turn-rs server config file
|
| services.suricata.settings.vars.address-groups.SQL_SERVERS | SQL_SERVERS variable.
|
| services.tor.settings.ControlSocket | See torrc manual.
|
| services.nginx.serverNamesHashBucketSize | Sets the bucket size for the server names hash tables
|
| services.matrix-continuwuity.group | The group continuwuity is run as.
|
| services.mjolnir.pantalaimon.enable | Whether to enable ignoring the accessToken
|
| services.syncthing.relay.globalRateBps | Global bandwidth rate limit in bytes per second.
|
| services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|
| services.udisks2.settings | Options passed to udisksd
|
| services.printing.enable | Whether to enable printing support through the CUPS daemon.
|
| services.supergfxd.settings | The content of /etc/supergfxd.conf
|
| services.prometheus.alertmanager.webExternalUrl | The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy)
|
| services.linkwarden.database.host | Hostname or address of the postgresql server
|
| services.nntp-proxy.enable | Whether to enable NNTP-Proxy.
|
| services.syncplay.salt | Salt to allow room operator passwords generated by this server
instance to still work when the server is restarted
|
| services.prometheus.alertmanagerGotify.debug | Enables extended logs for debugging purposes
|
| services.nginx.virtualHosts.<name>.root | The path of the web root directory.
|
| services.sanoid.templates.<name>.autosnap | Whether to automatically take snapshots.
|
| services.trickster.origin-type | Type of origin (prometheus, influxdb)
|
| services.limesurvey.httpd.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.umurmur.settings.channel_links | Channel tree definitions.
|
| services.tor.settings.GuardfractionFile | See torrc manual.
|
| services.matomo.nginx.root | The path of the web root directory.
|
| services.movim.podConfig.loglevel | The server loglevel
|
| services.prometheus.exporters.node-cert.enable | Whether to enable the prometheus node-cert exporter.
|
| services.livekit.ingress.environmentFile | Environment file as defined in systemd.exec(5) passed to the service
|
| services.nginx.defaultListen | If vhosts do not specify listen, use these addresses by default
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.server | The URL to connect to the Eureka server.
|
| services.mosquitto.listeners.*.authPlugins.*.denySpecialChars | Automatically disallow all clients using #
or + in their name/id.
|
| services.openiscsi.name | Name of this iscsi initiator
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.pulseaudio.enable | Whether to enable the PulseAudio sound server.
|
| services.tiddlywiki.listenOptions | Parameters passed to --listen command
|
| services.nagios.virtualHost.servedDirs | This option provides a simple way to serve static directories.
|
| services.openafsClient.mountPoint | Mountpoint of the AFS file tree, conventionally
/afs
|
| services.prometheus.exporters.exportarr-lidarr.package | The exportarr package to use.
|
| services.resilio.httpPass | HTTP web login password.
|
| services.misskey.reverseProxy.webserver.caddy.logFormat | Configuration for HTTP request logging (also known as access logs)
|
| services.saslauthd.package | The bin package to use.
|
| services.tor.settings.FascistFirewall | See torrc manual.
|
| services.livekit.redis.createLocally | Whether to set up a local redis instance.
|
| services.prometheus.exporters.fritz.enable | Whether to enable the prometheus fritz exporter.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.role | Role of the targets to retrieve
|
| services.spacecookie.settings.log.hide-time | If enabled, spacecookie will not print timestamps
at the beginning of every log line.
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.credentials | Sets the credentials
|
| services.tor.settings.ReachableORAddresses | See torrc manual.
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| services.parsedmarc.settings.elasticsearch.password | The password to use when connecting to Elasticsearch,
if required
|
| services.plantuml-server.packages.jdk | The jdk package to use.
|
| services.pgbackrest.repos.<name>.sftp-private-key-file | SFTP private key file
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.class | CPU scheduler class.
|
| services.prometheus.exporters.apcupsd.port | Port to listen on.
|
| services.pdnsd.cacheDir | Directory holding the pdnsd cache
|
| services.prometheus.exporters.mqtt.logMqttMessage | Whether to enable Log MQTT original message, only if LOG_LEVEL is set to DEBUG..
|
| services.neo4j.package | The neo4j package to use.
|
| services.openldap.enable | Whether to enable the ldap server.
|
| services.pulseaudio.support32Bit | Whether to include the 32-bit pulseaudio libraries in the system or not
|