| services.rss-bridge.group | The group under which the web application runs.
|
| services.reposilite.workingDirectory | Working directory for Reposilite.
|
| services.nostr-rs-relay.port | Listen on this port.
|
| services.prometheus.exporters.php-fpm.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.php-fpm.openFirewall
is true
|
| services.rustus.storage.s3_secret_key_file | File path that contains the S3 secret key.
|
| services.opensearch.settings."transport.port" | The port to listen on for transport traffic.
|
| services.pixelfed.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.redmine.database.socket | Path to the unix socket file to use for authentication.
|
| services.roon-bridge.enable | Whether to enable Roon Bridge.
|
| services.synapse-auto-compressor.package | The rust-synapse-compress-state package to use.
|
| services.prometheus.exporters.collectd.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.collectd.openFirewall
is true
|
| services.sanoid.enable | Whether to enable Sanoid ZFS snapshotting service.
|
| services.nagios.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|
| services.readarr.enable | Whether to enable Readarr, a Usenet/BitTorrent ebook downloader.
|
| services.minecraft-server.declarative | Whether to use a declarative Minecraft server configuration
|
| services.ollama.rocmOverrideGfx | Override what rocm will detect your gpu model as
|
| services.tailscale.derper.openFirewall | Whether to open the firewall for the specified port
|
| services.prometheus.exporters.unbound.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.unbound.openFirewall is true.
|
| services.netbird.server.signal.extraOptions | Additional options given to netbird-signal as commandline arguments.
|
| services.tt-rss.phpPackage | php package to use for php fpm and update daemon.
|
| services.slskd.settings.remote_file_management | Whether to enable modification of share contents through the web ui.
|
| services.ocis.environmentFile | An environment file as defined in systemd.exec(5)
|
| services.sftpgo.settings.sftpd.bindings.*.address | Network listen address
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.mongodb.pidFile | Location of MongoDB pid file
|
| services.reposilite.settings.enforceSsl | Whether to redirect all traffic to SSL.
|
| services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| services.openvpn.servers.<name>.updateResolvConf | Use the script from the update-resolv-conf package to automatically
update resolv.conf with the DNS information provided by openvpn
|
| services.prometheus.exporters.redis.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.redis.openFirewall
is true
|
| services.stargazer.connectionLogging | Whether or not to log connections to stdout.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| services.parsedmarc.settings.elasticsearch.user | Username to use when connecting to Elasticsearch, if
required.
|
| services.tee-supplicant.trustedApplications | A list of full paths to trusted applications that will be loaded at
runtime by tee-supplicant.
|
| services.nsd.interfaces | What addresses the server should listen to.
|
| services.peertube.database.name | Database name.
|
| services.openvscode-server.enable | Whether to enable openvscode-server.
|
| services.rethinkdb.enable | Whether to enable RethinkDB server.
|
| services.snipe-it.mail.from.address | Mail "from" address.
|
| services.matrix-alertmanager.port | Port that matrix-alertmanager listens on.
|
| services.pixelfed.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nextcloud.settings.mail_template_class | Replaces the default mail template layout
|
| services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| services.postgresqlWalReceiver.receivers.<name>.slot | Require pg_receivewal to use an existing replication slot (see
Section 26.2.6 of the PostgreSQL manual)
|
| services.matomo.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.spark.master.restartIfChanged | Automatically restart master service on config change
|
| services.nomad.extraSettingsPaths | Additional settings paths used to configure nomad
|
| services.opentelemetry-collector.enable | Whether to enable Opentelemetry Collector.
|
| services.tlsrpt.fetcher.settings.storage | Path to the collectd sqlite database.
|
| services.salt.minion.enable | Whether to enable Salt configuration management system minion service.
|
| services.tinyproxy.settings | Configuration for tinyproxy.
|
| services.pipewire.wireplumber.extraScripts | Additional scripts for WirePlumber to be used by configuration files
|
| services.maubot.settings.plugin_directories.load | The directories from which plugins should be loaded
|
| services.nitter.server.hostname | Hostname of the instance.
|
| services.prometheus.exporters.graphite.mappingSettings | Mapping configuration for the exporter, see
https://github.com/prometheus/graphite_exporter#yaml-config for
available options.
|
| services.prometheus.exporters.rasdaemon.enabledCollectors | List of error types to collect from the event database.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_id | OAuth client ID.
|
| services.onlyoffice.jwtSecretFile | Path to a file that contains the secret to sign web requests using JSON Web Tokens
|
| services.miniflux.config.LISTEN_ADDR | Address to listen on
|
| services.qui.settings.host | The host address qui listens on.
|
| services.overseerr.openFirewall | Open a port in the firewall for the Overseerr web interface.
|
| services.locate.prunePaths | Which paths to exclude from indexing
|
| services.prometheus.exporters.nats.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.nats.openFirewall
is true
|
| services.snapper.configs.<name>.TIMELINE_CREATE | Defines whether hourly snapshots should be created.
|
| services.pomerium.secretsFile | Path to file containing secrets for Pomerium, in systemd
EnvironmentFile format
|
| services.prometheus.exporters.bitcoin.rpcPasswordFile | File containing RPC password.
|
| services.oauth2-proxy.keyFile | oauth2-proxy allows passing sensitive configuration via environment variables
|
| services.monado.forceDefaultRuntime | Whether to ensure that Monado is the active runtime set for the current
user
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.printing.stateless | If set, all state directories relating to CUPS will be removed on
startup of the service.
|
| services.rustus.url | url path for uploads
|
| services.traefik.dataDir | Location for any persistent data traefik creates, ie. acme
|
| services.nsd.zones.<name>.dnssecPolicy.ksk | Key policy for key signing keys
|
| services.nextcloud.poolSettings | Options for nextcloud's PHP pool
|
| services.peertube-runner.instancesToRegister.<name>.runnerName | Runner name declared to the PeerTube instance.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.services | A list of services for which targets are retrieved.
|
| services.nfs.server.enable | Whether to enable the kernel's NFS server.
|
| services.throttled.enable | Whether to enable fix for Intel CPU throttling.
|
| services.smokeping.sendmail | Use this sendmail compatible script to deliver alerts
|
| services.mackerel-agent.settings | Options for mackerel-agent.conf
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.nextcloud.config.objectstore.s3.verify_bucket_exists | Create the objectstore bucket if it does not exist.
|
| services.nomad.extraSettingsPlugins | Additional plugins dir used to configure nomad.
|
| services.minidlna.settings.wide_links | Set this to yes to allow symlinks that point outside user-defined media_dir.
|
| services.mysql.dataDir | The data directory for MySQL.
If left as the default value of /var/lib/mysql this directory will automatically be created before the MySQL
server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.public-inbox.settings.coderepo.<name>.cgitUrl | URL of a cgit instance
|
| services.openssh.sftpServerExecutable | The sftp server executable
|
| services.mastodon.smtp.port | SMTP port used when sending emails to users.
|
| services.mediagoblin.createDatabaseLocally | Whether to configure a local postgres database and connect to it.
|
| services.scrutiny.settings | Scrutiny settings to be rendered into the configuration file
|
| services.openssh.settings.DenyGroups | If specified, login is denied for all users part of the listed
groups
|
| services.syncthing.relay.perSessionRateBps | Per session bandwidth rate limit in bytes per second.
|
| services.sftpgo.settings.sftpd.bindings.*.port | The port for serving SFTP requests
|
| services.tandoor-recipes.user | User account under which Tandoor runs.
|
| services.matomo.nginx.listen.*.addr | Listen address.
|
| services.strongswan-swanctl.swanctl.connections.<name>.encap | To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
NAT detection payloads
|
| services.prometheus.exporters.fritz.openFirewall | Open port in firewall for incoming connections.
|
| services.prometheus.exporters.mail.configuration.servers.*.passphrase | Password to use for SMTP authentication.
|
| services.portunus.dex.oidcClients | List of OIDC clients
|
| services.trezord.emulator.port | Listening port for the Trezor emulator.
|