Set HttpOnly cookie flag.

Configure Subsonic to use this folder for music

Address to listen on.

Domain used for peer resolution.

CA certificate to validate API server certificate with.

Whether to run a correctness check for the configuration file

Enable status page reachable from localhost on http://127.0.0.1/nginx_status.

Listen address.

See torrc manual.

Name of ICMP pinging job.

This cell's database server records, added to the global CellServDB

Free-form configuration for script_exporter, expressed as a Nix attrset and rendered to YAML.

Migration note: The previous format using script = "sleep 5" is no longer supported

E-mail address of the server administrator.

Nebula network definitions.

Minecraft server properties for the server.properties file

Whether to enable HTTPS in addition to plain HTTP

The targets specified by the target group.

Host address on which to serve

Whether to enable the prometheus wireguard exporter.

Listen addresses for this virtual host

Disables automatic Universal Plug and Play.

Whether to enable Ombi, a web application that automatically gives your shared Plex or Emby users the ability to request content by themselves!

Optionally see https://docs.ombi.app/info/reverse-proxy on how to set up a reverse proxy .

Optional proxy URL.

Log level for Pinchflat.

How frequently metric metadata is sent to remote storage.

Number of days since data was last scrubbed before it can be scrubbed again.

Whether to enable the stunnel TLS tunneling service.

Table prefix in Nextcloud's database.

Note: since Nextcloud 20 it's not an option anymore to create a database schema with a custom table prefix

Inode calculation method. compat is computationally less expensive, but md5 greatly reduces the likelihood of inode collisions in larger scenarios involving multiple cells mounted into one AFS space.

Client-server API URL

See torrc manual.

Port number to listen on

Path to the directory where firewall rules can be found and will get stored by the NixOS module.

Extra command line options for the OpenSearch launcher.

Port to listen on.

Group under which privatebin runs

Whether to enable toxvpn running on startup.

Max qps allowed from any query source. 0 means unlimited

Directory for storing certificates to be used by Neo4j for TLS connections

Group under which the mqtt exporter shall be run.

ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1

The shiori package to use.

Publish contact information for this service

Specify a filter for iptables to use when services.prometheus.exporters.nginx.openFirewall is true

Optional proxy URL.

which update mechanism to use

Path to geoip.dat.

.env settings for Pixelfed

Salt minion configuration as Nix attribute set

Whether to enable the Systemd DNS resolver daemon (systemd-resolved).

List of attribute sets containing configuration for each domain

Regular expressions of files to exclude from sharing.

Address to listen on.

The project_id and project_name fields are optional for the Identity V2 API

TLS configuration.

Specify a filter for iptables to use when services.prometheus.exporters.zfs.openFirewall is true

Adds additional cheat protection to the server.

Configuration lines that will be appended to the generated ntopng configuration file

Listen on a UNIX socket at the specified path

IP on which redsocks should listen

User name under which the mikrotik exporter shall be run.

DNS_SERVERS variable.

Square profile pictures.

Authentication mechanism used for logins.

Whether to enable nostr-rs-relay.

The URL of the database (currently only SQLite is supported)

The name of the connection to mediate this connection through

Section defining complementary attributes of certification authorities, each in its own subsection with an arbitrary yet unique name

E-mail address of the server administrator.

Whether to enable mycelium network.

sched_nr_latency.

The tlsrpt-reporter package to use.

Upstream resolver(s) to use as fallback for non-loki addresses

See torrc manual.

Whether to enable a set of recommended Python plugins by installing extra Python packages.

Whether to enable Readeck.

Path to serve from the HTTP servers root.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.keylight.openFirewall is true.

See the getting-started guide for available options.

Whether to enable Suwayomi, a free and open source manga reader server that runs extensions built for Tachiyomi.

Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed

Opens up firewall port for communication between NetBird peers directly over LAN or public IP, without using (internet-hosted) TURN servers as intermediaries.

URL to the Origin

Path to a file containing the shared key.

The IPv4 address of the router.

Group under which the rtl_433 exporter shall be run.

File that must contain the environment variable PGBOUNCER_EXPORTER_CONNECTION_STRING which is set to the connection string used by pgbouncer

The TTL ("Time to Live") value to set for your DNS records

Path to the SSH host public key.

The port for serving HTTP(S) requests

Log format to use.

Object store configuration

The device to update.

Configure the nextcloud URL notify_push tries to connect to.

Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.

OAuth client secret.

Files to load as environment file

Interface address for web application to bind to.

Key bindings for triggerhappy.

Whether unbound should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).