| services.tor.relay.enable | Whether to enable relaying of Tor traffic for others
|
| services.samba.usershares.enable | Whether to enable user-configurable Samba shares.
|
| services.snapraid.scrub.plan | Percent of the array that should be checked by snapraid scrub.
|
| services.matrix-alertmanager.homeserverUrl | URL of the Matrix homeserver to use.
|
| services.sympa.database.passwordFile | A file containing the password for services.sympa.database.name.
|
| services.nzbhydra2.dataDir | The directory where NZBHydra2 stores its data files.
|
| services.opendkim.group | Group for the daemon.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.file | File name in the pkcs8 folder for which this
passphrase should be used.
|
| services.monica.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.mtr-exporter.mtrPackage | The mtr package to use.
|
| services.mosquitto.logType | Types of messages to log.
|
| services.mastodon.configureNginx | Configure nginx as a reverse proxy for mastodon
|
| services.swapspace.installWrapper | This will add swapspace wrapped with the generated config, to environment.systemPackages
|
| services.prometheus.exporters.knot.listenAddress | Address to listen on.
|
| services.pocket-id.credentials | Environment variables which are loaded from the contents of the specified file paths
|
| services.rosenpass.settings | Configuration for Rosenpass, see https://rosenpass.eu/ for further information.
|
| services.qbittorrent.group | Group under which qbittorrent runs.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_WEEKLY | Limits for timeline cleanup.
|
| services.sillytavern.group | Group account under which the web-application run.
|
| services.nginx.streamConfig | Configuration lines to be set inside the stream block.
|
| services.neo4j.directories.imports | The root directory for file URLs used with the Cypher
LOAD CSV clause
|
| services.murmur.logDays | How long to store RPC logs for in the database
|
| services.open-web-calendar.domain | The domain under which open-web-calendar is made available
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization | Optional Authorization header configuration.
|
| services.prometheus.exporters.nextcloud.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nextcloud.openFirewall is true.
|
| services.prosody.muc.*.roomLocking | Enables room locking, which means that a room must be
configured before it can be used
|
| services.pretalx.settings | pretalx configuration as a Nix attribute set
|
| services.lldpd.enable | Whether to enable Link Layer Discovery Protocol Daemon.
|
| services.prometheus.exporters.exportarr-lidarr.group | Group under which the exportarr-lidarr exporter shall be run.
|
| services.screego.environmentFile | Environment file (see systemd.exec(5) "EnvironmentFile="
section for the syntax) passed to the service
|
| services.restic.backups.<name>.pruneOpts | A list of options (--keep-* et al.) for 'restic forget
--prune', to automatically prune old snapshots
|
| services.prometheus.exporters.nginxlog.metricsEndpoint | Path under which to expose metrics.
|
| services.taler.exchange.denominationConfig | This option configures the cash denomination for the coins that the exchange offers
|
| services.thanos.query.grpc-client-tls-ca | TLS CA Certificates to use to verify gRPC servers
|
| services.mackerel-agent.autoRetirement | Whether to enable retiring the host upon OS shutdown
.
|
| services.tandoor-recipes.enable | Enable Tandoor Recipes
|
| services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| services.radicle.httpd.nginx.listen | Listen addresses and ports for this virtual host
|
| services.ntp.enable | Whether to synchronise your machine's time using ntpd, as a peer in
the NTP network
|
| services.sabnzbd.settings.servers.<name>.name | The name of the server
|
| services.readarr.dataDir | The directory where Readarr stores its data files.
|
| services.snapraid.scrub.interval | How often to run snapraid scrub.
|
| services.sanoid.datasets.<name>.no_inconsistent_snapshot | Whether to take a snapshot if the pre script fails
|
| services.taskserver.extensions | Fully qualified path of the Taskserver extension scripts
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.tomcat.extraEnvironment | Environment Variables to pass to the tomcat service
|
| services.nextcloud.settings.trusted_domains | Trusted domains, from which the nextcloud installation will be
accessible
|
| services.movim.h2o.tls.identity.*.key-file | Path to key file
|
| services.pdns-recursor.dns.port | Port number Recursor DNS server will bind to.
|
| services.smartd.extraOptions | Extra command-line options passed to the smartd
daemon on startup.
(See man 8 smartd.)
|
| services.sanoid.datasets.<name>.use_template | Names of the templates to use for this dataset.
|
| services.rutorrent.plugins | List of plugins to enable
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|
| services.nvme-rs.settings | Configuration for nvme-rs in TOML format
|
| services.prometheus.exporters.rspamd.enable | Whether to enable the prometheus rspamd exporter.
|
| services.linkwarden.package | The linkwarden package to use.
|
| services.scrutiny.influxdb.enable | Enables InfluxDB on the host system using the services.influxdb2 NixOS module
with default options
|
| services.owncast.user | User account under which owncast runs.
|
| services.radarr.environmentFiles | Environment file to pass secret configuration values
|
| services.pid-fan-controller.settings.heatSources.*.pidParams.D | K_d of PID controller.
|
| services.prometheus.scrapeConfigs.*.sample_limit | Per-scrape limit on number of scraped samples that will be accepted
|
| services.logrotate.settings | logrotate freeform settings: each attribute here will define its own section,
ordered by services.logrotate.settings.<name>.priority,
which can either define files to rotate with their settings
or settings common to all further files settings
|
| services.openssh.settings.Ciphers | Allowed ciphers
Defaults to recommended settings from both
https://stribika.github.io/2015/01/04/secure-secure-shell.html
and
https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
|
| services.nginx.virtualHosts.<name>.sslCertificate | Path to server SSL certificate.
|
| services.pangolin.environmentFile | Path to a file containing sensitive environment variables for Pangolin
|
| services.nextcloud.settings.mail_smtpsecure | This depends on mail_smtpmode
|
| services.oauth2-proxy.tls.httpsAddress | addr:port to listen on for HTTPS clients
|
| services.mainsail.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.prometheus.exporters.exportarr-readarr.apiKeyFile | File containing the api-key.
|
| services.limesurvey.poolConfig | Options for the LimeSurvey PHP pool
|
| services.prometheus.exporters.mail.configuration.disableFileDeletion | Disables the exporter's function to delete probing mails.
|
| services.szurubooru.server.settings.smtp.port | Port of the SMTP server.
|
| services.redshift.brightness.night | Screen brightness to apply during the night,
between 0.1 and 1.0.
|
| services.prometheus.exporters.pihole.piholeHostname | Hostname or address where to find the Pi-Hole webinterface
|
| services.photoprism.address | Web interface address.
|
| services.saned.extraConfig | Extra saned configuration lines.
|
| services.scx.package | scx package to use. scx.full, which includes all schedulers, is the default
|
| services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.linkwarden.cacheLocation | Directory used as cache
|
| services.postgrey.socket | Socket to bind to
|
| services.mollysocket.settings.allowed_endpoints | List of UnifiedPush servers
|
| services.mailman.ldap.groupSearch.query | Query to find a group associated to a user in the LDAP database.
|
| services.nginx.recommendedBrotliSettings | Enable recommended brotli settings
|
| services.scrutiny.collector.package | The scrutiny-collector package to use.
|
| services.postgresql.enableJIT | Whether to enable JIT support.
|
| services.sympa.lang | Default Sympa language
|
| services.mautrix-discord.dataDir | Directory to store the bridge's configuration and database files
|
| services.misskey.settings.db.extra | Extra connection options.
|
| services.mysql.replication.slaveHost | Hostname of the MySQL slave server.
|
| services.ntfy-sh.group | Primary group of ntfy-sh user.
|
| services.prometheus.exporters.junos-czerwonk.user | User name under which the junos-czerwonk exporter shall be run.
|
| services.nginx.virtualHosts.<name>.kTLS | Whether to enable kTLS support
|
| services.peertube.user | User account under which Peertube runs.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.endpoint_params | Optional parameters to append to the token URL.
|
| services.thanos.rule.objstore.config | Object store configuration
|
| services.prometheus.exporters.ecoflow.scrapingInterval | Scrapping interval in seconds
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.separator | The string by which Uyuni group names are joined into the groups label
Defaults to , in prometheus
when set to null.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8 | Private key decryption passphrase for a key in the
pkcs8 folder.
|
| services.mihomo.configFile | Configuration file to use.
|
| services.syncthing.relay.statusListenAddress | Address to listen on for serving the relay status API.
|