| services.minio.rootCredentialsFile | File containing the MINIO_ROOT_USER, default is "minioadmin", and
MINIO_ROOT_PASSWORD (length >= 8), default is "minioadmin"; in the format of
an EnvironmentFile=, as described by systemd.exec(5).
|
| services.mastodon.extraEnvFiles | Extra environment files to pass to all mastodon services
|
| services.movim.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| services.opendkim.selector | Selector to use when signing.
|
| services.prosody.c2sRequireEncryption | Force clients to use encrypted connections? This option will
prevent clients from authenticating unless they are using encryption.
|
| services.prometheus.exporters.bird.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.bird.openFirewall is true.
|
| services.navidrome.enable | Whether to enable Navidrome music server.
|
| services.tor.settings.PublishServerDescriptor | See torrc manual.
|
| services.restic.server.prometheus | Enable Prometheus metrics at /metrics.
|
| services.nginx.uwsgiResolveWhileRunning | Resolves domains of uwsgi targets at runtime
and not only at start, you have to set
services.nginx.resolver, too.
|
| services.movim.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.pdfding.backup.endpoint | The s3 endpoint for backups
|
| services.riemann-tools.enableHealth | Enable the riemann-health daemon.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.password | HTTP password
|
| services.prometheus.exporters.deluge.delugeHost | Hostname where deluge server is running.
|
| services.prometheus.exporters.opnsense.openFirewall | Open port in firewall for incoming connections.
|
| services.rsync.jobs.<name>.sources | Source directories.
|
| services.thanos.query.web.external-prefix | Static prefix for all HTML links and redirect URLs in the UI query web
interface
|
| services.prometheus.exporters.nginx.telemetryPath | Path under which to expose metrics.
|
| services.redlib.openFirewall | Open ports in the firewall for the redlib web interface
|
| services.tuned.settings.dynamic_tuning | Whether to enable dynamic tuning.
|
| services.matrix-tuwunel.stateDirectory | The name of the directory under /var/lib/ where the database will be stored
|
| services.prometheus.exporters.unpoller.controllers.*.url | URL of the Unifi controller.
|
| services.snipe-it.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.power-profiles-daemon.package | The power-profiles-daemon package to use.
|
| services.roundcube.configureNginx | Configure nginx as a reverse proxy for roundcube.
|
| services.spice-webdavd.package | The phodav package to use.
|
| services.radicle.httpd.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.matter-server.port | Port to expose the matter-server service on.
|
| services.pgadmin.openFirewall | Whether to enable firewall passthrough for pgadmin4.
|
| services.umurmur.openFirewall | Open ports in the firewall for the uMurmur Mumble server.
|
| services.transmission.credentialsFile | Path to a JSON file to be merged with the settings
|
| services.snipe-it.nginx.root | The path of the web root directory.
|
| services.suricata.settings.stats.decoder-events-prefix | Decoder event prefix in stats
|
| services.prometheus.exporters.script.enable | Whether to enable the prometheus script exporter.
|
| services.plex.openFirewall | Open ports in the firewall for the media server.
|
| services.tomcat.group | Group account under which Apache Tomcat runs.
|
| services.nats.dataDir | The NATS data directory
|
| services.self-deploy.nixFile | Path to nix file in repository
|
| services.tt-rss.root | Root of the application.
|
| services.monetdb.dataDir | Data directory for the dbfarm.
|
| services.limesurvey.nginx.virtualHost.listen.*.addr | Listen address.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_secret | OAuth client secret.
|
| services.nginx.resolver.ipv6 | By default, nginx will look up both IPv4 and IPv6 addresses while resolving
|
| services.nsd.zones.<name>.outgoingInterface | This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server
|
| services.transmission.settings.rpc-port | The RPC port to listen to.
|
| services.prometheus.exporters.ping.extraFlags | Extra commandline options to pass to the ping exporter.
|
| services.pgbackrest.commands.stop | Options for the 'stop' command
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.token_url | The URL to fetch the token from.
|
| services.postgresqlBackup.pgdumpAllOptions | Command line options for pg_dumpall
|
| services.radicle.node.openFirewall | Whether to enable opening the firewall for radicle-node.
|
| services.reposilite.user | The user to run Reposilite under.
|
| services.nextcloud.config.objectstore.s3.bucket | The name of the S3 bucket.
|
| services.outline.oidcAuthentication.tokenUrl | OIDC token URL endpoint.
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| services.tailscale.derper.configureNginx | Whether to enable nginx reverse proxy for derper
|
| services.snipe-it.hostName | The hostname to serve Snipe-IT on.
|
| services.tang.package | The tang package to use.
|
| services.snipe-it.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.spiped.config.<name>.maxConns | Limit on the number of simultaneous connections allowed.
|
| services.peertube.localDomain | The domain serving your PeerTube instance.
|
| services.syslog-ng.extraConfig | Configuration added to the end of syslog-ng.conf.
|
| services.postfix.mapFiles | Maps to be compiled and placed into /var/lib/postfix/conf.
|
| services.limesurvey.httpd.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.prometheus.exporters.zfs.user | User name under which the zfs exporter shall be run.
|
| services.prometheus.alertmanagerGotify.bindAddress | The address the server will listen on (bind address).
|
| services.tomcat.virtualHosts | List consisting of a virtual host name and a list of web applications to deploy on each virtual host
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_secret | OAuth client secret.
|
| services.prometheus.exporters.pgbouncer.group | Group under which the pgbouncer exporter shall be run.
|
| services.svnserve.enable | Whether to enable svnserve to serve Subversion repositories through the SVN protocol.
|
| services.thanos.package | The thanos package to use.
|
| services.ncps.server.addr | The address and port the server listens on.
|
| services.nullmailer.remotesFile | Path to the remotes control file
|
| services.tor.settings.TransProxyType | See torrc manual.
|
| services.opengfw.settings.workers.udpMaxStreams | UDP max streams.
|
| services.sabnzbd.settings.servers.<name>.optional | In case of connection failures, temporarily
disable this server. (See sabnzbd's documentation
for usage guides).
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password | HTTP password
|
| services.sonarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| services.opencloud.group | The group to run OpenCloud under
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.pghero.extraGroups | Additional groups for the systemd service.
|
| services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| services.porn-vault.port | Which port Porn-Vault will use.
|
| services.omnom.settings.smtp.port | SMTP server port address.
|
| services.r53-ddns.ttl | The TTL for the generated record
|
| services.prometheus.exporters.restic.openFirewall | Open port in firewall for incoming connections.
|
| services.tinc.networks.<name>.settings | Configuration of the Tinc daemon for this network
|
| services.movim.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.openssh.package | OpenSSH package to use for sshd.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.mycelium.peers | List of peers to connect to, in the formats:
quic://[2001:0db8::1]:9651quic://192.0.2.1:9651tcp://[2001:0db8::1]:9651tcp://192.0.2.1:9651
If addHostedPublicNodes is set to true, the hosted public nodes will also be added.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.ntpd-rs.package | The ntpd-rs package to use.
|
| services.snipe-it.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.spice-autorandr.package | The spice-autorandr package to use.
|
| services.opencloud.environment | Extra environment variables to set for the service
|
| services.rustus.storage.dir_structure | pattern of a directory structure locally and on s3
|
| services.schleuder.settings.keyserver | Key server from which to fetch and update keys
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.password | HTTP password
|