| services.mastodon.enableUnixSocket | Instead of binding to an IP address like 127.0.0.1, you may bind to a Unix socket
|
| services.ntp.restrictSource | The restriction flags to be set on source
|
| services.rosenpass.settings | Configuration for Rosenpass, see https://rosenpass.eu/ for further information.
|
| services.openssh.sftpServerExecutable | The sftp server executable
|
| services.minio.region | The physical location of the server
|
| services.pipewire.enable | Whether to enable PipeWire service.
|
| services.snips-sh.settings.SNIPS_SSH_INTERNAL | The internal SSH address of the service
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.umurmur.openFirewall | Open ports in the firewall for the uMurmur Mumble server.
|
| services.tahoe.nodes | The Tahoe nodes.
|
| services.readeck.settings | Additional configuration for Readeck, see
https://readeck.org/en/docs/configuration
for supported values.
|
| services.lighthouse.beacon.address | Listen address of Beacon node.
|
| services.smartd.defaults.autodetected | Like services.smartd.defaults.monitored, but for the
autodetected devices.
|
| services.limesurvey.nginx.virtualHost.sslCertificate | Path to server SSL certificate.
|
| services.nitter.preferences.infiniteScroll | Infinite scrolling (requires JavaScript, experimental!).
|
| services.ntpd-rs.useNetworkingTimeServers | Use source time servers from networking.timeServers in config.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.lxd-image-server.enable | Whether to enable lxd-image-server.
|
| services.ocis.url | Web interface address.
|
| services.syncthing.enable | Whether to enable Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync.
|
| services.redsocks.log_info | Log start and end of client sessions.
|
| services.prometheus.remoteWrite.*.sigv4 | Configures AWS Signature Version 4 settings.
|
| services.suricata.settings.dpdk.eal-params.proc-type | dpdk eal-params.proc-type, see data plane development kit docs.
|
| services.shadowsocks.extraConfig | Additional configuration for shadowsocks that is not covered by the
provided options
|
| services.tt-rss.email.fromAddress | Address for sending outgoing mail
|
| services.sillytavern.package | The sillytavern package to use.
|
| services.minidlna.settings.port | Port number for HTTP traffic (descriptions, SOAP, media transfer).
|
| services.nscd.user | User account under which nscd runs.
|
| services.misskey.settings.redis.port | The Redis port.
|
| services.mosquitto.includeDirs | Directories to be scanned for further config files to include
|
| services.promtail.enable | Whether to enable the Promtail ingresser.
|
| services.radicle.ci.broker.settings.triggers.*.filters | Trigger filter.
|
| services.prometheus.exporters.opnsense.openFirewall | Open port in firewall for incoming connections.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.query | The SQL query to run.
|
| services.mycelium.peers | List of peers to connect to, in the formats:
quic://[2001:0db8::1]:9651quic://192.0.2.1:9651tcp://[2001:0db8::1]:9651tcp://192.0.2.1:9651
If addHostedPublicNodes is set to true, the hosted public nodes will also be added.
|
| services.radicle.httpd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.prometheus.exporters.libvirt.group | Group under which the libvirt exporter shall be run.
|
| services.skydns.nameservers | Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
|
| services.thanos.query.query.max-concurrent | Maximum number of queries processed concurrently by query node
|
| services.plex.dataDir | The directory where Plex stores its data files.
|
| services.onlyoffice.x2t | The x2t package to use.
|
| services.nginx.proxyCachePath.<name>.levels | The levels parameter defines structure of subdirectories in cache: from
1 to 3, each level accepts values 1 or 2
|
| services.prometheus.exporters.varnish.listenAddress | Address to listen on.
|
| services.nsd.zones.<name>.maxRefreshSecs | Limit refresh time for secondary zones
|
| services.snapserver.package | The snapcast package to use.
|
| services.open-webui.host | The host address which the Open-WebUI server HTTP interface listens to.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization | Optional Authorization header configuration.
|
| services.thanos.sidecar.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.prometheus.exporters.buildkite-agent.listenAddress | Address to listen on.
|
| services.pgadmin.emailServer.sender | SMTP server sender email for email delivery
|
| services.livebook.environmentFile | Additional environment file as defined in systemd.exec(5)
|
| services.marytts.voices | Paths to the JAR files that contain additional voices for MaryTTS
|
| services.mjolnir.dataPath | The directory the bot should store various bits of information in.
|
| services.nvme-rs.settings.thresholds.wear_critical | Wear critical threshold (%)
|
| services.movim.podConfig.xmppwhitelist | The allowlisted XMPP servers
|
| services.prometheus.exporters.junos-czerwonk.configurationFile | Specify the JunOS exporter configuration file to use.
|
| services.prometheus.remoteRead.*.basic_auth.password_file | HTTP password file
|
| services.opengfw.settings.workers.queueSize | Worker queue size.
|
| services.maddy.enable | Whether to enable Maddy, a free an open source mail server.
|
| services.paretosecurity.package | The paretosecurity package to use.
|
| services.prometheus.exporters.sabnzbd.user | User name under which the sabnzbd exporter shall be run.
|
| services.nitter.sessionsFile | Path to the session tokens file
|
| services.slurm.user | Set this option when you want to run the slurmctld daemon
as something else than the default slurm user "slurm"
|
| services.redmine.database.host | Database host address.
|
| services.pulseaudio.tcp.openFirewall | Whether to enable Open firewall for the specified port.
|
| services.matomo.webServerUser | Name of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used
|
| services.searx.configureNginx | Whether to configure nginx as an frontend to uwsgi.
|
| services.prometheus.scrapeConfigs.*.job_name | The job name assigned to scraped metrics by default.
|
| services.renovate.schedule | How often to run renovate
|
| services.movim.h2o.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.transmission.settings | Settings whose options overwrite fields in
.config/transmission-daemon/settings.json
(each time the service starts)
|
| services.pixelfed.database.type | Database engine to use
|
| services.ndppd.proxies.<name>.interface | Listen for any Neighbor Solicitation messages on this interface,
and respond to them according to a set of rules
|
| services.pixiecore.debug | Log more things that aren't directly related to booting a recognized client
|
| services.plantuml-server.package | The plantuml-server package to use.
|
| services.pixelfed.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.mycelium.enable | Whether to enable mycelium network.
|
| services.prometheus.exporters.mqtt.mqttClientId | Set client ID manually for MQTT connection
|
| services.pleroma.user | User account under which pleroma runs.
|
| services.parsedmarc.settings.imap.password | The IMAP server password
|
| services.nextcloud.https | Use HTTPS for generated links
|
| services.orangefs.server.BMIModules | List of BMI modules to load.
|
| services.routinator.settings.log-level | A string value specifying the maximum log level for which log messages should be emitted
|
| services.linkwarden.enable | Whether to enable Linkwarden.
|
| services.snipe-it.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.maddy.config | Server configuration, see
https://maddy.email for
more information
|
| services.taler.exchange.settings.exchange.CURRENCY | The currency which the exchange will operate with
|
| services.radicle.httpd.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.toxBootstrapd.keysFile | Node key file.
|
| services.prometheus.exporters.mail.configuration.servers.*.detectionDir | Directory in which new mails for the exporter user are placed
|
| services.nipap.nipapd.enable | Whether to enable nipapd server.
|
| services.mautrix-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.prometheus.exporters.nginx.extraFlags | Extra commandline options to pass to the nginx exporter.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.exporters.frr.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.frr.openFirewall
is true
|
| services.ncdns.enable | Whether to enable ncdns, a Go daemon to bridge Namecoin to DNS
|
| services.prosody.ssl.key | Path to the key file.
|
| services.readeck.package | The readeck package to use.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.username | HTTP username
|
| services.tahoe.nodes.<name>.tub.location | The external location that the node should listen on
|