| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.port | The port to scrape metrics from
|
| services.syncthing.cert | Path to the cert.pem file, which will be copied into Syncthing's
configDir.
|
| services.tcsd.platformCred | Path to the platform credential for your TPM
|
| services.trafficserver.plugins.*.path | Path to plugin
|
| services.nginx.gitweb.enable | If true, enable gitweb in nginx.
|
| services.prefect.databaseUser | database user for postgres only
|
| services.prometheus.exporters.pve.collectors.cluster | Collect PVE cluster info
|
| services.prosody.muc.*.roomDefaultChangeSubject | If set, the rooms will display the public JIDs by default.
|
| services.mosquitto.listeners.*.port | Port to listen on
|
| services.tempo.settings | Specify the configuration for Tempo in Nix
|
| services.nextcloud.notify_push.dbname | Database name.
|
| services.toxvpn.enable | Whether to enable toxvpn running on startup.
|
| services.nomad.extraSettingsPlugins | Additional plugins dir used to configure nomad.
|
| services.ocis.package | Which package to use for the ownCloud Infinite Scale instance.
|
| services.tor.settings.AuthDirHasIPv6Connectivity | See torrc manual.
|
| services.pict-rs.dataDir | The directory where to store the uploaded images & database.
|
| services.prometheus.pushgateway.persistence.interval | The minimum interval at which to write out the persistence file.
null will default to 5m.
|
| services.syslog-ng.package | The syslogng package to use.
|
| services.system76-scheduler.settings.processScheduler.refreshInterval | Process list poll interval, in seconds
|
| services.movim.database.user | Database username.
|
| services.outline.sslCertFile | File path that contains the Base64-encoded certificate for HTTPS
termination
|
| services.spacecookie.settings.log.hide-time | If enabled, spacecookie will not print timestamps
at the beginning of every log line.
|
| services.prometheus.exporters.graphite.openFirewall | Open port in firewall for incoming connections.
|
| services.opensearch.settings."network.host" | Which port this service should listen on.
|
| services.prosody.httpPorts | Listening HTTP ports list for this service.
|
| services.prometheus.exporters.pihole.port | Port to listen on.
|
| services.prometheus.exporters.jitsi.enable | Whether to enable the prometheus jitsi exporter.
|
| services.rss-bridge.config.system.enabled_bridges | Only enabled bridges are available for feed production
|
| services.mosquitto.listeners.*.address | Address to listen on
|
| services.smartd.notifications.test | Whenever to send a test notification on startup.
|
| services.multipath.devices.*.marginal_path_err_rate_threshold | The error rate threshold as a permillage (1/1000)
|
| services.matterbridge.configFile | WARNING: THIS IS INSECURE, as your password will end up in
/nix/store, thus publicly readable
|
| services.ndppd.network | Network that we proxy.
(Legacy option, use services.ndppd.proxies.<interface>.rules.<network> instead)
|
| services.teeworlds.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.prometheus.remoteWrite.*.basic_auth.password | HTTP password
|
| services.nezha-agent.settings.tls | Enable SSL/TLS encryption.
|
| services.nfs.server.hostName | Hostname or address on which NFS requests will be accepted
|
| services.redmine.components.minimagick_font_path | MiniMagick font path
|
| services.shoko.openFirewall | Open ports in the firewall for the ShokoAnime api and web interface.
|
| services.matomo.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id | Server side EAP-Identity to expect in the EAP method
|
| services.minio.configDir | The config directory, for the access keys and other settings.
|
| services.pdns-recursor.forwardZones | DNS zones to be forwarded to other authoritative servers.
|
| services.tremor-rs.enable | Whether to enable Tremor event- or stream-processing system.
|
| services.tailscale.derper.stunPort | STUN port to listen on
|
| services.tuned.settings.sleep_interval | Interval in which the TuneD daemon is waken up and checks for events (in seconds).
|
| services.logcheck.timeOfDay | Time of day to run logcheck
|
| services.mpd.credentials.*.passwordFile | Path to file containing the password.
|
| services.loki.configFile | Specify a configuration file that Loki should use
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.account | The account to use for discovering new targets.
|
| services.thanos.compact.compact.concurrency | Number of goroutines to use when compacting groups
|
| services.netbird.tunnels.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.port | The port to scrape metrics from
|
| services.technitium-dns-server.firewallUDPPorts | List of UDP ports to open in firewall.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_id | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.refresh_interval | The time after which the containers are refreshed
|
| services.rabbitmq.config | Verbatim advanced configuration file contents using the Erlang syntax
|
| services.llama-swap.package | The llama-swap package to use.
|
| services.nexus.listenPort | Port to listen on.
|
| services.qui.group | Group to run qui as.
|
| services.mediawiki.url | URL of the wiki.
|
| services.tomcat.serverXml | Verbatim server.xml configuration
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| services.stargazer.routes.*.route | Route section name
|
| services.mbpfan.settings | INI configuration for Mbpfan.
|
| services.mediawiki.database.tablePrefix | If you only have access to a single database and wish to install more than
one version of MediaWiki, or have other applications that also use the
database, you can give the table names a unique prefix to stop any naming
conflicts or confusion
|
| services.nextcloud-spreed-signaling.settings.https.listen | IP and port to listen on for HTTPS requests, in the format of ip:port
|
| services.netbird.server.signal.package | The netbird-signal package to use.
|
| services.ttyd.indexFile | Custom index.html path
|
| services.public-inbox.settings.publicinboxwatch.watchspam | If set, mail in this maildir will be trained as spam and
deleted from all watched inboxes
|
| services.thanos.query.store.unhealthy-timeout | Timeout before an unhealthy store is cleaned from the store UI page
|
| services.thanos.receive.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.snapraid.scrub.interval | How often to run snapraid scrub.
|
| services.tor.settings.IPv6Exit | See torrc manual.
|
| services.sftpgo.extraArgs | Additional command line arguments to pass to the sftpgo daemon.
|
| services.tsidp.package | The tsidp package to use.
|
| services.nylon.<name>.acceptInterface | Tell nylon which interface to listen for client requests on, default is "lo".
|
| services.undervolt.turbo | Changes the Intel Turbo feature status (1 is disabled and 0 is enabled).
|
| services.prometheus.exporters.fritz.extraFlags | Extra commandline options to pass to the fritz exporter.
|
| services.opensnitch.settings.ProcMonitorMethod | Which process monitoring method to use.
|
| services.sogo.configReplaces | Replacement-filepath mapping for sogo.conf
|
| services.thanos.downsample.objstore.config | Object store configuration
|
| services.restic.server.extraFlags | Extra commandline options to pass to Restic REST server.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name | Name of the filter
|
| services.prometheus.exporters.buildkite-agent.queues | Which specific queues to process.
|
| services.llama-cpp.extraFlags | Extra flags passed to llama-cpp-server.
|
| services.riemann-tools.enableHealth | Enable the riemann-health daemon.
|
| services.rspamd.user | User to use when no root privileges are required.
|
| services.radicle.ci.broker.settings | Configuration of radicle-ci-broker
|
| services.snipe-it.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.mqtt2influxdb.mqtt.port | MQTT server port.
|
| services.rutorrent.dataDir | Storage path of ruTorrent.
|
| services.reposilite.settings | Configuration written to the reposilite.cdn file
|
| services.selfoss.database.type | Database to store feeds
|
| services.nats.enable | Whether to enable NATS messaging system.
|
| services.prometheus.exporters.exportarr-lidarr.openFirewall | Open port in firewall for incoming connections.
|
| services.reposilite.settings.bypassExternalCache | Add cache bypass headers to responses from /api/* to avoid issues with proxies such as Cloudflare.
|
| services.suricata.settings.default-rule-path | Path in which suricata-update managed rules are stored by default.
|
| services.movim.precompressStaticFiles | Aggressively precompress static files
|
| services.nsd.zones.<name>.data | The actual zone data
|