| services.tor.settings.DormantTimeoutDisabledByIdleStreams | See torrc manual.
|
| services.pdns-recursor.api.port | Port number Recursor REST API server will bind to.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action | Action to perform after a CHILD_SA gets closed by the peer.
- The default of
none does not take any action,
trap installs a trap policy for the CHILD_SA.start tries to re-create the CHILD_SA.
close_action does not provide any guarantee that the
CHILD_SA is kept alive
|
| services.prometheus.exporters.lnd.listenAddress | Address to listen on.
|
| services.miredo.serverAddress | The hostname or primary IPv4 address of the Teredo server
|
| services.prometheus.exporters.libvirt.extraFlags | Extra commandline options to pass to the libvirt exporter.
|
| services.thermald.configFile | The thermald manual configuration file
|
| services.prometheus.exporters.pihole.listenAddress | Address to listen on.
|
| services.ncps.cache.lru.schedule | The cron spec for cleaning the store to keep it under
config.ncps.cache.maxSize
|
| services.mptcpd.package | The mptcpd package to use.
|
| services.syncthing.key | Path to the key.pem file, which will be copied into Syncthing's
configDir.
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.tor.tsocks.enable | Whether to build tsocks wrapper script to relay application traffic via Tor.
You shouldn't use this unless you know what you're
doing because your installation of Tor already comes with
its own superior (doesn't leak DNS queries)
torsocks wrapper which does pretty much
exactly the same thing as this.
|
| services.tor.settings.ClientUseIPv4 | See torrc manual.
|
| services.prometheus.exporters.node-cert.excludeGlobs | List files matching a pattern to include
|
| services.outline.slackIntegration.appId | Application ID.
|
| services.statsd.mgmt_address | Address to run management TCP interface on
|
| services.packagekit.enable | Whether to enable PackageKit, a cross-platform D-Bus abstraction layer for
installing software
|
| services.prometheus.exporters.dovecot.extraFlags | Extra commandline options to pass to the dovecot exporter.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytes | Number of bytes processed before initiating CHILD_SA rekeying
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| services.prometheus.exporters.pve.environmentFile | Path to the service's environment file
|
| services.printing.browsedConf | The contents of the configuration. file of the CUPS Browsed daemon
(cups-browsed.conf)
|
| services.misskey.settings.port | The port your Misskey server should listen on.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.server | The URL to connect to the Uyuni server.
|
| services.saunafs.chunkserver.enable | Whether to enable Saunafs chunkserver daemon.
|
| services.nagios.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts
|
| services.mattermost.database.user | Local Mattermost database username.
|
| services.szurubooru.dataDir | The path to the data directory in which Szurubooru will store its data.
|
| services.mastodon.redis.port | Redis port.
|
| services.pinchflat.package | The pinchflat package to use.
|
| services.snapraid.dataDisks | SnapRAID data disks.
|
| services.prometheus.exporters.pihole.group | Group under which the pihole exporter shall be run.
|
| services.trafficserver.remap | URL remapping rules used by Traffic Server
|
| services.prometheus.exporters.artifactory.enable | Whether to enable the prometheus artifactory exporter.
|
| services.redis.servers.<name>.user | User account under which this instance of redis-server runs.
If left as the default value this user will automatically be
created on system activation, otherwise you are responsible for
ensuring the user exists before the redis service starts.
|
| services.openafsClient.cache.diskless | Use in-memory cache for diskless machines
|
| services.movim.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.picom.shadowExclude | List of conditions of windows that should have no shadow
|
| services.nginx.virtualHosts.<name>.root | The path of the web root directory.
|
| services.snipe-it.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.tor.settings.RelayBandwidthBurst | See torrc manual.
|
| services.public-inbox.settings.publicinbox.pop3server | POP3 URLs to this public-inbox instance
|
| services.syncthing.settings.devices.<name>.id | The device ID
|
| services.resilio.useUpnp | Use Universal Plug-n-Play (UPnP)
|
| services.nginx.virtualHosts.<name>.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2 | Optional OAuth 2.0 configuration
|
| services.tor.settings.PaddingStatistics | See torrc manual.
|
| services.rspamd.locals.<name>.text | Text of the file.
|
| services.pihole-ftl.macvendorURL | URL from which to download the macvendor.db file.
|
| services.send.redis.name | Name of the redis server
|
| services.moodle.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.pretalx.nginx.domain | The domain name under which to set up the virtual host.
|
| services.prometheus.exporters.rspamd.user | User name under which the rspamd exporter shall be run.
|
| services.netatalk.settings | Configuration for Netatalk
|
| services.omnom.settings.app.debug | Whether to enable debug mode.
|
| services.prometheus.exporters.artifactory.scrapeUri | URI on which to scrape JFrog Artifactory.
|
| services.nginx.appendHttpConfig | Configuration lines to be appended to the generated http block
|
| services.murmur.registerName | Public server registration name, and also the name of the
Root channel
|
| services.lighthouse.validator.metrics.address | Listen address of Validator node metrics service.
|
| services.physlock.allowAnyUser | Whether to allow any user to lock the screen
|
| services.toxvpn.localip | your ip on the vpn
|
| services.slskd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.matterbridge.package | The matterbridge package to use.
|
| services.owncast.user | User account under which owncast runs.
|
| services.tsidp.settings.useLocalTailscaled | Use local tailscaled instead of tsnet.
|
| services.rkvm.client.settings | Structured client daemon configuration
|
| services.prometheus.exporters.shelly.enable | Whether to enable the prometheus shelly exporter.
|
| services.tinyproxy.settings.Listen | Specify which address to listen to.
|
| services.pixelfed.group | Group account under which pixelfed runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the pixelfed application starts.
|
| services.novacomd.enable | Whether to enable Novacom service for connecting to WebOS devices.
|
| services.parsedmarc.provision.localMail.recipientName | The DMARC mail recipient name, i.e. the name part of the
email address which receives DMARC reports
|
| services.squid.proxyPort | TCP port on which squid will listen.
|
| services.scollector.enable | Whether to run scollector.
|
| services.moodle.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| services.lirc.configs | Configurations for lircd to load, see man:lircd.conf(5) for details (lircd.conf)
|
| services.ncps.cache.databaseURL | The URL of the database (currently only SQLite is supported)
|
| services.prowlarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.prometheus.remoteRead | Parameters of the endpoints to query from
|
| services.prometheus.exporters.mysqld.group | Group under which the mysqld exporter shall be run.
|
| services.sitespeed-io.user | User account under which sitespeed-io runs.
|
| services.nullmailer.config.me | The fully-qualifiled host name of the computer running nullmailer
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.nice | Niceness.
|
| services.opensmtpd.procPackages | Packages to search for filters, tables, queues, and schedulers
|
| services.prometheus.exporters.varnish.healthPath | Path under which to expose healthcheck
|
| services.nipap.nipap-www.host | Host to bind to.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.scopes | Scopes for the token request.
|
| services.opengfw.settings.workers.tcpTimeout | How long a connection is considered dead when no data is being transferred
|
| services.mtprotoproxy.users | Allowed users and their secrets
|
| services.strongswan-swanctl.swanctl.connections.<name>.keyingtries | Number of retransmission sequences to perform during initial
connect
|
| services.moonraker.klipperSocket | Path to Klipper's API socket.
|
| services.tzupdate.package | The tzupdate package to use.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization | Optional Authorization header configuration.
|
| services.n8n.environment.N8N_VERSION_NOTIFICATIONS_ENABLED | When enabled, n8n sends notifications of new versions and security updates.
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.tinyproxy.enable | Whether to enable Tinyproxy daemon.
|
| services.outline.azureAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.lighttpd.collectd.enable | Whether to enable collectd subservice accessible at http://yourserver/collectd.
|
| services.prometheus.exporters.mailman3.openFirewall | Open port in firewall for incoming connections.
|
| services.prosody.modules.announce | Send announcement to all online users
|