| services.soju.listen | Where soju should listen for incoming connections
|
| services.movim.database.name | Database name.
|
| services.mautrix-meta.instances.<name>.serviceUnit | The systemd unit (a service or a target) for other services to depend on if they
need to be started after matrix-synapse
|
| services.mysqlBackup.singleTransaction | Whether to create database dump in a single transaction
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packets | Packet range from which to choose a random value to subtract from
rekey_packets
|
| services.thanos.query.endpoints | Addresses of statically configured Thanos API servers (repeatable)
|
| services.smartdns.bindPort | DNS listening port number.
|
| services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| services.torrentstream.openFirewall | Open ports in the firewall for TorrentStream daemon.
|
| services.limesurvey.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| services.matrix-conduit.enable | Whether to enable matrix-conduit.
|
| services.nginx.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.oauth2-proxy.extraConfig | Extra config to pass to oauth2-proxy.
|
| services.openafsClient.startDisconnected | Start up in disconnected mode
|
| services.peertube.database.name | Database name.
|
| services.prometheus.exporters.ebpf.openFirewall | Open port in firewall for incoming connections.
|
| services.prometheus.exporters.jitsi.extraFlags | Extra commandline options to pass to the jitsi exporter.
|
| services.mautrix-discord.package | The mautrix-discord package to use.
|
| services.metabase.ssl.port | Listen port over SSL (https) for Metabase.
|
| services.monero.rpc.port | Port the RPC server will bind to.
|
| services.nagios.virtualHost.http2 | Whether to enable HTTP 2
|
| services.opensearch.user | The user OpenSearch runs as
|
| services.porn-vault.autoStart | Whether to start porn-vault automatically.
|
| services.portunus.dex.oidcClients.*.id | ID of the OIDC client
|
| services.prometheus.remoteWrite.*.bearer_token_file | Sets the Authorization header on every remote write request with the bearer token
read from the configured file
|
| services.misskey.reverseProxy.webserver | The webserver to use as the reverse proxy.
|
| services.mtr-exporter.jobs | List of MTR jobs
|
| services.nitter.config.tokenCount | Minimum amount of usable tokens
|
| services.openntpd.enable | Whether to enable OpenNTP time synchronization server.
|
| services.rauc.enable | Whether to enable RAUC A/B update service.
|
| services.slskd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.tt-rss.pubSubHubbub.enable | Enable client PubSubHubbub support in tt-rss
|
| services.meilisearch.settings | Configuration settings for Meilisearch
|
| services.netbird.server.signal.metricsPort | Internal port of the metrics server.
|
| services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| services.pgbouncer.settings.users | Optional
|
| services.postfix.group | What to call the Postfix group (must be used only for postfix).
|
| services.pangolin.openFirewall | Whether to enable opening TCP ports 80 and 443, and UDP port 51820 in the firewall for the Pangolin service(s).
|
| services.szurubooru.server.settings.delete_source_files | Whether to delete thumbnails and source files on post delete.
|
| services.tarsnap.archives.<name>.printStats | Print global archive statistics upon completion
|
| services.netbird.server.dashboard.enableNginx | Whether to enable Nginx reverse-proxy to serve the dashboard.
|
| services.sonarr.openFirewall | Open ports in the firewall for the Sonarr web interface
|
| services.umurmur.package | The umurmur package to use.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2 | Optional OAuth 2.0 configuration
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.prometheus.exporters.modemmanager.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.modemmanager.openFirewall is true.
|
| services.prosody.package | The prosody package to use.
|
| services.magnetico.web.address | Address the web interface will listen to.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.proxy_url | Optional proxy URL.
|
| services.mailman.ldap.bindDn | Service account to bind against.
|
| services.radicle.httpd.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.teamspeak3.dataDir | Directory to store TS3 database and other state/data files.
|
| services.matomo.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.nextjs-ollama-llm-ui.enable | Whether to enable Simple Ollama web UI service; an easy to use web frontend for a Ollama backend service
|
| services.nix-serve.enable | Whether to enable nix-serve, the standalone Nix binary cache server.
|
| services.nsd.remoteControl.enable | Whether to enable remote control via nsd-control.
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| services.prometheus.exporters.frr.group | Group under which the frr exporter shall be run
|
| services.sftpgo.settings.httpd.bindings.*.address | Network listen address
|
| services.slskd.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.pdfding.user | User account under which PdfDing runs
|
| services.prometheus.exporters.nextcloud.listenAddress | Address to listen on.
|
| services.slskd.settings.retention.files.incomplete | Lifespan of incomplete downloading files in minutes.
|
| services.tt-rss.sessionCookieLifetime | Default lifetime of a session (e.g. login) cookie
|
| services.logcheck.extraRulesDirs | Directories with extra rules.
|
| services.mediawiki.httpd.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.routinator.settings.log-file | A string value containing the path to a file to which log messages will be appended if the log configuration value is set to file
|
| services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.nexus.enable | Whether to enable Sonatype Nexus3 OSS service.
|
| services.suricata.settings.logging.outputs.syslog.format | Logformat for logs send to syslog.
|
| services.prometheus.exporters.mongodb.group | Group under which the mongodb exporter shall be run.
|
| services.prometheus.alertmanagerIrcRelay.settings | Configuration for Alertmanager IRC Relay as a Nix attribute set
|
| services.matrix-continuwuity.settings.global.address | Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
|
| services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| services.prometheus.exporters.nginxlog.extraFlags | Extra commandline options to pass to the nginxlog exporter.
|
| services.pretalx.settings.files.upload_limit | Maximum file upload size in MiB.
|
| services.snipe-it.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.netbird.tunnels.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.pgpkeyserver-lite.hkpAddress | Which IP address the sks-keyserver is listening on.
|
| services.prometheus.exporters.bitcoin.extraEnv | Extra environment variables for the exporter.
|
| services.netbird.server.dashboard.domain | The domain under which the dashboard runs.
|
| services.prometheus.exporters.ecoflow.prefix | The prefix that will be added to all metrics
|
| services.part-db.settings | Options for part-db configuration
|
| services.power-profiles-daemon.package | The power-profiles-daemon package to use.
|
| services.litellm.settings.environment_variables | Environment variables to pass to the Lite
|
| services.pixelfed.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.rqbit.package | The rqbit package to use.
|
| services.samba.settings | Configuration file for the Samba suite in ini format
|
| services.pixelfed.enable | Whether to enable a Pixelfed instance.
|
| services.riemann.extraClasspathEntries | Extra entries added to the Java classpath when running Riemann.
|
| services.rsyncd.settings.globalSection | global section of an INI file (attrs of INI atom (null, bool, int, float or string))
|
| services.limesurvey.httpd.virtualHost.servedDirs | This option provides a simple way to serve static directories.
|
| services.mainsail.nginx.listenAddresses | Listen addresses for this virtual host
|
| services.radicle.httpd.nginx.listen.*.extraParameters | Extra parameters of this listen directive.
|
| services.limesurvey.package | The limesurvey package to use.
|
| services.nginx.resolver.addresses | List of resolvers to use
|
| services.pantheon.contractor.enable | Whether to enable contractor, a desktop-wide extension service used by Pantheon.
|
| services.prometheus.exporters.dnsmasq.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.dnsmasq.openFirewall is true.
|
| services.mailcatcher.enable | Whether to enable MailCatcher, an SMTP server and web interface to locally test outbound emails.
|