Whether to enable rsnapshot backups.

Internal port of the signal server.

Configure whether HTTP requests follow HTTP 3xx redirects

Even if you leave s2s_secure_auth disabled, you can still require valid certificates for some domains by specifying a list here.

Salt master configuration as Nix attribute set.

Name of a file containing the spiped key

The udisks package to use.

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

Adds index directive.

The method used for generating the default value for mynetworks, if that option is unset.

https://www.postfix.org/postconf.5.html#mynetworks_style

User to connect to deluge server.

User under which pyLoad runs, and which owns the download directory.

Local address(es) to use for IKE communication

Whether to automatically open the web interface port.

Whether to enable manual usage of the rsnapshot command with this module.

Legacy RSA public key of the host in PEM format, including start and end markers

The udev attribute providing a unique path identifier (WWID)

Whether to ask Let's Encrypt to sign a certificate for this vhost

IP address of the guest system

Whether to enable continuwuity.

The directories from which plugins should be loaded

Log format for Apache's log files

Additional groups for the systemd service.

HTTP username

Settings for schleuder.yml

Path to the local source folder.

The address of the management server, used for the API endpoints.

The XEP-0423 defines a set of recommended XEPs to implement for a server

YAML file to merge into the schleuder config at runtime

The port to listen on for SNMP and AgentX messages.

Configuration options to pass to Taskserver

Sets the number of worker threads to use

An application timeout on receiving data from the TCP socket.

Unit log directory.

Webserver to configure for reverse-proxying limesurvey.

The name of the Linkwarden database.

nix substituter to fetch debuginfo from

Enable recommended proxy settings.

Whether to enable the OpenSMTPD server.

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Timeout for getting server info document.

Group under which rtorrent runs.

Address to listen on.

Enable vertical synchronization

Local domains set (see opendkim(8) for more information on datasets)

Open port in firewall for incoming connections.

Commandline flags to add to sftp-server.

Whether to stop the fan when minPwm is reached.

Configuration options in RabbitMQ's new config file format, which is a simple key-value format that can not express nested data structures

File to load environment variables from

Attribute set containing paths to files to add to the environment of linkwarden

User which runs the Mattermost service.

A host of an existing Let's Encrypt certificate to use

Neo4j SSL policy for BOLT traffic

The TCP address or UNIX socket path to listen on.

Number of yearly snapshots.

Level of log messages to emit.

Attribute set of arbitrary config options

The database backend for the service

postgres-websockets configuration as defined in: https://github.com/diogob/postgres-websockets/blob/master/src/PostgresWebsockets/Config.hs#L71-L87

PGWS_DB_URI is represented as an attribute set, see [`environment

File name in the pkcs12 folder for which this passphrase should be used.

OpenAFS kernel module package

The exportarr package to use.

Base path for PMIx temporary files.

Whether to enable Sympa mailing list manager.

Enable mlmmj

IP address to bind GUI server to (* means any).

Specify a filter for iptables to use when services.prometheus.exporters.storagebox.openFirewall is true

Sets the Authorization header on every remote write request with the configured bearer token

Whether to run the post script if the pre script fails

The strongswan package to use.

The pleroma package to use.

A list of paths to extra plugin bundles to install in Plex's plugin directory

The alertmanager-ntfy package to use.

Whether to enable pleroma.

Open port in firewall for incoming connections.

Collectors to enable or disable

When enabled, the stargazer process will be given CAP_SETGID and CAP_SETUID so that it can run cgi processes as a different user

Whether to enable lldap, a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication.

Force Nextcloud to always use HTTP or HTTPS i.e. for link generation

Define your zones here

Location where Tomcat stores configuration files, web applications and logfiles

Whether to enable the prometheus fritz exporter.

Name of the filter

sched_latency_ns.

Data directory of TSDB.

Alias of services.netbird.clients.

The hostname under which the Ollama UI interface should be accessible

Port to listen on.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.script.openFirewall is true.

Set of labels added to each metric.

peers to automatically connect to on startup

A system group name for this client instance.

The time after which the provided names are refreshed

The domain under which open-web-calendar is made available

The pipewire package to use.

Specify rules for nftables to add to the input chain when services.prometheus.exporters.v2ray.openFirewall is true.

OAuth client secret.

Free-form settings mapped to the qBittorrent.conf file in the profile

Listen ip:port address for gRPC endpoints (StoreAPI)