| services.pipewire.audio.enable | Whether to use PipeWire as the primary sound server
|
| services.tor.settings.CellStatistics | See torrc manual.
|
| services.toxBootstrapd.extraConfig | Configuration for bootstrap daemon
|
| services.mautrix-discord.serviceUnit | The systemd unit (a service or a target) for other services to depend on if they
need to be started after matrix-synapse
|
| services.mjolnir.enable | Whether to enable Mjolnir, a moderation tool for Matrix.
|
| services.movim.podConfig.chatonly | Disable all the social feature (Communities, Blog…) and keep only the chat ones
|
| services.prometheus.exporters.ecoflow.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.ecoflow.openFirewall
is true
|
| services.teeworlds.server.skillLevel | The skill level shown in the server browser.
|
| services.prometheus.exporters.nginxlog.user | User name under which the nginxlog exporter shall be run.
|
| services.prometheus.exporters.script.port | Port to listen on.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.radicle.node.listenAddress | The IP address on which radicle-node listens.
|
| services.stargazer.regenCerts | Set to false to turn off automatic regeneration of expired certificates
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id | PPK identity the PPK belongs to
|
| services.tika.openFirewall | Whether to open the firewall for Apache Tika
|
| services.minidlna.settings.enable_subtitles | Enable subtitle support on unknown clients.
|
| services.miniflux.createDatabaseLocally | Whether a PostgreSQL database should be automatically created and
configured on the local host
|
| services.netbird.tunnels.<name>.autoStart | Start the service with the system
|
| services.postgresql.systemCallFilter.<name>.enable | Whether to enable ‹name› in postgresql's syscall filter.
|
| services.moodle.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.nullmailer.config.remotes | A list of remote servers to which to send each message
|
| services.openbao.settings.ui | Whether to enable the OpenBao web UI.
|
| services.smokeping.smokeMailTemplate | Specify the smokemail template for alerts.
|
| services.prosody.modules.carbons | Keep multiple clients in sync
|
| services.rtorrent.package | The rtorrent package to use.
|
| services.nntp-proxy.enable | Whether to enable NNTP-Proxy.
|
| services.munin-cron.extraCSS | Custom styling for the HTML that munin-cron generates
|
| services.prometheus.exporters.nvidia-gpu.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nvidia-gpu.openFirewall is true.
|
| services.nginx.defaultSSLListenPort | If vhosts do not specify listen.port, use these ports for SSL by default.
|
| services.prometheus.exporters.nats.openFirewall | Open port in firewall for incoming connections.
|
| services.prometheus.exporters.postgres.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.teeworlds.server.enableHighBandwidth | Whether to enable high bandwidth mode on LAN servers
|
| services.ringboard.wayland.enable | Whether to enable Wayland support for Ringboard.
|
| services.logmein-hamachi.enable | Whether to enable LogMeIn Hamachi, a proprietary
(closed source) commercial VPN software.
|
| services.mollysocket.settings.host | Listening address of the web server
|
| services.movim.nginx.listen.*.ssl | Enable SSL.
|
| services.murmur.clientCertRequired | Whether to enable requiring clients to authenticate via certificates.
|
| services.tuliprox.extraArgs | Additional command-line arguments for the systemd service
|
| services.mediawiki.httpd.virtualHost.hostName | Canonical hostname for the server.
|
| services.pixelfed.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.plausible.server.secretKeybaseFile | Path to the secret used by the phoenix-framework
|
| services.pretix.enable | Whether to enable Pretix, a ticket shop application for conferences, festivals, concerts, etc.
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.pulseaudio.enable | Whether to enable the PulseAudio sound server.
|
| services.mainsail.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.nullmailer.config.defaulthost | The content of this attribute is appended to any address that
is missing a host name
|
| services.prometheus.exporters.dnsmasq.dnsmasqListenAddress | Address on which dnsmasq listens.
|
| services.nebula.networks.<name>.listen.host | IP address to listen on.
|
| services.pomerium.configFile | Path to Pomerium config YAML
|
| services.postfix-tlspol.settings | The postfix-tlspol configuration file as a Nix attribute set
|
| services.prometheus.exporters.junos-czerwonk.listenAddress | Address to listen on.
|
| services.prometheus.exporters.ping.settings | Configuration for ping_exporter, see
https://github.com/czerwonk/ping_exporter
for supported values.
|
| services.send.redis.port | Port of the redis server.
|
| services.slskd.nginx.locations.<name>.index | Adds index directive.
|
| services.tarsnap.archives.<name>.maxbw | Abort archival if upstream bandwidth usage in bytes
exceeds this threshold.
|
| services.prometheus.exporters.flow.group | Group under which the flow exporter shall be run.
|
| services.strongswan.ca | A set of CAs (certification authorities) and their options for
the ‘ca xxx’ sections of the ipsec.conf
file.
|
| services.szurubooru.server.settings.smtp.user | User to connect to the SMTP server.
|
| services.udp-over-tcp.tcp2udp.<name>.bind | Which local IP to bind the UDP socket to.
|
| services.matrix-continuwuity.settings.global.port | The port(s) continuwuity will be running on
|
| services.prometheus.exporters.pihole.piholeHostname | Hostname or address where to find the Pi-Hole webinterface
|
| services.prometheus.exporters.smokeping.group | Group under which the smokeping exporter shall be run.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| services.prometheus.scrapeConfigs.*.gce_sd_configs.*.filter | Filter can be used optionally to filter the instance list by other
criteria Syntax of this filter string is described here in the filter
query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets.*.address | The subnet of this host
|
| services.livekit.settings.redis.address | Host and port used to connect to a redis instance.
|
| services.minio.dataDir | The list of data directories or nodes for storing the objects
|
| services.mtr-exporter.package | The mtr-exporter package to use.
|
| services.oauth2-proxy.azure.resource | The resource that is protected.
|
| services.ombi.group | Group under which Ombi runs.
|
| services.postfix.extraMasterConf | Extra lines to append to the generated master.cf file.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.readeck.enable | Whether to enable Readeck.
|
| services.moosefs.runAsUser | Run daemons as moosefs user instead of root for better security.
|
| services.nscd.enable | Whether to enable the Name Service Cache Daemon
|
| services.printing.cups-pdf.enable | Whether to enable the cups-pdf virtual pdf printer backend
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.priority | The ntfy.sh message priority (see https://docs.ntfy.sh/publish/#message-priority for more information)
|
| services.sharkey.settings.mediaDirectory | Path to the folder where Sharkey stores uploaded media such as images and attachments.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization | Optional Authorization header configuration.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key | Secret key to use when listing targets. https://console.scaleway.com/project/credentials
It is mutually exclusive with secret_key_file.
|
| services.matomo.nginx.listenAddresses | Listen addresses for this virtual host
|
| services.prosody.disco_items.*.description | A short description of the endpoint you want to advertise
|
| services.snipe-it.mail.user | Mail username.
|
| services.mihomo.webui | Local web interface to use
|
| services.nginx.virtualHosts.<name>.locations.<name>.root | Root directory for requests.
|
| services.nsd.zones.<name>.dnssecPolicy.algorithm | Which algorithm to use for DNSSEC
|
| services.pgmanage.superOnly | This tells pgmanage whether or not to only allow super users to
login
|
| services.prometheus.exporters.snmp.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.snmp.openFirewall
is true
|
| services.prometheus.exporters.unpoller.group | Group under which the unpoller exporter shall be run.
|
| services.rosenpass.settings.peers.*.public_key | Path to a file containing the public key of the remote Rosenpass peer.
|
| services.subsonic.transcoders | List of paths to transcoder executables that should be accessible
from Subsonic
|
| services.maubot.settings.database | The full URI to the database
|
| services.oauth2-proxy.clientID | The OAuth Client ID.
|
| services.netbird.ui.enable | Controls presence netbird-ui wrappers, defaults to presence of graphical sessions.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| services.syncoid.interval | Run syncoid at this interval
|
| services.nipap.user | User to use for running NIPAP services.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.monica.nginx.sslCertificate | Path to server SSL certificate.
|
| services.netdata.enable | Whether to enable netdata.
|