| services.reposilite.settings.cachedLogSize | Amount of messages stored in the cache logger.
|
| services.hedgedoc.settings.protocolUseSSL | Use https:// for all links
|
| services.postgrest.settings.server-host | Where to bind the PostgREST web server.
The admin server will also bind here, but potentially exposes sensitive information
|
| services.postfix.settings.main.relayhost | List of hosts to use for relaying outbound mail.
Putting the hostname in angled brackets, e.g. [relay.example.com], turns off MX and SRV lookups for the hostname.
https://www.postfix.org/postconf.5.html#relayhost
|
| services.watchdogd.settings.interval | The kick interval, i.e. how often watchdogd(8) should reset the WDT timer.
|
| services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| services.watchdogd.settings.filenr.logmark | Whether to log current stats every poll interval.
|
| services.nylon.<name>.enable | Enables nylon as a running service upon activation.
|
| services.mattermost.database.name | Local Mattermost database name.
|
| services.litellm.settings.model_list | List of supported models on the server, with model-specific configs.
|
| services.pgbackrest.stanzas.<name>.jobs.<name>.type | Backup type as described in:
https://pgbackrest.org/command.html#command-backup/category-command/option-type
|
| services.lidarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.radarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.suricata.settings.unix-command.enabled | Enable unix-command socket.
|
| services.sonarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.postgresql.ensureUsers.*.name | Name of the user to ensure.
|
| services.filebrowser.settings.cache-dir | The directory where FileBrowser stores its cache.
|
| services.cryptpad.settings.websocketPort | Port for the websocket that needs to be separate
|
| services.reposilite.settings.enforceSsl | Whether to redirect all traffic to SSL.
|
| services.tor.settings.ServerDNSDetectHijacking | See torrc manual.
|
| services.tor.settings.ControlPortFileGroupReadable | See torrc manual.
|
| services.suricata.settings.threshold-file | Suricata threshold configuration file.
|
| services.tor.settings.PaddingStatistics | See torrc manual.
|
| services.bacula-fd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.bacula-sd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.pretalx.settings.filesystem.logs | Path to the log directory, that pretalx logs message to.
|
| services.syncthing.settings | Extra configuration options for Syncthing
|
| services.phpfpm.pools.<name>.phpEnv | Environment variables used for this PHP-FPM pool.
|
| services.sftpgo.settings.webdavd.bindings.*.port | The port for serving WebDAV requests
|
| services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers | Additionally enable the recommended set of pairwise ciphers
|
| services.sourcehut.settings.mail.smtp-password | Outgoing SMTP password.
|
| services.gemstash.settings.base_path | Path to store the gem files and the sqlite database
|
| services.sourcehut.settings."pages.sr.ht".gemini-certs | An absolute file path (which should be outside the Nix-store)
to Gemini certificates.
|
| services.geth.<name>.package | The geth package to use.
|
| services.cgit.<name>.package | The cgit package to use.
|
| services.uhub.<name>.plugins | Uhub plugin configuration.
|
| services.saunafs.metalogger.settings | Contents of metalogger config file (see sfsmetalogger.cfg(5)).
|
| services.sourcehut.settings."builds.sr.ht".api-origin | Origin URL for the API
|
| services.gitlab.pages.settings.artifacts-server | API URL to proxy artifact requests to.
|
| services.typesense.settings.server.api-address | Address to which Typesense API service binds.
|
| services.journald.remote.settings.Remote.SplitMode | With "host", a separate output file is used, based on the
hostname of the other endpoint of a connection
|
| services.vmalert.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| services.fediwall.settings.hideSensitive | Hide sensitive (potentially NSFW) posts
|
| services.openssh.settings.X11Forwarding | Whether to allow X11 connections to be forwarded.
|
| systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| services.spacecookie.settings.log.hide-ips | If enabled, spacecookie will hide personal
information of users like IP addresses from
log output.
|
| services.firefox-syncserver.settings.port | Port to bind to.
|
| services.suricata.settings.app-layer.error-policy | The error-policy setting applies to all app-layer parsers
|
| services.routinator.settings.expire | An integer value specifying the number of seconds an RTR client is requested to use a data set if it cannot get an update before throwing it away and continuing with no data at all.
|
| services.misskey.settings.redisForTimelines | ioredis options for timelines
|
| power.ups.ups.<name>.summary | Lines which would be added inside ups.conf for handling this UPS.
|
| services.spacecookie.settings.log.enable | Whether to enable logging for spacecookie.
|
| services.snapserver.settings.tcp-control.port | Port to listen on for snapclient connections.
|
| services.spacecookie.settings.log.hide-time | If enabled, spacecookie will not print timestamps
at the beginning of every log line.
|
| systemd.units.<name>.text | Text of this systemd unit.
|
| services.grafana.settings.users.home_page | Path to a custom home page
|
| services.homebridge.uiSettings.name | Name of the homebridge UI platform
|
| services.tor.settings.DirAllowPrivateAddresses | See torrc manual.
|
| services.tor.settings.AuthDirSharedRandomness | See torrc manual.
|
| services.iodine.clients | Each attribute of this option defines a systemd service that
runs iodine
|
| services.rke2.manifests.<name>.target | Name of the symlink (relative to /var/lib/rancher/rke2/server/manifests)
|
| services.reposilite.settings.sslEnabled | Whether to listen for encrypted connections on settings.sslPort.
|
| services.wgautomesh.settings.peers.*.pubkey | Wireguard public key of this peer.
|
| services.lemmy.settings.captcha.difficulty | The difficultly of the captcha to solve.
|
| services.grafana-image-renderer.settings.server.addr | Listen address of the service.
|
| services.etebase-server.settings.database.engine | The database engine to use.
|
| services.evremap.settings.dual_role.*.hold | The key sequence that should be output when the input key is held
|
| services.epgstation.database.name | Name of the MySQL database that holds EPGStation's data.
|
| services.taler.merchant.settings.merchant.SERVE | Whether the HTTP server should listen on a UNIX domain socket ("unix") or on a TCP socket ("tcp").
|
| services.healthchecks.settings.DB | Database engine to use.
|
| services.opensearch.settings."network.host" | Which port this service should listen on.
|
| services.oncall.settings.oncall_host | FQDN for the Oncall instance.
|
| services.scrutiny.settings.web.listen.basepath | If Scrutiny will be behind a path prefixed reverse proxy, you can override this
value to serve Scrutiny on a subpath.
|
| services.nginx.virtualHosts.<name>.locations.<name>.root | Root directory for requests.
|
| services.maubot.settings.server.public_url | Public base URL where the server is visible.
|
| services.postsrsd.settings.separator | SRS tag separator used in generated sender addresses
|
| services.szurubooru.server.settings.smtp.passFile | File containing the password associated to the given user for the SMTP server.
|
| services.sslh.settings.transparent | Whether the services behind sslh (Apache, sshd and so on) will see the
external IP and ports as if the external world connected directly to
them.
|
| systemd.tmpfiles.settings | Declare systemd-tmpfiles rules to create, delete, and clean up volatile
and temporary files and directories
|
| services.stash.settings.stash_boxes | Stash-box facilitates automated tagging of scenes and performers based on fingerprints and filenames
|
| services.suricata.settings.logging.outputs.file.level | Loglevel for logs written to the logfile.
|
| services.sourcehut.settings."builds.sr.ht".shell | Scripts used to launch on SSH connection.
/usr/bin/master-shell on master,
/usr/bin/runner-shell on runner
|
| services.headscale.settings.dns.magic_dns | Whether to use MagicDNS.
|
| services.postgrest.settings.server-unix-socket | Unix domain socket where to bind the PostgREST web server.
|
| services.evremap.settings.dual_role.*.input | The key that should be remapped
|
| services.i2pd.inTunnels.<name>.type | Tunnel type.
|
| services.netbird.tunnels.<name>.user.group | A system group name for this client instance.
|
| services.netbird.clients.<name>.user.group | A system group name for this client instance.
|
| services.tor.settings.DoSConnectionEnabled | See torrc manual.
|
| services.tor.settings.DormantCanceledByStartup | See torrc manual.
|
| services.tor.settings.ExtORPortCookieAuthFileGroupReadable | See torrc manual.
|
| services.grafana.settings.server.http_addr | Listening address.
This setting intentionally varies from upstream's default to be a bit more secure by default.
|
| services.snapserver.settings.stream.source | One or multiple URIs to PCM input streams.
|
| security.pam.u2f.settings.origin | By default pam-u2f module sets the origin
to pam://$HOSTNAME
|
| services.netbird.tunnels.<name>.dir.baseName | A systemd service name to use (without .service suffix).
|
| services.netbird.clients.<name>.dir.baseName | A systemd service name to use (without .service suffix).
|
| services.writefreely.settings.server.port | The port WriteFreely should listen on.
|
| services.anuko-time-tracker.settings.emailRequired | Defines whether an email is required for new registrations.
|
| services.matrix-synapse.settings.turn_uris | The public URIs of the TURN server to give to clients
|
| services.guacamole-client.settings | Configuration written to guacamole.properties.
The Guacamole web application uses one main configuration file called
guacamole.properties
|