| services.headscale.settings.tls_cert_path | Path to already created certificate.
|
| services.postfix-tlspol.settings | The postfix-tlspol configuration file as a Nix attribute set
|
| services.headscale.settings.tls_key_path | Path to key for already created certificate.
|
| services.tlsrpt.collectd.extraFlags | List of extra flags to pass to the tlsrpt-reportd executable
|
| services.go-camo.sslKey | Path to TLS private key.
|
| services.tlsrpt.configurePostfix | Whether to configure permissions to allow integration with Postfix.
|
| services.scrutiny.settings.web.influxdb.tls.insecure_skip_verify | Whether to enable skipping TLS verification when connecting to InfluxDB.
|
| services.tlsrpt.collectd.settings | Flags from tlsrpt-collectd(1) as key-value pairs.
|
| services.go-camo.sslCert | Path to TLS certificate.
|
| services.doh-server.settings.upstream | Upstream DNS resolver
|
| services.tlsrpt.reportd.settings.dbname | Path to the sqlite database.
|
| services.tlsrpt.fetcher.settings.storage | Path to the collectd sqlite database.
|
| services.postfix-tlspol.settings.server.log-level | Log level
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.postfix-tlspol.settings.server.cache-file | Path to the cache file.
|
| services.tlsrpt.collectd.settings.storage | Storage backend definition.
|
| services.postfix-tlspol.configurePostfix | Whether to configure the required settings to use postfix-tlspol in the local Postfix instance.
|
| services.invidious.nginx.enable | Whether to configure nginx as a reverse proxy for Invidious
|
| services.tlsrpt.reportd.settings.fetchers | Comma-separated list of fetcher programs that retrieve collectd data.
|
| services.postfix-tlspol.settings.dns.address | IP and port to your DNS resolver
|
| services.postfix-tlspol.settings.server.address | Path or address/port where postfix-tlspol binds its socket to.
|
| services.tlsrpt.reportd.settings.log_level | Level of log messages to emit.
|
| services.tlsrpt.fetcher.settings.log_level | Level of log messages to emit.
|
| services.coturn.dh-file | Use custom DH TLS key, stored in PEM format in the file.
|
| services.uhub.<name>.enableTLS | Whether to enable TLS support.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.starttls | set to true for using STARTTLS to start a TLS connection
|
| services.molly-brown.keyPath | Path to TLS key
|
| services.resolved.settings.Resolve.DNSOverTLS | Whether to use TLS encryption for DNS queries
|
| services.cfssl.mutualTlsCa | Mutual TLS - require clients be signed by this CA.
|
| services.tlsrpt.collectd.settings.log_level | Level of log messages to emit.
|
| services.postfix-tlspol.settings.server.prefetch | Whether to prefetch DNS records when the TTL of a cached record is about to expire.
|
| services.cfssl.mutualTlsCn | Mutual TLS - regex for whitelist of allowed client CNs.
|
| services.skydns.etcd.caCert | Skydns path of TLS certificate authority public key.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config | TLS configuration.
|
| services.nginx.sslCiphers | Ciphers to choose from when negotiating TLS handshakes.
|
| services.ncps.cache.redis.useTLS | Use TLS for Redis connection.
|
| services.prometheus.remoteRead.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config | Configures the scrape request's TLS settings.
|
| services.tlsrpt.collectd.settings.socketmode | Permissions on the UNIX socket.
|
| services.prometheus.remoteWrite.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.ddclient.ssl | Whether to use SSL/TLS to connect to dynamic DNS provider.
|
| services.tlsrpt.collectd.settings.socketname | Path at which the UNIX socket will be created.
|
| services.prometheus.remoteRead.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.postfix.enableSubmissions | Whether to enable the submissions service configured in master.cf
|
| services.stunnel.enable | Whether to enable the stunnel TLS tunneling service.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config | TLS configuration.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config | TLS configuration.
|
| services.prometheus.remoteWrite.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|
| services.tlsrpt.reportd.settings.http_script | Call to an HTTPS client, that accepts the URL on the commandline and the request body from stdin.
|
| services.syncplay.certDir | TLS certificates directory to use for encryption
|
| services.prometheus.scrapeConfigs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.postfix.settings.main.smtp_tls_CAfile | File containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates
|
| services.kresd.listenTLS | Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858)
|
| services.public-inbox.nntp.key | Path to TLS key to use for connections to public-inbox-nntpd(1).
|
| services.public-inbox.imap.key | Path to TLS key to use for connections to public-inbox-imapd(1).
|
| services.postfix.enableSubmission | Whether to enable the `submission` service configured in master.cf
|
| services.prometheus.remoteWrite.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config | TLS configuration.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config | TLS configuration.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config | TLS configuration.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config | TLS configuration.
|
| services.prometheus.scrapeConfigs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config | Configures the Consul request's TLS settings.
|
| services.public-inbox.imap.cert | Path to TLS certificate to use for connections to public-inbox-imapd(1).
|
| services.public-inbox.nntp.cert | Path to TLS certificate to use for connections to public-inbox-nntpd(1).
|
| services.tlsrpt.reportd.settings.contact_info | Contact information embedded into the reports.
|
| services.infinoted.keyFile | Private key to use for TLS
|
| services.maddy.config | Server configuration, see
https://maddy.email for
more information
|
| services.portunus.port | Port where the Portunus webserver should listen on
|
| services.prometheus.scrapeConfigs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config | TLS configuration.
|
| services.h2o.hosts | The hosts config to be merged with the settings
|
| services.davis.nginx.kTLS | Whether to enable kTLS support
|
| services.slskd.nginx.kTLS | Whether to enable kTLS support
|
| services.nginx.sslProtocols | Allowed TLS protocol versions.
|
| services.movim.nginx.kTLS | Whether to enable kTLS support
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id | Server side EAP-Identity to expect in the EAP method
|
| services.httpd.sslProtocols | Allowed SSL/TLS protocol versions.
|
| services.snipe-it.nginx.kTLS | Whether to enable kTLS support
|
| services.nsd.remoteControl.port | Port number for remote control operations (uses TLS over TCP).
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.tt-rss.email.security | Used to select a secure SMTP connection
|
| services.molly-brown.certPath | Path to TLS certificate
|
| services.sslmate-agent.enable | Whether to enable sslmate-agent, a daemon for managing SSL/TLS certificates on a server.
|
| services.prometheus.remoteWrite.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.cfssl.mutualTlsClientCert | Mutual TLS - client certificate to call remote instance requiring client certs.
|
| services.cfssl.mutualTlsClientKey | Mutual TLS - client key to call remote instance requiring client certs
|
| services.fluidd.nginx.kTLS | Whether to enable kTLS support
|
| services.akkoma.nginx.kTLS | Whether to enable kTLS support
|
| services.gancio.nginx.kTLS | Whether to enable kTLS support
|
| services.monica.nginx.kTLS | Whether to enable kTLS support
|
| services.matomo.nginx.kTLS | Whether to enable kTLS support
|
| services.pgadmin.emailServer.useTLS | Whether to enable TLS for connecting to the SMTP server.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config | TLS configuration.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config | TLS configuration.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config | TLS configuration.
|
| services.postfix-tlspol.settings.server.socket-permissions | Permissions to the UNIX socket, if configured.
Due to hardening on the systemd unit the socket can never be created world readable/writable.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|