| services.mailman.enablePostfix | Enable Postfix integration
|
| services.olivetin.extraConfigFiles | Config files to merge into the settings defined in services.olivetin.settings
|
| services.stash.settings.video_file_naming_algorithm | Hash algorithm to use for generated file naming
|
| services.matrix-synapse.settings.registration_shared_secret | If set, allows registration by anyone who also has the shared
secret, even if registration is otherwise disabled
|
| services.pfix-srsd.configurePostfix | Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| services.monica.config | monica configuration options to set in the
.env file
|
| services.oink.domains | List of attribute sets containing configuration for each domain
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| services.openldap.mutableConfig | Whether to allow writable on-line configuration
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| services.wgautomesh.settings.upnp_forward_external_port | Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD.
|
| services.yarr.environmentFile | Environment file for specifying additional settings such as secrets
|
| services.jitsi-meet.interfaceConfig | Client-side web-app interface settings that override the defaults in interface_config.js
|
| services.foundationdb.tls | FoundationDB Transport Security Layer (TLS) settings.
|
| services.schleuder.listDefaults | Default settings for lists (list-defaults.yml)
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| services.matrix-continuwuity.settings.global.allow_announcements_check | If enabled, continuwuity will send a simple GET request periodically to
https://continuwuity.org/.well-known/continuwuity/announcements for any new announcements made.
|
| services.flexget.systemScheduler | When true, execute the runs via the flexget-runner.timer
|
| services.pgbouncer.settings.pgbouncer.ignore_startup_parameters | By default, PgBouncer allows only parameters it can keep track of in startup packets:
client_encoding, datestyle, timezone and standard_conforming_strings
|
| services.multipath.overrides | This section defines values for attributes that should override the
device-specific settings for all devices.
|
| services.librespeed.secrets | Attribute set of filesystem paths
|
| services.grafana.settings.database.locking_attempt_timeout_sec | For mysql, if the migrationLocking feature toggle is set,
specify the time (in seconds) to wait before failing to lock the database for the migrations.
|
| services.yggdrasil.configFile | A file which contains JSON or HJSON configuration for yggdrasil
|
| fonts.fontconfig.localConf | System-wide customization file contents, has higher priority than
defaultFonts settings.
|
| services.factorio.extraSettingsFile | File, which is dynamically applied to server-settings.json before
startup
|
| services.prometheus.remoteWrite.*.sigv4 | Configures AWS Signature Version 4 settings.
|
| services.grafana.settings.security.data_source_proxy_whitelist | Define a whitelist of allowed IP addresses or domains, with ports,
to be used in data source URLs with the Grafana data source proxy
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| programs.starship.presets | Presets files to be merged with settings in order.
|
| boot.isNspawnContainer | Whether the machine is running in an nspawn container
|
| services.mattermost.preferNixConfig | If both mutableConfig and this option are set, the Nix configuration
will take precedence over any settings configured in the server
console.
|
| services.prosody.muc.*.tombstoneExpiry | This settings controls how long a tombstone is considered
valid
|
| services.stash.settings.create_image_clip_from_videos | Create Image Clips from Video extensions when Videos are disabled in Library
|
| services.asterisk.useTheseDefaultConfFiles | Sets these config files to the default content
|
| services.agorakit.config | Agorakit configuration options to set in the
.env file
|
| services.komodo-periphery.extraSettings | Extra settings to add to the generated TOML config.
|
| services.akkoma.initDb.enable | Whether to automatically initialise the database on startup
|
| services.packagekit.vendorSettings | Additional settings passed straight through to Vendor.conf
|
| services.bluemap.webserverSettings | Settings for the webserver.conf file, usually not required.
See upstream docs.
|
| services.postsrsd.configurePostfix | Whether to configure the required settings to use postsrsd in the local Postfix instance.
|
| services.bookstack.config | BookStack configuration options to set in the
.env file
|
| services.cryptpad.configureNginx | Configure Nginx as a reverse proxy for Cryptpad
|
| services.clamav.clamonacc.enable | Whether to enable ClamAV on-access scanner
|
| services.netbird.useRoutingFeatures | Enables settings required for NetBird's routing features: Network Resources, Network Routes & Exit Nodes
|
| services.rathole.credentialsFile | Path to a TOML file to be merged with the settings
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| services.veilid.settings.core.protected_store.always_use_insecure_storage | Should we bypass any attempt to use system-provided secure storage?
|
| services.filebeat.modules | Filebeat modules provide a quick way to get started
processing common log formats
|
| services.postfix-tlspol.configurePostfix | Whether to configure the required settings to use postfix-tlspol in the local Postfix instance.
|
| services.nginx.recommendedTlsSettings | Enable recommended TLS settings.
|
| services.easytier.instances.<name>.configFile | Path to easytier config file
|
| services.foundationdb.locality | FoundationDB locality settings.
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| services.matrix-synapse.settings.url_preview_ip_range_blacklist | List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
|
| services.dendrite.settings.global.trusted_third_party_id_servers | Lists of domains that the server will trust as identity
servers to verify third party identifiers such as phone
numbers and email addresses
|
| services.matrix-synapse.settings.url_preview_ip_range_whitelist | List of IP address CIDR ranges that the URL preview spider is allowed
to access even if they are specified in url_preview_ip_range_blacklist.
|
| services.headscale.settings.tls_letsencrypt_challenge_type | Type of ACME challenge to use, currently supported types:
HTTP-01 or TLS-ALPN-01.
|
| hardware.nvidia.nvidiaSettings | Whether to enable nvidia-settings, NVIDIA's GUI configuration tool
.
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| services.privoxy.inspectHttps | Whether to configure Privoxy to inspect HTTPS requests, meaning all
encrypted traffic will be filtered as well
|
| security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| services.librenms.environmentFile | File containing env-vars to be substituted into the final config
|
| services.sanoid.datasets.<name>.recursive | Whether to recursively snapshot dataset children
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| services.karakeep.extraEnvironment | Environment variables to pass to Karakaeep
|
| i18n.inputMethod.fcitx5.plasma6Support | Use qt6 versions of fcitx5 packages
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.nginx.recommendedGzipSettings | Enable recommended gzip settings
|
| services.discourse.backendSettings | Additional settings to put in the
discourse.conf file
|
| services.sunshine.applications | Configuration for applications to be exposed to Moonlight
|
| services.stash.settings.show_one_time_moved_notification | Whether a small notification to inform the user that Stash will no longer show a terminal window, and instead will be available in the tray
|
| services.apache-kafka.configFiles.serverProperties | Kafka server.properties configuration file path
|
| programs.captive-browser.enable | Whether to enable captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.
|
| services.nginx.recommendedZstdSettings | Enable recommended zstd settings
|
| services.nginx.recommendedProxySettings | Whether to enable recommended proxy settings if a vhost does not specify the option manually.
|
| services.nginx.recommendedUwsgiSettings | Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
|
| services.displayManager.dms-greeter.configFiles | List of DankMaterialShell configuration files to copy into the greeter
data directory at /var/lib/dms-greeter
|
| services.nextcloud.configureRedis | Whether to configure Nextcloud to use the recommended Redis settings for small instances.
The Nextcloud system check recommends to configure either Redis or Memcache for file lock caching.
The notify_push app requires Redis to be configured
|
| services.listmonk.database.mutableSettings | Database settings will be reset to the value set in this module if this is not enabled
|
| services.easytier.instances.<name>.extraSettings | Extra settings to add to easytier-‹name›.toml.
|
| hardware.cpu.amd.ryzen-smu.enable | Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| services.mattermost.mutableConfig | Whether the Mattermost config.json is writeable by Mattermost
|
| services.xserver.displayManager.sx.enable | Whether to enable the "sx" pseudo-display manager, which allows users
to start manually via the "sx" command from a vt shell
|
| services.maubot.settings.plugin_databases.postgres_max_conns_per_plugin | Maximum number of connections per plugin instance.
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.opencloud.environment | Extra environment variables to set for the service
|
| services.opencloud.environmentFile | An environment file as defined in systemd.exec(5)
|
| services.grafana.settings.users.user_invite_max_lifetime_duration | The duration in time a user invitation remains valid before expiring
|
| services.prometheus.remoteRead.*.tls_config | Configures the remote read request's TLS settings.
|
| services.nginx.recommendedBrotliSettings | Enable recommended brotli settings
|
| services.headscale.settings.ephemeral_node_inactivity_timeout | Time before an inactive ephemeral node is deleted.
|
| services.grafana.settings.security.strict_transport_security_preload | Set to true to enable HSTS preloading option
|
| environment.wvdial.pppDefaults | Default ppp settings for wvdial.
|
| services.yggdrasil.openMulticastPort | Whether to open the UDP port used for multicast peer discovery
|
| services.dovecot2.imapsieve.mailbox.*.name | This setting configures the name of a mailbox for which administrator scripts are configured
|
| services.prometheus.remoteWrite.*.tls_config | Configures the remote write request's TLS settings.
|
| services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|