| services.github-runners.<name>.user | User under which to run the service
|
| services.pfix-srsd.configurePostfix | Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
|
| services.veilid.settings.core.protected_store.allow_insecure_fallback | If we can't use system-provided secure storage, should we proceed anyway?
|
| environment.wvdial.pppDefaults | Default ppp settings for wvdial.
|
| services.openldap.mutableConfig | Whether to allow writable on-line configuration
|
| services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| services.foundationdb.tls | FoundationDB Transport Security Layer (TLS) settings.
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| services.yarr.environmentFile | Environment file for specifying additional settings such as secrets
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| services.jitsi-meet.interfaceConfig | Client-side web-app interface settings that override the defaults in interface_config.js
|
| services.schleuder.listDefaults | Default settings for lists (list-defaults.yml)
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| services.stash.settings.video_file_naming_algorithm | Hash algorithm to use for generated file naming
|
| services.flexget.systemScheduler | When true, execute the runs via the flexget-runner.timer
|
| services.matrix-synapse.settings.registration_shared_secret | If set, allows registration by anyone who also has the shared
secret, even if registration is otherwise disabled
|
| services.multipath.overrides | This section defines values for attributes that should override the
device-specific settings for all devices.
|
| services.monica.config | monica configuration options to set in the
.env file
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.oink.domains | List of attribute sets containing configuration for each domain
|
| services.librespeed.secrets | Attribute set of filesystem paths
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| services.wgautomesh.settings.upnp_forward_external_port | Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD.
|
| services.matrix-continuwuity.settings.global.allow_announcements_check | If enabled, continuwuity will send a simple GET request periodically to
https://continuwuity.org/.well-known/continuwuity/announcements for any new announcements made.
|
| services.prometheus.remoteWrite.*.sigv4 | Configures AWS Signature Version 4 settings.
|
| services.yggdrasil.configFile | A file which contains JSON or HJSON configuration for yggdrasil
|
| services.factorio.extraSettingsFile | File, which is dynamically applied to server-settings.json before
startup
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services.pgbouncer.settings.pgbouncer.ignore_startup_parameters | By default, PgBouncer allows only parameters it can keep track of in startup packets:
client_encoding, datestyle, timezone and standard_conforming_strings
|
| services.grafana.settings.database.locking_attempt_timeout_sec | For mysql, if the migrationLocking feature toggle is set,
specify the time (in seconds) to wait before failing to lock the database for the migrations.
|
| hardware.openrazer.batteryNotifier | Settings for device battery notifications.
|
| services.mattermost.preferNixConfig | If both mutableConfig and this option are set, the Nix configuration
will take precedence over any settings configured in the server
console.
|
| services.prosody.muc.*.tombstoneExpiry | This settings controls how long a tombstone is considered
valid
|
| i18n.extraLocaleSettings | A set of additional system-wide locale settings other than LANG
which can be configured with i18n.defaultLocale
|
| services.grafana.settings.security.data_source_proxy_whitelist | Define a whitelist of allowed IP addresses or domains, with ports,
to be used in data source URLs with the Grafana data source proxy
|
| services.asterisk.useTheseDefaultConfFiles | Sets these config files to the default content
|
| services.komodo-periphery.extraSettings | Extra settings to add to the generated TOML config.
|
| services.packagekit.vendorSettings | Additional settings passed straight through to Vendor.conf
|
| services.bluemap.webserverSettings | Settings for the webserver.conf file, usually not required.
See upstream docs.
|
| services.postsrsd.configurePostfix | Whether to configure the required settings to use postsrsd in the local Postfix instance.
|
| services.clamav.clamonacc.enable | Whether to enable ClamAV on-access scanner
|
| services.stash.settings.create_image_clip_from_videos | Create Image Clips from Video extensions when Videos are disabled in Library
|
| services.akkoma.initDb.enable | Whether to automatically initialise the database on startup
|
| services.cryptpad.configureNginx | Configure Nginx as a reverse proxy for Cryptpad
|
| services.agorakit.config | Agorakit configuration options to set in the
.env file
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| services.rathole.credentialsFile | Path to a TOML file to be merged with the settings
|
| services.bookstack.config | BookStack configuration options to set in the
.env file
|
| virtualisation.appvm.enable | This enables AppVMs and related virtualisation settings.
|
| services.netbird.useRoutingFeatures | Enables settings required for NetBird's routing features: Network Resources, Network Routes & Exit Nodes
|
| services.nginx.recommendedTlsSettings | Enable recommended TLS settings.
|
| services.postfix-tlspol.configurePostfix | Whether to configure the required settings to use postfix-tlspol in the local Postfix instance.
|
| services.foundationdb.locality | FoundationDB locality settings.
|
| services.easytier.instances.<name>.configFile | Path to easytier config file
|
| services.veilid.settings.core.protected_store.always_use_insecure_storage | Should we bypass any attempt to use system-provided secure storage?
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| services.librenms.environmentFile | File containing env-vars to be substituted into the final config
|
| services.filebeat.modules | Filebeat modules provide a quick way to get started
processing common log formats
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| services.sanoid.datasets.<name>.recursive | Whether to recursively snapshot dataset children
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| services.apache-kafka.configFiles.serverProperties | Kafka server.properties configuration file path
|
| services.dendrite.settings.global.trusted_third_party_id_servers | Lists of domains that the server will trust as identity
servers to verify third party identifiers such as phone
numbers and email addresses
|
| services.karakeep.extraEnvironment | Environment variables to pass to Karakaeep
|
| services.nginx.recommendedGzipSettings | Enable recommended gzip settings
|
| services.privoxy.inspectHttps | Whether to configure Privoxy to inspect HTTPS requests, meaning all
encrypted traffic will be filtered as well
|
| services.matrix-synapse.settings.url_preview_ip_range_blacklist | List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
|
| services.matrix-synapse.settings.url_preview_ip_range_whitelist | List of IP address CIDR ranges that the URL preview spider is allowed
to access even if they are specified in url_preview_ip_range_blacklist.
|
| virtualisation.lxc.bridgeConfig | This is the config file for override lxc-net bridge default settings.
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.headscale.settings.tls_letsencrypt_challenge_type | Type of ACME challenge to use, currently supported types:
HTTP-01 or TLS-ALPN-01.
|
| services.sunshine.applications | Configuration for applications to be exposed to Moonlight
|
| services.listmonk.database.mutableSettings | Database settings will be reset to the value set in this module if this is not enabled
|
| services.displayManager.dms-greeter.configFiles | List of DankMaterialShell configuration files to copy into the greeter
data directory at /var/lib/dms-greeter
|
| services.discourse.backendSettings | Additional settings to put in the
discourse.conf file
|
| services.nginx.recommendedZstdSettings | Enable recommended zstd settings
|
| services.nginx.recommendedProxySettings | Whether to enable recommended proxy settings if a vhost does not specify the option manually.
|
| services.nginx.recommendedUwsgiSettings | Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
|
| services.xserver.displayManager.sx.enable | Whether to enable the "sx" pseudo-display manager, which allows users
to start manually via the "sx" command from a vt shell
|
| services.easytier.instances.<name>.extraSettings | Extra settings to add to easytier-‹name›.toml.
|
| services.nextcloud.configureRedis | Whether to configure Nextcloud to use the recommended Redis settings for small instances.
The Nextcloud system check recommends to configure either Redis or Memcache for file lock caching.
The notify_push app requires Redis to be configured
|
| services.stash.settings.show_one_time_moved_notification | Whether a small notification to inform the user that Stash will no longer show a terminal window, and instead will be available in the tray
|
| services.opencloud.environment | Extra environment variables to set for the service
|
| services.mattermost.mutableConfig | Whether the Mattermost config.json is writeable by Mattermost
|
| services.prometheus.remoteRead.*.tls_config | Configures the remote read request's TLS settings.
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| services.opencloud.environmentFile | An environment file as defined in systemd.exec(5)
|
| services.nginx.recommendedBrotliSettings | Enable recommended brotli settings
|
| services.maubot.settings.plugin_databases.postgres_max_conns_per_plugin | Maximum number of connections per plugin instance.
|
| services.prometheus.remoteWrite.*.tls_config | Configures the remote write request's TLS settings.
|
| services.firezone.server.provision.accounts | All accounts to provision
|
| services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|
| services.yggdrasil.openMulticastPort | Whether to open the UDP port used for multicast peer discovery
|
| services.dovecot2.imapsieve.mailbox.*.name | This setting configures the name of a mailbox for which administrator scripts are configured
|
| services.easytier.instances.<name>.configServer | Configure the instance from config server
|
| virtualisation.graphics | Whether to run QEMU with a graphics window, or in nographic mode
|
| services.grafana.settings.users.user_invite_max_lifetime_duration | The duration in time a user invitation remains valid before expiring
|
| services.dnscrypt-proxy2.upstreamDefaults | Whether to base the config declared in services.dnscrypt-proxy2.settings on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
|
| services.nginx.experimentalZstdSettings | Enable alpha quality zstd module with recommended settings
|