| services.chhoto-url.settings.public_mode_expiry_delay | The maximum expiry delay in seconds to force in public mode.
|
| services.cyrus-imap.imapdSettings | IMAP configuration settings
|
| services.cyrus-imap.cyrusSettings | Cyrus configuration settings
|
| services.grafana.settings.security.csrf_additional_headers | List of allowed headers to be set by the user
|
| services.kanidm.unix.settings.kanidm.pam_allowed_login_groups | Kanidm groups that are allowed to login using PAM.
|
| services.matrix-conduit.settings.global.allow_check_for_updates | Whether to allow Conduit to automatically contact
https://conduit.rs hourly to check for important Conduit news
|
| services.postfix.settings.main.smtpd_tls_security_level | The server TLS security level
|
| services.cpupower-gui.enable | Enables dbus/systemd service needed by cpupower-gui
|
| services.grafana.settings.security.content_security_policy | Set to true to add the Content-Security-Policy header to your requests
|
| services.journald.rateLimitBurst | Configures the rate limiting burst limit (number of messages per
interval) that is applied to all messages generated on the system
|
| services.filesender.settings.storage_filesystem_path | When using storage type filesystem this is the absolute path to the file system where uploaded files are stored until they expire
|
| services.doh-server.settings.ecs_allow_non_global_ip | By default, non global IP addresses are never forwarded to upstream servers
|
| services.davis.database.urlFile | A file containing the database connection url
|
| services.bluemap.coreSettings | Settings for the core.conf file, see upstream docs.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| services.trilium-server.nginx.enable | Configure the nginx reverse proxy settings.
|
| services.matrix-synapse.settings.app_service_config_files | A list of application service config file to use
|
| services.sitespeed-io.runs | A list of run configurations
|
| services.hardware.lcd.server.usbGroup | The group to use for settings permissions
|
| services.headscale.settings.tls_letsencrypt_hostname | Domain name to request a TLS certificate for.
|
| services.radicale.rights | Configuration for Radicale's rights file
|
| services.cloudlog.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| services.bitlbee.extraSettings | Will be inserted in the Settings section of the config file.
|
| security.agnos.settings.accounts.*.certificates.*.key_output_file | Output path for the certificate private key
|
| services.hardware.bolt.enable | Whether to enable Bolt, a userspace daemon to enable
security levels for Thunderbolt 3 on GNU/Linux
|
| services.nomad.extraSettingsPaths | Additional settings paths used to configure nomad
|
| services.freshrss.api.enable | Whether to enable API access for mobile apps and third-party clients (Google Reader API and Fever API)
|
| services.nextcloud.settings.mail_send_plaintext_only | Email will be sent by default with an HTML and a plain text body
|
| programs.clash-verge.tunMode | Whether to enable Setcap for TUN Mode
|
| services.postgresql.settings.shared_preload_libraries | List of libraries to be preloaded.
|
| services.minetest-server.config | Settings to add to the minetest config file
|
| services.syncthing.configDir | The path where the settings and keys will exist.
|
| services.kanidm.serverSettings | Settings for Kanidm, see
the documentation
and example configuration
for possible values.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| services.snipe-it.config | Snipe-IT configuration options to set in the
.env file
|
| services.warpgate.settings.http.trust_x_forwarded_headers | Trust X-Forwarded-* headers
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out | Netfilter mark and mask for output traffic
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| services.matrix-synapse.settings.url_preview_url_blacklist | Optional list of URL matches that the URL preview spider is
denied from accessing.
|
| services.portunus.seedSettings | Seed settings for users and groups
|
| services.bluemap.webappSettings | Settings for the webapp.conf file, see upstream docs.
|
| services.buffyboard.settings.quirks.ignore_unused_terminals | If true, buffyboard won't automatically update the layout of a new terminal and
draw the keyboard, if the terminal is not opened by any process
|
| services.logstash.extraSettings | Extra Logstash settings in YAML format.
|
| services.grafana.settings.analytics.check_for_plugin_updates | When set to false, disables checking for new versions of installed plugins from https://grafana.com
|
| services.mediawiki.extraConfig | Any additional text to be appended to MediaWiki's
LocalSettings.php configuration file
|
| services.apcupsd.configText | Contents of the runtime configuration file, apcupsd.conf
|
| services.github-runners.<name>.user | User under which to run the service
|
| services.mattermost.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) which sets config options
for mattermost (see the Mattermost documentation)
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.role | Role of the targets to retrieve
|
| services.prometheus.scrapeConfigs.*.gce_sd_configs.*.tag_separator | The tag separator used to separate concatenated GCE instance network tags
|
| services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| services.btrbk.extraPackages | Extra packages for btrbk, like compression utilities for stream_compress.
Note: This option will get deprecated in future releases
|
| services.veilid.settings.core.protected_store.allow_insecure_fallback | If we can't use system-provided secure storage, should we proceed anyway?
|
| services.mailman.enablePostfix | Enable Postfix integration
|
| services.olivetin.extraConfigFiles | Config files to merge into the settings defined in services.olivetin.settings
|
| services.stash.settings.video_file_naming_algorithm | Hash algorithm to use for generated file naming
|
| services.matrix-synapse.settings.registration_shared_secret | If set, allows registration by anyone who also has the shared
secret, even if registration is otherwise disabled
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| services.monica.config | monica configuration options to set in the
.env file
|
| services.oink.domains | List of attribute sets containing configuration for each domain
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| services.openldap.mutableConfig | Whether to allow writable on-line configuration
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| services.wgautomesh.settings.upnp_forward_external_port | Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD.
|
| services.yarr.environmentFile | Environment file for specifying additional settings such as secrets
|
| services.jitsi-meet.interfaceConfig | Client-side web-app interface settings that override the defaults in interface_config.js
|
| services.foundationdb.tls | FoundationDB Transport Security Layer (TLS) settings.
|
| services.schleuder.listDefaults | Default settings for lists (list-defaults.yml)
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| services.matrix-continuwuity.settings.global.allow_announcements_check | If enabled, continuwuity will send a simple GET request periodically to
https://continuwuity.org/.well-known/continuwuity/announcements for any new announcements made.
|
| services.flexget.systemScheduler | When true, execute the runs via the flexget-runner.timer
|
| services.pgbouncer.settings.pgbouncer.ignore_startup_parameters | By default, PgBouncer allows only parameters it can keep track of in startup packets:
client_encoding, datestyle, timezone and standard_conforming_strings
|
| services.multipath.overrides | This section defines values for attributes that should override the
device-specific settings for all devices.
|
| services.librespeed.secrets | Attribute set of filesystem paths
|
| services.grafana.settings.database.locking_attempt_timeout_sec | For mysql, if the migrationLocking feature toggle is set,
specify the time (in seconds) to wait before failing to lock the database for the migrations.
|
| services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.region | The AWS region
|
| services.yggdrasil.configFile | A file which contains JSON or HJSON configuration for yggdrasil
|
| fonts.fontconfig.localConf | System-wide customization file contents, has higher priority than
defaultFonts settings.
|
| services.factorio.extraSettingsFile | File, which is dynamically applied to server-settings.json before
startup
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|
| services.prometheus.remoteWrite.*.sigv4 | Configures AWS Signature Version 4 settings.
|
| services.grafana.settings.security.data_source_proxy_whitelist | Define a whitelist of allowed IP addresses or domains, with ports,
to be used in data source URLs with the Grafana data source proxy
|
| services.prometheus.scrapeConfigs.*.gce_sd_configs.*.refresh_interval | Refresh interval to re-read the cloud instance list
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tag_separator | The string by which Linode Instance tags are joined into the tag label
|
| programs.starship.presets | Presets files to be merged with settings in order.
|
| boot.isNspawnContainer | Whether the machine is running in an nspawn container
|
| services.mattermost.preferNixConfig | If both mutableConfig and this option are set, the Nix configuration
will take precedence over any settings configured in the server
console.
|
| services.prosody.muc.*.tombstoneExpiry | This settings controls how long a tombstone is considered
valid
|
| services.stash.settings.create_image_clip_from_videos | Create Image Clips from Video extensions when Videos are disabled in Library
|
| services.asterisk.useTheseDefaultConfFiles | Sets these config files to the default content
|
| services.agorakit.config | Agorakit configuration options to set in the
.env file
|
| services.komodo-periphery.extraSettings | Extra settings to add to the generated TOML config.
|
| services.akkoma.initDb.enable | Whether to automatically initialise the database on startup
|
| services.packagekit.vendorSettings | Additional settings passed straight through to Vendor.conf
|
| services.bluemap.webserverSettings | Settings for the webserver.conf file, usually not required.
See upstream docs.
|
| services.bookstack.config | BookStack configuration options to set in the
.env file
|
| services.clamav.clamonacc.enable | Whether to enable ClamAV on-access scanner
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|