| services.netbird.useRoutingFeatures | Enables settings required for NetBird's routing features: Network Resources, Network Routes & Exit Nodes
|
| services.rathole.credentialsFile | Path to a TOML file to be merged with the settings
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| services.veilid.settings.core.protected_store.always_use_insecure_storage | Should we bypass any attempt to use system-provided secure storage?
|
| services.filebeat.modules | Filebeat modules provide a quick way to get started
processing common log formats
|
| services.nginx.recommendedTlsSettings | Enable recommended TLS settings.
|
| services.foundationdb.locality | FoundationDB locality settings.
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| services.matrix-synapse.settings.url_preview_ip_range_blacklist | List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
|
| services.dendrite.settings.global.trusted_third_party_id_servers | Lists of domains that the server will trust as identity
servers to verify third party identifiers such as phone
numbers and email addresses
|
| services.matrix-synapse.settings.url_preview_ip_range_whitelist | List of IP address CIDR ranges that the URL preview spider is allowed
to access even if they are specified in url_preview_ip_range_blacklist.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.all_tenants | Whether the service discovery should list all instances for all projects
|
| services.headscale.settings.tls_letsencrypt_challenge_type | Type of ACME challenge to use, currently supported types:
HTTP-01 or TLS-ALPN-01.
|
| hardware.nvidia.nvidiaSettings | Whether to enable nvidia-settings, NVIDIA's GUI configuration tool
.
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| services.privoxy.inspectHttps | Whether to configure Privoxy to inspect HTTPS requests, meaning all
encrypted traffic will be filtered as well
|
| security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| services.librenms.environmentFile | File containing env-vars to be substituted into the final config
|
| services.sanoid.datasets.<name>.recursive | Whether to recursively snapshot dataset children
|
| services.karakeep.extraEnvironment | Environment variables to pass to Karakaeep
|
| i18n.inputMethod.fcitx5.plasma6Support | Use qt6 versions of fcitx5 packages
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.nginx.recommendedGzipSettings | Enable recommended gzip settings
|
| services.discourse.backendSettings | Additional settings to put in the
discourse.conf file
|
| services.sunshine.applications | Configuration for applications to be exposed to Moonlight
|
| services.stash.settings.show_one_time_moved_notification | Whether a small notification to inform the user that Stash will no longer show a terminal window, and instead will be available in the tray
|
| services.apache-kafka.configFiles.serverProperties | Kafka server.properties configuration file path
|
| services.nginx.recommendedZstdSettings | Enable recommended zstd settings
|
| services.nginx.recommendedProxySettings | Whether to enable recommended proxy settings if a vhost does not specify the option manually.
|
| services.nginx.recommendedUwsgiSettings | Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
|
| services.displayManager.dms-greeter.configFiles | List of DankMaterialShell configuration files to copy into the greeter
data directory at /var/lib/dms-greeter
|
| services.nextcloud.configureRedis | Whether to configure Nextcloud to use the recommended Redis settings for small instances.
The Nextcloud system check recommends to configure either Redis or Memcache for file lock caching.
The notify_push app requires Redis to be configured
|
| services.listmonk.database.mutableSettings | Database settings will be reset to the value set in this module if this is not enabled
|
| hardware.cpu.amd.ryzen-smu.enable | Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| services.mattermost.mutableConfig | Whether the Mattermost config.json is writeable by Mattermost
|
| services.xserver.displayManager.sx.enable | Whether to enable the "sx" pseudo-display manager, which allows users
to start manually via the "sx" command from a vt shell
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.opencloud.environment | Extra environment variables to set for the service
|
| services.opencloud.environmentFile | An environment file as defined in systemd.exec(5)
|
| services.grafana.settings.users.user_invite_max_lifetime_duration | The duration in time a user invitation remains valid before expiring
|
| services.prometheus.remoteRead.*.tls_config | Configures the remote read request's TLS settings.
|
| services.nginx.recommendedBrotliSettings | Enable recommended brotli settings
|
| services.headscale.settings.ephemeral_node_inactivity_timeout | Time before an inactive ephemeral node is deleted.
|
| services.grafana.settings.security.strict_transport_security_preload | Set to true to enable HSTS preloading option
|
| services.dnscrypt-proxy2.upstreamDefaults | Whether to base the config declared in services.dnscrypt-proxy2.settings on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
|
| environment.wvdial.pppDefaults | Default ppp settings for wvdial.
|
| services.yggdrasil.openMulticastPort | Whether to open the UDP port used for multicast peer discovery
|
| services.dovecot2.imapsieve.mailbox.*.name | This setting configures the name of a mailbox for which administrator scripts are configured
|
| services.prometheus.remoteWrite.*.tls_config | Configures the remote write request's TLS settings.
|
| services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|
| services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|
| programs.chromium.initialPrefs | Initial preferences are used to configure the browser for the first run
|
| services.nginx.experimentalZstdSettings | Enable alpha quality zstd module with recommended settings
|
| services.stash.settings.dangerous_allow_public_without_auth | Learn more at https://docs.stashapp.cc/networking/authentication-required-when-accessing-stash-from-the-internet/
|
| services.tailscale.useRoutingFeatures | Enables settings required for Tailscale's routing features like subnet routers and exit nodes
|
| services.firezone.server.provision.accounts | All accounts to provision
|
| services.dysnomia.extraContainerProperties | An attribute set providing additional container settings in addition to the default properties
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.crowdsec-firewall-bouncer.createRulesets | Whether to have the module create the appropriate firewall configuration
based on the bouncer settings
|
| services.prometheus.scrapeConfigs.*.tls_config | Configures the scrape request's TLS settings.
|
| services.qbittorrent.serverConfig | Free-form settings mapped to the qBittorrent.conf file in the profile
|
| hardware.openrazer.batteryNotifier | Settings for device battery notifications.
|
| services.bitwarden-directory-connector-cli.ldap | Options to configure the LDAP connection
|
| services.bitwarden-directory-connector-cli.sync | Options to configure what gets synced
|
| services.centrifugo.environmentFiles | Files to load environment variables from
|
| services.archisteamfarm.ipcSettings | Settings to write to IPC.config
|
| services.grafana.settings.security.content_security_policy_report_only | Set to true to add the Content-Security-Policy-Report-Only header to your requests
|
| services.nghttpx.backends.*.params.affinity | If "ip" is given, client IP based session affinity is
enabled
|
| i18n.extraLocaleSettings | A set of additional system-wide locale settings other than LANG
which can be configured with i18n.defaultLocale
|
| services.grafana.settings.security.disable_brute_force_login_protection | Set to true to disable brute force login protection.
|
| services.grafana.settings.security.strict_transport_security_subdomains | Set to true to enable HSTS includeSubDomains option
|
| services.nginx.recommendedOptimisation | Enable recommended optimisation settings.
|
| virtualisation.appvm.enable | This enables AppVMs and related virtualisation settings.
|
| services.transmission.credentialsFile | Path to a JSON file to be merged with the settings
|
| services.davis.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.davis.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.slskd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.slskd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fluent-bit.configurationFile | Fluent Bit configuration
|
| services.snipe-it.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.snipe-it.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.gancio.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.gancio.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.akkoma.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.monica.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.matomo.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.monica.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.matomo.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| programs.ryzen-monitor-ng.enable | Whether to enable ryzen_monitor_ng, a userspace application for setting and getting Ryzen SMU (System Management Unit) parameters via the ryzen_smu kernel driver
|
| services.prometheus.alertmanager-ntfy.extraConfigFiles | Config files to merge into the settings defined in services.prometheus.alertmanager-ntfy.settings
|
| virtualisation.lxc.bridgeConfig | This is the config file for override lxc-net bridge default settings.
|
| services.xserver.desktopManager.surf-display.screensaverSettings | Screensaver settings, see man 1 xset for possible options.
|
| services.radicle.httpd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|