| services.movim.h2o.settings | Attrset to be transformed into YAML for host config
|
| services.prometheus.scrapeConfigs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.tlsrpt.reportd.settings.sender_address | Sender address used for reports.
|
| services.fedimintd.<name>.api.url | Public URL of the API address of the reverse proxy/tls terminator
|
| services.fedimintd.<name>.api.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.fedimintd.<name>.api.port | Port to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config | TLS configuration.
|
| services.public-inbox.imap.port | Listening port
|
| services.public-inbox.nntp.port | Listening port
|
| services.h2o.hosts.<name>.settings | Attrset to be transformed into YAML for host config
|
| services.rkvm.server.settings.key | TLS key path.
This should be generated with rkvm-certificate-gen.
|
| services.syncplay.useACMEHost | If set, use NixOS-generated ACME certificate with the specified name for TLS
|
| virtualisation.podman.networkSocket.enable | Make the Podman and Docker compatibility API available over the network
with TLS client certificate authentication
|
| services.fedimintd.<name>.nginx.fqdn | Public domain of the API address of the reverse proxy/tls terminator.
|
| services.coder.wildcardAccessUrl | If you are providing TLS certificates directly to the Coder server, you must use a single certificate for the root and wildcard domains.
|
| services.zitadel.settings.TLS.KeyPath | Path to the TLS certificate private key.
|
| services.zitadel.settings.TLS.CertPath | Path to the TLS certificate.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config | TLS configuration.
|
| services.tailscale.permitCertUid | Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.
|
| services.vsftpd.ssl_sslv2 | Only applies if ssl_enable is activated
|
| services.vsftpd.ssl_sslv3 | Only applies if ssl_enable is activated
|
| services.tlsrpt.reportd.settings.sendmail_script | Path to a sendmail-compatible executable for delivery reports.
|
| services.librespeed.domain | If not null, this will add an entry to services.librespeed.servers and
configure librespeed to use TLS.
|
| services.librenms.nginx.kTLS | Whether to enable kTLS support
|
| services.fediwall.nginx.kTLS | Whether to enable kTLS support
|
| services.dolibarr.nginx.kTLS | Whether to enable kTLS support
|
| services.agorakit.nginx.kTLS | Whether to enable kTLS support
|
| services.kanboard.nginx.kTLS | Whether to enable kTLS support
|
| services.mainsail.nginx.kTLS | Whether to enable kTLS support
|
| services.postfix.enableSmtp | Whether to enable the smtp service configured in the master.cf
|
| services.pixelfed.nginx.kTLS | Whether to enable kTLS support
|
| services.fedimintd.<name>.api_ws.url | Public URL of the API address of the reverse proxy/tls terminator
|
| security.acme.defaults.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| services.fedimintd.<name>.api_ws.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.cassandra.remoteJmx | Cassandra ships with JMX accessible only from localhost
|
| services.komodo-periphery.ssl.enable | Whether to enable SSL/TLS support.
|
| services.fedimintd.<name>.api_ws.port | TCP Port to bind on for API connections relayed by the reverse proxy/tls terminator.
|
| services.radicle.httpd.nginx.kTLS | Whether to enable kTLS support
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config | TLS configuration.
|
| services.anuko-time-tracker.nginx.kTLS | Whether to enable kTLS support
|
| services.ghostunnel.servers | Server mode ghostunnels (TLS listener -> plain TCP/UNIX target)
|
| services.keycloak.database.useSSL | Whether the database connection should be secured by SSL / TLS
|
| services.nginx.virtualHosts.<name>.kTLS | Whether to enable kTLS support
|
| services.dolibarr.h2o.settings | Attrset to be transformed into YAML for host config
|
| services.coturn.listening-port | TURN listener port for UDP and TCP
|
| services.bookstack.nginx.kTLS | Whether to enable kTLS support
|
| services.biboumi.settings.ca_file | Specifies which file should be used as the list of trusted CA
when negotiating a TLS session.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config | TLS configuration.
|
| services.infinoted.securityPolicy | How strictly to enforce clients connection with TLS.
|
| services.sabnzbd.settings.servers.<name>.ssl | Whether the server supports TLS
|
| services.neo4j.bolt.sslPolicy | Neo4j SSL policy for BOLT traffic
|
| services.jirafeau.nginxConfig.kTLS | Whether to enable kTLS support
|
| services.minio.certificatesDir | The directory where TLS certificates are stored.
|
| services.radicle.httpd.nginx | With this option, you can customize an nginx virtual host which already has sensible defaults for radicle-httpd
|
| services.kubernetes.pki.genCfsslAPICerts | Whether to automatically generate cfssl API webserver TLS cert and key,
if they don't exist.
|
| services.tlsrpt.reportd.settings.organization_name | Name of the organization sending out the reports.
|
| services.zitadel.settings.TLS.Cert | The TLS certificate, as a base64-encoded string
|
| services.kubernetes.pki.cfsslAPIExtraSANs | Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
|
| services.zabbixWeb.nginx.virtualHost.kTLS | Whether to enable kTLS support
|
| services.zitadel.settings.TLS.Key | The TLS certificate private key, as a base64-encoded string
|
| services.nghttpx.backends.*.params.sni | Override the TLS SNI field value
|
| services.jitsi-meet.nginx.enable | Whether to enable nginx virtual host that will serve the javascript application and act as
a proxy for the XMPP server
|
| services.firezone.server.smtp.implicitTls | Whether to use implicit TLS instead of STARTTLS (usually port 465)
|
| services.parsedmarc.settings.smtp.ssl | Use an encrypted SSL/TLS connection.
|
| services.parsedmarc.settings.imap.ssl | Use an encrypted SSL/TLS connection.
|
| services.discourse.mail.outgoing.forceTLS | Force implicit TLS as per RFC 8314 3.3.
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.keycloak.database.caCert | The SSL / TLS CA certificate that verifies the identity of the
database server
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.keycloak.sslCertificate | The path to a PEM formatted certificate to use for TLS/SSL
connections.
|
| services.firezone.server.api.externalUrl | The external URL under which you will serve the api
|
| services.firezone.server.web.externalUrl | The external URL under which you will serve the web interface
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.fedimintd.<name>.nginx.config.kTLS | Whether to enable kTLS support
|
| services.keycloak.sslCertificateKey | The path to a PEM formatted private key to use for TLS/SSL
connections.
|
| services.nginx.recommendedTlsSettings | Enable recommended TLS settings.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.trafficserver.sni | Configure aspects of TLS connection handling for both inbound and
outbound connections
|
| services.infinoted.certificateFile | Server certificate to use for TLS
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.documize.forcesslport | Redirect given http port number to TLS.
|
| services.prometheus.exporters.lnd.lndTlsPath | Path to lnd TLS certificate.
|
| services.sftpgo.settings.smtp.encryption | Encryption scheme:
0: No encryption1: TLS2: STARTTLS
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.jitsi-meet.prosody.lockdown | Whether to disable Prosody features not needed by Jitsi Meet
|
| services.matrix-conduit.settings.global.address | Address to listen on for connections by the reverse proxy/tls terminator.
|
| services.kubernetes.apiserver.extraSANs | Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.firefox-syncserver.singleNode.enableTLS | Whether to enable automatic TLS setup.
|
| services.sabnzbd.settings.misc.https_key | Path to the TLS key for the web UI
|