| services.nvme-rs.settings.email.smtp_server | SMTP server address
|
| services.tt-rss.database.createLocally | Create the database and database user locally.
|
| services.nitter.cache.redisHost | Redis host.
|
| services.postgrest.settings.admin-server-port | Specifies the port for the admin server, which can be used for healthchecks.
https://docs.postgrest.org/en/stable/references/admin_server.html#admin-server
|
| services.peertube-runner.instancesToRegister.<name>.runnerName | Runner name declared to the PeerTube instance.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.pixelfed.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.traccar.settings | config.xml configuration as a Nix attribute set
|
| services.prometheus.exporters.postfix.showqPath | Path where Postfix places its showq socket.
|
| services.unclutter.package | The unclutter package to use.
|
| services.mtr-exporter.address | Listen address for MTR exporter.
|
| services.prometheus.exporters.ping.listenAddress | Address to listen on.
|
| services.opensearch.dataDir | Data directory for OpenSearch
|
| services.lighttpd.mod_userdir | If true, requests in the form /~user/page.html are rewritten to take
the file public_html/page.html from the home directory of the user.
|
| services.quake3-server.baseq3 | Path to the baseq3 files (pak*.pk3)
|
| services.radicle.httpd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.throttled.enable | Whether to enable fix for Intel CPU throttling.
|
| services.postfix.settings.master.<name>.private | Whether the service's sockets and storage directory is restricted to
be only available via the mail system
|
| services.misskey.settings.url | The final user-facing URL
|
| services.radicle.ci.adapters.native.instances.<name>.package | The radicle-native-ci package to use.
|
| services.spacecookie.settings.root | The directory spacecookie should serve via gopher
|
| services.restic.backups.<name>.rcloneOptions | Options to pass to rclone to control its behavior
|
| services.rutorrent.poolSettings | Options for ruTorrent's PHP pool
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.pretix.settings.pretix.datadir | Directory for storing user uploads and similar data.
|
| services.phpfpm.pools.<name>.user | User account under which this pool runs.
|
| services.prometheus.exporters.exportarr-bazarr.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.exportarr-bazarr.openFirewall
is true
|
| services.sharkey.settings.fulltextSearch.provider | Which provider to use for full text search
|
| services.rauc.settings | Rauc configuration that will be converted to INI
|
| services.stalwart.openFirewall | Whether to open TCP firewall ports, which are specified in
services.stalwart.settings.server.listener on all interfaces.
|
| services.screego.settings | Screego settings passed as Nix attribute set, they will be merged with
the defaults
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_secret | The application_credential_secret field is required if using an application
credential to authenticate.
|
| services.tor.settings.ExitRelay | See torrc manual.
|
| services.sshguard.enable | Whether to enable the sshguard service.
|
| services.sitespeed-io.period | Systemd calendar expression when to run
|
| services.lldap.enable | Whether to enable lldap, a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication.
|
| services.samba-wsdd.enable | Whether to enable Web Services Dynamic Discovery host daemon
|
| services.netbird.clients.<name>.logLevel | Log level of the NetBird daemon.
|
| services.quicktun.<name>.publicKey | Remote public key in hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.pgbackrest.commands.annotate | Options for the 'annotate' command
|
| services.trafficserver.splitDns | Specify the DNS server that Traffic Server should use under specific
conditions
|
| services.spiped.config.<name>.target | Address to which spiped should connect.
|
| services.prometheus.exporters.nginxlog.metricsEndpoint | Path under which to expose metrics.
|
| services.postfix.dnsBlacklistOverrides | contents of check_client_access for overriding dnsBlacklists
|
| services.minetest-server.extraArgs | Additional command line flags to pass to the minetest executable.
|
| services.nginx.virtualHosts.<name>.default | Makes this vhost the default.
|
| services.taskserver.pki.auto.expiration.client | The expiration time of client certificates in days or null for no
expiration time.
|
| services.orangefs.client.enable | Whether to enable OrangeFS client daemon.
|
| services.prometheus.exporters.bitcoin.openFirewall | Open port in firewall for incoming connections.
|
| services.pixelfed.nginx.default | Makes this vhost the default.
|
| services.prometheus.exporters.node.enable | Whether to enable the prometheus node exporter.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file | File name in the pkcs12 folder for which this
passphrase should be used.
|
| services.prometheus.exporters.collectd.extraFlags | Extra commandline options to pass to the collectd exporter.
|
| services.llama-cpp.host | IP address the LLaMA C++ server listens on.
|
| services.llama-swap.settings | llama-swap configuration
|
| services.postgresql.enableTCPIP | Whether PostgreSQL should listen on all network interfaces
|
| services.pretix.settings.memcached.location | The host:port combination or the path to the UNIX socket of a memcached instance
|
| services.prometheus.exporters.postfix.systemd.slice | Name of the postfix systemd slice
|
| services.prometheus.exporters.kafka.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.kafka.openFirewall is true.
|
| services.pyload.user | User under which pyLoad runs, and which owns the download directory.
|
| services.matrix-alertmanager.matrixRooms.*.roomId | Matrix room ID
|
| services.maubot.settings.plugin_directories.trash | The directory where old plugin versions and conflicting plugins should be moved
|
| services.moodle.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.radicle.httpd.nginx.listen.*.port | Port number to listen on
|
| services.pretix.user | User under which pretix should run.
|
| services.photoprism.package | The photoprism package to use.
|
| services.prometheus.exporters.fritz.user | User name under which the fritz exporter shall be run.
|
| services.prometheus.exporters.wireguard.verbose | Whether to enable verbose logging mode for prometheus-wireguard-exporter.
|
| services.mame.user | User from which you run MAME binary.
|
| services.monero.dataDir | The directory where Monero stores its data files.
|
| services.netbird.server.management.domain | The domain under which the management API runs.
|
| services.shellhub-agent.enable | Whether to enable ShellHub Agent daemon.
|
| services.netbird.server.management.disableSingleAccountMode | If set to true, disables single account mode
|
| services.selfoss.user | User account under which both the service and the web-application run.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updown | Updown script to invoke on CHILD_SA up and down events.
|
| services.nextcloud.cli.memoryLimit | The memory_limit of PHP is equal to services.nextcloud.maxUploadSize
|
| services.lubelogger.group | Group under which LubeLogger runs.
|
| services.tor.client.socksListenAddress | Bind to this address to listen for connections from
Socks-speaking applications.
|
| services.monica.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.opengfw.settings.io.local | Set to false if you want to run OpenGFW on FORWARD chain. (e.g. on a router)
|
| services.multipath.devices.*.marginal_path_double_failed_time | One of the four parameters of supporting path check based on accounting IO error such as intermittent error
|
| services.suricata.settings.unix-command.filename | Filename for unix-command socket.
|
| services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| services.open-web-calendar.settings | Configuration for the server
|
| services.tailscale.useRoutingFeatures | Enables settings required for Tailscale's routing features like subnet routers and exit nodes
|
| services.prometheus.scrapeConfigs.*.relabel_configs.*.action | Action to perform based on regex matching
|
| services.matrix-conduit.settings.global.server_name | The server_name is the name of this server
|
| services.tlp.extraConfig | Verbatim additional configuration variables for TLP
|
| services.mjolnir.pantalaimon.options.ssl | Whether or not SSL verification should be enabled for outgoing
connections to the homeserver.
|
| services.mainsail.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.sanoid.enable | Whether to enable Sanoid ZFS snapshotting service.
|
| services.pgbackrest.commands.stanza-upgrade | Options for the 'stanza-upgrade' command
|
| services.slurm.server.enable | Whether to enable the slurm control daemon
|
| services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| services.prometheus.exporters.dnsmasq.listenAddress | Address to listen on.
|
| services.nominatim.database.superUser | Postgresql database superuser used to create Nominatim database and
import data
|
| services.unpoller.loki.pass | Path of a file containing the password for Loki
|
| services.unpoller.loki.timeout | Should be increased in case of timeout errors.
|
| services.prosody.muc.*.moderation | Allow rooms to be moderated
|
| services.tt-rss.auth.autoCreate | Allow authentication modules to auto-create users in tt-rss internal
database when authenticated successfully.
|