| services.silverbullet.enable | Whether to enable Silverbullet, an open-source, self-hosted, offline-capable Personal Knowledge Management (PKM) web application.
|
| services.taler.merchant.settings.merchant.DB | Plugin to use for the database.
|
| services.livebook.package | The livebook package to use.
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id | PPK identity the PPK belongs to
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts | List of remote selectors to include in CHILD_SA
|
| services.thanos.rule.objstore.config | Object store configuration
|
| services.meme-bingo-web.enable | Whether to enable a web app for the meme bingo, rendered entirely on the web server and made interactive with forms
|
| services.prowlarr.settings.log.analyticsEnabled | Send Anonymous Usage Data
|
| services.tor.settings.BridgeAuthoritativeDir | See torrc manual.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| services.reaction.stopForFirewall | Whether to stop reaction when reloading the firewall
|
| services.prosody.muc.*.roomDefaultHistoryLength | Number of history message sent to participants by default.
|
| services.radicle.ci.broker.settings.triggers.*.filters | Trigger filter.
|
| services.samba.usershares.group | Name of the group members of which will be allowed to create usershares
|
| services.locate.enable | If enabled, NixOS will periodically update the database of
files used by the locate command.
|
| services.mongodb.package | The mongodb package to use.
|
| services.slskd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.openiscsi.name | Name of this iscsi initiator
|
| services.nextcloud.config.dbtableprefix | Table prefix in Nextcloud's database.
Note: since Nextcloud 20 it's not an option anymore to create a database
schema with a custom table prefix
|
| services.printing.cups-pdf.instances | Permits to raise one or more cups-pdf instances
|
| services.openvpn.servers.<name>.autoStart | Whether this OpenVPN instance should be started automatically.
|
| services.monica.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.pixelfed.nginx.sslCertificate | Path to server SSL certificate.
|
| services.prometheus.exporters.restic.refreshInterval | Refresh interval for the metrics in seconds
|
| services.matrix-conduit.settings.global.port | The port Conduit will be running on
|
| services.orangefs.server.extraConfig | Extra config for the global section.
|
| services.torque.mom.serverNode | Hostname running pbs server.
|
| services.nostr-rs-relay.dataDir | Directory for SQLite files.
|
| services.sympa.settingsFile.<name>.source | Path of the source file.
|
| services.reposilite.settings.bypassExternalCache | Add cache bypass headers to responses from /api/* to avoid issues with proxies such as Cloudflare.
|
| services.syncplay.package | The syncplay-nogui package to use.
|
| services.surrealdb.extraFlags | Specify a list of additional command line flags.
|
| services.prosody.xmppComplianceSuite | The XEP-0423 defines a set of recommended XEPs to implement
for a server
|
| services.prometheus.exporters.smokeping.user | User name under which the smokeping exporter shall be run.
|
| services.thanos.query.web.external-prefix | Static prefix for all HTML links and redirect URLs in the UI query web
interface
|
| services.mjpg-streamer.inputPlugin | Input plugin
|
| services.suricata.settings.plugins | Plugins -- Experimental -- specify the filename for each plugin shared object.
|
| services.thanos.receive.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.prometheus.exporters.klipper.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.klipper.openFirewall is true.
|
| services.syncthing.relay.pools | Relay pools to join
|
| services.nvme-rs.settings.thresholds.wear_warning | Wear warning threshold (%)
|
| services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| services.limesurvey.config | LimeSurvey configuration
|
| services.limesurvey.nginx.virtualHost.root | The path of the web root directory.
|
| services.thelounge.public | Make your The Lounge instance public
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secret | OAuth client secret.
|
| services.sftpgo.settings.sftpd.bindings.*.address | Network listen address
|
| services.tcsd.firmwarePCRs | PCR indices used in the TPM for firmware measurements.
|
| services.litellm.environment | Extra environment variables for LiteLLM.
|
| services.quicktun.<name>.tunMode | Whether to operate in tun (IP) or tap (Ethernet) mode.
|
| services.ncps.cache.upstream.dialerTimeout | Timeout for establishing TCP connections to upstream caches (e.g., 3s, 5s, 10s).
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.refresh_interval | The time after which the containers are refreshed
|
| services.skydns.etcd.caCert | Skydns path of TLS certificate authority public key.
|
| services.monado.forceDefaultRuntime | Whether to ensure that Monado is the active runtime set for the current
user
|
| services.prometheus.exporters.smartctl.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.smartctl.openFirewall is true.
|
| services.matrix-continuwuity.settings.global.max_request_size | Max request size in bytes
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth | Optional HTTP basic authentication information.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.nextcloud-spreed-signaling.settings.turn.servers | A list of TURN servers to use
|
| services.tuptime.enable | Whether to enable the total uptime service.
|
| services.moodle.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.octoprint.stateDir | State directory of the daemon.
|
| services.resilio.httpLogin | HTTP web login username.
|
| services.rss2email.enable | Whether to enable rss2email.
|
| services.prometheus.exporters.unbound.unbound.certificate | Path to the Unbound control socket certificate
|
| services.ollama.group | Group under which to run ollama
|
| services.openafsClient.cellServDB.<name>.*.dnsname | DNS full-qualified domain name of a database server
|
| services.pgadmin.initialPasswordFile | Initial password file for the pgAdmin account
|
| services.slskd.nginx.sslCertificate | Path to server SSL certificate.
|
| services.slskd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.prometheus.exporters.exportarr-lidarr.openFirewall | Open port in firewall for incoming connections.
|
| services.smartd.autodetect | Whenever smartd should monitor all devices connected to the
machine at the time it's being started (the default)
|
| services.logcheck.extraRulesDirs | Directories with extra rules.
|
| services.portunus.ldap.package | The openldap package to use.
|
| services.litestream.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.pixelfed.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.sanoid.templates | Templates for datasets.
|
| services.nextcloud.settings.overwriteprotocol | Force Nextcloud to always use HTTP or HTTPS i.e. for link generation
|
| services.snipe-it.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.munin-node.extraAutoPlugins | Additional Munin plugins to autoconfigure, using
munin-node-configure --suggest
|
| services.prometheus.exporters.nut.extraFlags | Extra commandline options to pass to the nut exporter.
|
| services.thanos.rule.stateDir | Data directory relative to /var/lib.
|
| services.overseerr.package | The overseerr package to use.
|
| services.prometheus.exporters.graphite.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.graphite.openFirewall
is true
|
| services.nixops-dns.domain | Fake domain name to resolve to NixOps virtual machines
|
| services.tailscale.extraUpFlags | Extra flags to pass to tailscale up
|
| services.lldap.database.createLocally | Create the database and database user locally.
|
| services.prometheus.exporters.systemd.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.systemd.openFirewall is true.
|
| services.mailman.ldap.bindPasswordFile | Path to the file containing the bind password of the service account
defined by services.mailman.ldap.bindDn.
|
| services.prometheus.remoteWrite.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.openiscsi.extraConfig | Lines to append to default iscsid.conf
|
| services.lighthouse.validator.extraArgs | Additional arguments passed to the lighthouse validator command.
|
| services.postgrey.lookupBySubnet | Strip the last N bits from IP addresses, determined by IPv4CIDR and IPv6CIDR
|
| services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.mailhog.apiPort | Port on which the API endpoint will listen.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret | OAuth client secret.
|
| services.prometheus.exporters.scaphandre.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.scaphandre.openFirewall is true.
|
| services.mealie.enable | Whether to enable Mealie, a recipe manager and meal planner.
|
| services.snapraid.scrub.interval | How often to run snapraid scrub.
|