| services.prometheus.exporters.opnsense.enable | Whether to enable the prometheus opnsense exporter.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.endpoint_params | Optional parameters to append to the token URL.
|
| services.magnetico.enable | Whether to enable Magnetico, Bittorrent DHT crawler.
|
| services.taskchampion-sync-server.port | Port on which to serve
|
| services.step-ca.address | The address (without port) the certificate authority should listen at
|
| services.mastodon.smtp.passwordFile | Path to file containing the SMTP password.
|
| services.matrix-hookshot.serviceDependencies | List of Systemd services to require and wait for when starting the application service,
such as the Matrix homeserver if it's running on the same host.
|
| services.movim.database.createLocally | local database using UNIX socket authentication
|
| services.netbird.clients.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.plausible.enable | Whether to enable plausible.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.soju.hostName | Server hostname.
|
| services.transmission.settings.incomplete-dir | When enabled with
services.transmission.home
services.transmission.settings.incomplete-dir-enabled,
new torrents will download the files to this directory
|
| services.limesurvey.nginx.virtualHost | Nginx configuration can be done by adapting services.nginx.virtualHosts.<name>
|
| services.murmur.allowHtml | Allow HTML in client messages, comments, and channel
descriptions.
|
| services.omnom.settings.smtp.tls_allow_insecure | Whether to enable Whether to allow insecure TLS..
|
| services.sanoid.datasets.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| services.strongswan-swanctl.swanctl.connections.<name>.rekey_time | IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
does not re-check associated credentials
|
| services.nextcloud.extraApps | Extra apps to install
|
| services.plantuml-server.plantumlStats | Set it to on to enable statistics report (https://plantuml.com/statistics-report).
|
| services.prometheus.exporters.pihole.password | The password to login into Pi-Hole
|
| services.slurm.extraConfigPaths | Slurm expects config files for plugins in the same path
as slurm.conf
|
| services.thelounge.package | The thelounge package to use.
|
| services.opensnitch.settings.ProcMonitorMethod | Which process monitoring method to use.
|
| services.pixelfed.maxUploadSize | Max upload size with units.
|
| services.porn-vault.openFirewall | Whether to open the Porn-Vault port in the firewall.
|
| services.postfix.settings.master.<name>.command | A program name specifying a Postfix service/daemon process
|
| services.prometheus.exporters.redis.port | Port to listen on.
|
| services.send.package | The send package to use.
|
| services.tt-rss.pubSubHubbub.enable | Enable client PubSubHubbub support in tt-rss
|
| services.nzbhydra2.package | The nzbhydra2 package to use.
|
| services.subsonic.transcoders | List of paths to transcoder executables that should be accessible
from Subsonic
|
| services.limesurvey.nginx.virtualHost.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.mchprs.settings.motd | Message of the day
|
| services.nagios.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secret | OAuth client secret.
|
| services.toxvpn.port | udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT
|
| services.prometheus.exporters.libvirt.extraFlags | Extra commandline options to pass to the libvirt exporter.
|
| services.prometheus.exporters.wireguard.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.wireguard.openFirewall
is true
|
| services.rathole.settings | Rathole configuration, for options reference
see the example on GitHub
|
| services.taskserver.debug | Logs debugging information.
|
| services.taskserver.pki.auto.expiration.server | The expiration time of the server certificate in days or null for no
expiration time.
|
| services.llama-cpp.enable | Whether to enable LLaMA C++ server.
|
| services.movim.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.oauth2-proxy.upstream | The http url(s) of the upstream endpoint or file://
paths for static files
|
| services.openssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.osquery.package | The osquery package to use.
|
| services.maddy.secrets | A list of files containing the various secrets
|
| services.mainsail.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.nntp-proxy.listenAddress | Proxy listen address (IPv6 literal addresses need to be enclosed in "[" and "]" characters)
|
| services.postfix.setgidGroup | How to call postfix setgid group (for postdrop)
|
| services.prometheus.exporters.node-cert.listenAddress | Address to listen on.
|
| services.ringboard.wayland.package | The ringboard-wayland package to use.
|
| services.suricata.settings.vars.address-groups.TELNET_SERVERS | TELNET_SERVERS variable.
|
| services.nginx.sso.package | The nginx-sso package to use.
|
| services.nipap.nipap-www.workers | Number of worker processes for Gunicorn to fork.
|
| services.oauth2-proxy.profileURL | Profile access endpoint.
|
| services.phylactery.host | Listen host for Phylactery
|
| services.nextcloud.config.objectstore.s3.secretFile | The full path to a file that contains the access secret.
|
| services.prometheus.scrapeConfigs | A list of scrape configurations.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth | Optional HTTP basic authentication information.
|
| services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.servers | The Zookeeper servers.
|
| services.nar-serve.cacheURL | Binary cache URL to connect to
|
| services.outline.logo | Custom logo displayed on the authentication screen
|
| services.snipe-it.nginx.kTLS | Whether to enable kTLS support
|
| services.osrm.address | IP address on which the web server will listen.
|
| services.paisa.package | The paisa package to use.
|
| services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| services.mympd.settings | Manages the configuration files declaratively
|
| services.rabbitmq.managementPlugin.enable | Whether to enable the management plugin.
|
| services.suricata.settings.logging.outputs.syslog.format | Logformat for logs send to syslog.
|
| services.tt-rss.forceArticlePurge | When this option is not 0, users ability to control feed purging
intervals is disabled and all articles (which are not starred)
older than this amount of days are purged.
|
| services.portunus.stateDir | Path where Portunus stores its state.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2 | Optional OAuth 2.0 configuration
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.thelounge.enable | Whether to enable The Lounge web IRC client.
|
| services.mqtt2influxdb.mqtt.port | MQTT server port.
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth | Optional HTTP basic authentication information.
|
| services.prosody-filer.enable | Whether to enable Prosody Filer XMPP upload file server.
|
| services.system76-scheduler.settings.processScheduler.enable | Tweak scheduling of individual processes in real time.
|
| services.localtimed.geoclue2Package | The Geoclue2 package to use.
|
| services.mattermost.database.extraConnectionOptions | Extra options that are placed in the connection URI's query parameters.
|
| services.mealie.settings | Configuration of the Mealie service
|
| services.misskey.reverseProxy.webserver.caddy.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.pgbackrest.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All globally available options, i.e. all except stanza options, can be used
|
| services.prometheus.exporters.ping.extraFlags | Extra commandline options to pass to the ping exporter.
|
| services.prometheus.remoteWrite.*.basic_auth | Sets the Authorization header on every remote write request with the
configured username and password.
password and password_file are mutually exclusive.
|
| services.sftpgo.settings.sftpd.bindings | Configure listen addresses and ports for sftpd.
|
| services.prometheus.exporters.buildkite-agent.port | Port to listen on.
|
| services.sshwifty.enable | Whether to enable Sshwifty.
|
| services.tahoe.nodes.<name>.client.shares.total | The number of shares required to store a file.
|
| services.transmission.settings.peer-port-random-high | The maximum peer port to listen to for incoming connections
when services.transmission.settings.peer-port-random-on-start is enabled.
|
| services.nsd.zones.<name>.children | Children zones inherit all options of their parents
|
| services.prometheus.exporters.ebpf.port | Port to listen on.
|
| services.radicle.httpd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.tt-rss.user | User account under which both the update daemon and the web-application run.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.outline.oidcAuthentication.displayName | Display name for OIDC authentication.
|
| services.prometheus.exporters.nginxlog.settings | All settings of nginxlog expressed as an Nix attrset
|