| services.mirakurun.allowSmartCardAccess | Install polkit rules to allow Mirakurun to access smart card readers
which is commonly used along with tuner devices.
|
| services.misskey.settings.redisForTimelines | ioredis options for timelines
|
| services.navidrome.enable | Whether to enable Navidrome music server.
|
| services.pocket-id.settings.APP_URL | The URL where you will access the app.
|
| services.pretalx.settings.redis.session | Whether to use redis as the session storage.
|
| services.privoxy.userFilters | Filters to be included in a user.filter file
|
| services.prosody.allowRegistration | Allow account creation
|
| services.syncoid.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.networkd-dispatcher.extraArgs | Extra arguments to pass to the networkd-dispatcher command.
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish | How long after deactivation to keep a key in the zone
|
| services.pgbouncer.homeDir | Specifies the home directory.
|
| services.prometheus.exporters.influxdb.openFirewall | Open port in firewall for incoming connections.
|
| services.prometheus.scrapeConfigs.*.metrics_path | The HTTP resource path on which to fetch metrics from targets
|
| services.saunafs.sfsUser | Run daemons as user.
|
| services.snipe-it.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.taler.settings.taler.CURRENCY | The currency which taler services will operate with
|
| services.monica.dataDir | monica data directory
|
| services.prometheus.exporters.rspamd.enable | Whether to enable the prometheus rspamd exporter.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.ombi.group | Group under which Ombi runs.
|
| services.opengfw.logFormat | Format of the logs. logFormatMap
|
| services.prometheus.exporters.bitcoin.extraEnv | Extra environment variables for the exporter.
|
| services.prosody.modules.blocklist | Allow users to block communications with other users
|
| services.tt-rss.sessionCookieLifetime | Default lifetime of a session (e.g. login) cookie
|
| services.maubot.settings.server.ui_base_path | The base path for the UI.
|
| services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| services.pdns-recursor.forwardZones | DNS zones to be forwarded to other authoritative servers.
|
| services.prometheus.exporters.pgbouncer.openFirewall | Open port in firewall for incoming connections.
|
| services.shorewall6.enable | Whether to enable Shorewall IPv6 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| services.syncoid.service | Systemd configuration common to all syncoid services.
|
| services.tox-node.enable | Whether to enable Tox Node service.
|
| services.meilisearch.masterKeyFile | Path to file which contains the master key
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action | Action to perform after a CHILD_SA gets closed by the peer.
- The default of
none does not take any action,
trap installs a trap policy for the CHILD_SA.start tries to re-create the CHILD_SA.
close_action does not provide any guarantee that the
CHILD_SA is kept alive
|
| services.magnetico.crawler.maxNeighbors | Maximum number of simultaneous neighbors of an indexer
|
| services.openbao.package | The openbao package to use.
|
| services.outline.oidcAuthentication.authUrl | OIDC authentication URL endpoint.
|
| services.tlsrpt.reportd.settings.log_level | Level of log messages to emit.
|
| services.swapspace.settings.swappath | Location where swapspace may create and delete swapfiles
|
| services.tor.settings.MaxAdvertisedBandwidth | See torrc manual.
|
| services.murmur.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.netbird.server.management.turnDomain | The domain of the TURN server to use.
|
| services.peerflix.stateDir | Peerflix state directory.
|
| services.privatebin.group | Group under which privatebin runs
|
| services.matomo.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.ndppd.proxies | This sets up a listener, that will listen for any Neighbor Solicitation
messages, and respond to them according to a set of rules.
|
| services.nomad.credentials | Credentials envs used to configure nomad secrets.
|
| services.prometheus.exporters.borgmatic.configFile | The path to the borgmatic config file
|
| services.prometheus.exporters.sabnzbd.port | Port to listen on.
|
| services.tt-rss.singleUserMode | Operate in single user mode, disables all functionality related to
multiple users and authentication
|
| services.nginx.defaultHTTPListenPort | If vhosts do not specify listen.port, use these ports for HTTP by default.
|
| services.plausible.server.port | Port where the service should be available.
|
| services.lirc.configs | Configurations for lircd to load, see man:lircd.conf(5) for details (lircd.conf)
|
| services.ncps.cache.storage.s3.region | The S3 region.
|
| services.taskchampion-sync-server.allowClientIds | Client IDs to allow (can be repeated; if not specified, all clients are allowed)
|
| services.pantalaimon-headless.instances.<name>.ssl | Whether or not SSL verification should be enabled for outgoing
connections to the homeserver.
|
| services.pghero.environment | Environment variables to set for the service
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.port | The port to scrape metrics from, when role is nodes, and for discovered
tasks and services that don't have published ports
|
| services.snipe-it.config | Snipe-IT configuration options to set in the
.env file
|
| services.traefik.user | User under which Traefik runs.
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the Traefik service starts.
|
| services.picom.enable | Whether or not to enable Picom as the X.org composite manager.
|
| services.pixelfed.schedulerInterval | How often the Pixelfed cron task should run
|
| services.pretix.nginx.domain | The domain name under which to set up the virtual host.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth | Optional HTTP basic authentication information.
|
| services.rpcbind.enable | Whether to enable rpcbind, an ONC RPC directory service
notably used by NFS and NIS, and which can be queried
using the rpcinfo(1) command. rpcbind is a replacement for
portmap.
|
| services.maddy.primaryDomain | Primary MX domain to use
|
| services.misskey.reverseProxy.webserver.nginx.listen.*.addr | Listen address.
|
| services.netbird.server.management.disableAnonymousMetrics | Disables push of anonymous usage metrics to NetBird.
|
| services.prefect.databasePasswordFile | path to a file containing e.g.:
DBPASSWORD=supersecret
stored outside the nix store, read by systemd as EnvironmentFile.
|
| services.prometheus.exporters.exportarr-prowlarr.user | User name under which the exportarr-prowlarr exporter shall be run.
|
| services.rosenpass.settings | Configuration for Rosenpass, see https://rosenpass.eu/ for further information.
|
| services.taler.merchant.package | The taler-merchant package to use.
|
| services.tcsd.stateDir | The location of the system persistent storage file
|
| services.postfix.settings.master.<name>.args | Arguments to pass to the command
|
| services.postgresql.package | The package being used by postgresql.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key | Secret key to use when listing targets. https://console.scaleway.com/project/credentials
It is mutually exclusive with secret_key_file.
|
| services.saunafs.client.enable | Whether to enable Saunafs client.
|
| services.spiped.config.<name>.timeout | Timeout, in seconds, after which an attempt to connect to
the target or a protocol handshake will be aborted (and the
connection dropped) if not completed
|
| services.opengfw.rules.*.action | Action of the rule. Supported actions
|
| services.openssh.allowSFTP | Whether to enable the SFTP subsystem in the SSH daemon
|
| services.rosenpass.package | The rosenpass package to use.
|
| services.monero.rpc.user | User name for RPC connections.
|
| services.multipath.devices.*.vpd_vendor | The vendor specific vpd page information, using the vpd page abbreviation
|
| services.nipap.nipap-www.xmlrpcURIFile | Path to file containing XMLRPC URI for use by web UI - this is a secret, since it contains auth credentials
|
| services.opencloud.port | Web server port.
|
| services.opensearch.settings."cluster.name" | The name of the cluster.
|
| services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| services.roundcube.database.username | Username for the postgresql connection
|
| services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.monero.priorityNodes | List of peer IP addresses to connect to and
attempt to keep the connection open.
|
| services.ncps.cache.lock.retry.jitter | Enable jitter in retry delays to prevent thundering herd.
|
| services.linkwarden.port | The port that Linkwarden will listen on.
|
| services.netbird.server.signal.enable | Whether to enable Netbird's Signal Service.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.exporters.dmarc.openFirewall | Open port in firewall for incoming connections.
|
| services.redmine.database.type | Database engine to use.
|
| services.tmate-ssh-server.openFirewall | Whether to automatically open the specified ports in the firewall.
|
| services.prometheus.exporters.ping.openFirewall | Open port in firewall for incoming connections.
|
| services.tahoe.nodes.<name>.sftpd.accounts.url | URL of the accounts server.
|
| services.outline.discordAuthentication.serverId | Restrict logins to a specific server (optional, but recommended)
|