| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization | Optional Authorization header configuration.
|
| services.prosody.httpFileShare.expires_after | Max age of a file before it gets deleted.
|
| services.syncthing.settings.folders | Folders which should be shared by Syncthing
|
| services.thermald.configFile | The thermald manual configuration file
|
| services.traefik.dynamic.files | Dynamic configuration files to write
|
| services.tsidp.settings.useLocalTailscaled | Use local tailscaled instead of tsnet.
|
| services.thanos.rule.tsdb.block-duration | Block duration for TSDB block
|
| services.lighttpd.cgit.enable | If true, enable cgit (fast web interface for git repositories) as a
sub-service in lighttpd.
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.tor.torsocks.socks5Password | SOCKS5 password
|
| services.mlmmj.mailLists | The collection of hosted maillists
|
| services.nextcloud.config.objectstore.s3.useSsl | Use SSL for objectstore access.
|
| services.prometheus.exporters.artifactory.extraFlags | Extra commandline options to pass to the artifactory exporter.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_id | OAuth client ID.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.proxy_url | Optional proxy URL.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.scopes | Scopes for the token request.
|
| services.snips-sh.settings | The configuration of snips-sh is done through environment variables,
therefore you must use upper snake case (e.g. SNIPS_HTTP_INTERNAL)
|
| services.stubby.logLevel | Log verbosity (syslog keyword or level).
|
| services.outline.discordAuthentication.serverRoles | Optionally restrict logins to a comma-separated list of role IDs
|
| services.prometheus.scrapeConfigs.*.body_size_limit | An uncompressed response body larger than this many bytes will cause the
scrape to fail. 0 means no limit
|
| services.suricata.settings.unix-command | Unix command socket that can be used to pass commands to Suricata
|
| services.newt.environmentFile | Path to a file containing sensitive environment variables for Newt
|
| services.oncall.secretFile | A YAML file containing secrets such as database or user passwords
|
| services.prometheus.exporters.frr.extraFlags | Extra commandline options to pass to the frr exporter.
|
| services.mattermost.matterircd.parameters | Set commandline parameters to pass to matterircd
|
| services.prometheus.exporters.mail.configFile | Specify the mailexporter configuration file to use.
|
| services.prometheus.exporters.mailman3.user | User name under which the mailman3 exporter shall be run.
|
| services.realmd.package | The realmd package to use.
|
| services.sanoid.templates.<name>.yearly | Number of yearly snapshots.
|
| services.limesurvey.nginx.virtualHost.sslCertificateKey | Path to server SSL certificate key.
|
| services.mastodon.redis.passwordFile | A file containing the password for Redis database.
|
| services.miniflux.package | The miniflux package to use.
|
| services.pfix-srsd.secretsFile | The secret data used to encode the SRS address.
to generate, use a command like:
for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done
|
| services.prometheus.exporters.junos-czerwonk.openFirewall | Open port in firewall for incoming connections.
|
| services.slskd.settings.global.upload.speed_limit | Total upload speed limit.
|
| services.suricata.settings.af-xdp | Linux high speed af-xdp capture support, see
docs/capture-hardware/af-xdp.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.prio | CPU scheduler priority.
|
| services.netbird.tunnels.<name>.user.group | A system group name for this client instance.
|
| services.strongswan-swanctl.swanctl.authorities | Section defining complementary attributes of certification authorities, each
in its own subsection with an arbitrary yet unique name
|
| services.strongswan-swanctl.swanctl.pools.<name>.nbns | Address or CIDR subnets
StrongSwan default: []
|
| services.teamspeak3.queryPort | TCP port opened for ServerQuery connections using the raw telnet protocol.
|
| services.livekit.settings.rtc.port_range_end | End of UDP port range for WebRTC
|
| services.misskey.settings.meilisearch.ssl | Whether to connect via SSL.
|
| services.ncps.cache.lock.retry.maxDelay | Maximum retry delay for distributed locks (exponential backoff
caps at this).
|
| services.prometheus.exporters.ipmi.listenAddress | Address to listen on.
|
| services.swapspace.settings.min_swapsize | Smallest allowed size for individual swapfiles
|
| services.taskserver.config | Configuration options to pass to Taskserver
|
| services.tor.relay.onionServices.<name>.path | Path where to store the data files of the hidden service
|
| services.tt-rss.root | Root of the application.
|
| services.nsd.zones.<name>.allowAXFRFallback | If NSD as secondary server should be allowed to AXFR if the primary
server does not allow IXFR.
|
| services.pihole-ftl.openFirewallDHCP | Open ports in the firewall for pihole-FTL's DHCP server.
|
| services.routinator.settings.log | A string specifying where to send log messages to
|
| services.misskey.settings.db.pass | The password used for database authentication.
|
| services.nix-serve.enable | Whether to enable nix-serve, the standalone Nix binary cache server.
|
| services.plex.accelerationDevices | A list of device paths to hardware acceleration devices that Plex should
have access to
|
| services.prometheus.exporters.chrony.enable | Whether to enable the prometheus chrony exporter.
|
| services.stunnel.servers | Define the server configurations
|
| services.lldap.settings.ldap_port | The port on which to have the LDAP server.
|
| services.matomo.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.nsd.remoteControl.controlCertFile | Path to the client certificate signed with the server certificate
|
| services.oauth2-proxy.cookie.domain | Optional cookie domains to force cookies to (ie: .yourcompany.com)
|
| services.prometheus.alertmanager.clusterPeers | Initial peers for HA cluster.
|
| services.prosody.httpsInterfaces | Interfaces on which the HTTPS server will listen on.
|
| services.mattermost.package | The mattermost package to use.
|
| services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| services.suricata.settings.default-log-dir | The default logging directory
|
| services.tayga.ipv4 | IPv4-specific configuration.
|
| services.umami.enable | Whether to enable umami.
|
| services.unbound.stateDir | Directory holding all state for unbound to run.
|
| services.netbird.tunnels.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| services.openldap.enable | Whether to enable the ldap server.
|
| services.pixelfed.nginx.listen.*.ssl | Enable SSL.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.port | The port to scrape metrics from
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.rstudio-server.rsessionExtraConfig | Extra contents for resssion.conf.
|
| services.movim.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.movim.verbose | Verbose logs.
|
| services.netbird.server.management.logLevel | Log level of the netbird services.
|
| services.ntopng.configText | Overridable configuration file contents to use for ntopng
|
| services.prometheus.exporters.blackbox.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.blackbox.openFirewall is true.
|
| services.tautulli.configFile | The location of Tautulli's config file.
|
| services.oncall.settings.db.conn.kwargs.host | Database host.
|
| services.mediawiki.httpd.virtualHost.locations | Declarative location config
|
| services.pid-fan-controller.settings.fans.*.cutoff | Whether to stop the fan when minPwm is reached.
|
| services.pixelfed.secretFile | A secret file to be sourced for the .env settings
|
| services.nextcloud.notify_push.dbpassFile | The full path to a file that contains the database password.
|
| services.postgresql.ensureUsers.*.ensureClauses | An attrset of clauses to grant to the user
|
| services.tomcat.port | The TCP port Tomcat should listen on.
|
| services.prometheus.exporters.rasdaemon.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.rasdaemon.openFirewall
is true
|
| services.sunshine.applications.apps | Applications to be exposed to Moonlight.
|
| services.outline.googleAuthentication | To configure Google auth, you'll need to create an OAuth Client ID at
https://console.cloud.google.com/apis/credentials
When configuring the Client ID, add an Authorized redirect URI to
https://[publicUrl]/auth/google.callback.
|
| services.tor.settings.DNSPort | See torrc manual.
|
| services.radicle.ci.broker.stateDir | State directory of radicle-ci-broker.
|
| services.syslog-ng.package | The syslogng package to use.
|
| services.tarsnap.archives.<name>.period | Create archive at this interval
|
| services.nextcloud.config.adminpassFile | The full path to a file that contains the admin's password
|
| services.prometheus.remoteRead.*.proxy_url | Optional Proxy URL.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.type | Sets the authentication type
|
| services.stirling-pdf.environmentFiles | Files containing additional environment variables to pass to Stirling PDF
|
| services.miniflux.config | Configuration for Miniflux, refer to
https://miniflux.app/docs/configuration.html
for documentation on the supported values.
|