| services.postfixadmin.database.host | Host of the postgresql server
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| services.ghostunnel.servers.<name>.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| services.firezone.server.api.port | The port under which the api will be served locally
|
| services.prosody.modules.admin_telnet | Opens telnet console interface on localhost port 5582
|
| services.firezone.server.web.port | The port under which the web interface will be served locally
|
| services.matrix-tuwunel.settings.global.address | Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
|
| services.roundcube.database.passwordFile | Password file for the postgresql connection
|
| services.nebula.networks.<name>.lighthouse.dns.host | IP address on which nebula lighthouse should serve DNS.
'localhost' is a good default to ensure the service does not listen on public interfaces;
use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.
|
| services.stalwart.settings | Configuration options for the Stalwart server
|
| services.changedetection-io.chromePort | A free port on which webDriverSupport or playwrightSupport listen on localhost.
|
| services.tt-rss.database.createLocally | Create the database and database user locally.
|
| services.ncdns.identity.address | The IP address the hostname specified in
services.ncdns.identity.hostname should resolve to
|
| services.postfixadmin.database.username | Username for the postgresql connection
|
| services.send.redis.passwordFile | The path to the file containing the Redis password
|
| services.pgbackrest.stanzas.<name>.instances | An attribute set of database instances as described in:
https://pgbackrest.org/configuration.html#section-stanza
Each instance defaults to set pg-host to the attribute's name
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| services.stalwart-mail.settings | Configuration options for the Stalwart email server
|
| services.atuin.database.createLocally | Create the database and database user locally.
|
| services.coder.database.createLocally | Create the database and database user locally.
|
| services.davis.database.createLocally | Create the database and database user locally.
|
| services.lldap.database.createLocally | Create the database and database user locally.
|
| boot.kernel.randstructSeed | Provides a custom seed for the RANDSTRUCT security
option of the Linux kernel
|
| services.snipe-it.database.createLocally | Create the database and database user locally.
|
| services.monica.database.createLocally | Create the database and database user locally.
|
| services.moodle.database.createLocally | Create the database and database user locally.
|
| boot.binfmt.addEmulatedSystemsToNixSandbox | Whether to add the boot.binfmt.emulatedSystems to nix.settings.extra-platforms
|
| services.mailcatcher.enable | Whether to enable MailCatcher, an SMTP server and web interface to locally test outbound emails.
|
| services.oncall.database.createLocally | Whether to enable Create the database and database user locally..
|
| services.postfix.destination | Full (!) list of domains we deliver locally
|
| services.redmine.database.createLocally | Create the database and database user locally.
|
| services.prometheus.alertmanager.listenAddress | Address to listen on for the web interface and API
|
| services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| services.akkoma.initDb.enable | Whether to automatically initialise the database on startup
|
| services.gitlab-runner.services.<name>.buildsDir | Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
|
| services.matrix-continuwuity.settings.global.address | Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
|
| services.kimai.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.agorakit.database.createLocally | Create the database and database user locally.
|
| services.castopod.database.createLocally | Create the database and database user locally.
|
| services.dolibarr.database.createLocally | Create the database and database user locally.
|
| services.cloudlog.database.createLocally | Create the database and database user locally.
|
| services.misskey.database.createLocally | Create the PostgreSQL database locally
|
| services.zoneminder.enable | Whether to enable ZoneMinder
|
| services.ncdns.identity.hostmaster | An email address for the SOA record at the bit zone
|
| services.tailscale.derper.verifyClients | Whether to verify clients against a locally running tailscale daemon if they are allowed to connect to this node or not.
|
| services.listmonk.database.createLocally | Create the PostgreSQL database and database user locally.
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects | Allow localhost redirects
|
| services.anuko-time-tracker.database.createLocally | Create the database and database user locally.
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| services.bookstack.database.createLocally | Create the database and database user locally.
|
| services.nextcloud.database.createLocally | Whether to create the database and database user locally.
|
| services.nextcloud-spreed-signaling.settings.stats.allowed_ips | List of IP addresses that are allowed to access the debug, stats and metrics endpoints
|
| services.flarum.createDatabaseLocally | Create the database and database user locally, and run installation
|
| services.ncdns.identity.hostname | The hostname of this ncdns instance, which defaults to the machine
hostname
|
| services.transmission.webHome | If not null, sets the value of the TRANSMISSION_WEB_HOME
environment variable used by the service
|
| services.mediawiki.database.createLocally | Create the database and database user locally
|
| services.zoneminder.database.createLocally | Create the database and database user locally.
|
| services.filesender.database.createLocally | Create the PostgreSQL database and database user locally.
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.wordpress.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.limesurvey.database.createLocally | Create the database and database user locally
|
| services.rustus.storage.dir_structure | pattern of a directory structure locally and on s3
|
| services.writefreely.database.createLocally | When services.writefreely.database.type is set to
"mysql", this option will enable the MySQL service locally.
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| services.sabnzbd.settings.servers.<name>.ssl_verify | Level of TLS verification
|
| services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.invoiceplane.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.resolved.dnssec | If set to
"true":
all DNS lookups are DNSSEC-validated locally (excluding
LLMNR and Multicast DNS)
|
| virtualisation.oci-containers.containers.<name>.ports | Network ports to publish from the container to the outer host
|
| services.crowdsec-firewall-bouncer.registerBouncer.enable | Whether to automatically register the bouncer to the locally running
crowdsec service
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.tabby.model | Specify the model that tabby will use to generate completions
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id | Identity in CA certificate to accept for authentication
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.host_networking_host | The host to use if the container is in host networking mode
|