| services.sanoid.datasets.<name>.monthly | Number of monthly snapshots.
|
| services.nebula.networks.<name>.package | The nebula package to use.
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| networking.interfaces.<name>.useDHCP | Whether this interface should be configured with DHCP
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| services.dokuwiki.sites.<name>.phpOptions | Options for PHP's php.ini file for this dokuwiki site.
|
| services.httpd.virtualHosts.<name>.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.rspamd.workers.<name>.bindSockets | List of sockets to listen, in format acceptable by rspamd
|
| services.tinc.networks.<name>.bindToAddress | The ip address to bind to (both listen on and send packets from).
|
| systemd.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.requisite | Similar to requires
|
| systemd.sockets.<name>.requisite | Similar to requires
|
| systemd.network.networks.<name>.tunnel | A list of tunnel interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.enable | Whether to manage network configuration using systemd-network
|
| systemd.network.networks.<name>.bridge | A list of bridge interfaces to be added to the network section of the
unit
|
| services.rspamd.workers.<name>.extraConfig | Additional entries to put verbatim into worker section of rspamd config file.
|
| services.vmalert.instances.<name>.settings.rule | Path to the files with alerting and/or recording rules.
|
| services.postfix.settings.master.<name>.type | The type of the service
|
| services.kanidm.provision.systems.oauth2.<name>.displayName | Display name
|
| services.hostapd.radios.<name>.networks.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the bss segment was generated and may dynamically
append bss options to the generated configuration file
|
| services.nginx.virtualHosts.<name>.extraConfig | These lines go to the end of the vhost verbatim.
|
| systemd.network.networks.<name>.domains | A list of domains to pass to the network config.
|
| services.keepalived.vrrpInstances.<name>.vmacInterface | Name of the vmac interface to use. keepalived will come up with a name
if you don't specify one.
|
| services.quicktun.<name>.remoteFloat | Whether to allow the remote address and port to change when properly encrypted packets are received.
|
| services.redis.servers.<name>.slowLogLogSlowerThan | Log queries whose execution take longer than X in milliseconds.
|
| services.dokuwiki.sites.<name>.poolConfig | Options for the DokuWiki PHP pool
|
| services.fedimintd.<name>.package | The fedimint package to use.
|
| services.httpd.virtualHosts.<name>.http2 | Whether to enable HTTP 2
|
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.nextcloud.config.dbname | Database name.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets.*.address | The subnet of this host
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| services.tor.relay.onionServices.<name>.path | Path where to store the data files of the hidden service
|
| services.rspamd.workers.<name>.includes | List of files to include in configuration
|
| services.tarsnap.archives.<name>.nodump | Exclude files with the nodump flag.
|
| services.syncoid.commands.<name>.extraArgs | Extra syncoid arguments for this command.
|
| services.mailpit.instances.<name>.smtp | SMTP bind interface and port.
|
| services.wstunnel.servers.<name>.enable | Whether to enable this wstunnel instance.
|
| services.wstunnel.clients.<name>.enable | Whether to enable this wstunnel instance.
|
| services.grafana.provision.alerting.muteTimings.settings.muteTimes.*.name | Name of the mute time interval, must be unique
|
| services.buildkite-agents.<name>.dataDir | The workdir for the agent
|
| security.pam.services.<name>.requireWheel | Whether to permit root access only to members of group wheel.
|
| services.znapzend.zetup.<name>.mbuffer.size | The size for mbuffer
|
| systemd.network.networks.<name>.bridgeMDBs | A list of BridgeMDB sections to be added to the unit
|
| systemd.network.networks.<name>.bridgeFDBs | A list of BridgeFDB sections to be added to the unit
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.snipe-it.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.wyoming.piper.servers.<name>.noiseScale | Generator noise value.
|
| services.drupal.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.mastodon.user | User under which mastodon runs
|
| services.nginx.proxyCachePath.<name>.useTempPath | Nginx first writes files that are destined for the cache to a temporary
storage area, and the use_temp_path=off directive instructs Nginx to
write them to the same directories where they will be cached
|
| services.fedimintd.<name>.dataDir | Path to the data dir fedimintd will use to store its data
|
| systemd.services.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.discourse.database.username | Discourse database user.
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.rke2.manifests.<name>.source | Path of the source .yaml file.
|
| services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.vault-agent.instances.<name>.group | Group under which this instance runs.
|
| security.apparmor.policies.<name>.path | A path of a profile file to include
|
| systemd.network.netdevs.<name>.vxlanConfig | Each attribute in this set specifies an option in the
[VXLAN] section of the unit
|
| services.borgbackup.jobs.<name>.appendFailedSuffix | Append a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
|
| services.kmonad.keyboards.<name>.config | Keyboard configuration.
|
| services.opkssh.providers.<name>.issuer | Issuer URI
|
| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| services.restic.backups.<name>.extraBackupArgs | Extra arguments passed to restic backup.
|
| services.redis.servers.<name>.openFirewall | Whether to open ports in the firewall for the server.
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.drupal.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.wyoming.piper.servers.<name>.noiseWidth | Phoneme width noise value.
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| services.printing.cups-pdf.instances.<name>.settings.Out | output directory;
${HOME} will be expanded to the user's home directory,
${USER} will be expanded to the user name.
|
| services.restic.backups.<name>.pruneOpts | A list of options (--keep-* et al.) for 'restic forget
--prune', to automatically prune old snapshots
|
| services.openafsServer.roles.backup.cellServDB.<name>.*.ip | IP Address of a database server
|
| networking.wg-quick.interfaces.<name>.listenPort | 16-bit port for listening
|
| services.nsd.zones.<name>.children | Children zones inherit all options of their parents
|
| networking.bonds.<name>.miimon | DEPRECATED, use driverOptions
|
| services.nylon.<name>.allowedIPRanges | Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges:
[ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
|
| security.pam.services.<name>.sssdStrictAccess | enforce sssd access control
|
| services.tinc.networks.<name>.rsaPrivateKeyFile | Path of the private RSA keyfile.
|
| services.udp-over-tcp.tcp2udp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.udp-over-tcp.udp2tcp.<name>.openFirewall | Open the appropriate ports in the firewall.
|
| services.public-inbox.inboxes.<name>.address | The email addresses of the public-inbox.
|
| systemd.network.networks.<name>.extraConfig | Extra configuration append to unit
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.gancio.nginx.locations.<name>.index | Adds index directive.
|
| services.fluidd.nginx.locations.<name>.index | Adds index directive.
|
| services.akkoma.nginx.locations.<name>.index | Adds index directive.
|
| services.gancio.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.fluidd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.matomo.nginx.locations.<name>.index | Adds index directive.
|
| services.matomo.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.monica.nginx.locations.<name>.index | Adds index directive.
|
| services.monica.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.borgbackup.jobs.<name>.paths | Path(s) to back up
|
| systemd.network.networks.<name>.bridgeVLANs | A list of BridgeVLAN sections to be added to the unit
|
| services.keycloak.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| systemd.network.netdevs.<name>.vrfConfig | Each attribute in this set specifies an option in the
[VRF] section of the unit
|