| services.drupal.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.ndppd.proxies.<name>.rules | This is a rule that the target address is to match against
|
| services.avahi.nssmdns4 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
|
| services.cloudflared.tunnels.<name>.edgeIPVersion | Specifies the IP address version (IPv4 or IPv6) used to establish a connection between cloudflared and the Cloudflare global network
|
| services.syncplay.ipv4Only | Listen only on IPv4 when strting the server.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.fedimintd.<name>.nginx.config.listenAddresses | Listen addresses for this virtual host
|
| services.public-inbox.inboxes.<name>.address | The email addresses of the public-inbox.
|
| services.hostapd.radios.<name>.networks.<name>.macDeny | Specifies the MAC addresses to deny if macAcl is set to "deny" or "radius"
|
| services.wordpress.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.hostapd.radios.<name>.networks.<name>.macAllow | Specifies the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| services.nginx.resolver | Configures name servers used to resolve names of upstream servers into addresses
|
| services.nsd.zones.<name>.outgoingInterface | This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server
|
| services.cloudflare-dyndns.ipv4 | Whether to enable setting IPv4 A records.
|
| systemd.network.networks.<name>.address | A list of addresses to be added to the network section of the
unit
|
| services.easytier.instances.<name>.settings.dhcp | Automatically determine the IPv4 address of this peer based on
existing peers on network.
|
| services.namecoind.extraNodes | List of additional peer IP addresses to connect to.
|
| services.tayga.ipv4.pool.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix ("24").
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| services.spiped.config.<name>.waitForDNS | Wait for DNS
|
| services.cloudflare-ddns.provider.ipv4 | IP detection provider for IPv4
|
| services.hostapd.radios.<name>.networks.<name>.macDenyFile | Specifies a file containing the MAC addresses to deny if macAcl is set to "deny" or "radius"
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| services._3proxy.resolution.nscache | Set name cache size for IPv4.
|
| services.hostapd.radios.<name>.networks.<name>.macAllowFile | Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| services.namecoind.trustedNodes | List of the only peer IP addresses to connect to
|
| services.strongswan-swanctl.swanctl.connections.<name>.vips | List of virtual IPs to request in IKEv2 configuration payloads or IKEv1
Mode Config
|
| networking.interfaces.<name>.name | Name of the interface.
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| services.dsnet.settings.ExternalHostname | The hostname that clients should use to connect to this server
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.bind_addresses | IP addresses to bind the listener to.
|
| services.avahi.publish.addresses | Whether to register mDNS address records for all local IP addresses.
|
| services.oauth2-proxy.email.addresses | Line-separated email addresses that are allowed to authenticate.
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df | Whether to copy the DF bit to the outer IPv4 header in tunnel mode
|
| services.kanidm.provision.persons.<name>.mailAddresses | Mail addresses
|
| services.strongswan-swanctl.swanctl.connections.<name>.pools | List of named IP pools to allocate virtual IP addresses
and other configuration attributes from
|
| services.thanos.rule.query.addresses | Addresses of statically configured query API servers
|
| networking.vswitches.<name>.interfaces.<name>.name | Name of the interface
|
| services.easytier.instances.<name>.settings.listeners | Listener addresses to accept connections from other peers
|
| networking.wireguard.interfaces.<name>.peers.*.name | Name used to derive peer unit name.
|
| services.ncps.cache.redis.addresses | A list of host:port for the Redis servers that are part of a cluster
|
| services.nginx.resolver.addresses | List of resolvers to use
|
| networking.dhcpcd.wait | This option specifies when the dhcpcd service will fork to background
|
| services.firefox-syncserver.database.host | Database host name. localhost is treated specially and inserts
systemd dependencies, other hostnames or IP addresses of the local machine do not.
|
| networking.interfaces.<name>.mtu | MTU size for packets leaving the interface
|
| networking.bonds.<name>.interfaces | The interfaces to bond together
|
| networking.wg-quick.interfaces.<name>.preUp | Commands called at the start of the interface setup.
|
| networking.vswitches.<name>.interfaces.<name>.vlan | Vlan tag to apply to interface
|
| networking.vswitches.<name>.interfaces.<name>.type | Openvswitch type to assign to interface
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode | IPsec Mode to establish CHILD_SA with.
tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,- whereas
transport uses IPsec Transport Mode.
transport_proxy signifying the special Mobile IPv6
Transport Proxy Mode.beet is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.- Both
transport and beet modes are
subject to mode negotiation; tunnel mode is
negotiated if the preferred mode is not available.
pass and drop are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively
|
| networking.wg-quick.interfaces.<name>.type | The type of the interface
|
| networking.wg-quick.interfaces.<name>.postUp | Commands called after the interface setup.
|
| networking.interfaces.<name>.virtualType | The type of interface to create
|
| networking.wg-quick.interfaces.<name>.preDown | Command called before the interface is taken down.
|
| networking.wg-quick.interfaces.<name>.listenPort | 16-bit port for listening
|
| networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| networking.wg-quick.interfaces.<name>.postDown | Command called after the interface is taken down.
|
| networking.interfaces.<name>.ipv6.routes | List of extra IPv6 static routes that will be assigned to the interface.
|
| networking.bridges.<name>.interfaces | The physical network interfaces connected by the bridge.
|
| networking.interfaces.<name>.wakeOnLan.enable | Whether to enable wol on this interface.
|
| services.nullmailer.config.adminaddr | If set, all recipients to users at either "localhost" (the literal string)
or the canonical host name (from the me control attribute) are remapped to this address
|
| networking.interfaces.<name>.ipv6.routes.*.via | IPv6 address of the next hop.
|
| networking.wg-quick.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| networking.interfaces.<name>.virtual | Whether this interface is virtual and should be created by tunctl
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| networking.interfaces.<name>.wakeOnLan.policy | The Wake-on-LAN policy
to set for the device
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.interfaces.<name>.virtualOwner | In case of a virtual device, the user who owns it.
null will not set owner, allowing access to any user.
|
| networking.wg-quick.interfaces.<name>.configFile | wg-quick .conf file, describing the interface
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The base64 public key to the peer.
|
| networking.wg-quick.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| networking.vswitches.<name>.interfaces | The physical network interfaces connected by the vSwitch.
|
| networking.wg-quick.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| networking.interfaces.<name>.ipv6.routes.*.address | IPv6 address of the network.
|
| networking.wireguard.interfaces.<name>.type | The type of the interface
|
| boot.uki.name | Name of the UKI
|
| networking.wireguard.interfaces.<name>.listenPort | 16-bit port for listening
|
| networking.wireguard.interfaces.<name>.peers | Peers linked to the interface.
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| networking.wg-quick.interfaces.<name>.autostart | Whether to bring up this interface automatically during boot.
|
| networking.interfaces.<name>.ipv6.routes.*.options | Other route options
|
| networking.sits | This option allows you to define interfaces encapsulating IPv6
packets within IPv4 packets; which should be automatically created.
|
| networking.wireguard.interfaces.<name>.preSetup | Commands called at the start of the interface setup.
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| networking.interfaces.<name>.ipv6.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (64).
|
| networking.wireguard.interfaces.<name>.metric | Set the metric of routes related to this Wireguard interface.
|
| networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| networking.jool.enable | Whether to enable Jool, an Open Source implementation of IPv4/IPv6
translation on Linux
|
| services.nghttpx.backend-address-family | Specify address family of backend connections
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| networking.wireguard.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| users.users.<name>.name | The name of the user account
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|