| networking.wg-quick.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| networking.wg-quick.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| networking.wireguard.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| services.davis.nginx.listen | Listen addresses and ports for this virtual host
|
| services.movim.nginx.listen | Listen addresses and ports for this virtual host
|
| services.slskd.nginx.listen | Listen addresses and ports for this virtual host
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| networking.wireguard.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer
|
| networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| services.snipe-it.nginx.listen | Listen addresses and ports for this virtual host
|
| networking.openconnect.interfaces.<name>.autoStart | Whether this VPN connection should be started automatically.
|
| networking.wireguard.interfaces.<name>.allowedIPsAsRoutes | Determines whether to add allowed IPs as routes or not.
|
| services.akkoma.nginx.listen | Listen addresses and ports for this virtual host
|
| services.gancio.nginx.listen | Listen addresses and ports for this virtual host
|
| services.fluidd.nginx.listen | Listen addresses and ports for this virtual host
|
| services.monica.nginx.listen | Listen addresses and ports for this virtual host
|
| services.matomo.nginx.listen | Listen addresses and ports for this virtual host
|
| networking.openconnect.interfaces.<name>.gateway | Gateway server to connect to.
|
| users.groups.<name>.name | The name of the group
|
| networking.openconnect.interfaces.<name>.privateKey | Private key to authenticate with.
|
| networking.openconnect.interfaces.<name>.protocol | Protocol to use.
|
| programs.captive-browser.dhcp-dns | The shell (/bin/sh) command executed to obtain the DHCP
DNS server address
|
| networking.wireguard.interfaces.<name>.socketNamespace | The pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the
interface is moved via interfaceNamespace
|
| networking.nftables.tables.<name>.name | Table name.
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| networking.hosts | Locally defined maps of hostnames to IP addresses.
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| users.extraUsers.<name>.name | The name of the user account
|
| services.kanboard.nginx.listen | Listen addresses and ports for this virtual host
|
| services.dolibarr.nginx.listen | Listen addresses and ports for this virtual host
|
| services.librenms.nginx.listen | Listen addresses and ports for this virtual host
|
| services.fediwall.nginx.listen | Listen addresses and ports for this virtual host
|
| services.agorakit.nginx.listen | Listen addresses and ports for this virtual host
|
| services.mainsail.nginx.listen | Listen addresses and ports for this virtual host
|
| services.pixelfed.nginx.listen | Listen addresses and ports for this virtual host
|
| system.name | The name of the system used in the system.build.toplevel derivation
|
| services.radicle.httpd.nginx.listen | Listen addresses and ports for this virtual host
|
| services.anuko-time-tracker.nginx.listen | Listen addresses and ports for this virtual host
|
| networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| users.extraGroups.<name>.name | The name of the group
|
| networking.wireguard.interfaces.<name>.interfaceNamespace | The pre-existing network namespace the WireGuard
interface is moved to
|
| services.nsd.interfaces | What addresses the server should listen to.
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| services.bookstack.nginx.listen | Listen addresses and ports for this virtual host
|
| services.tor.torsocks.onionAddrRange | Tor hidden sites do not have real IP addresses
|
| services.cloudflare-ddns.ip4Domains | Explicit list of domains to manage only for IPv4
|
| services.i2pd.enableIPv4 | Whether to enable IPv4 connectivity.
|
| services.jirafeau.nginxConfig.listen | Listen addresses and ports for this virtual host
|
| services.zabbixWeb.nginx.virtualHost.listen | Listen addresses and ports for this virtual host
|
| services.seafile.seafileSettings.fileserver.host | The bind address used by seafile fileserver
|
| networking.sits.<name>.dev | The underlying network device on which the tunnel resides.
|
| networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| services.pict-rs.address | The IPv4 address to deploy the service to.
|
| networking.vlans.<name>.id | The vlan identifier
|
| networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds | Periodically re-execute the wg utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes
|
| systemd.units.<name>.name | The name of this systemd unit, including its extension
|
| systemd.paths.<name>.name | The name of this systemd unit, including its extension
|
| services.nylon.<name>.name | The name of this nylon instance.
|
| networking.ipips.<name>.dev | The underlying network device on which the tunnel resides.
|
| networking.ipips.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| virtualisation.interfaces.<name>.name | Interface name
|
| services.polipo.allowedClients | List of IP addresses or network addresses that may connect to Polipo.
|
| networking.sits.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds | When the dynamic endpoint refresh that is configured via
dynamicEndpointRefreshSeconds exits (likely due to a failure),
restart that service after this many seconds
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|
| services.bind.zones.<name>.name | Name of the zone.
|
| systemd.timers.<name>.name | The name of this systemd unit, including its extension
|
| systemd.slices.<name>.name | The name of this systemd unit, including its extension
|
| systemd.user.units.<name>.name | The name of this systemd unit, including its extension
|
| systemd.user.paths.<name>.name | The name of this systemd unit, including its extension
|
| services.pppd.peers.<name>.name | Name of the PPP peer.
|
| networking.ipips.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| networking.sits.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.miredo.bindPort | Depending on the local firewall/NAT rules, you might need to force
Miredo to use a fixed UDP port and or IPv4 address.
|
| networking.fooOverUDP.<name>.local.dev | Network device to bind to.
|
| services.tayga.mappings | Static IPv4 -> IPv6 host mappings.
|
| services.fail2ban.ignoreIP | "ignoreIP" can be a list of IP addresses, CIDR masks or DNS hosts
|
| networking.fooOverUDP.<name>.local | Local address (and optionally device) to bind to using the given port.
|
| networking.bonds.<name>.mode | DEPRECATED, use driverOptions
|
| services.limesurvey.nginx.virtualHost.listen | Listen addresses and ports for this virtual host
|
| networking.nat.internalIPs | The IP address ranges for which to perform NAT
|
| image.repart.name | Name of the image
|
| systemd.user.slices.<name>.name | The name of this systemd unit, including its extension
|
| systemd.user.timers.<name>.name | The name of this systemd unit, including its extension
|
| networking.nat.internalIPv6s | The IPv6 address ranges for which to perform NAT
|
| networking.ipips.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| systemd.targets.<name>.name | The name of this systemd unit, including its extension
|
| systemd.sockets.<name>.name | The name of this systemd unit, including its extension
|
| services.nagios.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.moodle.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| networking.bridges.<name>.rstp | Whether the bridge interface should enable rstp.
|
| networking.greTunnels.<name>.dev | The underlying network device on which the tunnel resides.
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|