| services.prometheus.exporters.postfix.systemd.unit | Name of the postfix systemd unit.
|
| services.monero.rpc.user | User name for RPC connections.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret | Value of decryption passphrase for PKCS#12 container.
|
| networking.wlanInterfaces.<name>.flags | Flags for interface of type monitor.
|
| networking.supplicant.<name>.driver | Force a specific wpa_supplicant driver.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action | Action to perform after a CHILD_SA gets closed by the peer.
- The default of
none does not take any action,
trap installs a trap policy for the CHILD_SA.start tries to re-create the CHILD_SA.
close_action does not provide any guarantee that the
CHILD_SA is kept alive
|
| users.mysql.pam.logging.rHostColumn | The name of the column in the log table to which the name of the remote
host that initiates the session is stored
|
| services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| services.artalk.group | Artalk group name.
|
| services.zammad.group | Name of the Zammad group.
|
| services.system76-scheduler.assignments.<name>.ioClass | IO scheduler class.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| programs.proxychains.proxies.<name>.port | Proxy port
|
| programs.proxychains.proxies.<name>.type | Proxy type.
|
| services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| containers.<name>.macvlans | The list of host interfaces from which macvlans will be
created
|
| networking.wlanInterfaces.<name>.type | The type of the WLAN interface
|
| services.patroni.namespace | Path within the configuration store where Patroni will keep information about the cluster.
|
| networking.jool.nat64.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.index | Adds index directive.
|
| services.keepalived.vrrpInstances.<name>.virtualRouterId | Arbitrary unique number 1..255
|
| services.hostapd.radios.<name>.wifi6.operatingChannelWidth | Determines the operating channel width for HE.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| users.mysql.pam.table | The name of table that maps unique login names to the passwords.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_in | Netfilter mark applied to packets after the inbound IPsec SA processed
them
|
| services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| services.archisteamfarm.bots.<name>.settings | Additional settings that are documented here.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.bcg.automaticRenameNodes | Automatically rename all nodes.
|
| networking.bonds | This option allows you to define bond devices that aggregate multiple,
underlying networking interfaces together
|
| services.cloudflared.tunnels.<name>.originRequest.noTLSVerify | Disables TLS verification of the certificate presented by your origin
|
| fileSystems.<name>.options | Options used to mount the file system
|
| fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| networking.wg-quick.interfaces.<name>.postUp | Commands called after the interface setup.
|
| services.hostapd.radios.<name>.wifi5.operatingChannelWidth | Determines the operating channel width for VHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.hostapd.radios.<name>.wifi7.operatingChannelWidth | Determines the operating channel width for EHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.gitlab-runner.services.<name>.registrationFlags | Extra command-line flags passed to
gitlab-runner register
|
| services.evremap.settings.phys | The physical device name to listen on
|
| boot.initrd.luks.devices.<name>.fallbackToPassword | Whether to fallback to interactive passphrase prompt if the keyfile
cannot be found
|
| services.rke2.autoDeployCharts.<name>.extraFieldDefinitions | Extra HelmChart field definitions that are merged with the rest of the HelmChart
custom resource
|
| fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.pantalaimon-headless.instances.<name>.logLevel | Set the log level of the daemon.
|
| services.factorio.username | Your factorio.com login credentials
|
| services.coder.database.username | Username for accessing the database.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|
| services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| networking.wg-quick.interfaces.<name>.type | The type of the interface
|
| boot.binfmt.registrations.<name>.mask | A mask to be ANDed with the byte sequence of the file before matching
|
| services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration with runner registration
tokens
|
| services.consul-template.instances.<name>.settings.template | Template section of consul-template
|
| services.pantalaimon-headless.instances.<name>.dataPath | The directory where pantalaimon should store its state such as the database file.
|
| services.keepalived.vrrpInstances.<name>.noPreempt | VRRP will normally preempt a lower priority machine when a higher
priority machine comes online. "nopreempt" allows the lower priority
machine to maintain the master role, even when a higher priority machine
comes back online
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret | Value of the PPK
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas | Enable per-CPU CHILD_SAs
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.sftpgo.group | Group name under which SFTPGo runs.
|
| networking.wg-quick.interfaces.<name>.preDown | Command called before the interface is taken down.
|
| programs.proxychains.proxies.<name>.host | Proxy host or IP address.
|
| programs.xfs_quota.projects.<name>.sizeSoftLimit | Soft limit of the project size
|
| programs.xfs_quota.projects.<name>.sizeHardLimit | Hard limit of the project size.
|
| services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| services.gitea.dump.file | Filename to be used for the dump
|
| fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.gitlab.host | GitLab host name
|
| services.gancio.user | The user (and PostgreSQL database name) used to run the gancio server
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.mailaddress | Your email address (at the moment used as login name)
|
| services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| boot.loader.systemd-boot.windows | Make Windows bootable from systemd-boot
|
| services.strongswan-swanctl.swanctl.pools.<name>.addrs | Addresses allocated in pool
|
| services.simplesamlphp.<name>.configureNginx | Configure nginx as a reverse proxy for SimpleSAMLphp.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.limesurvey.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| services.easytier.instances.<name>.environmentFiles | Environment files for this instance
|
| services.syncthing.settings.folders.<name>.versioning | How to keep changed/deleted files with Syncthing
|
| containers.<name>.allowedDevices | A list of device nodes to which the containers has access to.
|
| services.invoiceplane.sites.<name>.quoteTemplates | List of path(s) to respective template(s) which are copied from the 'quote_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| programs.xfs_quota.projects.<name>.fileSystem | XFS filesystem hosting the xfs_quota project.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| boot.zfs.devNodes | Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d option
|
| services.cloudflared.tunnels.<name>.originRequest.httpHostHeader | Sets the HTTP Host header on requests sent to the local service.
|
| services.strongswan-swanctl.swanctl.secrets.private.<name>.secret | Value of decryption passphrase for private key.
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret | Value of the EAP/XAuth secret
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| system.nixos.codeName | The NixOS release code name (e.g. Emu).
|
| openstack.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.woodpecker-agents.agents.<name>.environment | woodpecker-agent config environment variables, for other options read the documentation
|
| services.prometheus.exporters.postfix.systemd.slice | Name of the postfix systemd slice
|
| services.bookstack.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.paretosecurity.users.<name>.inviteId | A unique ID that links the agent to Pareto Cloud
|
| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| services.discourse.hostname | The hostname to serve Discourse on.
|
| services.bookstack.hostname | The hostname to serve BookStack on.
|
| services.fcron.allow | Users allowed to use fcrontab and fcrondyn (one name per
line, all for everyone).
|
| services.easytier.instances.<name>.settings.listeners | Listener addresses to accept connections from other peers
|
| programs.ssh.knownHosts | The set of system-wide known SSH hosts
|