| services.gitlab.databaseUsername | GitLab database user.
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| boot.loader.systemd-boot.extraFiles | A set of files to be copied to $BOOT
|
| services.murmur.user | The name of an existing user to use to run the service
|
| services.nscd.config | Configuration to use for Name Service Cache Daemon
|
| services.hddfancontrol.settings.<drive-bay-name>.extraArgs | Extra commandline arguments for hddfancontrol
|
| services.namecoind.trustedNodes | List of the only peer IP addresses to connect to
|
| services.anubis.instances.<name>.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.tt-rss.email.fromName | Name for sending outgoing mail
|
| security.ipa.ipaHostname | Fully-qualified hostname used to identify this host in the IPA domain.
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeout | Timeout after which an idle keepalive connection can be discarded.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_out | Netfilter mark applied to packets after the outbound IPsec SA processed
them
|
| systemd.user.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|
| services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| networking.vswitches.<name>.openFlowRules | OpenFlow rules to insert into the Open vSwitch
|
| services.dovecot2.mailboxes.<name>.autoexpunge | To automatically remove all email from the mailbox which is older than the
specified time.
|
| services.tayga.tunDevice | Name of the nat64 tun device.
|
| containers.<name>.bindMounts | An extra list of directories that is bound to the container.
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| services.keepalived.vrrpInstances.<name>.unicastPeers | Do not send VRRP adverts over VRRP multicast group
|
| services.mautrix-meta.instances.<name>.serviceDependencies | List of Systemd services to require and wait for when starting the application service.
|
| security.acme.certs.<name>.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| programs.proxychains.proxies.<name>.enable | Whether to enable this proxy.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| boot.binfmt.registrations.<name>.offset | The byte offset of the magic number used for recognition.
|
| services.wyoming.faster-whisper.servers.<name>.useTransformers | Whether to provide the dependencies to allow using transformer models.
|
| services.cloudflared.tunnels.<name>.originRequest.proxyAddress | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action | Action to perform after loading the configuration.
- The default of
none loads the connection only, which
then can be manually initiated or used as a responder configuration.
- The value
trap installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
- The value
start initiates the connection actively.
- Since version 5.9.6 two modes above can be combined with
trap|start,
to immediately initiate a connection for which trap policies have been installed
|
| networking.supplicant.<name>.extraCmdArgs | Command line arguments to add when executing wpa_supplicant.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.buildkite-agents | Attribute set of buildkite agents
|
| services.rke2.autoDeployCharts.<name>.extraFieldDefinitions | Extra HelmChart field definitions that are merged with the rest of the HelmChart
custom resource
|
| systemd.network.netdevs.<name>.wireguardPeers | Each item in this array specifies an option in the
[WireGuardPeer] section of the unit
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| services.weblate.smtp.user | SMTP login name.
|
| networking.macvlans.<name>.interface | The interface the macvlan will transmit packets through.
|
| services.taskserver.organisations.<name>.users | A list of user names that belong to the organization.
|
| services.angrr.settings.temporary-root-policies.<name>.filter.arguments | Extra command-line arguments pass to the external filter program.
|
| services.sanoid.datasets.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.hddfancontrol.settings.<drive-bay-name>.disks | Drive(s) to get temperature from
Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives
|
| systemd.user.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.slot | Optional slot number of the token that stores the certificate.
|
| security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| services.authelia.instances.<name>.settings.telemetry.metrics.enabled | Enable Metrics.
|
| security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| services.cloudflared.tunnels.<name>.edgeIPVersion | Specifies the IP address version (IPv4 or IPv6) used to establish a connection between cloudflared and the Cloudflare global network
|
| services.syncplay.maxUsernameLength | Maximum number of characters in a username.
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes | List of path prefixes to ignore
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| services.cloudflared.tunnels.<name>.credentialsFile | Credential file
|
| services.keter.bundle.appName | The name keter assigns to this bundle
|
| services.guix.publish.user | Name of the user to change once the server is up.
|
| services.borgbackup.repos.<name>.authorizedKeysAppendOnly | Public SSH keys that can only be used to append new data (archives) to the repository
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit | See torrc manual.
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| services.avahi.domainName | Domain name for all advertisements.
|
| programs.ssh.knownHosts | The set of system-wide known SSH hosts
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve | How should the speed curve look like
|
| systemd.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| networking.wg-quick.interfaces.<name>.mtu | If not specified, the MTU is automatically determined
from the endpoint addresses or the system default route, which is usually
a sane choice
|
| services.simplesamlphp.<name>.configureNginx | Configure nginx as a reverse proxy for SimpleSAMLphp.
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediated_by | The name of the connection to mediate this connection through
|
| networking.vlans | This option allows you to define vlan devices that tag packets
on top of a physical interface
|
| services.patroni.scope | Cluster name.
|
| services.borgbackup.jobs.<name>.encryption.passphrase | The passphrase the backups are encrypted with
|
| networking.bridges.<name>.interfaces | The physical network interfaces connected by the bridge.
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| networking.wg-quick.interfaces.<name>.address | The IP addresses of the interface.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets | Number of packets processed before initiating CHILD_SA rekeying
|
| services.woodpecker-agents.agents.<name>.environmentFile | File to load environment variables
from
|
| systemd.network.netdevs.<name>.batmanAdvancedConfig | Each attribute in this set specifies an option in the
[BatmanAdvanced] section of the unit
|
| systemd.user.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.keepalived.vrrpInstances.<name>.trackInterfaces | List of network interfaces to monitor for health tracking.
|
| services.authelia.instances.<name>.settings.telemetry.metrics.address | The address to listen on for metrics
|
| systemd.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| boot.binfmt.registrations.<name>.interpreter | The interpreter to invoke to run the program
|
| services.sanoid.datasets.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| services.taskserver.organisations.<name>.groups | A list of group names that belong to the organization.
|
| services.cyrus-imap.group | Cyrus IMAP group name
|
| services.invoiceplane.sites.<name>.invoiceTemplates | List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| services.tailscale.serve.services | Services to configure for Tailscale Serve
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| services.baikal.pool | Name of existing phpfpm pool that is used to run web-application
|
| programs.tsmClient.servers.<name>.passworddir | Directory that holds the TSM
node's password information.
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name | See this list
for the available filters.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.file | Absolute path to the certificate to load
|
| services.skydns.nameservers | Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
|
| systemd.network.netdevs.<name>.wireguardConfig | Each attribute in this set specifies an option in the
[WireGuard] section of the unit
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress | mailserver name or address
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|