| services.shorewall.configs | This option defines the Shorewall configs
|
| services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.cloudflared.tunnels.<name>.originRequest.proxyAddress | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.ncdns.identity.hostname | The hostname of this ncdns instance, which defaults to the machine
hostname
|
| systemd.network.networks.<name>.dhcpServerConfig | Each attribute in this set specifies an option in the
[DHCPServer] section of the unit
|
| systemd.network.networks.<name>.pfifoHeadDropConfig | Each attribute in this set specifies an option in the
[PFIFOHeadDrop] section of the unit
|
| services.dovecot2.mailboxes.<name>.autoexpunge | To automatically remove all email from the mailbox which is older than the
specified time.
|
| boot.specialFileSystems.<name>.options | Options used to mount the file system
|
| boot.specialFileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.zoneminder.hostname | The hostname on which to listen.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| services.wyoming.faster-whisper.servers.<name>.useTransformers | Whether to provide the dependencies to allow using transformer models.
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.angrr.settings.temporary-root-policies.<name>.filter.arguments | Extra command-line arguments pass to the external filter program.
|
| services.snipe-it.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.snipe-it.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| networking.interfaces.<name>.mtu | MTU size for packets leaving the interface
|
| networking.wg-quick.interfaces.<name>.preUp | Commands called at the start of the interface setup.
|
| services.matrix-synapse.workers.<name>.worker_log_config | The file for log configuration
|
| services.rke2.autoDeployCharts.<name>.extraFieldDefinitions | Extra HelmChart field definitions that are merged with the rest of the HelmChart
custom resource
|
| services.onlyoffice.hostname | FQDN for the OnlyOffice instance.
|
| services.movim.domain | Fully-qualified domain name (FQDN) for the Movim instance.
|
| services.jirafeau.nginxConfig.serverName | Name of this virtual host
|
| networking.bonds.<name>.lacp_rate | DEPRECATED, use driverOptions
|
| security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_out | Netfilter mark applied to packets after the outbound IPsec SA processed
them
|
| services.castopod.database.hostname | Database hostname.
|
| services.tayga.tunDevice | Name of the nat64 tun device.
|
| services.hddfancontrol.settings.<drive-bay-name>.disks | Drive(s) to get temperature from
Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives
|
| services.taskserver.organisations.<name>.users | A list of user names that belong to the organization.
|
| systemd.network.networks.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of the unit
|
| systemd.network.networks.<name>.ipv6AcceptRAConfig | Each attribute in this set specifies an option in the
[IPv6AcceptRA] section of the unit
|
| boot.initrd.systemd.contents.<name>.dlopen.usePriority | Priority of dlopen ELF notes to include. "required" is
minimal, "recommended" includes "required", and
"suggested" includes "recommended"
|
| services.strongswan-swanctl.swanctl.authorities.<name>.slot | Optional slot number of the token that stores the certificate.
|
| systemd.sockets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.targets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.skydns.nameservers | Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
|
| users.mysql.pam.table | The name of table that maps unique login names to the passwords.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.sanoid.datasets.<name>.pruning_script | Script to run after pruning snapshot.
|
| fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| networking.bonds.<name>.interfaces | The interfaces to bond together
|
| services.borgbackup.repos.<name>.authorizedKeysAppendOnly | Public SSH keys that can only be used to append new data (archives) to the repository
|
| programs.proxychains.proxies.<name>.port | Proxy port
|
| programs.proxychains.proxies.<name>.type | Proxy type.
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes | List of path prefixes to ignore
|
| services.code-server.host | The host name or IP address the server should listen to.
|
| services.nats.serverName | Name of the NATS server, must be unique if clustered.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit | See torrc manual.
|
| services.pihole-web.hostName | Domain name for the website.
|
| services.weblate.smtp.user | SMTP login name.
|
| systemd.network.networks.<name>.addresses | A list of address sections to be added to the unit
|
| services.vikunja.frontendHostname | The Hostname under which the frontend is running.
|
| networking.wg-quick.interfaces.<name>.postUp | Commands called after the interface setup.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action | Action to perform after loading the configuration.
- The default of
none loads the connection only, which
then can be manually initiated or used as a responder configuration.
- The value
trap installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
- The value
start initiates the connection actively.
- Since version 5.9.6 two modes above can be combined with
trap|start,
to immediately initiate a connection for which trap policies have been installed
|
| services.gitlab-runner.services.<name>.environmentVariables | Custom environment variables injected to build environment
|
| networking.wlanInterfaces | Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)
|
| services.kubernetes.proxy.hostname | Kubernetes proxy hostname override.
|
| services.cloudflared.tunnels.<name>.credentialsFile | Credential file
|
| networking.wg-quick.interfaces.<name>.type | The type of the interface
|
| boot.binfmt.registrations.<name>.mask | A mask to be ANDed with the byte sequence of the file before matching
|
| services.borgbackup.jobs.<name>.encryption.passphrase | The passphrase the backups are encrypted with
|
| services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.gancio.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.gancio.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.akkoma.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.monica.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.matomo.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.monica.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.matomo.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| services.cassandra.jmxRoles.*.username | Username for JMX
|
| boot.initrd.luks.devices.<name>.bypassWorkqueues | Whether to bypass dm-crypt's internal read and write workqueues
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| networking.wg-quick.interfaces.<name>.preDown | Command called before the interface is taken down.
|
| programs.proxychains.proxies.<name>.host | Proxy host or IP address.
|
| programs.xfs_quota.projects.<name>.sizeSoftLimit | Soft limit of the project size
|
| programs.xfs_quota.projects.<name>.sizeHardLimit | Hard limit of the project size.
|
| services.keter.bundle.appName | The name keter assigns to this bundle
|
| services.guix.publish.user | Name of the user to change once the server is up.
|
| services.postfix.settings.main.recipient_delimiter | Set of characters used as the delimiters for address extensions
|
| services.woodpecker-agents.agents.<name>.environmentFile | File to load environment variables
from
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| networking.wireguard.interfaces.<name>.listenPort | 16-bit port for listening
|
| networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| boot.zfs.devNodes | Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d option
|
| services.simplesamlphp.<name>.configureNginx | Configure nginx as a reverse proxy for SimpleSAMLphp.
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.invoiceplane.sites.<name>.invoiceTemplates | List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| services.keepalived.vrrpInstances.<name>.trackInterfaces | List of network interfaces to monitor for health tracking.
|
| programs.xfs_quota.projects.<name>.fileSystem | XFS filesystem hosting the xfs_quota project.
|
| services.sanoid.datasets.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| services.avahi.domainName | Domain name for all advertisements.
|