| services.mastodon.otpSecretFile | Path to file containing the OTP secret
|
| services.dnscrypt-proxy2.configFile | Path to TOML config file
|
| services.forgejo.settings.server.HTTP_ADDR | Listen address
|
| services.asterisk.confFiles | Sets the content of config files (typically ending with
.conf) in the Asterisk configuration directory
|
| services.tailscale.serve.configFile | Path to a Tailscale Serve configuration file in JSON format
|
| services.snipe-it.nginx.sslCertificate | Path to server SSL certificate.
|
| services.matrix-conduit.secretFile | Path to a file containing sensitive environment as described in {manpage}`systemd.exec(5)
|
| services.nsd.remoteControl.controlCertFile | Path to the client certificate signed with the server certificate
|
| services.onlyoffice.postgresHost | The Postgresql hostname or socket path OnlyOffice should connect to.
|
| services.qbittorrent.profileDir | the path passed to qbittorrent via --profile.
|
| services.zabbixWeb.httpd.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| services.blockbook-frontend.<name>.extraConfig | Additional configurations to be appended to coin.conf
|
| services.wordpress.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| services.snipe-it.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matrix-continuwuity.settings.global.unix_socket_path | Listen on a UNIX socket at the specified path
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| services.fedimintd.<name>.nginx.config.reuseport | Create an individual listening socket
|
| services.vault-agent.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts | List of local traffic selectors to include in CHILD_SA
|
| services.jibri.xmppEnvironments.<name>.xmppDomain | The base XMPP domain.
|
| services.gitlab-runner.services.<name>.dockerAllowedImages | Whitelist allowed images.
|
| services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| services.nebula.networks.<name>.lighthouse.dns.port | UDP port number for lighthouse DNS server.
|
| services.woodpecker-agents.agents.<name>.enable | Whether to enable this Woodpecker-Agent
|
| services.radicle.httpd.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.fedimintd.<name>.bitcoin.rpc.secretFile | If set the URL specified in bitcoin.rpc.url will get the content of this file added
as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com
|
| services.rke2.nodeName | Node name.
|
| services.radicle.httpd.nginx.serverName | Name of this virtual host
|
| services.tarsnap.archives.<name>.verylowmem | Reduce memory consumption by a factor of 2 beyond what
lowmem does, at the cost of significantly
slowing down the archiving process.
|
| services.wordpress.sites.<name>.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The base64 public key to the peer.
|
| services.simplesamlphp.<name>.phpfpmPool | The PHP-FPM pool that serves SimpleSAMLphp instance.
|
| services.v4l2-relayd.instances.<name>.input.framerate | The framerate to read from input-stream.
|
| services.easytier.instances.<name>.settings.instance_name | Identify different instances on same host
|
| systemd.services.<name>.confinement.binSh | The program to make available as /bin/sh inside
the chroot
|
| services.bookstack.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.bookstack.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.journald.gateway.key | Specify the path to a file or AF_UNIX stream socket to read the
secret server key corresponding to the certificate specified with
services.journald.gateway.cert from
|
| services.c2fmzq-server.settings.database | Path of the database
|
| services.shiori.environmentFile | Path to file containing environment variables
|
| services.mediawiki.database.socket | Path to the unix socket file to use for authentication.
|
| services.mongodb.initialRootPasswordFile | Path to the file containing the password for the root user if auth is enabled.
|
| services.sympa.database.host | Database host address
|
| services.mail.sendmailSetuidWrapper.source | The absolute path to the program to be wrapped.
|
| services.nitter.sessionsFile | Path to the session tokens file
|
| services.thanos.store.objstore.config-file | Path to YAML file that contains object store configuration
|
| services.warpgate.databaseUrlFile | Path to file containing database connection string with credentials
|
| networking.wireguard.interfaces.<name>.ips | The IP addresses of the interface.
|
| services.armagetronad.servers.<name>.enable | Whether to enable armagetronad.
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucJids | JID of the MUC to join
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords | Sets allowed passwords for WPA3-SAE
|
| services.netbird.clients.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.netbird.tunnels.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|
| systemd.network.networks.<name>.quickFairQueueingConfig | Each attribute in this set specifies an option in the
[QuickFairQueueing] section of the unit
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.grafana.settings.smtp.from_name | Name to be used as client identity for EHLO in SMTP dialog.
|
| services.borgbackup.jobs.<name>.removableDevice | Whether the repo (which must be local) is a removable device.
|
| services.influxdb2.provision.users.<name>.present | Whether to ensure that this user is present or absent.
|
| services.tor.relay.onionServices.<name>.settings.RendPostPeriod | See torrc manual.
|
| services.strongswan-swanctl.swanctl.pools.<name>.dhcp | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.nbns | Address or CIDR subnets
StrongSwan default: []
|
| systemd.user.targets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.jirafeau.nginxConfig.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.wstunnel.clients.<name>.settings.http-headers | Custom headers to send in the upgrade request
|
| systemd.user.sockets.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.sabnzbd.settings.servers.<name>.required | In case of connection failures, wait for the
server to come back online instead of skipping
it.
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.sabnzbd.settings.servers.<name>.priority | Priority of this servers
|
| services.mautrix-meta.instances.<name>.serviceUnit | The systemd unit (a service or a target) for other services to depend on if they
need to be started after matrix-synapse
|
| services.netbird.tunnels.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| services.netbird.clients.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| networking.interfaces.<name>.ipv4.routes.*.address | IPv4 address of the network.
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| services.hostapd.radios.<name>.wifi6.multiUserBeamformer | HE multi user beamformee support
|
| services.beesd.filesystems.<name>.verbosity | Log verbosity (syslog keyword/level).
|
| networking.interfaces.<name>.ipv6.routes.*.address | IPv6 address of the network.
|
| services.tarsnap.archives.<name>.explicitSymlinks | Whether to follow symlinks specified as archives.
|
| services.maubot.settings.homeservers.<name>.url | Client-server API URL
|
| systemd.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.buildkite-agents | Attribute set of buildkite agents
|
| services.easytier.instances.<name>.settings.dhcp | Automatically determine the IPv4 address of this peer based on
existing peers on network.
|
| services.maddy.hostname | Hostname to use
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.peertube.settings.video_transcription.engine_path | Custom engine path for local transcription.
|
| services.gitea.settings.server.STATIC_ROOT_PATH | Upper level of template and static files path.
|
| services.calibre-web.options.calibreLibrary | Path to Calibre library.
|
| services.jigasi.componentPasswordFile | Path to file containing component secret.
|
| services.draupnir.settings.dataPath | The path Draupnir will store its state/data in.
This option is read-only.
If you want to customize where this data is stored, use a bind mount.
|
| documentation.enable | Whether to install documentation of packages from
environment.systemPackages into the generated system path
|
| services.davis.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.glance.settings | Configuration written to a yaml file that is read by glance
|
| services.jicofo.componentPasswordFile | Path to file containing component secret.
|
| services.slskd.nginx.sslCertificateKey | Path to server SSL certificate key.
|