| virtualisation.oci-containers.containers.<name>.hostname | The hostname of the container.
|
| services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| services.peertube-runner.instancesToRegister.<name>.runnerDescription | Runner description declared to the PeerTube instance.
|
| users.extraUsers.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| services.tsmBackup.servername | Create a systemd system service
tsm-backup.service that starts
a backup based on the given servername's stanza
|
| services.jicofo.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| services.strongswan-swanctl.swanctl.connections.<name>.version | IKE major version to use for connection.
- 1 uses IKEv1 aka ISAKMP,
- 2 uses IKEv2.
- A connection using the default of 0 accepts both IKEv1 and IKEv2 as
responder, and initiates the connection actively with IKEv2
|
| services.resilio.deviceName | Name of the Resilio Sync device.
|
| services.lasuite-meet.domain | Domain name of the meet instance.
|
| services.lasuite-docs.domain | Domain name of the docs instance.
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| networking.vswitches | This option allows you to define Open vSwitches that connect
physical networks together
|
| virtualisation.fileSystems.<name>.fsType | Type of the file system
|
| services.discourse.database.username | Discourse database user.
|
| services.nixops-dns.enable | Whether to enable the nixops-dns resolution
of NixOps virtual machines via dnsmasq and fake domain name.
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| networking.wg-quick.interfaces.<name>.configFile | wg-quick .conf file, describing the interface
|
| networking.wireguard.interfaces.<name>.metric | Set the metric of routes related to this Wireguard interface.
|
| services.authelia.instances.<name>.environmentVariables | Additional environment variables to provide to authelia
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| services.jigasi.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries | SQL queries to run.
|
| services.saunafs.masterHost | IP or hostname name of master host.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.icingaweb2.modules.monitoring.transports.<name>.instance | Assign a icinga instance to this transport
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.interfaces.<name>.ipv4.routes.*.type | Type of the route
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote | Section for a remote authentication round
|
| services.agorakit.mail.fromName | Mail "from" name.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serverport | imap port number (at the moment only tls connection is supported)
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.dolibarr.domain | Domain name of your server.
|
| virtualisation.oci-containers.containers.<name>.login.username | Username for login.
|
| services.mongodb.replSetName | If this instance is part of a replica set, set its name here
|
| services.freshrss.pool | Name of the php-fpm pool to use and setup
|
| services.rshim.backend | Specify the backend to attach
|
| services.jupyter.group | Name of the group used to run the jupyter service
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveConnections | Maximum number of idle keepalive connections between Tunnel and your origin
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| programs.nix-required-mounts.allowedPatterns.<name>.onFeatures | Which requiredSystemFeatures should trigger relaxation of the sandbox
|
| networking.wireless.networks.<name>.authProtocols | The list of authentication protocols accepted by this network
|
| services.moosefs.masterHost | IP or DNS name of the MooseFS master server.
|
| services.kubernetes.kubelet.hostname | Kubernetes kubelet hostname override.
|
| services.prometheus.remoteWrite.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.znc.confOptions.userName | The user name used to log in to the ZNC web admin interface.
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|
| services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| networking.interfaces.<name>.ipv4.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (24).
|
| networking.interfaces.<name>.ipv6.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (64).
|
| containers.<name>.forwardPorts.*.containerPort | Target port of container
|
| services.mjpg-streamer.group | mjpg-streamer group name.
|
| services.ceph.global.clusterName | Name of cluster
|
| services.nginx.resolver | Configures name servers used to resolve names of upstream servers into addresses
|
| boot.binfmt.registrations.<name>.magicOrExtension | The magic number or extension to match on.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| services.samba.nmbd.enable | Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
service requests
|
| networking.vswitches.<name>.controllers | Specify the controller targets
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| boot.binfmt.registrations.<name>.preserveArgvZero | Whether to pass the original argv[0] to the interpreter
|
| services.jupyter.user | Name of the user used to run the jupyter service
|
| services.ghostunnel.servers.<name>.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.gammu-smsd.backend.sql.user | User name used for connection to the database
|
| services.openafsClient.cellName | Cell name.
|
| services.matrix-synapse.workers.<name>.worker_listeners | List of ports that this worker should listen on, their purpose and their configuration.
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| services.varnish.listen.*.user | User name who owns the socket file.
|
| services.rke2.autoDeployCharts | Auto deploying Helm charts that are installed by the rke2 Helm controller
|
| services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation | Whether this connection is a mediation connection, that is, whether this
connection is used to mediate other connections using the IKEv2 Mediation
Extension
|
| services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| virtualisation.oci-containers.containers.<name>.serviceName | Systemd service name that manages the container
|
| hardware.nvidia-container-toolkit.device-name-strategy | Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
|
| services.dawarich.user | User under which dawarich runs
|
| networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| services.easytier.instances.<name>.settings.network_secret | EasyTier network credential used for verification and
encryption
|
| services.keycloak.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| services.baikal.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.bitlbee.hostName | Normally, BitlBee gets a hostname using getsockname()
|
| services.kerberos_server.settings.realms.<name>.acl.*.principal | Which principal the rule applies to
|
| networking.wireguard.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer
|
| services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| programs.schroot.profiles.<name>.nssdatabases | System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
|
| services.pretalx.nginx.domain | The domain name under which to set up the virtual host.
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| virtualisation.fileSystems.<name>.label | Label of the device
|
| virtualisation.interfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| services.powerdns.enable | Whether to enable PowerDNS domain name server.
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.type | The type of the listener, usually http.
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|