| services.bcg.mqtt.username | MQTT server access username.
|
| services.simplesamlphp.<name>.localDomain | The domain serving your SimpleSAMLphp instance
|
| networking.interfaces.<name>.ipv6.addresses | List of IPv6 addresses that will be statically assigned to the interface.
|
| services.jitsi-videobridge.xmppConfigs.<name>.domain | Domain part of JID of the XMPP user, if it is different from hostName.
|
| services.angrr.settings.profile-policies.<name>.keep-latest-n | Keep the latest N GC roots in this profile.
|
| networking.interfaces.<name>.ipv4.addresses | List of IPv4 addresses that will be statically assigned to the interface.
|
| services.public-inbox.inboxes.<name>.watchheader | If specified, public-inbox-watch(1) will only process
mail containing a matching header.
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| services.nginx.virtualHosts.<name>.listen.*.extraParameters | Extra parameters of this listen directive.
|
| networking.wireguard.interfaces.<name>.type | The type of the interface
|
| services.fedimintd.<name>.nginx.config.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.multipath.devices.*.marginal_path_err_sample_time | One of the four parameters of supporting path check based on accounting IO error such as intermittent error
|
| fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformer | HE single user beamformer support
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformee | HE single user beamformee support
|
| services.plausible.mail.smtp.passwordFile | The path to the file with the password in case SMTP auth is enabled.
|
| services.pgadmin.emailServer.passwordFile | Password for SMTP email account
|
| services.prosody.uploadHttp.httpUploadPath | Directory where the uploaded files will be stored when the http_upload module is used
|
| networking.firewall.extraPackages | Additional packages to be included in the environment of the system
as well as the path of networking.firewall.extraCommands.
|
| services.grafana-to-ntfy.settings.ntfyBAuthPass | The path to the password for the specified ntfy-sh user
|
| services.firezone.gateway.tokenFile | A file containing the firezone gateway token
|
| services.uwsgi.instance | uWSGI configuration
|
| services.postsrsd.settings.chroot-dir | Path to chroot into at runtime as an additional layer of protection.
We confine the runtime environment through systemd hardening instead, so this option is read-only.
|
| services.xserver.windowManager.i3.configFile | Path to the i3 configuration file
|
| services.wyoming.satellite.sounds.done | Path to audio file in WAV format to play when voice command recording has ended.
|
| services.xserver.displayManager.xserverBin | Path to the X server used by display managers.
|
| networking.wireless.networks.<name>.auth | Use this option to configure advanced authentication methods
like EAP
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.fedimintd.<name>.consensus.finalityDelay | Consensus peg-in finality delay.
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.gitea.appName | Application name.
|
| services.bookstack.nginx.serverName | Name of this virtual host
|
| services.keepalived.vrrpInstances.<name>.virtualIps | Declarative vhost config
|
| networking.wireguard.interfaces.<name>.peers | Peers linked to the interface.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out | Netfilter mark and mask for output traffic
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.temp | Temperature in °C at which the fan speed should be changed
|
| services.kanidm.provision.systems.oauth2.<name>.scopeMaps | Maps kanidm groups to returned oauth scopes
|
| services.nebula.networks.<name>.lighthouse.dns.enable | Whether this lighthouse node should serve DNS.
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles | List of roles for this stream
|
| services.wordpress.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.passwordFile | The password for this entry, read from the given file when starting hostapd
|
| systemd.network.networks.<name>.networkEmulatorConfig | Each attribute in this set specifies an option in the
[NetworkEmulator] section of the unit
|
| services.wordpress.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| services.hostapd.radios.<name>.wifi7.singleUserBeamformer | EHT single user beamformer support
|
| services.hostapd.radios.<name>.wifi7.singleUserBeamformee | EHT single user beamformee support
|
| services.wordpress.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanidm.provision.systems.oauth2.<name>.originUrl | The redirect URL of the service
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.easytier.instances.<name>.settings.ipv4 | IPv4 cidr address of this peer in the virtual network
|
| networking.wg-quick.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| services.mastodon.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| services.dawarich.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dscp | Whether to copy the DSCP (Differentiated Services Field Codepoint)
header field to/from the outer IP header in tunnel mode
|
| services.maubot.settings.server.override_resource_path | Override path from where to load UI resources.
|
| services.printing.cups-pdf.instances.<name>.settings.Spool | spool directory
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.port | The port.
|
| services.xserver.xkb.extraLayouts.<name>.description | A short description of the layout.
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.host | The hostname.
|
| services.syncthing.settings.folders.<name>.enable | Whether to share this folder
|
| systemd.shutdownRamfs.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.matomo.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.thanos.rule.tracing.config | Tracing configuration
|
| services.matterbridge.configPath | The path to the matterbridge configuration file.
|
| services.monica.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.taskserver.pki.manual.ca.cert | Fully qualified path to the CA certificate.
Setting this option will prevent automatic CA creation and handling.
|
| services.peering-manager.peeringdbApiKeyFile | Path to a file containing the PeeringDB API key.
|
| hardware.nvidia-container-toolkit.csv-files | The path to the list of CSV files to use when generating the CDI specification in CSV mode.
|
| services.gancio.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.keycloak.database.host | Hostname of the database to connect to
|
| services.gitea.settings.mailer.SENDMAIL_PATH | Path to sendmail binary or script.
|
| services.foundationdb.pidfile | Path to pidfile for fdbmonitor.
|
| services.borgbackup.repos | Serve BorgBackup repositories to given public SSH keys,
restricting their access to the repository only
|
| services.ejabberd.imagemagick | Add ImageMagick to server's path; allows for image thumbnailing
|
| services.akkoma.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.fluidd.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.warpgate.settings.log.send_to | Path of UNIX socket of log forwarder
|
| virtualisation.xen.qemu.pidFile | Path to the QEMU PID file.
|
| services.wordpress.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.wordpress.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.blockbook-frontend.<name>.messageQueueBinding | Message Queue Binding address:port.
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.invoiceplane.sites.<name>.settings | Structural InvoicePlane configuration
|
| services.pixelfed.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.mainsail.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.librenms.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.fediwall.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|