| services.matrix-synapse.workers.<name>.worker_listeners.*.path | Unix domain socket path to bind this listener to.
|
| systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| networking.openconnect.interfaces.<name>.user | Username to authenticate with.
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| services.tomcat.virtualHosts | List consisting of a virtual host name and a list of web applications to deploy on each virtual host
|
| services.outline.storage.region | AWS S3 region name.
|
| security.dhparams.params | Diffie-Hellman parameters to generate
|
| services.tlsrpt.reportd.settings.organization_name | Name of the organization sending out the reports.
|
| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| services.strongswan-swanctl.swanctl.connections.<name>.keyingtries | Number of retransmission sequences to perform during initial
connect
|
| services.athens.index.mysql.database | Database name for the MySQL database.
|
| services.factorio.saveName | The name of the savegame that will be used by the server
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| networking.wireguard.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer
|
| services.avahi.nssmdns4 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| services.pangolin.baseDomain | Your base fully qualified domain name (without any subdomains).
|
| services.vault.storageBackend | The name of the type of storage backend
|
| services.xserver.videoDriver | The name of the video driver for your graphics card
|
| networking.ipips.<name>.encapsulation.limit | For an IPv6-based tunnel, the maximum number of nested
encapsulation to allow. 0 means no nesting, "none" unlimited.
|
| services.firezone.server.provision.accounts.<name>.features.flow_activities | Whether to enable the flow_activities feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.traffic_filters | Whether to enable the traffic_filters feature for this account.
|
| services.ncps.cache.lru.scheduleTimeZone | The name of the timezone to use for the cron schedule
|
| services.synergy.client.screenName | Use the given name instead of the hostname to identify
ourselves to the server.
|
| services.httpd.extraModules | Additional Apache modules to be used
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| systemd.network.networks.<name>.hierarchyTokenBucketClassConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucketClass] section of the unit
|
| services.postgresql.ensureUsers.*.ensureClauses.login | Grants the user, created by the ensureUser attr, login permissions
|
| services.nextcloud.config.objectstore.s3.hostname | Required for some non-Amazon implementations.
|
| services.discourse.admin.fullName | The admin user's full name.
|
| services.consul.interface.bind | The name of the interface to pull the bind_addr from.
|
| services.factorio.stateDirName | Name of the directory under /var/lib holding the server's data
|
| services.borgmatic.configurations.<name>.repositories.*.path | Path to the repository
|
| services.zabbixWeb.nginx.virtualHost | Nginx configuration can be done by adapting services.nginx.virtualHosts.<name>
|
| services.zabbixWeb.httpd.virtualHost | Apache configuration can be done by adapting services.httpd.virtualHosts.<name>
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| networking.interfaces.<name>.ipv4.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (24).
|
| networking.interfaces.<name>.ipv6.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (64).
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.nix-serve.secretKeyFile | The path to the file used for signing derivation data
|
| services.xserver.displayManager.lightdm.greeter.package | The LightDM greeter to login via
|
| services.synergy.server.screenName | Use the given name instead of the hostname to identify
this screen in the configuration.
|
| services.influxdb2.provision.initialSetup.username | Primary username
|
| networking.vswitches.<name>.controllers | Specify the controller targets
|
| services.prometheus.exporters.pihole.piholeHostname | Hostname or address where to find the Pi-Hole webinterface
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.shairport-sync.user | User account name under which to run shairport-sync
|
| services.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.heisenbridge.namespaces | Configure the 'namespaces' section of the registration.yml for the bridge and the server
|
| services.unpoller.influxdb.db | Database name
|
| virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.slurm.dbdserver.dbdHost | Hostname of the machine where slurmdbd
is running (i.e. name returned by hostname -s).
|
| services.netbird.server.signal.domain | The domain name for the signal service.
|
| containers.<name>.macvlans | The list of host interfaces from which macvlans will be
created
|
| services.keyd.keyboards | Configuration for one or more device IDs
|
| users.mysql.pam.updateTable | The name of the table used for password alteration
|
| fileSystems.<name>.options | Options used to mount the file system
|
| fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| services.samba-wsdd.workgroup | Set workgroup name (default WORKGROUP).
|
| services.smokeping.linkStyle | DNS name for the urls generated in the cgi.
|
| virtualisation.fileSystems.<name>.label | Label of the device
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| networking.sits.<name>.encapsulation.sourcePort | Source port when using UDP encapsulation
|
| virtualisation.oci-containers.containers.<name>.serviceName | Systemd service name that manages the container
|
| networking.supplicant.<name>.userControlled.socketDir | Directory of sockets for controlling wpa_supplicant.
|
| services.paperless.passwordFile | A file containing the superuser password
|
| services.autorandr.matchEdid | Match displays based on edid instead of name
|
| services.prefect.databaseName | database name for postgres only
|
| services.corosync.clusterName | Name of the corosync cluster.
|
| services.jigasi.defaultJvbRoomName | Name of the default JVB room that will be joined if no special header is included in SIP invite.
|
| fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| services.k3s.charts | Packaged Helm charts that are linked to /var/lib/rancher/k3s/server/static/charts before k3s starts
|
| services.gitea.settings.server.DOMAIN | Domain name of your server.
|
| networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_addrs | Local address(es) to use for IKE communication
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| services.strongswan-swanctl.swanctl.connections.<name>.childless | Use childless IKE_SA initiation (allow, prefer, force or never)
|
| systemd.network.networks.<name>.deficitRoundRobinSchedulerConfig | Each attribute in this set specifies an option in the
[DeficitRoundRobinScheduler] section of the unit
|
| networking.wg-quick.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| hardware.fw-fanctrl.config.strategies.<name>.fanSpeedUpdateFrequency | How often the fan speed should be updated in seconds
|
| services.lasuite-docs.settings.DB_NAME | Name of the database
|
| services.lasuite-meet.settings.DB_NAME | Name of the database
|
| virtualisation.fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| virtualisation.interfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| virtualisation.oci-containers.containers.<name>.dependsOn | Define which other containers this one depends on
|
| containers.<name>.allowedDevices | A list of device nodes to which the containers has access to.
|
| services.xserver.displayManager.session | List of sessions supported with the command used to start each
session
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| services.mastodon.user | User under which mastodon runs
|