| virtualisation.interfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| networking.ipips.<name>.encapsulation.limit | For an IPv6-based tunnel, the maximum number of nested
encapsulation to allow. 0 means no nesting, "none" unlimited.
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| virtualisation.fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| systemd.network.networks.<name>.hierarchyTokenBucketClassConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucketClass] section of the unit
|
| services.nextcloud.config.objectstore.s3.hostname | Required for some non-Amazon implementations.
|
| services.avahi.publish.domain | Whether to announce the locally used domain name for browsing by other hosts.
|
| services.sanoid.datasets.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| virtualisation.oci-containers.containers.<name>.serviceName | Systemd service name that manages the container
|
| containers.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| services.gnome.at-spi2-core.enable | Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform
|
| services.wakapi.database.user | The name of the user to use for Wakapi.
|
| services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| networking.wireguard.interfaces.<name>.fwMark | Mark all wireguard packets originating from
this interface with the given firewall mark
|
| services.openafsServer.cellName | Cell name, this server will serve.
|
| services.misskey.settings.db.db | The database name.
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.prometheus.exporters.pihole.piholeHostname | Hostname or address where to find the Pi-Hole webinterface
|
| services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| virtualisation.allInterfaces.<name>.vlan | VLAN to which the network interface is connected.
|
| virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base | Defines the base URI for the Hash and URL feature supported by
IKEv2
|
| services.smokeping.owner | Real name of the owner of the instance
|
| services.cachix-watch-store.cacheName | Cachix binary cache name
|
| services.weechat.sessionName | Name of the screen session for weechat.
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.gitlab.registry.host | GitLab container registry host name.
|
| services.ncps.cache.storage.s3.bucket | The name of the S3 bucket.
|
| services.varnish.listen.*.group | Group name who owns the socket file.
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| virtualisation.fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| services.gitlab.databaseName | GitLab database name.
|
| networking.interfaces.<name>.ipv6.routes.*.options | Other route options
|
| networking.interfaces.<name>.ipv4.routes.*.options | Other route options
|
| services.bird-lg.frontend.domain | Server name domain suffixes.
|
| networking.sits.<name>.encapsulation.sourcePort | Source port when using UDP encapsulation
|
| virtualisation.oci-containers.containers.<name>.dependsOn | Define which other containers this one depends on
|
| services.misskey.reverseProxy.webserver.nginx.serverName | Name of this virtual host
|
| services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.rss-bridge.virtualHost | Name of the nginx or caddy virtualhost to use and setup
|
| services.netatalk.extmap | File name extension mappings
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| networking.supplicant.<name>.userControlled.socketDir | Directory of sockets for controlling wpa_supplicant.
|
| services.thanos.rule.alert.label-drop | Labels by name to drop before sending to alertmanager
|
| networking.wireguard.interfaces.<name>.table | The kernel routing table to add this interface's
associated routes to
|
| services.netbird.enable | Enables backward-compatible NetBird client service
|
| services.alerta.databaseName | Name of the database instance to connect to
|
| networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| services.strongswan-swanctl.swanctl.pools | Section defining named pools
|
| services.sanoid.templates.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| services.smokeping.user | User that runs smokeping and (optionally) thttpd
|
| programs.foot.theme | Theme name
|
| virtualisation.fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| networking.vswitches.<name>.supportedOpenFlowVersions | Supported versions to enable on this switch.
|
| networking.wg-quick.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| systemd.network.networks.<name>.deficitRoundRobinSchedulerConfig | Each attribute in this set specifies an option in the
[DeficitRoundRobinScheduler] section of the unit
|
| services.slskd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.movim.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.davis.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| security.dhparams.params | Diffie-Hellman parameters to generate
|
| services.smokeping.hostName | DNS name for the urls generated in the cgi.
|
| services.mqtt2influxdb.influxdb.username | Username for InfluxDB login.
|
| networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| services.bookstack.mail.fromName | Mail "from" name.
|
| services.prometheus.remoteRead.*.basic_auth.username | HTTP username
|
| services.ddclient.domains | Domain name(s) to synchronize.
|
| networking.wireguard.interfaces.<name>.extraOptions | Extra options to append to the interface section
|
| networking.wireless.networks.<name>.priority | By default, all networks will get same priority group (0)
|
| services.postgresql.ensureUsers.*.ensureClauses.login | Grants the user, created by the ensureUser attr, login permissions
|
| networking.wireguard.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| networking.openconnect.interfaces.<name>.autoStart | Whether this VPN connection should be started automatically.
|
| services.snipe-it.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| virtualisation.fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| services.athens.storage.s3.bucket | Bucket name for the S3 storage backend.
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| services.tomcat.virtualHosts | List consisting of a virtual host name and a list of web applications to deploy on each virtual host
|
| services.vault.storageBackend | The name of the type of storage backend
|
| users.mysql.database | The name of the database containing the users
|
| services.pangolin.baseDomain | Your base fully qualified domain name (without any subdomains).
|
| virtualisation.oci-containers.containers.<name>.imageFile | Path to an image file to load before running the image
|
| hardware.fw-fanctrl.config.strategies.<name>.fanSpeedUpdateFrequency | How often the fan speed should be updated in seconds
|
| boot.binfmt.registrations.<name>.recognitionType | Whether to recognize executables by magic number or extension.
|
| networking.interfaces.<name>.ipv6.addresses.*.address | IPv6 address of the interface
|
| networking.interfaces.<name>.ipv4.addresses.*.address | IPv4 address of the interface
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| systemd.network.networks.<name>.genericRandomEarlyDetectionConfig | Each attribute in this set specifies an option in the
[GenericRandomEarlyDetection] section of the unit
|
| services.bitwarden-directory-connector-cli.ldap.username | The user to authenticate as.
|
| services.prometheus.remoteWrite.*.basic_auth.username | HTTP username
|
| programs.zsh.ohMyZsh.theme | Name of the theme to be used by oh-my-zsh.
|
| services.prometheus.exporters.py-air-control.deviceHostname | The hostname of the air purification device from which to scrape the metrics.
|
| services.xserver.videoDriver | The name of the video driver for your graphics card
|
| services.bitwarden-directory-connector-cli.ldap.hostname | The host the LDAP is accessible on.
|
| networking.wireguard.interfaces.<name>.allowedIPsAsRoutes | Determines whether to add allowed IPs as routes or not.
|
| services.factorio.saveName | The name of the savegame that will be used by the server
|