| systemd.network.netdevs.<name>.wireguardPeers | Each item in this array specifies an option in the
[WireGuardPeer] section of the unit
|
| systemd.network.networks.<name>.dhcpServerStaticLeases | A list of DHCPServerStaticLease sections to be added to the unit
|
| services.vikunja.database.database | Database name.
|
| programs.ssh.knownHosts | The set of system-wide known SSH hosts
|
| systemd.user.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| services.sanoid.datasets.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| networking.vlans | This option allows you to define vlan devices that tag packets
on top of a physical interface
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.cntlm.netbios_hostname | The hostname of your machine.
|
| services.radicle.httpd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.cassandra.clusterName | The name of the cluster
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve | How should the speed curve look like
|
| systemd.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| networking.bridges.<name>.interfaces | The physical network interfaces connected by the bridge.
|
| networking.wg-quick.interfaces.<name>.mtu | If not specified, the MTU is automatically determined
from the endpoint addresses or the system default route, which is usually
a sane choice
|
| services.victoriatraces.basicAuthUsername | Basic Auth username used to protect VictoriaTraces instance by authorization
|
| services.canaille.settings.SERVER_NAME | The domain name on which canaille will be served.
|
| networking.wg-quick.interfaces.<name>.address | The IP addresses of the interface.
|
| systemd.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.lavalink.plugins.*.configName | The name of the plugin to use as the key for the plugin configuration.
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| boot.binfmt.registrations.<name>.interpreter | The interpreter to invoke to run the program
|
| networking.domain | The system domain name
|
| systemd.user.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| services.libeufin.nexus.settings.nexus-ebics.HOST_ID | Name of the EBICS host.
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| services.datadog-agent.checks | Configuration for all Datadog checks
|
| programs.tsmClient.servers.<name>.passworddir | Directory that holds the TSM
node's password information.
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.cloudflare-ddns.wafLists | List of WAF IP Lists to manage, in the format account-id/list-name.
(Experimental feature as of cloudflare-ddns 1.14.0).
|
| services.firezone.server.provision.accounts.<name>.features.internet_resource | Whether to enable the internet_resource feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.policy_conditions | Whether to enable the policy_conditions feature for this account.
|
| networking.interfaces.<name>.ipv6.routes | List of extra IPv6 static routes that will be assigned to the interface.
|
| services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.sanoid.templates.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| networking.wireless.networks.<name>.psk | The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw with an external
reference to keep it safe.
Mutually exclusive with pskRaw.
|
| services.libreswan.policies | A set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| systemd.user.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| networking.interfaces.<name>.ipv6.routes.*.via | IPv6 address of the next hop.
|
| networking.interfaces.<name>.ipv4.routes.*.via | IPv4 address of the next hop.
|
| services.grafana.settings.server.domain | The public facing domain name used to access grafana from a browser
|
| services.dependency-track.nginx.domain | The domain name under which to set up the virtual host.
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer | Identity under which the peer is registered at the mediation server, that
is, the IKE identity the other end of this connection uses as its local
identity on its connection to the mediation server
|
| containers.<name>.privateNetwork | Whether to give the container its own private virtual
Ethernet interface
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.printing.cups-pdf.instances | Permits to raise one or more cups-pdf instances
|
| networking.bonds | This option allows you to define bond devices that aggregate multiple,
underlying networking interfaces together
|
| virtualisation.kvmgt.vgpus.<name>.uuid | UUID(s) of VGPU device
|
| networking.wireless.networks.<name>.ssid | You could use this field to override the network's ssid
|
| networking.vswitches.<name>.openFlowVersion | Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with openFlowRules).
|
| services.pgbackrest.repos | An attribute set of repositories as described in:
https://pgbackrest.org/configuration.html#section-repository
Each repository defaults to set repo-host to the attribute's name
|
| services.rosenpass.defaultDevice | Name of the network interface to use for all peers by default.
|
| programs.uwsm.waylandCompositors.<name>.extraArgs | Extra command-line arguments pass to to the compsitor.
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.username | HTTP username
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| services.pixelfed.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.mainsail.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.librenms.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.kanboard.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.agorakit.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.dolibarr.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.fediwall.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| containers.<name>.extraFlags | Extra flags passed to the systemd-nspawn command
|
| services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| virtualisation.fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| systemd.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| security.wrappers.<name>.permissions | The permissions of the wrapper program
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| services.authelia.instances.<name>.settings.default_2fa_method | Default 2FA method for new users and fallback for preferred but disabled methods.
|
| services.strongswan-swanctl.swanctl.connections.<name>.fragmentation | Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation)
|
| services.lldap.environment | Environment variables passed to the service
|
| systemd.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.shutdownRamfs.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.umami.settings.TRACKER_SCRIPT_NAME | Allows you to assign a custom name to the tracker script different from the default script.js.
|
| services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve.*.temp | Temperature in °C at which the fan speed should be changed
|
| services.munin-node.extraPlugins | Additional Munin plugins to activate
|
| containers.<name>.enableTun | Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN capability and
enabling access to /dev/net/tun.
|
| services.subsonic.listenAddress | The host name or IP address on which to bind Subsonic
|
| services.prometheus.exporters.nginxlog.settings.namespaces | Namespaces to collect the metrics for
|
| services.radicle.httpd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.thinkfan.sensors.*.query | The query string used to match one or more sensors: can be
a fullpath to the temperature file (single sensor) or a fullpath
to a driver directory (multiple sensors).
When multiple sensors match, the query can be restricted using the
name or indices options.
|
| containers.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.username | username is required if using Identity V2 API
|