| services.prometheus.remoteRead.*.basic_auth.username | HTTP username
|
| console.font | The font used for the virtual consoles
|
| services.minetest-server.world | Name of the world to use
|
| services.snipe-it.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.knot-resolver.enable | Whether to enable knot-resolver (version 6) domain name server
|
| services.slurm.controlMachine | The short hostname of the machine where SLURM control functions are
executed (i.e. the name returned by the command "hostname -s", use "tux001"
rather than "tux001.my.com").
|
| services.httpd.customLogFormat | Defines a custom Apache HTTPD access log format string
|
| services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| services.mainsail.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.pixelfed.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.dolibarr.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fediwall.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.librenms.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.kanboard.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.agorakit.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| networking.dhcpcd.setHostname | Whether to set the machine hostname based on the information
received from the DHCP server.
The hostname will be changed only if the current one is
the empty string, localhost or nixos
|
| services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| services.hickory-dns.settings.zones.*.zone | Zone name, like "example.com", "localhost", or "0.0.127.in-addr.arpa".
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| services.firezone.server.provision.accounts.<name>.features.internet_resource | Whether to enable the internet_resource feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.policy_conditions | Whether to enable the policy_conditions feature for this account.
|
| services.bitwarden-directory-connector-cli.ldap.username | The user to authenticate as.
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.prometheus.remoteWrite.*.basic_auth.username | HTTP username
|
| networking.wireguard.interfaces.<name>.socketNamespace | The pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the
interface is moved via interfaceNamespace
|
| services.sanoid.templates.<name>.pre_snapshot_script | Script to run before taking snapshot.
|
| services.tailscale.authKeyFile | A file containing the auth key
|
| services.forgejo.settings.server.DOMAIN | Domain name of your server.
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| services.slurm.dbdserver.storageUser | Database user name.
|
| services.rustus.storage.s3_region | S3 region name.
|
| services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| services.nominatim.enable | Whether to enable nominatim
|
| virtualisation.oci-containers.containers.<name>.cmd | Commandline arguments to pass to the image's entrypoint.
|
| services.multipath.devices.*.prio | The name of the path priority routine
|
| boot.iscsi-initiator.target | Name of the iSCSI target to boot from.
|
| services.samba.usershares.group | Name of the group members of which will be allowed to create usershares
|
| services.xserver.xrandrHeads.*.output | The output name of the monitor, as shown by
xrandr(1) invoked without arguments.
|
| services.vault-agent.instances | Attribute set of vault-agent instances
|
| services.cadvisor.storageDriverDb | Cadvisord storage driver database name.
|
| services.matrix-synapse.settings.listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.roundcube.enable | Whether to enable roundcube
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer | Identity under which the peer is registered at the mediation server, that
is, the IKE identity the other end of this connection uses as its local
identity on its connection to the mediation server
|
| services.monica.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.matomo.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.gancio.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.akkoma.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.fluidd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.thinkfan.fans.*.query | The query string used to match one or more fans: can be
a fullpath to the temperature file (single fan) or a fullpath
to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| services.authelia.instances.<name>.settings.default_2fa_method | Default 2FA method for new users and fallback for preferred but disabled methods.
|
| services.multipath.pathGroups.*.alias | The name of the multipath device
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.x_forwarded | Use the X-Forwarded-For (XFF) header as the client IP and not the
actual client IP.
|
| containers.<name>.forwardPorts.*.containerPort | Target port of container
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| services.nextcloud.autoUpdateApps.startAt | When to run the update
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.portunus.dex.oidcClients | List of OIDC clients
|
| services.slskd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.movim.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.davis.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.athens.index.postgres.database | Database name for the Postgres database.
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.ntopng.redis.createInstance | Local Redis instance name
|
| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.oncall.settings.db.conn.kwargs.database | Database name.
|
| services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| services.nextcloud.settings.mail_smtpname | This depends on mail_smtpauth
|
| virtualisation.oci-containers.containers.<name>.pull | Image pull policy for the container
|
| services.snipe-it.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.btrbk.extraPackages | Extra packages for btrbk, like compression utilities for stream_compress.
Note: This option will get deprecated in future releases
|
| services.vikunja.database.database | Database name.
|
| security.tpm2.fapi.profileName | Name of the default cryptographic profile chosen from the profile_dir directory.
|
| services.sanoid.datasets.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| services.zfs.autoSnapshot.flags | Flags to pass to the zfs-auto-snapshot command
|
| services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| virtualisation.credentials.<name>.mechanism | The mechanism used to pass the credential to the VM.
|
| services.strongswan-swanctl.swanctl.connections.<name>.fragmentation | Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation)
|
| services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| virtualisation.oci-containers.containers.<name>.labels | Labels to attach to the container at runtime.
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.zabbixWeb.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| services.prometheus.scrapeConfigs.*.basic_auth.username | HTTP username
|