| services.ncps.cache.lru.scheduleTimeZone | The name of the timezone to use for the cron schedule
|
| users.mysql.pam.logging.table | The name of the table to which logs are written.
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| services.cloudlog.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.airsonic.virtualHost | Name of the nginx virtualhost to use and setup
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| services.cloudlog.database.user | MySQL user name.
|
| services.netbird.server.signal.domain | The domain name for the signal service.
|
| virtualisation.fileSystems.<name>.options | Options used to mount the file system
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.guacamole-server.host | The host name or IP address the server should listen to.
|
| services.firezone.server.provision.accounts.<name>.features.self_hosted_relays | Whether to enable the self_hosted_relays feature for this account.
|
| services.youtrack.virtualHost | Name of the nginx virtual host to use and setup
|
| services.misskey.reverseProxy.host | The fully qualified domain name to bind to
|
| services.wiki-js.stateDirectoryName | Name of the directory in /var/lib.
|
| boot.binfmt.registrations.<name>.matchCredentials | Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit)
|
| virtualisation.fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| networking.wireguard.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.k3s.charts | Packaged Helm charts that are linked to /var/lib/rancher/k3s/server/static/charts before k3s starts
|
| services.sanoid.datasets.<name>.process_children_only | Whether to only snapshot child datasets if recursing.
|
| services.gitea.settings.server.DOMAIN | Domain name of your server.
|
| services.hatsu.settings.HATSU_DOMAIN | The domain name of your instance (eg 'hatsu.local').
|
| boot.loader.systemd-boot.extraEntries | Any additional entries you want added to the systemd-boot menu
|
| users.mysql.pam.updateTable | The name of the table used for password alteration
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| services.coder.database.database | Name of database.
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.pds.settings.PDS_HOSTNAME | Instance hostname (base domain name)
|
| services.restic.server.privateRepos | Enable private repos
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.stargazer.routes.*.route | Route section name
|
| services.gammu-smsd.backend.sql.database | Database name to store sms data
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.bind_addresses | IP addresses to bind the listener to.
|
| services.mobilizon.settings.":mobilizon".":instance".hostname | Your instance's hostname
|
| systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| services.bacula-sd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.minetest-server.world | Name of the world to use
|
| services.caddy.adapter | Name of the config adapter to use
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_email_domains | List of email domains to allow access to this vhost, or null to allow all.
|
| services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| services.knot-resolver.enable | Whether to enable knot-resolver (version 6) domain name server
|
| services.slurm.controlMachine | The short hostname of the machine where SLURM control functions are
executed (i.e. the name returned by the command "hostname -s", use "tux001"
rather than "tux001.my.com").
|
| services.portunus.ldap.searchUserName | The login name of the search user
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| services.bacula-dir.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.victoriametrics.basicAuthUsername | Basic Auth username used to protect VictoriaMetrics instance by authorization
|
| services.httpd.customLogFormat | Defines a custom Apache HTTPD access log format string
|
| services.samba.winbindd.enable | Whether to enable Samba's winbindd, which provides a number of services
to the Name Service Switch capability found in most modern C libraries,
to arbitrary applications via PAM and ntlm_auth and to Samba itself.
|
| services.keycloak.settings.hostname-backchannel-dynamic | Enables dynamic resolving of backchannel URLs,
including hostname, scheme, port and context path
|
| services.tailscale.derper.domain | Domain name under which the derper server is reachable.
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| containers.<name>.allowedDevices.*.modifier | Device node access modifier
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.writefreely.host | The public host name to serve.
|
| services.athens.storage.mongo.defaultDBName | Name of the mongo database.
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| services.tailscale.authKeyFile | A file containing the auth key
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| networking.wireguard.interfaces.<name>.socketNamespace | The pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the
interface is moved via interfaceNamespace
|
| services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.multipath.devices.*.prio | The name of the path priority routine
|
| services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| services.nominatim.enable | Whether to enable nominatim
|
| services.slskd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.movim.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.davis.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.cadvisor.storageDriverDb | Cadvisord storage driver database name.
|
| services.xserver.xrandrHeads.*.output | The output name of the monitor, as shown by
xrandr(1) invoked without arguments.
|
| services.acme-dns.settings.general.domain | Domain name to serve the requests off of.
|
| services.unpoller.unifi.defaults.user | Unifi service user name.
|
| virtualisation.oci-containers.containers.<name>.cmd | Commandline arguments to pass to the image's entrypoint.
|
| services.vault-agent.instances | Attribute set of vault-agent instances
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.gancio.settings.db.database | Name of the PostgreSQL database
|
| services.radicle.httpd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.roundcube.enable | Whether to enable roundcube
|
| services.prometheus.exporters.nginxlog.settings.namespaces | Namespaces to collect the metrics for
|
| services.gitlab.registry.serviceName | GitLab container registry service name.
|
| services.snipe-it.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.multipath.pathGroups.*.alias | The name of the multipath device
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| services.thinkfan.fans.*.query | The query string used to match one or more fans: can be
a fullpath to the temperature file (single fan) or a fullpath
to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
|
| services.hickory-dns.settings.zones.*.zone | Zone name, like "example.com", "localhost", or "0.0.127.in-addr.arpa".
|
| virtualisation.credentials.<name>.mechanism | The mechanism used to pass the credential to the VM.
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| services.mainsail.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.pixelfed.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.dolibarr.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fediwall.nginx.http3 | Whether to enable the HTTP/3 protocol
|