| environment.profileRelativeEnvVars | Attribute set of environment variable
|
| services.kanboard.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.dependency-track.ldap.bindPasswordFile | The path to a file containing the LDAP bind password.
|
| services.vsftpd.userDbPath | Only applies if enableVirtualUsers is true
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas | Enable per-CPU CHILD_SAs
|
| services.radicle.ci.adapters.native.instances.<name>.package | The radicle-native-ci package to use.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.armagetronad.servers.<name>.openFirewall | Set to true to open the configured UDP port for Armagetron Advanced.
|
| services.kmonad.keyboards.<name>.defcfg.fallthrough | Whether to enable re-emitting unhandled key events.
|
| networking.interfaces.<name>.ipv6.routes.*.options | Other route options
|
| networking.interfaces.<name>.ipv4.routes.*.options | Other route options
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.pantalaimon-headless.instances.<name>.ssl | Whether or not SSL verification should be enabled for outgoing
connections to the homeserver.
|
| systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| services.botamusique.settings.bot.username | Name the bot should appear with.
|
| services.k3s.autoDeployCharts.<name>.extraFieldDefinitions | Extra HelmChart field definitions that are merged with the rest of the HelmChart
custom resource
|
| services.simplesamlphp.<name>.configureNginx | Configure nginx as a reverse proxy for SimpleSAMLphp.
|
| services.authelia.instances.<name>.settings.server.address | The address to listen on.
|
| services.bookstack.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.namecoind.rpc.port | Port the RPC server will bind to.
|
| services.prometheus.exporters.mail.configuration.servers.*.name | Value for label 'configname' which will be added to all metrics.
|
| services.borgbackup.repos.<name>.authorizedKeys | Public SSH keys that are given full write access to this repository
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.id | IKE identity the IKE preshared secret belongs to
|
| services.hostapd.radios.<name>.wifi5.capabilities | VHT (Very High Throughput) capabilities given as a list of flags
|
| virtualisation.fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| services.postfix-tlspol.settings.server.address | Path or address/port where postfix-tlspol binds its socket to.
|
| services.thanos.sidecar.tracing.config | Tracing configuration
|
| services.movim.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.pufferpanel.extraPackages | Packages to add to the PATH environment variable
|
| services.slskd.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.thanos.receive.tracing.config | Tracing configuration
|
| services.pretalx.settings.filesystem.data | Base path for all other storage paths.
|
| services.thanos.compact.tracing.config | Tracing configuration
|
| services.mediawiki.extensions | Attribute set of paths whose content is copied to the extensions
subdirectory of the MediaWiki installation and enabled in configuration
|
| services.discourse.sslCertificateKey | The path to the server SSL certificate key
|
| services.davis.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| hardware.graphics.extraPackages | Additional packages to add to the default graphics driver lookup path
|
| virtualisation.diskImage | Path to the disk image containing the root filesystem
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| services.mpdscribble.endpoints.<name>.passwordFile | File containing the password, either as MD5SUM or cleartext.
|
| services.sabnzbd.settings.servers.<name>.connections | Number of parallel connections permitted by
the server.
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id | Identity the NTLM secret belongs to
|
| services.limesurvey.nginx.virtualHost.locations.<name>.index | Adds index directive.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.alias | Alias directory for requests.
|
| services.rke2.autoDeployCharts.<name>.extraFieldDefinitions | Extra HelmChart field definitions that are merged with the rest of the HelmChart
custom resource
|
| services.borgbackup.jobs.<name>.encryption.passCommand | A command which prints the passphrase to stdout
|
| services.angrr.settings.profile-policies.<name>.keep-current-system | Whether to keep the current system generation
|
| services.system76-scheduler.assignments.<name>.class | CPU scheduler class.
|
| services.printing.cups-pdf.instances.<name>.settings | Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package
|
| networking.ipips.<name>.encapsulation.limit | For an IPv6-based tunnel, the maximum number of nested
encapsulation to allow. 0 means no nesting, "none" unlimited.
|
| services.tor.relay.onionServices.<name>.authorizedClients | Authorized clients for a v3 onion service,
as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
See torrc manual.
|
| services.postgresqlWalReceiver.receivers.<name>.extraArgs | A list of extra arguments to pass to the pg_receivewal command.
|
| services.multipath.devices.*.hardware_handler | The hardware handler to use for this device type
|
| services.wstunnel.clients.<name>.tlsVerifyCertificate | Whether to verify the TLS certificate of the server
|
| services.wordpress.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| systemd.network.networks.<name>.hierarchyTokenBucketClassConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucketClass] section of the unit
|
| services.ytdl-sub.instances.<name>.subscriptions | Subscriptions for ytdl-sub
|
| services.snipe-it.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.prometheus.exporters.mqtt.mqttTopic | Topic path to subscribe to.
|
| services.step-ca.settings | Settings that go into ca.json
|
| services.sabnzbd.settings.misc.https_key | Path to the TLS key for the web UI
|
| services.limesurvey.httpd.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.anuko-time-tracker.nginx.sslCertificate | Path to server SSL certificate.
|
| services.apache-kafka.configFiles.log4jProperties | Kafka log4j property configuration file path
|
| services.bitmagnet.settings.postgres.host | Address, hostname or Unix socket path of the database server
|
| security.tpm2.tctiEnvironment.deviceConf | Configuration part of the device TCTI, e.g. the path to the TPM device
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.bind.enable | Whether to enable BIND domain name server.
|
| services.artalk.group | Artalk group name.
|
| services.zammad.group | Name of the Zammad group.
|
| services.factorio.loadLatestSave | Load the latest savegame on startup
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.system76-scheduler.assignments.<name>.ioClass | IO scheduler class.
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name | See this list
for the available filters.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_out | Netfilter mark applied to packets after the outbound IPsec SA processed
them
|
| services.gitlab.smtp.username | Username of the SMTP server for GitLab.
|
| services.limesurvey.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.limesurvey.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.armagetronad.servers.<name>.settings | Armagetron Advanced server rules configuration
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth | Authentication to expect from remote
|
| networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| services.limesurvey.nginx.virtualHost.locations.<name>.tryFiles | Adds try_files directive.
|
| services.pretalx.settings.filesystem.logs | Path to the log directory, that pretalx logs message to.
|
| services.radicle.httpd.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.limesurvey.httpd.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.misskey.reverseProxy.webserver.nginx.root | The path of the web root directory.
|
| services.gitlab.secrets.activeRecordSaltFile | A file containing the salt for active record encryption in the DB
|
| services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| services.xserver.windowManager.bspwm.sxhkd.configFile | Path to the sxhkd configuration file
|
| virtualisation.bootLoaderDevice | The path (inside th VM) to the device to boot from when legacy booting.
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| services.archisteamfarm.bots.<name>.settings | Additional settings that are documented here.
|
| virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.jibri.xmppEnvironments.<name>.control.login.domain | The domain part of the JID for this Jibri instance.
|
| services.fedimintd.<name>.nginx.config.listen.*.extraParameters | Extra parameters of this listen directive.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.mailaddress | Your email address (at the moment used as login name)
|