| services.i2pd.inTunnels.<name>.enable | Whether to enable ‹name›.
|
| services.kismet.group | The group to run Kismet as.
|
| environment.lxqt.excludePackages | Which LXQt packages to exclude from the default environment
|
| services.journald.remote.enable | Whether to enable receiving systemd journals from the network.
|
| services.deluge.group | Group under which deluge runs.
|
| services.hardware.lcd.server.usbVid | The vendor ID of the USB device to claim.
|
| hardware.spacenavd.enable | Whether to enable spacenavd to support 3DConnexion devices.
|
| networking.getaddrinfo.precedence | Similar to networking.getaddrinfo.label, but this option
defines entries for the precedence table instead
|
| networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| services.factorio.description | Description of the game that will appear in the listing.
|
| services.forgejo.user | User account under which Forgejo runs.
|
| services.dokuwiki.sites.<name>.acl.*.page | Page or namespace to restrict
|
| hardware.nvidia-container-toolkit.disable-hooks | List of hooks to disable when generating the CDI specification
|
| programs.steam.gamescopeSession.env | Environmental variables to be passed to GameScope for the session.
|
| services.kanboard.enable | Whether to enable Kanboard.
|
| services.aesmd.enable | Whether to enable Intel's Architectural Enclave Service Manager (AESM) for Intel SGX.
|
| services.freshrss.extensions | Additional extensions to be used.
|
| services.cryptpad.settings.websocketPort | Port for the websocket that needs to be separate
|
| services.kimai.sites.<name>.settings | Structural Kimai's local.yaml configuration
|
| services.duplicati.interface | Listening interface for the web UI
Set it to "any" to listen on all available interfaces
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| programs.gtklock.style | CSS Stylesheet for gtklock
|
| services.automatic-timezoned.package | The automatic-timezoned package to use.
|
| services.confd.enable | Whether to enable confd, a service to manage local application configuration files using templates and data from etcd/consul/redis/zookeeper.
|
| hardware.nvidia.prime.reverseSync.setupCommands.enable | Whether to enable configure the display manager to be able to use the outputs
attached to the NVIDIA GPU
|
| services.cryptpad.settings.logToStdout | Controls whether log output should go to stdout of the systemd service
|
| services.fediwall.nginx.locations.<name>.index | Adds index directive.
|
| services.firewalld.services.<name>.ports.*.port | |
| services.anubis.defaultOptions.policy.extraBots | Additional bot rules appended to the policy
|
| services.icingaweb2.modules.migrate.enable | Whether to enable the icingaweb2 migrate module.
|
| services.librenms.nginx.serverName | Name of this virtual host
|
| services.dspam.storageDriver | Storage driver backend to use for dspam.
|
| programs.streamcontroller.enable | Whether to enable StreamController.
|
| services.kerberos_server.enable | Whether to enable the kerberos authentication server.
|
| services.dawarich.smtp.fromAddress | "From" address used when sending emails to users.
|
| services.aria2.settings.conf-path | Configuration file path.
|
| services.displayManager.dms-greeter.compositor.customConfig | Custom compositor configuration to use for the greeter session
|
| security.pam.services.<name>.p11Auth | If set, keys listed in
~/.ssh/authorized_keys and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
|
| services.akkoma.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.bird-lg.proxy.traceroute.flags | Flags for traceroute process
|
| services.gammu-smsd.backend.sql.database | Database name to store sms data
|
| services.lifecycled.queueCleaner.frequency | How often to trigger the queue cleaner
|
| services.glitchtip.redis.createLocally | Whether to enable and configure a local Redis instance.
|
| hardware.alsa.plugins | List of ALSA plugins to be added to the search path.
|
| services.ddclient.configFile | Path to configuration file
|
| programs.firefox.preferences | Preferences to set from about:config
|
| security.acme.defaults.group | Group running the ACME client.
|
| services.freshrss.virtualHost | Name of the caddy/nginx virtualhost to use and setup.
|
| boot.loader.systemd-boot.extraInstallCommands | Additional shell commands inserted in the bootloader installer
script after generating menu entries
|
| services.hydra.dbi | The DBI string for Hydra database connection
|
| services.etcd.initialAdvertisePeerUrls | Etcd list of this member's peer URLs to advertise to rest of the cluster.
|
| services.fluidd.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.flannel.iface | Interface to use (IP or name) for inter-host communication
|
| boot.loader.external.installHook | The full path to a program of your choosing which performs the bootloader installation process
|
| services.gitlab-runner.services.<name>.dockerPullPolicy | Default pull-policy for Docker images
|
| services.kapacitor.enable | Whether to enable kapacitor.
|
| services.gammu-smsd.backend.files.inboxPath | Where the received SMSes are stored
|
| services.eintopf.settings | Settings to configure web service
|
| services.journaldriver.logStream | Configures the name of the Stackdriver Logging log stream into
which to write journald entries
|
| services.agorakit.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.beszel.agent.smartmon.deviceAllow | List of device paths to allow access to for SMART monitoring
|
| services.kapacitor.alerta.environment | Default Alerta environment
|
| programs.chrysalis.package | The Chrysalis package to use.
|
| services.cloudflared.tunnels.<name>.originRequest.noTLSVerify | Disables TLS verification of the certificate presented by your origin
|
| services.discourse.nginx.enable | Whether an nginx virtual host should be
set up to serve Discourse
|
| hardware.apple.touchBar.package | The tiny-dfr package to use.
|
| services.klipper.apiSocket | Path of the API socket to create.
|
| programs.regreet.cursorTheme.name | Name of the cursor theme to use for regreet.
|
| services.jenkins.group | If the default user "jenkins" is configured then this is the primary
group of that user.
|
| services.athens.storage.disk.rootPath | Athens disk root folder.
|
| services.journalwatch.priority | Lowest priority of message to be considered
|
| security.pam.services.<name>.limits.*.item | Item this limit applies to
|
| boot.kernel.sysctl."net.core.rmem_max" | The maximum receive socket buffer size in bytes
|
| services.kerberos_server.settings.include | Files to include in the Kerberos configuration.
|
| services.castopod.enable | Whether to enable Castopod, a hosting platform for podcasters.
|
| services.evremap.settings.remap.*.input | The key sequence that should be remapped
|
| services.code-server.enable | Whether to enable code-server.
|
| services.grafana-image-renderer.enable | Whether to enable grafana-image-renderer.
|
| services.httpd.configFile | Override the configuration file used by Apache
|
| programs.yubikey-manager.enable | Whether to enable yubikey-manager.
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.amule.settings.ExternalConnect.ECPassword | MD5 hash of the password, obtainaible with echo "<password>" | md5sum | cut -d ' ' -f 1
|
| networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| services.getty.loginProgram | Path to the login binary executed by agetty.
|
| programs.bandwhich.enable | Whether to add bandwhich to the global environment and configure a
setcap wrapper for it.
|
| services.bind.ipv4Only | Only use ipv4, even if the host supports ipv6.
|
| services.desktopManager.gnome.flashback.customSessions.*.wmLabel | The name of the window manager to show in the session chooser.
|
| services.bind.listenOnIpv6Port | Ipv6 port to listen on.
|
| services.esphome.enableUnixSocket | Listen on a unix socket /run/esphome/esphome.sock instead of the TCP port.
|
| services.akkoma.config.":pleroma".":instance".upload_dir | Directory where Akkoma will put uploaded files.
|
| services.fediwall.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| boot.iscsi-initiator.discoverPortal | iSCSI portal to boot from.
|
| security.acme.defaults.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| services.corosync.package | The corosync package to use.
|
| services.discourse.siteSettings | Discourse site settings
|
| services.felix.enable | Whether to enable the Apache Felix OSGi service.
|
| services.forgejo.database.port | Database host port.
|
| services.dependency-track.oidc.teamSynchronization | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| services.gitea-actions-runner.instances.<name>.name | The name identifying the runner instance towards the Gitea/Forgejo instance.
|
| services.envfs.extraFallbackPathCommands | Extra commands to run in the package that contains fallback executables in case not other executable is found
|