| services.limesurvey.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| image.repart.partitions.<name>.stripNixStorePrefix | Whether to strip /nix/store/ from the store paths
|
| networking.vswitches.<name>.openFlowVersion | Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with openFlowRules).
|
| services.armagetronad.servers.<name>.roundSettings | Armagetron Advanced server per-round configuration
|
| services.r53-ddns.domain | The name of your domain in Route53
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| services.taskserver.organisations.<name>.users | A list of user names that belong to the organization.
|
| services.timekpr.adminUsers | All listed users will become part of the timekpr group so they can manage timekpr settings without requiring sudo.
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| programs.tsmClient.servers.<name>.genPasswd | Whether to enable automatic client password generation
|
| services.sanoid.datasets.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret | Value of decryption passphrase for PKCS#12 container.
|
| services.nezha-agent.settings.disable_command_execute | Disable executing the command from dashboard.
|
| boot.initrd.luks.devices.<name>.yubikey.storage.device | An unencrypted device that will temporarily be mounted in stage-1
|
| services.nextcloud.settings.mail_smtpstreamoptions | This depends on mail_smtpmode
|
| systemd.services.<name>.confinement.packages | Additional packages or strings with context to add to the closure of
the chroot
|
| services.deepin.dde-daemon.enable | Whether to enable daemon for handling the deepin session settings.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.root | Root directory for requests.
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret | Value of the EAP/XAuth secret
|
| services.dendrite.settings.federation_api.database.connection_string | Database for the Federation API.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets | Number of packets processed before initiating CHILD_SA rekeying
|
| services.cloudflared.tunnels.<name>.originRequest.httpHostHeader | Sets the HTTP Host header on requests sent to the local service.
|
| services.bookstack.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| systemd.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| services.veilid.settings.core.network.detect_address_changes | Should veilid-core detect and notify on network address changes?
|
| services.headscale.settings.tls_letsencrypt_listen | When HTTP-01 challenge is chosen, letsencrypt must set up a
verification endpoint, and it will be listening on:
:http = port 80.
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| programs.proxychains.proxies.<name>.enable | Whether to enable this proxy.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.cloudflared.tunnels.<name>.credentialsFile | Credential file
|
| security.wrappers.<name>.permissions | The permissions of the wrapper program
|
| services.dendrite.settings.app_service_api.database.connection_string | Database for the Appservice API.
|
| virtualisation.fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.bind.enable | Whether to enable BIND domain name server.
|
| services.sourcehut.settings."hg.sr.ht".clone_bundle_threshold | .hg/store size (in MB) past which the nightly job generates clone bundles.
|
| services.cloudflared.tunnels.<name>.originRequest.tlsTimeout | Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
|
| services.invoiceplane.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| boot.binfmt.registrations.<name>.offset | The byte offset of the magic number used for recognition.
|
| services.invoiceplane.sites.<name>.database.createLocally | Create the database and database user locally.
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| services.artalk.group | Artalk group name.
|
| services.zammad.group | Name of the Zammad group.
|
| services.tt-rss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.keepalived.vrrpInstances.<name>.unicastPeers | Do not send VRRP adverts over VRRP multicast group
|
| systemd.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.units.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| security.dhparams.params | Diffie-Hellman parameters to generate
|
| services.bcg.automaticRenameNodes | Automatically rename all nodes.
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediated_by | The name of the connection to mediate this connection through
|
| services.fedimintd.<name>.nginx.config.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.longview.apiKey | Longview API key
|
| services.strongswan-swanctl.swanctl.pools.<name>.addrs | Addresses allocated in pool
|
| services.limesurvey.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.keepalived.vrrpInstances.<name>.trackInterfaces | List of network interfaces to monitor for health tracking.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.index | Adds index directive.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.patroni.namespace | Path within the configuration store where Patroni will keep information about the cluster.
|
| services.coturn.realm | The default realm to be used for the users when no explicit
origin/realm relationship was found in the database, or if the TURN
server is not using any database (just the commands-line settings
and the userdb file)
|
| systemd.user.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.cloudflared.tunnels.<name>.originRequest.proxyPort | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.limesurvey.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.taskserver.organisations.<name>.groups | A list of group names that belong to the organization.
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret | Value of the PPK
|
| services.strongswan-swanctl.swanctl.secrets.private.<name>.secret | Value of decryption passphrase for private key.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names | List of resources to host on this listener.
|
| security.auditd.plugins.<name>.direction | The option is dictated by the plugin
|
| services.mediawiki.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.woodpecker-agents.agents.<name>.environmentFile | File to load environment variables
from
|
| services.sanoid.datasets.<name>.script_timeout | Time limit for pre/post/pruning script execution time (<=0 for infinite).
|
| services.dendrite.settings.client_api.registration_disabled | Whether to disable user registration to the server
without the shared secret.
|
| services.mailman.webSettings | Overrides for the default mailman-web Django settings.
|
| services.borgbackup.repos.<name>.authorizedKeysAppendOnly | Public SSH keys that can only be used to append new data (archives) to the repository
|
| services.jirafeau.nginxConfig.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.netbird.tunnels.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.netbird.clients.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| security.acme.certs.<name>.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| services.sftpgo.group | Group name under which SFTPGo runs.
|
| networking.wg-quick.interfaces.<name>.address | The IP addresses of the interface.
|
| services.system76-scheduler.assignments.<name>.matchers | Process matchers.
|
| services.kanidm.provision.systems.oauth2.<name>.removeOrphanedClaimMaps | Whether claim maps not specified here but present in kanidm should be removed from kanidm.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.longview.apiKeyFile | A file containing the Longview API key
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret | Value of the EAP/XAuth secret
|
| services.factorio.username | Your factorio.com login credentials
|
| security.agnos.settings.accounts.*.certificates.*.key_output_file | Output path for the certificate private key
|
| services.invoiceplane.sites.<name>.invoiceTemplates | List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| services.grav.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| services.factorio.loadLatestSave | Load the latest savegame on startup
|
| services.icingaweb2.libraryPaths | Libraries to add to the Icingaweb2 library path
|
| security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| services.postgresqlWalReceiver.receivers.<name>.directory | Directory to write the output to.
|
| services.cloudflared.tunnels.<name>.originRequest.originServerName | Hostname that cloudflared should expect from your origin server certificate.
|
| services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out | Whether to install outbound FWD IPsec policies or not
|