| services.i2pd.proto.socksProxy.outbound.quantity | Number of simultaneous socksproxy tunnels.
|
| programs.ssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.documize.key | The key.pem file used for https.
|
| services.journald.gateway.port | The port to listen to.
|
| services.https-dns-proxy.port | The port on which to listen
|
| services.amule.openExternalConnectPort | Whether to enable open the external connect port.
|
| services.hbase-standalone.logDir | Specifies the location of HBase log files.
|
| networking.firewall.logRefusedUnicastsOnly | If networking.firewall.logRefusedPackets
and this option are enabled, then only log packets
specifically directed at this machine, i.e., not broadcasts
or multicasts.
|
| programs.idescriptor.package | The idescriptor package to use.
|
| security.acme.defaults.renewInterval | Systemd calendar expression when to check for renewal
|
| services.firewalld.settings.CleanupOnExit | Whether to clean up firewall rules when firewalld stops.
|
| services.kimai.sites | Specification of one or more Kimai sites to serve
|
| networking.wireguard.interfaces.<name>.ips | The IP addresses of the interface.
|
| services.canaille.ldapBindPasswordFile | File containing the LDAP bind password.
|
| services.freefall.enable | Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
|
| services.dependency-track.package | The dependency-track package to use.
|
| services.grav.systemSettings | Settings written to user/config/system.yaml.
|
| services.icecast.listen.address | Address Icecast will listen on.
|
| hardware.cpu.amd.ryzen-smu.enable | Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors
|
| networking.firewall.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| services.legit.settings.meta.description | Website description.
|
| security.apparmor.includes | List of paths to be added to AppArmor's searched paths
when resolving include directives.
|
| services.clamav.fangfrisch.settings | fangfrisch configuration
|
| hardware.logitech.wireless.enable | Whether to enable support for Logitech Wireless Devices.
|
| services.gancio.nginx.extraConfig | These lines go to the end of the vhost verbatim.
|
| programs.nm-applet.enable | Whether to enable nm-applet, a NetworkManager control applet for GNOME.
|
| services.borgbackup.jobs.<name>.encryption.passCommand | A command which prints the passphrase to stdout
|
| programs.singularity.package | The singularity package to use.
|
| services.acpid.handlers | Event handlers.
Handler can be a single command.
|
| services.kanboard.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| boot.kernel.randstructSeed | Provides a custom seed for the RANDSTRUCT security
option of the Linux kernel
|
| services.jenkins.environment | Additional environment variables to be passed to the jenkins process
|
| boot.specialFileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.heartbeat.tags | Tags to place on the shipped log messages
|
| services.botamusique.package | The botamusique package to use.
|
| services.i2pd.inTunnels.<name>.keys | Keyset used for tunnel identity.
|
| services.firewalld.services.<name>.description | Description for the service.
|
| services.cgminer.hardware | List of config options for every GPU
|
| networking.ipips.<name>.encapsulation.type | Select the encapsulation type:
-
ipip to create an IPv4 within IPv4 tunnel (RFC 2003).
-
4in6 to create a 4in6 tunnel (RFC 2473);
-
ip6ip6 to create an IPv6 within IPv6 tunnel (RFC 2473);
For encapsulating IPv6 within IPv4 packets, see
the ad-hoc networking.sits option.
|
| services.dokuwiki.sites.<name>.pluginsConfig | List of the dokuwiki (un)loaded plugins.
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| services.fcgiwrap.instances.<name>.process.prefork | Number of processes to prefork.
|
| services.flarum.group | System group to run Flarum
|
| services.librenms.settings | Attrset of the LibreNMS configuration
|
| security.ipa.chromiumSupport | Whether to whitelist the FreeIPA domain in Chromium.
|
| services.automx2.package | The automx2 package to use.
|
| services.jibri.xmppEnvironments.<name>.control.login.domain | The domain part of the JID for this Jibri instance.
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.description | Optional description for the bucket.
|
| services.libeufin.nexus.settings.nexus-ebics.CLIENT_PRIVATE_KEYS_FILE | Filesystem location where Nexus should store the subscriber private keys.
|
| services.akkoma.config.":pleroma".":frontends" | Frontend configuration
|
| services.athens.storage.s3.region | Region of the S3 storage backend.
|
| services.factorio.package | The factorio-headless package to use.
|
| services.authelia.instances.<name>.name | Name is used as a suffix for the service name, user, and group
|
| networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| boot.iscsi-initiator.loginAll | Do not log into a specific target on the portal, but to all that we discover
|
| services.https-dns-proxy.extraArgs | Additional arguments to pass to the process.
|
| services.autosuspend.checks | Checks for activity
|
| environment.homeBinInPath | Include ~/bin/ in $PATH.
|
| services.collectd.package | The collectd package to use.
|
| boot.initrd.systemd.network.wait-online.anyInterface | Whether to consider the network online when any interface is online, as opposed to all of them
|
| services.displayManager.sddm.theme | Greeter theme to use.
|
| networking.nat.forwardPorts | List of forwarded ports from the external interface to
internal destinations by using DNAT
|
| services.ddclient.script | script as required by some providers.
|
| services.blocky.enable | Whether to enable blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features.
|
| programs.systemtap.enable | Install systemtap along with necessary kernel options.
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.dnsdist.extraConfig | Extra lines to be added verbatim to dnsdist.conf.
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.dovecot2.mailUser | Default user to store mail for virtual users.
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| services.cloudflare-dyndns.deleteMissing | Whether to delete the record when no IP address is found.
|
| services.jitsi-videobridge.nat.harvesterAddresses | Addresses of public STUN services to use to automatically find
the public and local addresses of this Jitsi-Videobridge instance
without the need for manual configuration
|
| appstream.enable | Whether to install files to support the
AppStream metadata specification.
|
| programs.foot.enableBashIntegration | Whether to enable foot bash integration.
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.displayManager.dms-greeter.quickshell.package | The Quickshell package to use for the greeter
|
| security.pam.services.<name>.ttyAudit.enablePattern | For each user matching one of comma-separated
glob patterns, enable TTY auditing
|
| services.hadoop.hbaseSiteDefault | Default options for hbase-site.xml
|
| services.foundationdb.group | Group account under which FoundationDB runs.
|
| programs.bash.undistractMe.playSound | Whether to enable notification sounds when long-running terminal commands complete.
|
| services.froide-govplan.dataDir | Directory to store the Froide-Govplan server data.
|
| services.alps.theme | The frontend's theme to use.
|
| programs.nexttrace.enable | Whether to enable Nexttrace to the global environment and configure a setcap wrapper for it.
|
| services.geth.<name>.websocket.address | Listen address of Go Ethereum WebSocket API.
|
| services.journald.upload.settings.Upload.TrustedCertificateFile | SSL CA certificate
|
| services.firezone.server.provision.accounts.<name>.actors | All actors (users) to provision
|
| services.librechat.env.PORT | The value that will be passed to the PORT environment variable, telling LibreChat what to listen on.
|
| programs.alvr.openFirewall | Whether to open the default ports in the firewall for the ALVR server.
|
| i18n.glibcLocales | Customized pkg.glibcLocales package
|
| services.gocd-agent.extraGroups | List of extra groups that the "gocd-agent" user should be a part of.
|
| networking.interfaces.<name>.virtualOwner | In case of a virtual device, the user who owns it.
null will not set owner, allowing access to any user.
|
| services.icecream.daemon.enable | Whether to enable Icecream Daemon.
|
| services.athens.pathPrefix | Sets basepath for all routes.
|
| image.repart.split | Enables generation of split artifacts from partitions
|
| services.apache-kafka.configFiles.log4jProperties | Kafka log4j property configuration file path
|
| services.go-autoconfig.settings | Configuration for go-autoconfig
|
| programs.uwsm.package | The uwsm package to use.
|
| services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|