lxc/incus
1
0
Fork 0
mirror of https://github.com/lxc/incus.git synced 2026-02-05 09:46:19 +01:00
Code Issues Releases Activity
Files
a6d836de678d67b1fd4d44539b1dc40590547959
incus/doc/config_options.txt
Stéphane Graber 80a5519509 doc: Update config 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
2026-02-04 16:42:36 +01:00

6982 lines
190 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// Code generated by generate-config from the incus project; DO NOT EDIT.
<!-- config group cluster-cluster start -->
```{config:option} scheduler.instance cluster-cluster
:defaultdesc: "`all`"
:shortdesc: "Controls how instances are scheduled to run on this member"
:type: "string"
Possible values are `all`, `manual`, and `group`. See
{ref}`clustering-instance-placement` for more information.
```
```{config:option} user.* cluster-cluster
:shortdesc: "Free form user key/value storage"
:type: "string"
User keys can be used in search.
```
<!-- config group cluster-cluster end -->
<!-- config group cluster_group-common start -->
```{config:option} instances.vm.cpu.ARCHITECTURE.baseline cluster_group-common
:shortdesc: "CPU base architecture name"
:type: "string"
The CPU base architecture name as can be found through `qemu -cpu ?`.
This can be a generic definition like `qemu64` or `kvm64`, or it can be a specific hardware architecture like `EPYC-v2`.
It's important to ensure that all servers in the group match that baseline.
```
```{config:option} instances.vm.cpu.ARCHITECTURE.flags cluster_group-common
:shortdesc: "CPU flags to add/remove to/from the baseline"
:type: "string"
A comma separated list of CPU flags to add on top of CPU baseline or a list of flags to remove from it.
To remove a flag, use `-flag`.
```
```{config:option} user.* cluster_group-common
:shortdesc: "Free form user key/value storage"
:type: "string"
User keys can be used in search.
```
<!-- config group cluster_group-common end -->
<!-- config group devices-disk start -->
```{config:option} attached devices-disk
:default: "`true`"
:required: "no"
:shortdesc: "Only for VMs: Whether the disk is attached or ejected"
:type: "bool"
```
```{config:option} boot.priority devices-disk
:required: "no"
:shortdesc: "Boot priority for VMs (higher value boots first)"
:type: "integer"
```
```{config:option} ceph.cluster_name devices-disk
:default: "`ceph`"
:required: "no"
:shortdesc: "The cluster name of the Ceph cluster (required for Ceph or CephFS sources)"
:type: "string"
```
```{config:option} ceph.user_name devices-disk
:default: "`admin`"
:required: "no"
:shortdesc: "The user name of the Ceph cluster (required for Ceph or CephFS sources)"
:type: "string"
```
```{config:option} initial.* devices-disk
:required: "no"
:shortdesc: "Initial volume configuration for instance root disk devices"
:type: "string"
```
```{config:option} io.bus devices-disk
:default: "`virtio-scsi` for block, `auto` for file system"
:required: "no"
:shortdesc: "Only for VMs: Override the bus for the device"
:type: "string"
This controls what bus a disk device should be attached to.
For block devices (disks), this is one of:
- `nvme`
- `virtio-blk`
- `virtio-scsi` (default)
- `usb`
For file systems (shared directories or custom volumes), this is one of:
- `9p`
- `auto` (default) (`virtiofs` if possible, else `9p`)
- `virtiofs`
`9p` doesn't support hotplugging and `virtiofs` doesn't support live migration. `auto` tries
to use `virtiofs` if possible (`migration.stateful` not set to `true` and host support for
`virtiofsd`) and falls back to `9p` otherwise.
```
```{config:option} io.cache devices-disk
:default: "`none`"
:required: "no"
:shortdesc: "Only for VMs: Override the caching mode for the device"
:type: "string"
This controls what bus a disk device should be attached to.
For block devices (disks), this is one of:
- `none` (default)
- `writeback`
- `unsafe`
For file systems (shared directories or custom volumes), this is one of:
- `none` (default)
- `metadata`
- `unsafe`
```
```{config:option} limits.max devices-disk
:required: "no"
:shortdesc: "I/O limit in byte/s or IOPS for both read and write (same as setting both `limits.read` and `limits.write`)"
:type: "string"
```
```{config:option} limits.read devices-disk
:required: "no"
:shortdesc: "I/O limit in byte/s (various suffixes supported, see {ref}`instances-limit-units`) or in IOPS (must be suffixed with `iops`) - see also {ref}`storage-configure-IO`"
:type: "string"
```
```{config:option} limits.write devices-disk
:required: "no"
:shortdesc: "I/O limit in byte/s (various suffixes supported, see {ref}`instances-limit-units`) or in IOPS (must be suffixed with `iops`) - see also {ref}`storage-configure-IO`"
:type: "string"
```
```{config:option} path devices-disk
:required: "yes"
:shortdesc: "Path inside the instance where the disk will be mounted (only for file system disk devices)"
:type: "string"
This controls which path inside the instance the disk should be mounted on.
With containers, this option supports mounting file system disk devices, and paths and single files within them.
With VMs, this option supports mounting file system disk devices and paths within them. Mounting single files is not supported.
```
```{config:option} pool devices-disk
:required: "no"
:shortdesc: "The storage pool to which the disk device belongs (only applicable for storage volumes managed by Incus)"
:type: "string"
```
```{config:option} propagation devices-disk
:required: "no"
:shortdesc: "Controls how a bind-mount is shared between the instance and the host (can be one of `private`, the default, or `shared`, `slave`, `unbindable`, `rshared`, `rslave`, `runbindable`, `rprivate`; see the Linux Kernel [shared subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt) documentation for a full explanation)"
:type: "string"
```
```{config:option} raw.mount.options devices-disk
:required: "no"
:shortdesc: "File system specific mount options"
:type: "string"
```
```{config:option} readonly devices-disk
:default: "`false`"
:required: "no"
:shortdesc: "Controls whether to make the mount read-only"
:type: "bool"
```
```{config:option} recursive devices-disk
:default: "`false`"
:required: "no"
:shortdesc: "Controls whether to recursively mount the source path"
:type: "bool"
```
```{config:option} required devices-disk
:default: "`true`"
:required: "no"
:shortdesc: "Controls whether to fail if the source doesn't exist"
:type: "bool"
```
```{config:option} shift devices-disk
:default: "`false`"
:required: "no"
:shortdesc: "Sets up a shifting overlay to translate the source UID/GID to match the instance (only for containers)"
:type: "bool"
```
```{config:option} size devices-disk
:required: "no"
:shortdesc: "Disk size in bytes (various suffixes supported, see {ref}`instances-limit-units`) - only supported for the `rootfs` (`/`)"
:type: "string"
```
```{config:option} size.state devices-disk
:required: "no"
:shortdesc: "Same as `size`, but applies to the file-system volume used for saving runtime state in VMs"
:type: "string"
```
```{config:option} source devices-disk
:required: "yes"
:shortdesc: "Source of a file system or block device (see {ref}`devices-disk-types` for details)"
:type: "string"
```
```{config:option} wwn devices-disk
:default: "``"
:required: "no"
:shortdesc: "Only for VMs: Set the disk World Wide Name (only supported on `virtio-scsi` bus)"
:type: "bool"
```
<!-- config group devices-disk end -->
<!-- config group devices-gpu_mdev start -->
```{config:option} id devices-gpu_mdev
:required: "no"
:shortdesc: "The DRM card ID of the GPU device"
:type: "string"
```
```{config:option} mdev devices-gpu_mdev
:required: "yes"
:shortdesc: "The mediated device profile to use (required - for example, `i915-GVTg_V5_4`)"
:type: "string"
```
```{config:option} productid devices-gpu_mdev
:required: "no"
:shortdesc: "The product ID of the GPU device"
:type: "string"
```
```{config:option} vendorid devices-gpu_mdev
:required: "no"
:shortdesc: "The vendor ID of the GPU device"
:type: "string"
```
<!-- config group devices-gpu_mdev end -->
<!-- config group devices-gpu_mig start -->
```{config:option} id devices-gpu_mig
:required: "no"
:shortdesc: "The DRM card ID of the GPU device"
:type: "string"
```
```{config:option} mig.ci devices-gpu_mig
:required: "no"
:shortdesc: "Existing MIG compute instance ID"
:type: "int"
```
```{config:option} mig.gi devices-gpu_mig
:required: "no"
:shortdesc: "Existing MIG GPU instance ID"
:type: "int"
```
```{config:option} mig.uuid devices-gpu_mig
:required: "no"
:shortdesc: "Existing MIG device UUID (MIG- prefix can be omitted)"
:type: "string"
```
```{config:option} pci devices-gpu_mig
:required: "no"
:shortdesc: "The PCI address of the GPU device"
:type: "string"
```
```{config:option} productid devices-gpu_mig
:required: "no"
:shortdesc: "The product ID of the GPU device"
:type: "string"
```
```{config:option} vendorid devices-gpu_mig
:required: "no"
:shortdesc: "The vendor ID of the GPU device"
:type: "string"
```
<!-- config group devices-gpu_mig end -->
<!-- config group devices-gpu_physical start -->
```{config:option} gid devices-gpu_physical
:default: "0"
:required: "no"
:shortdesc: "GID of the device owner in the instance (container only)"
:type: "int"
```
```{config:option} id devices-gpu_physical
:required: "no"
:shortdesc: "The DRM card ID of the GPU device"
:type: "string"
```
```{config:option} mode devices-gpu_physical
:default: "0660"
:required: "no"
:shortdesc: "Mode of the device in the instance (container only)"
:type: "int"
```
```{config:option} pci devices-gpu_physical
:required: "no"
:shortdesc: "The PCI address of the GPU device"
:type: "string"
```
```{config:option} productid devices-gpu_physical
:required: "no"
:shortdesc: "The product ID of the GPU device"
:type: "string"
```
```{config:option} uid devices-gpu_physical
:default: "0"
:required: "no"
:shortdesc: "UID of the device owner in the instance (container only)"
:type: "int"
```
```{config:option} vendorid devices-gpu_physical
:required: "no"
:shortdesc: "The vendor ID of the GPU device"
:type: "string"
```
<!-- config group devices-gpu_physical end -->
<!-- config group devices-gpu_sriov start -->
```{config:option} id devices-gpu_sriov
:required: "no"
:shortdesc: "The DRM card ID of the parent GPU device"
:type: "string"
```
```{config:option} pci devices-gpu_sriov
:required: "no"
:shortdesc: "The PCI address of the parent GPU device"
:type: "string"
```
```{config:option} productid devices-gpu_sriov
:required: "no"
:shortdesc: "The product ID of the parent GPU device"
:type: "string"
```
```{config:option} vendorid devices-gpu_sriov
:required: "no"
:shortdesc: "The vendor ID of the parent GPU device"
:type: "string"
```
<!-- config group devices-gpu_sriov end -->
<!-- config group devices-infiniband start -->
```{config:option} hwaddr devices-infiniband
:defaultdesc: "randomly assigned"
:required: "no"
:shortdesc: "The MAC address of the new interface (can be either the full 20-byte variant or the short 8-byte variant, which will only modify the last 8 bytes of the parent device)"
:type: "string"
```
```{config:option} mtu devices-infiniband
:defaultdesc: "parent MTU"
:required: "no"
:shortdesc: "The MTU of the new interface"
:type: "integer"
```
```{config:option} name devices-infiniband
:defaultdesc: "kernel assigned"
:required: "no"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} nictype devices-infiniband
:required: "yes"
:shortdesc: "The device type (one of `physical` or `sriov`)"
:type: "string"
```
```{config:option} parent devices-infiniband
:defaultdesc: "kernel assigned"
:required: "no"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
<!-- config group devices-infiniband end -->
<!-- config group devices-nic_bridged start -->
```{config:option} attached devices-nic_bridged
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is plugged in or not"
:type: "bool"
```
```{config:option} boot.priority devices-nic_bridged
:managed: "no"
:shortdesc: "Boot priority for VMs (higher value boots first)"
:type: "integer"
```
```{config:option} connected devices-nic_bridged
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is connected to the host network"
:type: "bool"
```
```{config:option} host_name devices-nic_bridged
:default: "randomly assigned"
:managed: "no"
:shortdesc: "The name of the interface on the host"
:type: "string"
```
```{config:option} hwaddr devices-nic_bridged
:default: "randomly assigned"
:managed: "no"
:shortdesc: "The MAC address of the new interface"
:type: "string"
```
```{config:option} io.bus devices-nic_bridged
:default: "`virtio`"
:managed: "no"
:shortdesc: "Override the bus for the device (can be `virtio` or `usb`) (VM only)"
:type: "string"
```
```{config:option} ipv4.address devices-nic_bridged
:managed: "no"
:shortdesc: "An IPv4 address to assign to the instance through DHCP (can be `none` to restrict all IPv4 traffic when `security.ipv4_filtering` is set)"
:type: "string"
```
```{config:option} ipv4.routes devices-nic_bridged
:managed: "no"
:shortdesc: "Comma-delimited list of IPv4 static routes to add on host to NIC"
:type: "string"
```
```{config:option} ipv4.routes.external devices-nic_bridged
:managed: "no"
:shortdesc: "Comma-delimited list of IPv4 static routes to route to the NIC and publish on uplink network (BGP)"
:type: "string"
```
```{config:option} ipv6.address devices-nic_bridged
:managed: "no"
:shortdesc: "An IPv6 address to assign to the instance through DHCP (can be `none` to restrict all IPv6 traffic when `security.ipv6_filtering` is set)"
:type: "string"
```
```{config:option} ipv6.routes devices-nic_bridged
:managed: "no"
:shortdesc: "Comma-delimited list of IPv6 static routes to add on host to NIC"
:type: "string"
```
```{config:option} ipv6.routes.external devices-nic_bridged
:managed: "no"
:shortdesc: "Comma-delimited list of IPv6 static routes to route to the NIC and publish on uplink network (BGP)"
:type: "string"
```
```{config:option} limits.egress devices-nic_bridged
:managed: "no"
:shortdesc: "I/O limit in bit/s for outgoing traffic (various suffixes supported, see {ref}`instances-limit-units`)"
:type: "string"
```
```{config:option} limits.ingress devices-nic_bridged
:managed: "no"
:shortdesc: "I/O limit in bit/s for incoming traffic (various suffixes supported, see {ref}`instances-limit-units`)"
:type: "string"
```
```{config:option} limits.max devices-nic_bridged
:managed: "no"
:shortdesc: "I/O limit in bit/s for both incoming and outgoing traffic (same as setting both limits.ingress and limits.egress)"
:type: "string"
```
```{config:option} limits.priority devices-nic_bridged
:managed: "no"
:shortdesc: "The priority for outgoing traffic, to be used by the kernel queuing discipline to prioritize network packets"
:type: "integer"
```
```{config:option} mtu devices-nic_bridged
:default: "MTU of the parent device"
:managed: "yes"
:shortdesc: "The Maximum Transmit Unit (MTU) of the new interface"
:type: "integer"
```
```{config:option} name devices-nic_bridged
:default: "kernel assigned"
:managed: "no"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} network devices-nic_bridged
:managed: "no"
:shortdesc: "The managed network to link the device to (instead of specifying the `nictype` directly)"
:type: "string"
```
```{config:option} parent devices-nic_bridged
:managed: "yes"
:shortdesc: "The name of the parent host device (required if specifying the `nictype` directly)"
:type: "string"
```
```{config:option} queue.tx.length devices-nic_bridged
:managed: "no"
:shortdesc: "The transmit queue length for the NIC"
:type: "integer"
```
```{config:option} security.acls devices-nic_bridged
:managed: "no"
:shortdesc: "Comma-separated list of network ACLs to apply"
:type: "string"
```
```{config:option} security.acls.default.egress.action devices-nic_bridged
:default: "drop"
:managed: "no"
:shortdesc: "Action to use for egress traffic that doesn't match any ACL rule"
:type: "string"
```
```{config:option} security.acls.default.egress.logged devices-nic_bridged
:default: "false"
:managed: "no"
:shortdesc: "Whether to log egress traffic that doesn't match any ACL rule"
:type: "bool"
```
```{config:option} security.acls.default.ingress.action devices-nic_bridged
:default: "drop"
:managed: "no"
:shortdesc: "Action to use for ingress traffic that doesn't match any ACL rule"
:type: "string"
```
```{config:option} security.acls.default.ingress.logged devices-nic_bridged
:default: "false"
:managed: "no"
:shortdesc: "Whether to log ingress traffic that doesn't match any ACL rule"
:type: "bool"
```
```{config:option} security.ipv4_filtering devices-nic_bridged
:default: "false"
:managed: "no"
:shortdesc: "Prevent the instance from spoofing another instance's IPv4 address (enables `security.mac_filtering`)"
:type: "bool"
```
```{config:option} security.ipv6_filtering devices-nic_bridged
:default: "false"
:managed: "no"
:shortdesc: "Prevent the instance from spoofing another instance's IPv6 address (enables `security.mac_filtering`)"
:type: "bool"
```
```{config:option} security.mac_filtering devices-nic_bridged
:default: "false"
:managed: "no"
:shortdesc: "Prevent the instance from spoofing another instance's MAC address"
:type: "bool"
```
```{config:option} security.port_isolation devices-nic_bridged
:default: "false"
:managed: "no"
:shortdesc: "Prevent the NIC from communicating with other NICs in the network that have port isolation enabled"
:type: "bool"
```
```{config:option} vlan devices-nic_bridged
:managed: "no"
:shortdesc: "The VLAN ID to use for non-tagged traffic (can be none to remove port from default VLAN)"
:type: "integer"
```
```{config:option} vlan.tagged devices-nic_bridged
:managed: "no"
:shortdesc: "Comma-delimited list of VLAN IDs or VLAN ranges to join for tagged traffic"
:type: "integer"
```
<!-- config group devices-nic_bridged end -->
<!-- config group devices-nic_ipvlan start -->
```{config:option} attached devices-nic_ipvlan
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is plugged in or not"
:type: "bool"
```
```{config:option} gvrp devices-nic_ipvlan
:default: "false"
:shortdesc: "Register VLAN using GARP VLAN Registration Protocol"
:type: "bool"
```
```{config:option} hwaddr devices-nic_ipvlan
:default: "randomly assigned"
:shortdesc: "The MAC address of the new interface"
:type: "string"
```
```{config:option} ipv4.address devices-nic_ipvlan
:shortdesc: "Comma-delimited list of IPv4 static addresses to add to the instance (in l2 mode, these can be specified as CIDR values or singular addresses using a subnet of /24)"
:type: "string"
```
```{config:option} ipv4.gateway devices-nic_ipvlan
:default: "`auto` (in `l3s` mode), `-` (in `l2` mode)"
:shortdesc: "In `l3s` mode, whether to add an automatic default IPv4 gateway (can be `auto` or `none`). In `l2` mode, the IPv4 address of the gateway"
:type: "string"
```
```{config:option} ipv4.host_table devices-nic_ipvlan
:shortdesc: "The custom policy routing table ID to add IPv4 static routes to (in addition to the main routing table)"
:type: "integer"
```
```{config:option} ipv6.address devices-nic_ipvlan
:shortdesc: "Comma-delimited list of IPv6 static addresses to add to the instance (in `l2` mode, these can be specified as CIDR values or singular addresses using a subnet of /64)"
:type: "string"
```
```{config:option} ipv6.gateway devices-nic_ipvlan
:default: "`auto` (in `l3s` mode), `-` (in `l2` mode)"
:shortdesc: "In `l3s` mode, whether to add an automatic default IPv6 gateway (can be `auto` or `none`). In `l2` mode, the IPv6 address of the gateway"
:type: "string"
```
```{config:option} ipv6.host_table devices-nic_ipvlan
:shortdesc: "The custom policy routing table ID to add IPv6 static routes to (in addition to the main routing table)"
:type: "integer"
```
```{config:option} mode devices-nic_ipvlan
:default: "`l3s`"
:shortdesc: "The IPVLAN mode (either `l2` or `l3s`)"
:type: "string"
```
```{config:option} mtu devices-nic_ipvlan
:default: "MTU of the parent device"
:shortdesc: "The Maximum Transmit Unit (MTU) of the new interface"
:type: "integer"
```
```{config:option} name devices-nic_ipvlan
:default: "kernel assigned"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} parent devices-nic_ipvlan
:shortdesc: "The name of the host device (required)"
:type: "string"
```
```{config:option} vlan devices-nic_ipvlan
:shortdesc: "The VLAN ID to attach to"
:type: "integer"
```
<!-- config group devices-nic_ipvlan end -->
<!-- config group devices-nic_macvlan start -->
```{config:option} attached devices-nic_macvlan
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is plugged in or not"
:type: "bool"
```
```{config:option} boot.priority devices-nic_macvlan
:managed: "no"
:shortdesc: "Boot priority for VMs (higher value boots first)"
:type: "integer"
```
```{config:option} connected devices-nic_macvlan
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is connected to the host network (VM only)"
:type: "bool"
```
```{config:option} gvrp devices-nic_macvlan
:default: "false"
:managed: "no"
:shortdesc: "Register VLAN using GARP VLAN Registration Protocol"
:type: "bool"
```
```{config:option} hwaddr devices-nic_macvlan
:default: "randomly assigned"
:managed: "no"
:shortdesc: "The MAC address of the new interface"
:type: "string"
```
```{config:option} io.bus devices-nic_macvlan
:default: "`virtio`"
:managed: "no"
:shortdesc: "Override the bus for the device (can be `virtio` or `usb`) (VM only)"
:type: "string"
```
```{config:option} mode devices-nic_macvlan
:default: "bridge"
:managed: "no"
:shortdesc: "Macvlan mode (one of `bridge`, `vepa`, `passthru` or `private`)"
:type: "string"
```
```{config:option} mtu devices-nic_macvlan
:default: "MTU of the parent device"
:managed: "yes"
:shortdesc: "The Maximum Transmit Unit (MTU) of the new interface"
:type: "integer"
```
```{config:option} name devices-nic_macvlan
:default: "kernel assigned"
:managed: "no"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} network devices-nic_macvlan
:managed: "no"
:shortdesc: "The managed network to link the device to (instead of specifying the `nictype` directly)"
:type: "string"
```
```{config:option} parent devices-nic_macvlan
:managed: "yes"
:shortdesc: "The name of the parent host device (required if specifying the `nictype` directly)"
:type: "string"
```
```{config:option} vlan devices-nic_macvlan
:managed: "no"
:shortdesc: "The VLAN ID to attach to"
:type: "integer"
```
<!-- config group devices-nic_macvlan end -->
<!-- config group devices-nic_ovn start -->
```{config:option} acceleration devices-nic_ovn
:default: "none"
:managed: "no"
:shortdesc: "Enable hardware offloading (either `none`, `sriov` or `vdpa`)"
:type: "string"
```
```{config:option} attached devices-nic_ovn
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is plugged in or not"
:type: "bool"
```
```{config:option} boot.priority devices-nic_ovn
:managed: "no"
:shortdesc: "Boot priority for VMs (higher value boots first)"
:type: "integer"
```
```{config:option} connected devices-nic_ovn
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is connected to the host network (requires `acceleration` set to `none`)"
:type: "bool"
```
```{config:option} host_name devices-nic_ovn
:default: "randomly assigned"
:managed: "no"
:shortdesc: "The name of the interface inside the host"
:type: "string"
```
```{config:option} hwaddr devices-nic_ovn
:default: "randomly assigned"
:managed: "no"
:shortdesc: "The MAC address of the new interface"
:type: "string"
```
```{config:option} ipv4.address devices-nic_ovn
:managed: "no"
:shortdesc: "An IPv4 address to assign to the instance through DHCP, `none` can be used to disable IP allocation"
:type: "string"
```
```{config:option} ipv4.address.external devices-nic_ovn
:managed: "no"
:shortdesc: "Select a specific external address (typically from a network forward)"
:type: "string"
```
```{config:option} ipv4.routes devices-nic_ovn
:managed: "no"
:shortdesc: "Comma-delimited list of IPv4 static routes to route to the NIC"
:type: "string"
```
```{config:option} ipv4.routes.external devices-nic_ovn
:managed: "no"
:shortdesc: "Comma-delimited list of IPv4 static routes to route to the NIC and publish on uplink network"
:type: "string"
```
```{config:option} ipv6.address devices-nic_ovn
:managed: "no"
:shortdesc: "An IPv6 address to assign to the instance through DHCP, `none` can be used to disable IP allocation"
:type: "string"
```
```{config:option} ipv6.address.external devices-nic_ovn
:managed: "no"
:shortdesc: "Select a specific external address (typically from a network forward)"
:type: "string"
```
```{config:option} ipv6.routes devices-nic_ovn
:managed: "no"
:shortdesc: "Comma-delimited list of IPv6 static routes to route to the NIC"
:type: "string"
```
```{config:option} ipv6.routes.external devices-nic_ovn
:managed: "no"
:shortdesc: "Comma-delimited list of IPv6 static routes to route to the NIC and publish on uplink network"
:type: "string"
```
```{config:option} limits.egress devices-nic_ovn
:managed: "no"
:shortdesc: "I/O limit in bit/s for outgoing traffic (various suffixes supported, see {ref}`instances-limit-units`)"
:type: "string"
```
```{config:option} limits.ingress devices-nic_ovn
:managed: "no"
:shortdesc: "I/O limit in bit/s for incoming traffic (various suffixes supported, see {ref}`instances-limit-units`)"
:type: "string"
```
```{config:option} limits.max devices-nic_ovn
:managed: "no"
:shortdesc: "I/O limit in bit/s for both incoming and outgoing traffic. (same as setting both limits.ingress and limits.egress / mutually exclusive with limits.ingress and limits.egress)"
:type: "string"
```
```{config:option} limits.priority devices-nic_ovn
:default: "100"
:managed: "no"
:shortdesc: "The priority for outgoing traffic, to be used by the kernel queuing discipline to prioritize network packets"
:type: "integer"
```
```{config:option} mtu devices-nic_ovn
:default: "MTU of the parent network"
:managed: "yes"
:shortdesc: "The Maximum Transmit Unit (MTU) of the new interface"
:type: "integer"
```
```{config:option} name devices-nic_ovn
:default: "kernel assigned"
:managed: "no"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} nested devices-nic_ovn
:managed: "no"
:shortdesc: "The parent NIC name to nest this NIC under (see also `vlan`)"
:type: "string"
```
```{config:option} network devices-nic_ovn
:managed: "yes"
:shortdesc: "The managed network to link the device to (required)"
:type: "string"
```
```{config:option} security.acls devices-nic_ovn
:managed: "no"
:shortdesc: "Comma-separated list of network ACLs to apply"
:type: "string"
```
```{config:option} security.acls.default.egress.action devices-nic_ovn
:default: "reject"
:managed: "no"
:shortdesc: "Action to use for egress traffic that doesn't match any ACL rule"
:type: "string"
```
```{config:option} security.acls.default.egress.logged devices-nic_ovn
:default: "false"
:managed: "no"
:shortdesc: "Whether to log egress traffic that doesn't match any ACL rule"
:type: "bool"
```
```{config:option} security.acls.default.ingress.action devices-nic_ovn
:default: "reject"
:managed: "no"
:shortdesc: "Action to use for ingress traffic that doesn't match any ACL rule"
:type: "string"
```
```{config:option} security.acls.default.ingress.logged devices-nic_ovn
:default: "false"
:managed: "no"
:shortdesc: "Whether to log ingress traffic that doesn't match any ACL rule"
:type: "bool"
```
```{config:option} security.promiscuous devices-nic_ovn
:default: "false"
:managed: "no"
:shortdesc: "Have OVN send unknown network traffic to this network interface (required for some nesting cases)"
:type: "bool"
```
```{config:option} vlan devices-nic_ovn
:managed: "no"
:shortdesc: "The VLAN ID to use when nesting (see also `nested`)"
:type: "integer"
```
<!-- config group devices-nic_ovn end -->
<!-- config group devices-nic_p2p start -->
```{config:option} attached devices-nic_p2p
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is plugged in or not"
:type: "bool"
```
```{config:option} boot.priority devices-nic_p2p
:shortdesc: "Boot priority for VMs (higher value boots first)"
:type: "integer"
```
```{config:option} connected devices-nic_p2p
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is connected to the host network"
:type: "bool"
```
```{config:option} host_name devices-nic_p2p
:default: "randomly assigned"
:shortdesc: "The name of the interface on the host"
:type: "string"
```
```{config:option} hwaddr devices-nic_p2p
:default: "randomly assigned"
:shortdesc: "The MAC address of the new interface"
:type: "string"
```
```{config:option} io.bus devices-nic_p2p
:default: "`virtio`"
:shortdesc: "Override the bus for the device (can be `virtio` or `usb`) (VM only)"
:type: "string"
```
```{config:option} ipv4.routes devices-nic_p2p
:shortdesc: "Comma-delimited list of IPv4 static routes to add on host to NIC"
:type: "string"
```
```{config:option} ipv6.routes devices-nic_p2p
:shortdesc: "Comma-delimited list of IPv6 static routes to add on host to NIC"
:type: "string"
```
```{config:option} limits.egress devices-nic_p2p
:shortdesc: "I/O limit in bit/s for outgoing traffic (various suffixes supported, see {ref}`instances-limit-units`)"
:type: "string"
```
```{config:option} limits.ingress devices-nic_p2p
:shortdesc: "I/O limit in bit/s for incoming traffic (various suffixes supported, see {ref}`instances-limit-units`)"
:type: "string"
```
```{config:option} limits.max devices-nic_p2p
:shortdesc: "I/O limit in bit/s for both incoming and outgoing traffic (same as setting both limits.ingress and limits.egress)"
:type: "string"
```
```{config:option} limits.priority devices-nic_p2p
:shortdesc: "The priority for outgoing traffic, to be used by the kernel queuing discipline to prioritize network packets"
:type: "integer"
```
```{config:option} mtu devices-nic_p2p
:default: "kernel assigned"
:shortdesc: "The Maximum Transmit Unit (MTU) of the new interface"
:type: "integer"
```
```{config:option} name devices-nic_p2p
:default: "kernel assigned"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} queue.tx.length devices-nic_p2p
:shortdesc: "The transmit queue length for the NIC"
:type: "integer"
```
<!-- config group devices-nic_p2p end -->
<!-- config group devices-nic_physical start -->
```{config:option} attached devices-nic_physical
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is plugged in or not"
:type: "bool"
```
```{config:option} boot.priority devices-nic_physical
:managed: "no"
:shortdesc: "Boot priority for VMs (higher value boots first)"
:type: "integer"
```
```{config:option} connected devices-nic_physical
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is connected to the host network (VM only)"
:type: "bool"
```
```{config:option} gvrp devices-nic_physical
:default: "false"
:managed: "no"
:shortdesc: "Register VLAN using GARP VLAN Registration Protocol"
:type: "bool"
```
```{config:option} hwaddr devices-nic_physical
:default: "randomly assigned"
:managed: "no"
:shortdesc: "The MAC address of the new interface"
:type: "string"
```
```{config:option} mtu devices-nic_physical
:default: "MTU of the parent device"
:managed: "no"
:shortdesc: "The Maximum Transmit Unit (MTU) of the new interface"
:type: "integer"
```
```{config:option} name devices-nic_physical
:default: "kernel assigned"
:managed: "no"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} network devices-nic_physical
:managed: "no"
:shortdesc: "The managed network to link the device to (instead of specifying the `nictype` directly)"
:type: "string"
```
```{config:option} parent devices-nic_physical
:managed: "yes"
:shortdesc: "The name of the parent host device (required if specifying the `nictype` directly)"
:type: "string"
```
```{config:option} vlan devices-nic_physical
:managed: "no"
:shortdesc: "The VLAN ID to attach to"
:type: "integer"
```
```{config:option} vlan.tagged devices-nic_physical
:managed: "no"
:shortdesc: "Comma-delimited list of VLAN IDs or VLAN ranges to join for tagged traffic"
:type: "integer"
```
<!-- config group devices-nic_physical end -->
<!-- config group devices-nic_routed start -->
```{config:option} attached devices-nic_routed
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is plugged in or not"
:type: "bool"
```
```{config:option} connected devices-nic_routed
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is connected to the host network"
:type: "bool"
```
```{config:option} gvrp devices-nic_routed
:default: "false"
:shortdesc: "Register VLAN using GARP VLAN Registration Protocol"
:type: "bool"
```
```{config:option} host_name devices-nic_routed
:default: "randomly assigned"
:shortdesc: "The name of the interface on the host"
:type: "string"
```
```{config:option} hwaddr devices-nic_routed
:default: "randomly assigned"
:shortdesc: "The MAC address of the new interface"
:type: "string"
```
```{config:option} io.bus devices-nic_routed
:default: "`virtio`"
:shortdesc: "Override the bus for the device (can be `virtio` or `usb`) (VM only)"
:type: "string"
```
```{config:option} ipv4.address devices-nic_routed
:shortdesc: "Comma-delimited list of IPv4 static addresses to add to the instance"
:type: "string"
```
```{config:option} ipv4.gateway devices-nic_routed
:default: "auto"
:shortdesc: "Whether to add an automatic default IPv4 gateway (can be `auto` or `none`)"
:type: "string"
```
```{config:option} ipv4.host_address devices-nic_routed
:default: "`169.254.0.1`"
:shortdesc: "The IPv4 address to add to the host-side `veth` interface"
:type: "string"
```
```{config:option} ipv4.host_table devices-nic_routed
:shortdesc: "Deprecated: Use `ipv4.host_tables` instead"
:type: "integer"
The custom policy routing table ID to add IPv4 static routes to (in addition to the main routing table)
```
```{config:option} ipv4.host_tables devices-nic_routed
:default: "254"
:shortdesc: "Comma-delimited list of routing tables IDs to add IPv4 static routes to"
:type: "string"
```
```{config:option} ipv4.neighbor_probe devices-nic_routed
:default: "true"
:shortdesc: "Whether to probe the parent network for IP address availability"
:type: "bool"
```
```{config:option} ipv4.routes devices-nic_routed
:shortdesc: "Comma-delimited list of IPv4 static routes to add on host to NIC (without L2 ARP/NDP proxy)"
:type: "string"
```
```{config:option} ipv6.address devices-nic_routed
:shortdesc: "Comma-delimited list of IPv6 static addresses to add to the instance"
:type: "string"
```
```{config:option} ipv6.gateway devices-nic_routed
:default: "auto"
:shortdesc: "Whether to add an automatic default IPv6 gateway (can be `auto` or `none`)"
:type: "string"
```
```{config:option} ipv6.host_address devices-nic_routed
:default: "`fe80::1`"
:shortdesc: "The IPv6 address to add to the host-side `veth` interface"
:type: "string"
```
```{config:option} ipv6.host_table devices-nic_routed
:shortdesc: "Deprecated: Use `ipv6.host_tables` instead"
:type: "integer"
The custom policy routing table ID to add IPv6 static routes to (in addition to the main routing table)
```
```{config:option} ipv6.host_tables devices-nic_routed
:default: "254"
:shortdesc: "Comma-delimited list of routing tables IDs to add IPv6 static routes to"
:type: "string"
```
```{config:option} ipv6.neighbor_probe devices-nic_routed
:default: "true"
:shortdesc: "Whether to probe the parent network for IP address availability"
:type: "bool"
```
```{config:option} ipv6.routes devices-nic_routed
:shortdesc: "Comma-delimited list of IPv6 static routes to add on host to NIC (without L2 ARP/NDP proxy)"
:type: "string"
```
```{config:option} limits.egress devices-nic_routed
:shortdesc: "I/O limit in bit/s for outgoing traffic (various suffixes supported, see {ref}`instances-limit-units`)"
:type: "string"
```
```{config:option} limits.ingress devices-nic_routed
:shortdesc: "I/O limit in bit/s for incoming traffic (various suffixes supported, see {ref}`instances-limit-units`)"
:type: "string"
```
```{config:option} limits.max devices-nic_routed
:shortdesc: "I/O limit in bit/s for both incoming and outgoing traffic (same as setting both limits.ingress and limits.egress)"
:type: "string"
```
```{config:option} limits.priority devices-nic_routed
:shortdesc: "The priority for outgoing traffic, to be used by the kernel queuing discipline to prioritize network packets"
:type: "integer"
```
```{config:option} mtu devices-nic_routed
:default: "parent MTU"
:shortdesc: "The Maximum Transmit Unit (MTU) of the new interface"
:type: "integer"
```
```{config:option} name devices-nic_routed
:default: "kernel assigned"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} parent devices-nic_routed
:shortdesc: "The name of the parent host device to join the instance to"
:type: "string"
```
```{config:option} queue.tx.length devices-nic_routed
:shortdesc: "The transmit queue length for the NIC"
:type: "integer"
```
```{config:option} vlan devices-nic_routed
:shortdesc: "The VLAN ID to attach to"
:type: "integer"
```
```{config:option} vrf devices-nic_routed
:shortdesc: "The VRF on the host in which the host-side interface and routes are created"
:type: "string"
```
<!-- config group devices-nic_routed end -->
<!-- config group devices-nic_sriov start -->
```{config:option} attached devices-nic_sriov
:default: "`true`"
:required: "no"
:shortdesc: "Whether the NIC is plugged in or not"
:type: "bool"
```
```{config:option} boot.priority devices-nic_sriov
:managed: "no"
:shortdesc: "Boot priority for VMs (higher value boots first)"
:type: "integer"
```
```{config:option} hwaddr devices-nic_sriov
:default: "randomly assigned"
:managed: "no"
:shortdesc: "The MAC address of the new interface"
:type: "string"
```
```{config:option} mtu devices-nic_sriov
:default: "kernel assigned"
:managed: "yes"
:shortdesc: "The Maximum Transmit Unit (MTU) of the new interface"
:type: "integer"
```
```{config:option} name devices-nic_sriov
:default: "kernel assigned"
:managed: "no"
:shortdesc: "The name of the interface inside the instance"
:type: "string"
```
```{config:option} network devices-nic_sriov
:managed: "no"
:shortdesc: "The managed network to link the device to (instead of specifying the `nictype` directly)"
:type: "string"
```
```{config:option} parent devices-nic_sriov
:managed: "yes"
:shortdesc: "The name of the parent host device (required if specifying the `nictype` directly)"
:type: "string"
```
```{config:option} pci devices-nic_sriov
:required: "no"
:shortdesc: "The PCI address of the parent host device"
:type: "string"
```
```{config:option} productid devices-nic_sriov
:required: "no"
:shortdesc: "The product ID of the parent host device"
:type: "string"
```
```{config:option} security.mac_filtering devices-nic_sriov
:default: "false"
:managed: "no"
:shortdesc: "Prevent the instance from spoofing another instance's MAC address"
:type: "bool"
```
```{config:option} vendorid devices-nic_sriov
:required: "no"
:shortdesc: "The vendor ID of the parent host device"
:type: "string"
```
```{config:option} vlan devices-nic_sriov
:managed: "no"
:shortdesc: "The VLAN ID to attach to"
:type: "integer"
```
<!-- config group devices-nic_sriov end -->
<!-- config group devices-pci start -->
```{config:option} address devices-pci
:required: "yes"
:shortdesc: "PCI address of the device"
:type: "string"
```
```{config:option} firmware devices-pci
:default: "true"
:required: "no"
:shortdesc: "Whether to expose the device's option ROM to the VM"
:type: "bool"
```
<!-- config group devices-pci end -->
<!-- config group devices-proxy start -->
```{config:option} bind devices-proxy
:default: "`host`"
:required: "no"
:shortdesc: "Which side to bind on (`host`/`instance`)"
:type: "string"
```
```{config:option} connect devices-proxy
:required: "yes"
:shortdesc: "The address and port to connect to (`<type>:<addr>:<port>[-<port>][,<port>]`)"
:type: "string"
```
```{config:option} gid devices-proxy
:default: "`0`"
:required: "no"
:shortdesc: "GID of the owner of the listening Unix socket"
:type: "int"
```
```{config:option} listen devices-proxy
:required: "yes"
:shortdesc: "The address and port to bind and listen (`<type>:<addr>:<port>[-<port>][,<port>]`)"
:type: "string"
```
```{config:option} mode devices-proxy
:default: "`0644`"
:required: "no"
:shortdesc: "Mode for the listening Unix socket"
:type: "int"
```
```{config:option} nat devices-proxy
:default: "`false`"
:required: "no"
:shortdesc: "Whether to optimize proxying via NAT (requires that the instance NIC has a static IP address)"
:type: "bool"
```
```{config:option} proxy_protocol devices-proxy
:default: "`false`"
:required: "no"
:shortdesc: "Whether to use the HAProxy PROXY protocol to transmit sender information"
:type: "bool"
```
```{config:option} security.gid devices-proxy
:default: "`0`"
:required: "no"
:shortdesc: "What GID to drop privilege to"
:type: "int"
```
```{config:option} security.uid devices-proxy
:default: "`0`"
:required: "no"
:shortdesc: "What UID to drop privilege to"
:type: "int"
```
```{config:option} uid devices-proxy
:default: "`0`"
:required: "no"
:shortdesc: "UID of the owner of the listening Unix socket"
:type: "int"
```
<!-- config group devices-proxy end -->
<!-- config group devices-tpm start -->
```{config:option} path devices-tpm
:default: "-"
:required: "for containers"
:shortdesc: "Only for containers: path inside the instance (for example, `/dev/tpm0`)"
:type: "string"
```
```{config:option} pathrm devices-tpm
:default: "-"
:required: "for containers"
:shortdesc: "Only for containers: resource manager path inside the instance (for example, `/dev/tpmrm0`)"
:type: "string"
```
<!-- config group devices-tpm end -->
<!-- config group devices-unix-char-block start -->
```{config:option} gid devices-unix-char-block
:default: "0"
:shortdesc: "GID of the device owner in the instance"
:type: "int"
```
```{config:option} major devices-unix-char-block
:default: "device on host"
:shortdesc: "Device major number"
:type: "int"
```
```{config:option} minor devices-unix-char-block
:default: "device on host"
:shortdesc: "Device minor number"
:type: "int"
```
```{config:option} mode devices-unix-char-block
:default: "0660"
:shortdesc: "Mode of the device in the instance"
:type: "int"
```
```{config:option} path devices-unix-char-block
:shortdesc: "Path inside the instance (one of `source` and `path` must be set)"
:type: "string"
```
```{config:option} required devices-unix-char-block
:default: "true"
:shortdesc: "Whether this device is required to start the instance"
:type: "bool"
```
```{config:option} source devices-unix-char-block
:shortdesc: "Path on the host (one of `source` and `path` must be set)"
:type: "string"
```
```{config:option} uid devices-unix-char-block
:default: "0"
:shortdesc: "UID of the device owner in the instance"
:type: "int"
```
<!-- config group devices-unix-char-block end -->
<!-- config group devices-unix-hotplug start -->
```{config:option} gid devices-unix-hotplug
:default: "0"
:shortdesc: "GID of the device owner in the instance"
:type: "int"
```
```{config:option} mode devices-unix-hotplug
:default: "0660"
:shortdesc: "Mode of the device in the instance"
:type: "int"
```
```{config:option} productid devices-unix-hotplug
:shortdesc: "The product ID of the USB device"
:type: "string"
```
```{config:option} required devices-unix-hotplug
:default: "true"
:shortdesc: "Whether this device is required to start the instance"
:type: "bool"
```
```{config:option} uid devices-unix-hotplug
:default: "0"
:shortdesc: "UID of the device owner in the instance"
:type: "int"
```
```{config:option} vendorid devices-unix-hotplug
:shortdesc: "The vendor ID of the USB device"
:type: "string"
```
<!-- config group devices-unix-hotplug end -->
<!-- config group devices-usb start -->
```{config:option} attached devices-usb
:default: "`true`"
:required: "no"
:shortdesc: "Whether the USB device is plugged in or not"
:type: "bool"
```
```{config:option} busnum devices-usb
:shortdesc: "The bus number of which the USB device is attached"
:type: "int"
```
```{config:option} devnum devices-usb
:shortdesc: "The device number of the USB device"
:type: "int"
```
```{config:option} gid devices-usb
:defaultdesc: "`0`"
:shortdesc: "Only for containers: GID of the device owner in the instance"
:type: "int"
```
```{config:option} mode devices-usb
:defaultdesc: "`0660`"
:shortdesc: "Only for containers: Mode of the device in the instance"
:type: "int"
```
```{config:option} productid devices-usb
:shortdesc: "The product ID of the USB device"
:type: "string"
```
```{config:option} required devices-usb
:defaultdesc: "`false`"
:shortdesc: "Whether this device is required to start the instance (the default is `false`, and all devices can be hotplugged)"
:type: "bool"
```
```{config:option} serial devices-usb
:shortdesc: "The serial number of the USB device"
:type: "string"
```
```{config:option} uid devices-usb
:defaultdesc: "`0`"
:shortdesc: "Only for containers: UID of the device owner in the instance"
:type: "int"
```
```{config:option} vendorid devices-usb
:shortdesc: "The vendor ID of the USB device"
:type: "string"
```
<!-- config group devices-usb end -->
<!-- config group image-requirements start -->
```{config:option} requirements.cdrom_agent image-requirements
:shortdesc: "If set to `true`, indicates that the VM requires an `agent:config` disk be added."
:type: "bool"
```
```{config:option} requirements.cgroup image-requirements
:shortdesc: "If set to `v1`, indicates that the image requires the host to run cgroup v1."
:type: "string"
```
```{config:option} requirements.nesting image-requirements
:shortdesc: "If set to `true`, indicates that the image cannot work without nesting enabled."
:type: "bool"
```
```{config:option} requirements.privileged image-requirements
:shortdesc: "If set to `false`, indicates that the image cannot work as a privileged container."
:type: "bool"
```
```{config:option} requirements.secureboot image-requirements
:shortdesc: "If set to `false`, indicates that the image cannot boot under secure boot."
:type: "bool"
```
<!-- config group image-requirements end -->
<!-- config group instance-boot start -->
```{config:option} boot.autorestart instance-boot
:liveupdate: "no"
:shortdesc: "Whether to automatically restart an instance on unexpected exit"
:type: "bool"
If set to `true` will attempt up to 10 restarts over a 1 minute period upon unexpected instance exit.
```
```{config:option} boot.autostart instance-boot
:liveupdate: "no"
:shortdesc: "Whether to always start the instance when the daemon starts"
:type: "bool"
If unset or set to `last-state`, restores the last state.
```
```{config:option} boot.autostart.delay instance-boot
:defaultdesc: "0"
:liveupdate: "no"
:shortdesc: "Delay after starting the instance"
:type: "integer"
The number of seconds to wait after the instance started before starting the next one.
```
```{config:option} boot.autostart.priority instance-boot
:liveupdate: "no"
:shortdesc: "What order to start the instances in"
:type: "integer"
The instance with the highest value is started first.
Instances without a priority set will be started (with some parallelism) ahead of
instances with a priority set.
```
```{config:option} boot.host_shutdown_action instance-boot
:defaultdesc: "stop"
:liveupdate: "yes"
:shortdesc: "What action to take on the instance when the host is shut down"
:type: "string"
Action to take on host shut down
Valid values are: `stop`, `force-stop` or `stateful-stop`
```
```{config:option} boot.host_shutdown_timeout instance-boot
:defaultdesc: "30"
:liveupdate: "yes"
:shortdesc: "How long to wait for the instance to shut down"
:type: "integer"
Number of seconds to wait for the instance to shut down before it is force-stopped.
```
```{config:option} boot.stop.priority instance-boot
:defaultdesc: "0"
:liveupdate: "no"
:shortdesc: "What order to shut down the instances in"
:type: "integer"
The instance with the highest value is shut down first.
```
<!-- config group instance-boot end -->
<!-- config group instance-cloud-init start -->
```{config:option} cloud-init.network-config instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`DHCP on eth0`"
:liveupdate: "no"
:shortdesc: "Network configuration for `cloud-init`"
:type: "string"
The content is used as seed value for `cloud-init`.
```
```{config:option} cloud-init.user-data instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`#cloud-config`"
:liveupdate: "no"
:shortdesc: "User data for `cloud-init`"
:type: "string"
The content is used as seed value for `cloud-init`.
```
```{config:option} cloud-init.vendor-data instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`#cloud-config`"
:liveupdate: "no"
:shortdesc: "Vendor data for `cloud-init`"
:type: "string"
The content is used as seed value for `cloud-init`.
```
```{config:option} user.network-config instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`DHCP on eth0`"
:liveupdate: "no"
:shortdesc: "Legacy version of `cloud-init.network-config`"
:type: "string"
```
```{config:option} user.user-data instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`#cloud-config`"
:liveupdate: "no"
:shortdesc: "Legacy version of `cloud-init.user-data`"
:type: "string"
```
```{config:option} user.vendor-data instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`#cloud-config`"
:liveupdate: "no"
:shortdesc: "Legacy version of `cloud-init.vendor-data`"
:type: "string"
```
<!-- config group instance-cloud-init end -->
<!-- config group instance-migration start -->
```{config:option} migration.incremental.memory instance-migration
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Whether to use incremental memory transfer"
:type: "bool"
Using incremental memory transfer of the instance's memory can reduce downtime.
```
```{config:option} migration.incremental.memory.goal instance-migration
:condition: "container"
:defaultdesc: "`70`"
:liveupdate: "yes"
:shortdesc: "Percentage of memory to have in sync before stopping the instance"
:type: "integer"
```
```{config:option} migration.incremental.memory.iterations instance-migration
:condition: "container"
:defaultdesc: "`10`"
:liveupdate: "yes"
:shortdesc: "Maximum number of transfer operations to go through before stopping the instance"
:type: "integer"
```
```{config:option} migration.stateful instance-migration
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to allow for stateful stop/start and snapshots"
:type: "bool"
Enabling this option prevents the use of some features that are incompatible with it.
```
<!-- config group instance-migration end -->
<!-- config group instance-miscellaneous start -->
```{config:option} agent.nic_config instance-miscellaneous
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to use the name and MTU of the default network interfaces"
:type: "bool"
For containers, the name and MTU of the default network interfaces is used for the instance devices.
For virtual machines, set this option to `true` to set the name and MTU of the default network interfaces to be the same as the instance devices.
```
```{config:option} cluster.evacuate instance-miscellaneous
:defaultdesc: "`auto`"
:liveupdate: "no"
:shortdesc: "What to do when evacuating the instance"
:type: "string"
The `cluster.evacuate` provides control over how instances are handled when a cluster member is being
evacuated.
Available Modes:
- `auto` *(default)*: The system will automatically decide the best evacuation method based on the
instance's type and configured devices:
+ If any device is not suitable for migration, the instance will not be migrated (only stopped).
+ Live migration will be used only for virtual machines with the `migration.stateful` setting
enabled and for which all its devices can be migrated as well.
- `live-migrate`: Instances are live-migrated to another server. This means the instance remains running
and operational during the migration process, ensuring minimal disruption.
- `migrate`: In this mode, instances are migrated to another server in the cluster. The migration
process will not be live, meaning there will be a brief downtime for the instance during the
migration.
- `stop`: Instances are not migrated. Instead, they are stopped on the current server.
- `stateful-stop`: Instances are not migrated. Instead, they are stopped on the current server
but with their runtime state (memory) stored on disk for resuming on restore.
- `force-stop`: Instances are not migrated. Instead, they are forcefully stopped.
See {ref}`cluster-evacuate` for more information.
```
```{config:option} environment.* instance-miscellaneous
:liveupdate: "yes"
:shortdesc: "Free-form environment key/value"
:type: "string"
Extra environment variables to set on boot and during exec.
```
```{config:option} linux.kernel_modules instance-miscellaneous
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Kernel modules to load before starting the instance"
:type: "string"
Specify the kernel modules as a comma-separated list.
```
```{config:option} linux.sysctl.* instance-miscellaneous
:condition: "container"
:liveupdate: "no"
:shortdesc: "Override for the corresponding `sysctl` setting in the container"
:type: "string"
```
```{config:option} smbios11.* instance-miscellaneous
:liveupdate: "yes"
:shortdesc: "Free-form `SMBIOS Type 11` key/value"
:type: "string"
`SMBIOS Type 11` configuration keys.
```
```{config:option} systemd.credential-binary.* instance-miscellaneous
:liveupdate: "yes"
:shortdesc: "Systemd credential key/value, where value is Base64 encoded"
:type: "string"
Systemd credential key/value pair passed as a read-only bind mount in containers and as `SMBIOS Type 11` data in virtual machines. The value is Base64 encoded.
```
```{config:option} systemd.credential.* instance-miscellaneous
:liveupdate: "yes"
:shortdesc: "Systemd credential key/value"
:type: "string"
Systemd credential key/value pair passed as a read-only bind mount in containers and as `SMBIOS Type 11` data in virtual machines.
```
```{config:option} user.* instance-miscellaneous
:liveupdate: "yes"
:shortdesc: "Free-form user key/value storage"
:type: "string"
User keys can be used in search.
```
<!-- config group instance-miscellaneous end -->
<!-- config group instance-nvidia start -->
```{config:option} nvidia.driver.capabilities instance-nvidia
:condition: "container"
:defaultdesc: "`compute,utility`"
:liveupdate: "no"
:shortdesc: "What driver capabilities the instance needs"
:type: "string"
The specified driver capabilities are used to set `libnvidia-container NVIDIA_DRIVER_CAPABILITIES`.
```
```{config:option} nvidia.require.cuda instance-nvidia
:condition: "container"
:liveupdate: "no"
:shortdesc: "Required CUDA version"
:type: "string"
The specified version expression is used to set `libnvidia-container NVIDIA_REQUIRE_CUDA`.
```
```{config:option} nvidia.require.driver instance-nvidia
:condition: "container"
:liveupdate: "no"
:shortdesc: "Required driver version"
:type: "string"
The specified version expression is used to set `libnvidia-container NVIDIA_REQUIRE_DRIVER`.
```
```{config:option} nvidia.runtime instance-nvidia
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to pass the host NVIDIA and CUDA runtime libraries into the instance"
:type: "bool"
```
<!-- config group instance-nvidia end -->
<!-- config group instance-oci start -->
```{config:option} oci.cwd instance-oci
:condition: "OCI container"
:liveupdate: "no"
:shortdesc: "OCI container working directory"
:type: "string"
Override the working directory of an OCI container.
```
```{config:option} oci.entrypoint instance-oci
:condition: "OCI container"
:liveupdate: "no"
:shortdesc: "OCI container entry point"
:type: "string"
Override the entry point of an OCI container.
```
```{config:option} oci.gid instance-oci
:condition: "OCI container"
:liveupdate: "no"
:shortdesc: "OCI container GID"
:type: "string"
Override the GID of the process run in an OCI container.
```
```{config:option} oci.uid instance-oci
:condition: "OCI container"
:liveupdate: "no"
:shortdesc: "OCI container UID"
:type: "string"
Override the UID of the process run in an OCI container.
```
<!-- config group instance-oci end -->
<!-- config group instance-raw start -->
```{config:option} raw.apparmor instance-raw
:liveupdate: "yes"
:shortdesc: "AppArmor profile entries"
:type: "blob"
The specified entries are appended to the generated profile.
```
```{config:option} raw.idmap instance-raw
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "Raw idmap configuration"
:type: "blob"
For example: `both 1000 1000`
```
```{config:option} raw.lxc instance-raw
:condition: "container"
:liveupdate: "no"
:shortdesc: "Raw LXC configuration to be appended to the generated one"
:type: "blob"
```
```{config:option} raw.qemu instance-raw
:condition: "virtual machine"
:liveupdate: "no"
:shortdesc: "Raw QEMU configuration to be appended to the generated command line"
:type: "blob"
```
```{config:option} raw.qemu.conf instance-raw
:condition: "virtual machine"
:liveupdate: "no"
:shortdesc: "Addition/override to the generated `qemu.conf` file"
:type: "blob"
See {ref}`instance-options-qemu` for more information.
```
```{config:option} raw.qemu.qmp.early instance-raw
:condition: "virtual machine"
:liveupdate: "no"
:shortdesc: "QMP commands to run before Incus QEMU initialization"
:type: "blob"
```
```{config:option} raw.qemu.qmp.post-start instance-raw
:condition: "virtual machine"
:liveupdate: "no"
:shortdesc: "QMP commands to run after the VM has started"
:type: "blob"
```
```{config:option} raw.qemu.qmp.pre-start instance-raw
:condition: "virtual machine"
:liveupdate: "no"
:shortdesc: "QMP commands to run after Incus QEMU initialization and before the VM has started"
:type: "blob"
```
```{config:option} raw.qemu.scriptlet instance-raw
:condition: "virtual machine"
:liveupdate: "no"
:shortdesc: "QEMU scriptlet to run at early, pre-start and post-start stages"
:type: "string"
```
```{config:option} raw.seccomp instance-raw
:condition: "container"
:liveupdate: "no"
:shortdesc: "Raw Seccomp configuration"
:type: "blob"
```
<!-- config group instance-raw end -->
<!-- config group instance-resource-limits start -->
```{config:option} limits.cpu instance-resource-limits
:defaultdesc: "1 (VMs)"
:liveupdate: "yes"
:shortdesc: "Which CPUs to expose to the instance"
:type: "string"
A number or a specific range of CPUs to expose to the instance.
See {ref}`instance-options-limits-cpu` for more information.
```
```{config:option} limits.cpu.allowance instance-resource-limits
:condition: "container"
:defaultdesc: "100%"
:liveupdate: "yes"
:shortdesc: "How much of the CPU can be used"
:type: "string"
To control how much of the CPU can be used, specify either a percentage (`50%`) for a soft limit
or a chunk of time (`25ms/100ms`) for a hard limit.
See {ref}`instance-options-limits-cpu-container` for more information.
```
```{config:option} limits.cpu.nodes instance-resource-limits
:liveupdate: "yes"
:shortdesc: "Which NUMA nodes to place the instance CPUs on"
:type: "string"
A comma-separated list of NUMA node IDs or ranges to place the instance CPUs on.
Alternatively, the value `balanced` may be used to have Incus pick the least busy NUMA node on startup.
See {ref}`instance-options-limits-cpu-container` for more information.
```
```{config:option} limits.cpu.priority instance-resource-limits
:condition: "container"
:defaultdesc: "`10` (maximum)"
:liveupdate: "yes"
:shortdesc: "CPU scheduling priority compared to other instances"
:type: "integer"
When overcommitting resources, specify the CPU scheduling priority compared to other instances that share the same CPUs.
Specify an integer between 0 and 10.
See {ref}`instance-options-limits-cpu-container` for more information.
```
```{config:option} limits.disk.priority instance-resource-limits
:defaultdesc: "`5` (medium)"
:liveupdate: "yes"
:shortdesc: "Priority of the instance's I/O requests"
:type: "integer"
Controls how much priority to give to the instance's I/O requests when under load.
Specify an integer between 0 and 10.
```
```{config:option} limits.hugepages.1GB instance-resource-limits
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Limit for the number of 1 GB huge pages"
:type: "string"
Fixed value (in bytes) to limit the number of 1 GB huge pages.
Various suffixes are supported (see {ref}`instances-limit-units`).
See {ref}`instance-options-limits-hugepages` for more information.
```
```{config:option} limits.hugepages.1MB instance-resource-limits
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Limit for the number of 1 MB huge pages"
:type: "string"
Fixed value (in bytes) to limit the number of 1 MB huge pages.
Various suffixes are supported (see {ref}`instances-limit-units`).
See {ref}`instance-options-limits-hugepages` for more information.
```
```{config:option} limits.hugepages.2MB instance-resource-limits
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Limit for the number of 2 MB huge pages"
:type: "string"
Fixed value (in bytes) to limit the number of 2 MB huge pages.
Various suffixes are supported (see {ref}`instances-limit-units`).
See {ref}`instance-options-limits-hugepages` for more information.
```
```{config:option} limits.hugepages.64KB instance-resource-limits
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Limit for the number of 64 KB huge pages"
:type: "string"
Fixed value (in bytes) to limit the number of 64 KB huge pages.
Various suffixes are supported (see {ref}`instances-limit-units`).
See {ref}`instance-options-limits-hugepages` for more information.
```
```{config:option} limits.memory instance-resource-limits
:defaultdesc: "`1GiB` (VMs)"
:liveupdate: "yes"
:shortdesc: "Usage limit for the host's memory"
:type: "string"
Percentage of the host's memory or a fixed value in bytes.
Various suffixes are supported.
See {ref}`instances-limit-units` for details.
```
```{config:option} limits.memory.enforce instance-resource-limits
:condition: "container"
:defaultdesc: "`hard`"
:liveupdate: "yes"
:shortdesc: "Whether the memory limit is `hard` or `soft`"
:type: "string"
If the instance's memory limit is `hard`, the instance cannot exceed its limit.
If it is `soft`, the instance can exceed its memory limit when extra host memory is available.
```
```{config:option} limits.memory.hotplug instance-resource-limits
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "yes"
:shortdesc: "Control upper limit for hotplugged memory or disable memory hotplug."
:type: "string"
If this option is set to `false`, disable memory hotplug entirely.
Alternatively, it can be set to a bytes value which will define an upper limit for hotplugged memory.
The value must be greater than or equal to limits.memory.
```
```{config:option} limits.memory.hugepages instance-resource-limits
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to back the instance using huge pages"
:type: "bool"
If this option is set to `false`, regular system memory is used.
```
```{config:option} limits.memory.oom_priority instance-resource-limits
:defaultdesc: "`0`"
:liveupdate: "yes"
:shortdesc: "Out Of Memory killer priority adjustment for the instance"
:type: "integer"
Specify an integer between -1000 and 1000.
A negative value makes the instance less likely to be killed by the Out Of Memory killer,
while a positive value makes it more likely to be killed.
The default value of 0 means no adjustment to the Out Of Memory score.
```
```{config:option} limits.memory.swap instance-resource-limits
:condition: "container"
:defaultdesc: "`true`"
:liveupdate: "yes"
:shortdesc: "Control swap usage by the instance"
:type: "string"
When set to `true` or `false`, it controls whether the container is likely to get some of
its memory swapped by the kernel. Alternatively, it can be set to a bytes value which will
then allow the container to make use of additional memory through swap.
```
```{config:option} limits.memory.swap.priority instance-resource-limits
:condition: "container"
:defaultdesc: "`10` (maximum)"
:liveupdate: "yes"
:shortdesc: "Prevents the instance from being swapped to disk"
:type: "integer"
Specify an integer between 0 and 10.
The higher the value, the less likely the instance is to be swapped to disk.
```
```{config:option} limits.processes instance-resource-limits
:condition: "container"
:defaultdesc: "empty"
:liveupdate: "yes"
:shortdesc: "Maximum number of processes that can run in the instance"
:type: "integer"
If left empty, no limit is set.
```
<!-- config group instance-resource-limits end -->
<!-- config group instance-security start -->
```{config:option} security.agent.metrics instance-security
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "Whether the `incus-agent` is queried for state information and metrics"
:type: "bool"
```
```{config:option} security.bpffs.delegate_attachs instance-security
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "What BPF attach types to delegate"
:type: "string"
See {ref}`bpf-tokens` for more information.
```
```{config:option} security.bpffs.delegate_cmds instance-security
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "What BPF command types to delegate"
:type: "string"
See {ref}`bpf-tokens` for more information.
```
```{config:option} security.bpffs.delegate_maps instance-security
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "What BPF map types to delegate"
:type: "string"
See {ref}`bpf-tokens` for more information.
```
```{config:option} security.bpffs.delegate_progs instance-security
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "What BPF program types to delegate"
:type: "string"
See {ref}`bpf-tokens` for more information.
```
```{config:option} security.bpffs.path instance-security
:condition: "unprivileged container"
:defaultdesc: "`/sys/fs/bpf`"
:liveupdate: "no"
:shortdesc: "The path to mount the BPF file system at"
:type: "string"
The specified path must exist in the container.
The BPF file system is only mounted if any of the `security.bpffs.delegate_*` options are set.
See {ref}`bpf-tokens` for more information.
```
```{config:option} security.csm instance-security
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to use a firmware that supports UEFI-incompatible operating systems"
:type: "bool"
When enabling this option, set {config:option}`instance-security:security.secureboot` to `false`.
```
```{config:option} security.guestapi instance-security
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "Whether `/dev/incus` is present in the instance"
:type: "bool"
See {ref}`dev-incus` for more information.
```
```{config:option} security.guestapi.images instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Controls the availability of the `/1.0/images` API over `guestapi`"
:type: "bool"
```
```{config:option} security.idmap.base instance-security
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "The base host ID to use for the allocation"
:type: "integer"
Setting this option overrides auto-detection.
```
```{config:option} security.idmap.isolated instance-security
:condition: "unprivileged container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to use a unique idmap for this instance"
:type: "bool"
If specified, the idmap used for this instance is unique among instances that have this option set.
```
```{config:option} security.idmap.size instance-security
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "The size of the idmap to use"
:type: "integer"
```
```{config:option} security.iommu instance-security
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to enable virtual IOMMU, useful for device passthrough and nesting"
:type: "bool"
```
```{config:option} security.nesting instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Whether to support running Incus (nested) inside the instance"
:type: "bool"
```
```{config:option} security.privileged instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to run the instance in privileged mode"
:type: "bool"
```
```{config:option} security.protection.delete instance-security
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Prevents the instance from being deleted"
:type: "bool"
```
```{config:option} security.protection.shift instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Whether to protect the file system from being UID/GID shifted"
:type: "bool"
Set this option to `true` to prevent the instance's file system from being UID/GID shifted on startup.
```
```{config:option} security.secureboot instance-security
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "Whether UEFI secure boot is enforced with the default Microsoft keys"
:type: "bool"
When disabling this option, consider enabling {config:option}`instance-security:security.csm`.
```
```{config:option} security.sev instance-security
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether AMD SEV (Secure Encrypted Virtualization) is enabled for this VM"
:type: "bool"
```
```{config:option} security.sev.policy.es instance-security
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether AMD SEV-ES (SEV Encrypted State) is enabled for this VM"
:type: "bool"
```
```{config:option} security.sev.session.data instance-security
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "The guest owner's `base64`-encoded session blob"
:type: "string"
```
```{config:option} security.sev.session.dh instance-security
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "The guest owner's `base64`-encoded Diffie-Hellman key"
:type: "string"
```
```{config:option} security.syscalls.allow instance-security
:condition: "container"
:liveupdate: "no"
:shortdesc: "List of syscalls to allow"
:type: "string"
A `\n`-separated list of syscalls to allow.
This list must be mutually exclusive with `security.syscalls.deny*`.
```
```{config:option} security.syscalls.deny instance-security
:condition: "container"
:liveupdate: "no"
:shortdesc: "List of syscalls to deny"
:type: "string"
A `\n`-separated list of syscalls to deny.
This list must be mutually exclusive with `security.syscalls.allow`.
```
```{config:option} security.syscalls.deny_compat instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to block `compat_*` syscalls (`x86_64` only)"
:type: "bool"
On `x86_64`, this option controls whether to block `compat_*` syscalls.
On other architectures, the option is ignored.
```
```{config:option} security.syscalls.deny_default instance-security
:condition: "container"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "Whether to enable the default syscall deny"
:type: "bool"
```
```{config:option} security.syscalls.intercept.bpf instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `bpf()` system call"
:type: "bool"
```
```{config:option} security.syscalls.intercept.bpf.devices instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to allow BPF programs"
:type: "bool"
This option controls whether to allow BPF programs for the devices cgroup in the unified hierarchy to be loaded.
```
```{config:option} security.syscalls.intercept.mknod instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `mknod` and `mknodat` system calls"
:type: "bool"
These system calls allow creation of a limited subset of char/block devices.
```
```{config:option} security.syscalls.intercept.mount instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `mount` system call"
:type: "bool"
```
```{config:option} security.syscalls.intercept.mount.allowed instance-security
:condition: "container"
:liveupdate: "yes"
:shortdesc: "File systems that can be mounted"
:type: "string"
Specify a comma-separated list of file systems that are safe to mount for processes inside the instance.
```
```{config:option} security.syscalls.intercept.mount.fuse instance-security
:condition: "container"
:liveupdate: "yes"
:shortdesc: "File system that should be redirected to FUSE implementation"
:type: "string"
Specify the mounts of a given file system that should be redirected to their FUSE implementation (for example, `ext4=fuse2fs`).
```
```{config:option} security.syscalls.intercept.mount.shift instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Whether to use idmapped mounts for syscall interception"
:type: "bool"
```
```{config:option} security.syscalls.intercept.sched_setscheduler instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `sched_setscheduler` system call"
:type: "bool"
This system call allows increasing process priority.
```
```{config:option} security.syscalls.intercept.setxattr instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `setxattr` system call"
:type: "bool"
This system call allows setting a limited subset of restricted extended attributes.
```
```{config:option} security.syscalls.intercept.sysinfo instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `sysinfo` system call"
:type: "bool"
This system call can be used to get cgroup-based resource usage information.
```
<!-- config group instance-security end -->
<!-- config group instance-snapshots start -->
```{config:option} snapshots.expiry instance-snapshots
:liveupdate: "no"
:shortdesc: "When snapshots are to be deleted"
:type: "string"
Specify an expression like `1M 2H 3d 4w 5m 6y`.
```
```{config:option} snapshots.expiry.manual instance-snapshots
:liveupdate: "no"
:shortdesc: "When snapshots are to be deleted (for those not created through scheduling)"
:type: "string"
Specify an expression like `1M 2H 3d 4w 5m 6y`.
```
```{config:option} snapshots.pattern instance-snapshots
:defaultdesc: "`snap%d`"
:liveupdate: "no"
:shortdesc: "Template for the snapshot name"
:type: "string"
Specify a Pongo2 template string that represents the snapshot name.
This template is used for scheduled snapshots and for unnamed snapshots.
See {ref}`instance-options-snapshots-names` for more information.
```
```{config:option} snapshots.schedule instance-snapshots
:defaultdesc: "empty"
:liveupdate: "no"
:shortdesc: "Schedule for automatic instance snapshots"
:type: "string"
Specify either a cron expression (`<minute> <hour> <dom> <month> <dow>`), a comma-and-space-separated list of schedule aliases (`@startup`, `@hourly`, `@daily`, `@midnight`, `@weekly`, `@monthly`, `@annually`, `@yearly`), or leave empty to disable automatic snapshots.
Note that unlike most other configuration keys, this one must be comma-and-space-separated and not just comma-separated as cron expression can themselves contain commas.
```
```{config:option} snapshots.schedule.stopped instance-snapshots
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to automatically snapshot stopped instances"
:type: "bool"
```
<!-- config group instance-snapshots end -->
<!-- config group instance-volatile start -->
```{config:option} volatile.<name>.apply_quota instance-volatile
:shortdesc: "Disk quota"
:type: "string"
The disk quota is applied the next time the instance starts.
```
```{config:option} volatile.<name>.ceph_rbd instance-volatile
:shortdesc: "RBD device path for Ceph disk devices"
:type: "string"
```
```{config:option} volatile.<name>.host_name instance-volatile
:shortdesc: "Network device name on the host"
:type: "string"
```
```{config:option} volatile.<name>.hwaddr instance-volatile
:shortdesc: "Network device MAC address"
:type: "string"
The network device MAC address is used when no `hwaddr` property is set on the device itself.
```
```{config:option} volatile.<name>.io.bus instance-volatile
:shortdesc: "IO bus in use"
:type: "string"
The IO bus stores the actual IO bus being used, checked in case `io.bus=auto`.
```
```{config:option} volatile.<name>.last_state.created instance-volatile
:shortdesc: "Whether the network device physical device was created"
:type: "string"
Possible values are `true` or `false`.
```
```{config:option} volatile.<name>.last_state.hwaddr instance-volatile
:shortdesc: "Network device original MAC"
:type: "string"
The original MAC that was used when moving a physical device into an instance.
```
```{config:option} volatile.<name>.last_state.ip_addresses instance-volatile
:shortdesc: "Last used IP addresses"
:type: "string"
Comma-separated list of the last used IP addresses of the network device.
```
```{config:option} volatile.<name>.last_state.mtu instance-volatile
:shortdesc: "Network device original MTU"
:type: "string"
The original MTU that was used when moving a physical device into an instance.
```
```{config:option} volatile.<name>.last_state.pci.driver instance-volatile
:shortdesc: "PCI original host driver"
:type: "string"
The original host driver for the PCI device.
```
```{config:option} volatile.<name>.last_state.pci.parent instance-volatile
:shortdesc: "PCI parent host device"
:type: "string"
The parent host device used when allocating a PCI device to an instance.
```
```{config:option} volatile.<name>.last_state.pci.slot.name instance-volatile
:shortdesc: "PCI parent slot name"
:type: "string"
The parent host device PCI slot name.
```
```{config:option} volatile.<name>.last_state.usb.bus instance-volatile
:shortdesc: "USB bus address"
:type: "string"
The original USB bus address.
```
```{config:option} volatile.<name>.last_state.usb.device instance-volatile
:shortdesc: "USB device identifier"
:type: "string"
The original USB device identifier.
```
```{config:option} volatile.<name>.last_state.vdpa.name instance-volatile
:shortdesc: "VDPA device name"
:type: "string"
The VDPA device name used when moving a VDPA device file descriptor into an instance.
```
```{config:option} volatile.<name>.last_state.vf.hwaddr instance-volatile
:shortdesc: "SR-IOV virtual function original MAC"
:type: "string"
The original MAC used when moving a VF into an instance.
```
```{config:option} volatile.<name>.last_state.vf.id instance-volatile
:shortdesc: "SR-IOV virtual function ID"
:type: "string"
The ID used when moving a VF into an instance.
```
```{config:option} volatile.<name>.last_state.vf.parent instance-volatile
:shortdesc: "SR-IOV parent host device"
:type: "string"
The parent host device used when allocating a VF into an instance.
```
```{config:option} volatile.<name>.last_state.vf.spoofcheck instance-volatile
:shortdesc: "SR-IOV virtual function original spoof check setting"
:type: "string"
The original spoof check setting used when moving a VF into an instance.
```
```{config:option} volatile.<name>.last_state.vf.vlan instance-volatile
:shortdesc: "SR-IOV virtual function original VLAN"
:type: "string"
The original VLAN used when moving a VF into an instance.
```
```{config:option} volatile.<name>.mig.uuid instance-volatile
:shortdesc: "MIG instance UUID"
:type: "string"
The NVIDIA MIG instance UUID.
```
```{config:option} volatile.<name>.name instance-volatile
:shortdesc: "Network interface name inside of the instance"
:type: "string"
The network interface name inside of the instance when no `name` property is set on the device itself.
```
```{config:option} volatile.<name>.vgpu.uuid instance-volatile
:shortdesc: "virtual GPU instance UUID"
:type: "string"
The NVIDIA virtual GPU instance UUID.
```
```{config:option} volatile.apply_nvram instance-volatile
:shortdesc: "Whether to regenerate VM NVRAM the next time the instance starts"
:type: "bool"
```
```{config:option} volatile.apply_template instance-volatile
:shortdesc: "Template hook"
:type: "string"
The template with the given name is triggered upon next startup.
```
```{config:option} volatile.base_image instance-volatile
:shortdesc: "Hash of the base image"
:type: "string"
The hash of the image that the instance was created from (empty if the instance was not created from an image).
```
```{config:option} volatile.cloud_init.instance-id instance-volatile
:shortdesc: "`instance-id` (UUID) exposed to `cloud-init`"
:type: "string"
```
```{config:option} volatile.cluster.group instance-volatile
:shortdesc: "The original cluster group for the instance"
:type: "string"
The cluster group(s) that the instance was restricted to at creation time.
This is used during re-scheduling events like an evacuation to keep the instance within the requested set.
```
```{config:option} volatile.container.oci instance-volatile
:defaultdesc: "`false`"
:shortdesc: "Whether the container is an OCI application container"
:type: "bool"
```
```{config:option} volatile.cpu.nodes instance-volatile
:shortdesc: "Instance NUMA node"
:type: "string"
The NUMA node that was selected for the instance.
```
```{config:option} volatile.evacuate.origin instance-volatile
:shortdesc: "The origin of the evacuated instance"
:type: "string"
The cluster member that the instance lived on before evacuation.
```
```{config:option} volatile.idmap.base instance-volatile
:shortdesc: "The first ID in the instance's primary idmap range"
:type: "integer"
```
```{config:option} volatile.idmap.current instance-volatile
:shortdesc: "The idmap currently in use by the instance"
:type: "string"
```
```{config:option} volatile.idmap.next instance-volatile
:shortdesc: "The idmap to use the next time the instance starts"
:type: "string"
```
```{config:option} volatile.last_state.idmap instance-volatile
:shortdesc: "Serialized instance UID/GID map"
:type: "string"
```
```{config:option} volatile.last_state.power instance-volatile
:shortdesc: "Instance state as of last host shutdown"
:type: "string"
```
```{config:option} volatile.last_state.ready instance-volatile
:shortdesc: "Instance marked itself as ready"
:type: "string"
```
```{config:option} volatile.rebalance.last_move instance-volatile
:shortdesc: "Timestamp of last move by automatic live-migration"
:type: "integer"
```
```{config:option} volatile.uuid instance-volatile
:shortdesc: "Instance UUID"
:type: "string"
The instance UUID is globally unique across all servers and projects.
```
```{config:option} volatile.uuid.generation instance-volatile
:shortdesc: "Instance generation UUID"
:type: "string"
The instance generation UUID changes whenever the instance's place in time moves backwards.
It is globally unique across all servers and projects.
```
```{config:option} volatile.vm.definition instance-volatile
:shortdesc: "QEMU VM definition name (used for migration between versions)"
:type: "string"
```
```{config:option} volatile.vm.rtc_adjustment instance-volatile
:shortdesc: "Real Time Clock change adjustment"
:type: "int64"
Real Time Clock adjustment time to allow virtual machines to run on a different base than the host.
```
```{config:option} volatile.vm.rtc_offset instance-volatile
:shortdesc: "Real Time Clock change offset"
:type: "int64"
Real Time Clock offset to allow virtual machines to run on a different base than the host.
```
```{config:option} volatile.vsock_id instance-volatile
:shortdesc: "Instance `vsock ID` used as of last start"
:type: "string"
```
<!-- config group instance-volatile end -->
<!-- config group kernel-limits start -->
```{config:option} limits.kernel.as kernel-limits
:resource: "`RLIMIT_AS`"
:shortdesc: "Maximum size of the process's virtual memory"
:type: "string"
```
```{config:option} limits.kernel.core kernel-limits
:resource: "`RLIMIT_CORE`"
:shortdesc: "Maximum size of the process's core dump file"
:type: "string"
```
```{config:option} limits.kernel.cpu kernel-limits
:resource: "`RLIMIT_CPU`"
:shortdesc: "Limit in seconds on the amount of CPU time the process can consume"
:type: "string"
```
```{config:option} limits.kernel.data kernel-limits
:resource: "`RLIMIT_DATA`"
:shortdesc: "Maximum size of the process's data segment"
:type: "string"
```
```{config:option} limits.kernel.fsize kernel-limits
:resource: "`RLIMIT_FSIZE`"
:shortdesc: "Maximum size of files the process may create"
:type: "string"
```
```{config:option} limits.kernel.locks kernel-limits
:resource: "`RLIMIT_LOCKS`"
:shortdesc: "Limit on the number of file locks that this process may establish"
:type: "string"
```
```{config:option} limits.kernel.memlock kernel-limits
:resource: "`RLIMIT_MEMLOCK`"
:shortdesc: "Limit on the number of bytes of memory that the process may lock in RAM"
:type: "string"
```
```{config:option} limits.kernel.nice kernel-limits
:resource: "`RLIMIT_NICE`"
:shortdesc: "Maximum value to which the process's nice value can be raised"
:type: "string"
```
```{config:option} limits.kernel.nofile kernel-limits
:resource: "`RLIMIT_NOFILE`"
:shortdesc: "Maximum number of open files for the process"
:type: "string"
```
```{config:option} limits.kernel.nproc kernel-limits
:resource: "`RLIMIT_NPROC`"
:shortdesc: "Maximum number of processes that can be created for the user of the calling process"
:type: "string"
```
```{config:option} limits.kernel.rtprio kernel-limits
:resource: "`RLIMIT_RTPRIO`"
:shortdesc: "Maximum value on the real-time-priority that may be set for this process"
:type: "string"
```
```{config:option} limits.kernel.sigpending kernel-limits
:resource: "`RLIMIT_SIGPENDING`"
:shortdesc: "Limit on the number of bytes of memory that the process may lock in RAM"
:type: "string"
```
<!-- config group kernel-limits end -->
<!-- config group network_address_set-common start -->
```{config:option} user.* network_address_set-common
:shortdesc: "Free form user key/value storage"
:type: "string"
User keys can be used in search.
```
<!-- config group network_address_set-common end -->
<!-- config group network_bridge-bgp start -->
```{config:option} bgp.peers.NAME.address network_bridge-bgp
:condition: "BGP server"
:defaultdesc: "-"
:shortdesc: "Peer address (IPv4 or IPv6) for use by `ovn` downstream networks"
:type: "string"
```
```{config:option} bgp.peers.NAME.asn network_bridge-bgp
:condition: "BGP server"
:defaultdesc: "-"
:shortdesc: "Peer AS number for use by `ovn` downstream networks"
:type: "integer"
```
```{config:option} bgp.peers.NAME.holdtime network_bridge-bgp
:condition: "BGP server"
:defaultdesc: "`180`"
:shortdesc: "Peer session hold time (in seconds; optional)"
:type: "integer"
```
```{config:option} bgp.peers.NAME.password network_bridge-bgp
:condition: "BGP server"
:defaultdesc: "- (no password)"
:shortdesc: "Peer session password (optional) for use by `ovn` downstream networks"
:type: "string"
```
<!-- config group network_bridge-bgp end -->
<!-- config group network_bridge-common start -->
```{config:option} bgp.ipv4.nexthop network_bridge-common
:condition: "BGP server"
:default: "local address"
:shortdesc: "Override the next-hop for advertised prefixes"
:type: "string"
```
```{config:option} bgp.ipv6.nexthop network_bridge-common
:condition: "BGP server"
:default: "local address"
:shortdesc: "Override the next-hop for advertised prefixes"
:type: "string"
```
```{config:option} bridge.driver network_bridge-common
:condition: "-"
:default: "`native`"
:shortdesc: "Bridge driver: `native` or `openvswitch`"
:type: "string"
```
```{config:option} bridge.external_interfaces network_bridge-common
:condition: "-"
:default: "-"
:shortdesc: "Comma-separated list of unconfigured network interfaces to include in the bridge"
:type: "string"
```
```{config:option} bridge.hwaddr network_bridge-common
:condition: "-"
:default: "-"
:shortdesc: "MAC address for the bridge"
:type: "string"
```
```{config:option} bridge.mtu network_bridge-common
:condition: "-"
:default: "`1500`"
:shortdesc: "Bridge MTU (default varies if tunnel in use)"
:type: "integer"
```
```{config:option} dns.domain network_bridge-common
:condition: "-"
:default: "`incus`"
:shortdesc: "Domain to advertise to DHCP clients and use for DNS resolution"
:type: "string"
```
```{config:option} dns.mode network_bridge-common
:condition: "-"
:default: "`managed`"
:shortdesc: "DNS registration mode: none for no DNS record, managed for Incus-generated static records or dynamic for client-generated records"
:type: "string"
```
```{config:option} dns.nameservers network_bridge-common
:condition: "-"
:default: "IPv4 and IPv6 address"
:shortdesc: "DNS server IPs to advertise to DHCP clients and via Router Advertisements. Both IPv4 and IPv6 addresses get pushed via DHCP, and IPv6 addresses are also advertised as RDNSS via RA."
:type: "string"
```
```{config:option} dns.search network_bridge-common
:condition: "-"
:default: "-"
:shortdesc: "Full comma-separated domain search list, defaulting to `dns.domain` value"
:type: "string"
```
```{config:option} dns.zone.forward network_bridge-common
:condition: "-"
:default: "`managed`"
:shortdesc: "Comma-separated list of DNS zone names for forward DNS records"
:type: "string"
```
```{config:option} dns.zone.reverse.ipv4 network_bridge-common
:condition: "-"
:default: "`managed`"
:shortdesc: "DNS zone name for IPv4 reverse DNS records"
:type: "string"
```
```{config:option} dns.zone.reverse.ipv6 network_bridge-common
:condition: "-"
:default: "`managed`"
:shortdesc: "DNS zone name for IPv6 reverse DNS records"
:type: "string"
```
```{config:option} ipv4.address network_bridge-common
:condition: "standard mode"
:default: "- (initial value on creation: `auto`)"
:shortdesc: "IPv4 address for the bridge (use `none` to turn off IPv4 or `auto` to generate a new random unused subnet) (CIDR)"
:type: "string"
```
```{config:option} ipv4.dhcp network_bridge-common
:condition: "IPv4 address"
:default: "`true`"
:shortdesc: "Whether to allocate addresses using DHCP"
:type: "bool"
```
```{config:option} ipv4.dhcp.expiry network_bridge-common
:condition: "IPv4 DHCP"
:default: "`1h`"
:shortdesc: "When to expire DHCP leases"
:type: "string"
```
```{config:option} ipv4.dhcp.gateway network_bridge-common
:condition: "IPv4 DHCP"
:default: "IPv4 address"
:shortdesc: "Address of the gateway for the subnet"
:type: "string"
```
```{config:option} ipv4.dhcp.ranges network_bridge-common
:condition: "IPv4 DHCP"
:default: "all addresses"
:shortdesc: "Comma-separated list of IP ranges to use for DHCP (FIRST-LAST format)"
:type: "string"
```
```{config:option} ipv4.dhcp.routes network_bridge-common
:condition: "IPv4 DHCP"
:default: "-"
:shortdesc: "Static routes to provide via DHCP option 121, as a comma-separated list of alternating subnets (CIDR) and gateway addresses (same syntax as dnsmasq)"
:type: "string"
```
```{config:option} ipv4.firewall network_bridge-common
:condition: "IPv4 address"
:default: "`true`"
:shortdesc: "Whether to generate filtering firewall rules for this network"
:type: "bool"
```
```{config:option} ipv4.nat network_bridge-common
:condition: "IPv4 address"
:default: "`false`(initial value on creation if `ipv4.address` is set to `auto`: `true`)"
:shortdesc: "Whether to NAT"
:type: "bool"
```
```{config:option} ipv4.nat.address network_bridge-common
:condition: "IPv4 address"
:default: "-"
:shortdesc: "The source address used for outbound traffic from the bridge"
:type: "string"
```
```{config:option} ipv4.nat.order network_bridge-common
:condition: "IPv4 address"
:default: "`before`"
:shortdesc: "Whether to add the required NAT rules before or after any pre-existing rules"
:type: "string"
```
```{config:option} ipv4.ovn.ranges network_bridge-common
:condition: "-"
:default: "-"
:shortdesc: "Comma-separated list of IPv4 ranges to use for child OVN network routers (FIRST-LAST format)"
:type: "string"
```
```{config:option} ipv4.routes network_bridge-common
:condition: "IPv4 address"
:default: "-"
:shortdesc: "Comma-separated list of additional IPv4 CIDR subnets to route to the bridge"
:type: "string"
```
```{config:option} ipv4.routing network_bridge-common
:condition: "IPv4 DHCP"
:default: "`true`"
:shortdesc: "Whether to route traffic in and out of the bridge"
:type: "bool"
```
```{config:option} ipv6.address network_bridge-common
:condition: "standard mode"
:default: "- (initial value on creation: `auto`)"
:shortdesc: "IPv6 address for the bridge (use `none` to turn off IPv6 or `auto` to generate a new random unused subnet) (CIDR)"
:type: "string"
```
```{config:option} ipv6.dhcp network_bridge-common
:condition: "IPv6 DHCP"
:default: "`true`"
:shortdesc: "Whether to provide additional network configuration over DHCP"
:type: "bool"
```
```{config:option} ipv6.dhcp.expiry network_bridge-common
:condition: "IPv6 DHCP"
:default: "`1h`"
:shortdesc: "When to expire DHCP leases"
:type: "string"
```
```{config:option} ipv6.dhcp.ranges network_bridge-common
:condition: "IPv6 stateful DHCP"
:default: "all addresses"
:shortdesc: "Comma-separated list of IPv6 ranges to use for DHCP (FIRST-LAST format)"
:type: "string"
```
```{config:option} ipv6.dhcp.stateful network_bridge-common
:condition: "IPv6 DHCP"
:default: "`false`"
:shortdesc: "Whether to allocate addresses using DHCP"
:type: "bool"
```
```{config:option} ipv6.firewall network_bridge-common
:condition: "IPv6 address"
:default: "`true`"
:shortdesc: "Whether to generate filtering firewall rules for this network"
:type: "bool"
```
```{config:option} ipv6.nat network_bridge-common
:condition: "IPv6 address"
:default: "`false` (initial value on creation if `ipv6.address` is set to `auto`: `true`)"
:shortdesc: "Whether to NAT"
:type: "bool"
```
```{config:option} ipv6.nat.address network_bridge-common
:condition: "IPv6 address"
:default: "-"
:shortdesc: "The source address used for outbound traffic from the bridge"
:type: "string"
```
```{config:option} ipv6.nat.order network_bridge-common
:condition: "IPv6 address"
:default: "`before`"
:shortdesc: "Whether to add the required NAT rules before or after any pre-existing rules"
:type: "string"
```
```{config:option} ipv6.ovn.ranges network_bridge-common
:condition: "-"
:default: "-"
:shortdesc: "Comma-separated list of IPv6 ranges to use for child OVN network routers (FIRST-LAST format)"
:type: "string"
```
```{config:option} ipv6.routes network_bridge-common
:condition: "IPv6 address"
:default: "-"
:shortdesc: "Comma-separated list of additional IPv6 CIDR subnets to route to the bridge"
:type: "string"
```
```{config:option} ipv6.routing network_bridge-common
:condition: "IPv6 address"
:default: "`true`"
:shortdesc: "Whether to route traffic in and out of the bridge"
:type: "bool"
```
```{config:option} raw.dnsmasq network_bridge-common
:condition: "-"
:default: "-"
:shortdesc: "Additional dnsmasq configuration to append to the configuration file"
:type: "string"
```
```{config:option} security.acls network_bridge-common
:condition: "-"
:default: "-"
:shortdesc: "Comma-separated list of Network ACLs to apply to NICs connected to this network (see {ref}`network-acls-bridge-limitations`)"
:type: "string"
```
```{config:option} security.acls.default.egress.action network_bridge-common
:condition: "`security.acls`"
:default: "`reject`"
:shortdesc: "Action to use for egress traffic that doesn't match any ACL rule"
:type: "string"
```
```{config:option} security.acls.default.egress.logged network_bridge-common
:condition: "`security.acls`"
:default: "`false`"
:shortdesc: "Whether to log egress traffic that doesn't match any ACL rule"
:type: "bool"
```
```{config:option} security.acls.default.ingress.action network_bridge-common
:condition: "`security.acls`"
:default: "`reject`"
:shortdesc: "Action to use for ingress traffic that doesn't match any ACL rule"
:type: "string"
```
```{config:option} security.acls.default.ingress.logged network_bridge-common
:condition: "`security.acls`"
:default: "`false`"
:shortdesc: "Whether to log ingress traffic that doesn't match any ACL rule"
:type: "bool"
```
```{config:option} tunnel.NAME.group network_bridge-common
:condition: "`vxlan`"
:default: "`239.0.0.1`"
:shortdesc: "Multicast address for `vxlan` (used if local and remote aren't set)"
:type: "string"
```
```{config:option} tunnel.NAME.id network_bridge-common
:condition: "`vxlan`"
:default: "`0`"
:shortdesc: "Specific tunnel ID to use for the `vxlan` tunnel"
:type: "integer"
```
```{config:option} tunnel.NAME.interface network_bridge-common
:condition: "`vxlan`"
:default: "-"
:shortdesc: "Specific host interface to use for the tunnel"
:type: "string"
```
```{config:option} tunnel.NAME.local network_bridge-common
:condition: "`gre` or `vxlan`"
:default: "-"
:shortdesc: "Local address for the tunnel (not necessary for multicast `vxlan`)"
:type: "string"
```
```{config:option} tunnel.NAME.port network_bridge-common
:condition: "`vxlan`"
:default: "`0`"
:shortdesc: "Specific port to use for the `vxlan` tunnel"
:type: "integer"
```
```{config:option} tunnel.NAME.protocol network_bridge-common
:condition: "standard mode"
:default: "-"
:shortdesc: "Tunneling protocol: `vxlan` or `gre`"
:type: "string"
```
```{config:option} tunnel.NAME.remote network_bridge-common
:condition: "`gre` or `vxlan`"
:default: "-"
:shortdesc: "Remote address for the tunnel (not necessary for multicast `vxlan`)"
:type: "string"
```
```{config:option} tunnel.NAME.ttl network_bridge-common
:condition: "`vxlan`"
:default: "`1`"
:shortdesc: "Specific TTL to use for multicast routing topologies"
:type: "integer"
```
```{config:option} user.* network_bridge-common
:condition: "-"
:default: "-"
:shortdesc: "User-provided free-form key/value pairs"
:type: "string"
```
<!-- config group network_bridge-common end -->
<!-- config group network_forward-common start -->
```{config:option} target_address network_forward-common
:shortdesc: "Default target address for anything not covered through a port definition"
:type: "string"
```
```{config:option} user.* network_forward-common
:shortdesc: "User defined key/value configuration"
:type: "string"
```
<!-- config group network_forward-common end -->
<!-- config group network_integration-common start -->
```{config:option} user.* network_integration-common
:shortdesc: "Free form user key/value storage"
:type: "string"
User keys can be used in search.
```
<!-- config group network_integration-common end -->
<!-- config group network_integration-ovn start -->
```{config:option} ovn.ca_cert network_integration-ovn
:scope: "global"
:shortdesc: "OVN SSL certificate authority for the inter-connection database"
:type: "string"
```
```{config:option} ovn.client_cert network_integration-ovn
:scope: "global"
:shortdesc: "OVN SSL client certificate"
:type: "string"
```
```{config:option} ovn.client_key network_integration-ovn
:scope: "global"
:shortdesc: "OVN SSL client key"
:type: "string"
```
```{config:option} ovn.northbound_connection network_integration-ovn
:scope: "global"
:shortdesc: "OVN northbound inter-connection connection string"
:type: "string"
```
```{config:option} ovn.southbound_connection network_integration-ovn
:scope: "global"
:shortdesc: "OVN southbound inter-connection connection string"
:type: "string"
```
```{config:option} ovn.transit.pattern network_integration-ovn
:defaultdesc: "`ts-incus-{{ integrationName }}-{{ projectName }}-{{ networkName }}`"
:shortdesc: "Template for the transit switch name"
:type: "string"
Specify a Pongo2 template string that represents the transit switch name.
This template gets access to the project name (`projectName`),
integration name (`integrationName`), network name (`networkName`)
and peer name (`peerName`).
```
<!-- config group network_integration-ovn end -->
<!-- config group network_load_balancer-common start -->
```{config:option} healthcheck network_load_balancer-common
:defaultdesc: "`false`"
:shortdesc: "Whether to perform checks on the backends"
:type: "bool"
```
```{config:option} healthcheck.failure_count network_load_balancer-common
:defaultdesc: "`3`"
:shortdesc: "Number of failed tests to consider the backend offline"
:type: "integer"
```
```{config:option} healthcheck.interval network_load_balancer-common
:defaultdesc: "`10`"
:shortdesc: "Interval in seconds between health checks"
:type: "integer"
```
```{config:option} healthcheck.success_count network_load_balancer-common
:defaultdesc: "`3`"
:shortdesc: "Number of successful tests to consider the backend online"
:type: "integer"
```
```{config:option} healthcheck.timeout network_load_balancer-common
:defaultdesc: "`30`"
:shortdesc: "Test timeout"
:type: "integer"
```
```{config:option} user.* network_load_balancer-common
:shortdesc: "Free form user key/value storage"
:type: "string"
User keys can be used in search.
```
<!-- config group network_load_balancer-common end -->
<!-- config group network_macvlan-common start -->
```{config:option} gvrp network_macvlan-common
:condition: "-"
:default: "`false`"
:shortdesc: "Register VLAN using GARP VLAN Registration Protocol"
:type: "bool"
```
```{config:option} mtu network_macvlan-common
:condition: "-"
:shortdesc: "The MTU of the new interface"
:type: "int"
```
```{config:option} parent network_macvlan-common
:condition: "-"
:shortdesc: "Parent interface to create macvlan NICs on"
:type: "string"
```
```{config:option} user.* network_macvlan-common
:shortdesc: "User-provided free-form key/value pairs"
:type: "string"
```
```{config:option} vlan network_macvlan-common
:condition: "-"
:shortdesc: "The VLAN ID to attach to"
:type: "int"
```
<!-- config group network_macvlan-common end -->
<!-- config group network_ovn-common start -->
```{config:option} bridge.external_interfaces network_ovn-common
:shortdesc: "Comma-separated list of unconfigured network interfaces to include in the bridge"
:type: "string"
```
```{config:option} bridge.hwaddr network_ovn-common
:shortdesc: "MAC address for the virtual bridge interface"
:type: "string"
```
```{config:option} bridge.mtu network_ovn-common
:default: "`1442`"
:shortdesc: "Bridge MTU (default allows host to host Geneve tunnels)"
:type: "integer"
```
```{config:option} dns.domain network_ovn-common
:default: "`incus`"
:shortdesc: "Domain to advertise to DHCP clients and use for DNS resolution"
:type: "string"
```
```{config:option} dns.mode network_ovn-common
:condition: "-"
:default: "`managed`"
:shortdesc: "DNS registration mode: none for no DNS record, managed for OVN managed records"
:type: "string"
```
```{config:option} dns.nameservers network_ovn-common
:default: "Uplink DNS servers (IPv4 and IPv6 address if no uplink is configured)"
:shortdesc: "DNS server IPs to advertise to DHCP clients and via Router Advertisements. Both IPv4 and IPv6 addresses get pushed via DHCP, and the first IPv6 address is also advertised as RDNSS via RA."
:type: "string"
```
```{config:option} dns.search network_ovn-common
:shortdesc: "Full comma-separated domain search list, defaulting to `dns.domain` value"
:type: "string"
```
```{config:option} dns.zone.forward network_ovn-common
:shortdesc: "Comma-separated list of DNS zone names for forward DNS records"
:type: "string"
```
```{config:option} dns.zone.reverse.ipv4 network_ovn-common
:shortdesc: "DNS zone name for IPv4 reverse DNS records"
:type: "string"
```
```{config:option} dns.zone.reverse.ipv6 network_ovn-common
:shortdesc: "DNS zone name for IPv6 reverse DNS records"
:type: "string"
```
```{config:option} ipv4.address network_ovn-common
:condition: "standard mode"
:default: "(initial value on creation: `auto`)"
:shortdesc: "IPv4 address for the bridge (use `none` to turn off IPv4 or `auto` to generate a new random unused subnet) (CIDR)"
:type: "string"
```
```{config:option} ipv4.dhcp network_ovn-common
:condition: "IPv4 address"
:default: "`true`"
:shortdesc: "Whether to allocate addresses using DHCP"
:type: "bool"
```
```{config:option} ipv4.dhcp.expiry network_ovn-common
:condition: "IPv4 DHCP"
:default: "`1h`"
:shortdesc: "When to expire DHCP leases"
:type: "string"
```
```{config:option} ipv4.dhcp.ranges network_ovn-common
:condition: "IPv4 DHCP"
:default: "all addresses"
:shortdesc: "Comma-separated list of IP ranges to use for DHCP (FIRST-LAST format)"
:type: "string"
```
```{config:option} ipv4.dhcp.routes network_ovn-common
:condition: "IPv4 DHCP"
:shortdesc: "Static routes to provide via DHCP option 121, as a comma-separated list of alternating subnets (CIDR) and gateway addresses (same syntax as dnsmasq and OVN)"
:type: "string"
```
```{config:option} ipv4.l3only network_ovn-common
:condition: "IPv4 address"
:default: "`false`"
:shortdesc: "Whether to enable layer 3 only mode."
:type: "bool"
```
```{config:option} ipv4.nat network_ovn-common
:condition: "IPv4 address"
:default: "`false` initial value on creation if `ipv4.address` is set to `auto: true`)"
:shortdesc: "Whether to NAT"
:type: "bool"
```
```{config:option} ipv4.nat.address network_ovn-common
:condition: "IPv4 address"
:shortdesc: "The source address used for outbound traffic from the network (requires uplink `ovn.ingress_mode=routed`)"
:type: "string"
```
```{config:option} ipv6.address network_ovn-common
:condition: "standard mode"
:default: "(initial value on creation: `auto`)"
:shortdesc: "IPv6 address for the bridge (use `none` to turn off IPv6 or `auto` to generate a new random unused subnet) (CIDR)"
:type: "string"
```
```{config:option} ipv6.dhcp network_ovn-common
:condition: "IPv6 address"
:default: "`true`"
:shortdesc: "Whether to provide additional network configuration over DHCP"
:type: "bool"
```
```{config:option} ipv6.dhcp.stateful network_ovn-common
:condition: "IPv6 DHCP"
:default: "`false`"
:shortdesc: "Whether to allocate addresses using DHCP"
:type: "bool"
```
```{config:option} ipv6.l3only network_ovn-common
:condition: "IPv6 DHCP stateful"
:default: "`false`"
:shortdesc: "Whether to enable layer 3 only mode."
:type: "bool"
```
```{config:option} ipv6.nat network_ovn-common
:condition: "IPv6 address"
:default: "`false` (initial value on creation if `ipv6.address` is set to `auto: true`)"
:shortdesc: "Whether to NAT"
:type: "bool"
```
```{config:option} ipv6.nat.address network_ovn-common
:condition: "IPv6 address"
:shortdesc: "The source address used for outbound traffic from the network (requires uplink `ovn.ingress_mode=routed`)"
:type: "string"
```
```{config:option} network network_ovn-common
:shortdesc: "Uplink network to use for external network access or `none` to keep isolated"
:type: "string"
```
```{config:option} security.acls network_ovn-common
:shortdesc: "Comma-separated list of Network ACLs to apply to NICs connected to this network"
:type: "string"
```
```{config:option} security.acls.default.egress.action network_ovn-common
:condition: "`security.acls`"
:default: "`reject`"
:shortdesc: "Action to use for egress traffic that doesn't match any ACL rule"
:type: "string"
```
```{config:option} security.acls.default.egress.logged network_ovn-common
:condition: "`security.acls`"
:default: "`false`"
:shortdesc: "Whether to log egress traffic that doesn't match any ACL rule"
:type: "bool"
```
```{config:option} security.acls.default.ingress.action network_ovn-common
:condition: "`security.acls`"
:default: "`reject`"
:shortdesc: "Action to use for ingress traffic that doesn't match any ACL rule"
:type: "string"
```
```{config:option} security.acls.default.ingress.logged network_ovn-common
:condition: "`security.acls`"
:default: "`false`"
:shortdesc: "Whether to log ingress traffic that doesn't match any ACL rule"
:type: "bool"
```
```{config:option} tunnel.NAME.group network_ovn-common
:condition: "`vxlan`"
:default: "`239.0.0.1`"
:shortdesc: "Multicast address for `vxlan`"
:type: "string"
```
```{config:option} tunnel.NAME.id network_ovn-common
:condition: "`vxlan`"
:default: "`0`"
:shortdesc: "Specific tunnel ID to use for the `vxlan` tunnel"
:type: "integer"
```
```{config:option} tunnel.NAME.interface network_ovn-common
:condition: "`vxlan`"
:default: "-"
:shortdesc: "Specific host interface to use for the tunnel"
:type: "string"
```
```{config:option} tunnel.NAME.local network_ovn-common
:condition: "`gre`"
:default: "-"
:shortdesc: "Local address for the tunnel"
:type: "string"
```
```{config:option} tunnel.NAME.port network_ovn-common
:condition: "`vxlan`"
:default: "`0`"
:shortdesc: "Specific port to use for the `vxlan` tunnel"
:type: "integer"
```
```{config:option} tunnel.NAME.protocol network_ovn-common
:condition: "standard mode"
:default: "-"
:shortdesc: "Tunneling protocol: `vxlan` or `gre`"
:type: "string"
```
```{config:option} tunnel.NAME.remote network_ovn-common
:condition: "`gre`"
:default: "-"
:shortdesc: "Remote address for the tunnel"
:type: "string"
```
```{config:option} tunnel.NAME.ttl network_ovn-common
:condition: "`vxlan`"
:default: "`1`"
:shortdesc: "Specific TTL to use for multicast routing topologies"
:type: "integer"
```
```{config:option} user.* network_ovn-common
:shortdesc: "User-provided free-form key/value pairs"
:type: "string"
```
<!-- config group network_ovn-common end -->
<!-- config group network_physical-bgp start -->
```{config:option} bgp.peers.NAME.address network_physical-bgp
:condition: "BGP server"
:defaultdesc: "-"
:shortdesc: "Peer address (IPv4 or IPv6) for use by `ovn` downstream networks"
:type: "string"
```
```{config:option} bgp.peers.NAME.asn network_physical-bgp
:condition: "BGP server"
:defaultdesc: "-"
:shortdesc: "Peer AS number for use by `ovn` downstream networks"
:type: "integer"
```
```{config:option} bgp.peers.NAME.holdtime network_physical-bgp
:condition: "BGP server"
:defaultdesc: "`180`"
:shortdesc: "Peer session hold time (in seconds; optional)"
:type: "integer"
```
```{config:option} bgp.peers.NAME.password network_physical-bgp
:condition: "BGP server"
:defaultdesc: "- (no password)"
:shortdesc: "Peer session password (optional) for use by `ovn` downstream networks"
:type: "string"
```
<!-- config group network_physical-bgp end -->
<!-- config group network_physical-common start -->
```{config:option} gvrp network_physical-common
:condition: "-"
:defaultdesc: "'false'"
:shortdesc: "Register VLAN using GARP VLAN Registration Protocol"
:type: "bool"
```
```{config:option} mtu network_physical-common
:condition: "-"
:shortdesc: "The MTU of the new interface"
:type: "integer"
```
```{config:option} parent network_physical-common
:condition: "-"
:shortdesc: "Existing interface to use for network"
:type: "string"
```
```{config:option} vlan network_physical-common
:condition: "-"
:shortdesc: "The VLAN ID to attach to"
:type: "integer"
```
```{config:option} vlan.tagged network_physical-common
:condition: "Parent must be an existing bridge"
:shortdesc: "Comma-delimited list of VLAN IDs or VLAN ranges to join for tagged traffic"
:type: "integer"
```
<!-- config group network_physical-common end -->
<!-- config group network_physical-dns start -->
```{config:option} dns.nameservers network_physical-dns
:condition: "standard mode"
:shortdesc: "List of DNS server IPs on `physical` network"
:type: "string"
```
<!-- config group network_physical-dns end -->
<!-- config group network_physical-ipv4 start -->
```{config:option} ipv4.gateway network_physical-ipv4
:condition: "standard mode"
:shortdesc: "IPv4 address for the gateway and network (CIDR)"
:type: "string"
```
```{config:option} ipv4.gateway.hwaddr network_physical-ipv4
:shortdesc: "MAC address of the gateway (to avoid discovery)"
:type: "string"
```
```{config:option} ipv4.ovn.ranges network_physical-ipv4
:condition: "-"
:shortdesc: "Comma-separated list of IPv4 ranges to use for child OVN network routers (FIRST-LAST format)"
:type: "string"
```
```{config:option} ipv4.routes network_physical-ipv4
:condition: "IPv4 address"
:shortdesc: "Comma-separated list of additional IPv4 CIDR subnets that can be used with child OVN networks `ipv4.routes.external` setting"
:type: "string"
```
```{config:option} ipv4.routes.anycast network_physical-ipv4
:condition: "IPv4 address"
:defaultdesc: "'false'"
:shortdesc: "Allow the overlapping routes to be used on multiple networks/NIC at the same time"
:type: "bool"
```
<!-- config group network_physical-ipv4 end -->
<!-- config group network_physical-ipv6 start -->
```{config:option} ipv6.gateway network_physical-ipv6
:condition: "standard mode"
:shortdesc: "IPv6 address for the gateway and network (CIDR)"
:type: "string"
```
```{config:option} ipv6.gateway.hwaddr network_physical-ipv6
:shortdesc: "MAC address of the gateway (to avoid discovery)"
:type: "string"
```
```{config:option} ipv6.ovn.ranges network_physical-ipv6
:condition: "-"
:shortdesc: "Comma-separated list of IPv6 ranges to use for child OVN network routers (FIRST-LAST format)"
:type: "string"
```
```{config:option} ipv6.routes network_physical-ipv6
:condition: "IPv6 address"
:shortdesc: "Comma-separated list of additional IPv6 CIDR subnets that can be used with child OVN networks `ipv6.routes.external` setting"
:type: "string"
```
```{config:option} ipv6.routes.anycast network_physical-ipv6
:condition: "IPv6 address"
:defaultdesc: "'false'"
:shortdesc: "Allow the overlapping routes to be used on multiple networks/NIC at the same time"
:type: "bool"
```
<!-- config group network_physical-ipv6 end -->
<!-- config group network_physical-ovn start -->
```{config:option} ovn.ingress_mode network_physical-ovn
:condition: "standard mode"
:defaultdesc: "`l2proxy`"
:shortdesc: "Sets the method how OVN NIC external IPs will be advertised on uplink network: `l2proxy` (proxy ARP/NDP) or `routed`"
:type: "string"
```
<!-- config group network_physical-ovn end -->
<!-- config group network_sriov-common start -->
```{config:option} mtu network_sriov-common
:condition: "-"
:shortdesc: "The MTU of the new interface"
:type: "integer"
```
```{config:option} parent network_sriov-common
:condition: "-"
:shortdesc: "Parent interface to create `sriov` NICs on"
:type: "string"
```
```{config:option} user.* network_sriov-common
:condition: "-"
:shortdesc: "User-provided free-form key/value pairs"
:type: "string"
```
```{config:option} vlan network_sriov-common
:condition: "-"
:shortdesc: "The VLAN ID to attach to"
:type: "integer"
```
<!-- config group network_sriov-common end -->
<!-- config group network_zone-common start -->
```{config:option} dns.contact network_zone-common
:required: "no"
:shortdesc: "Admin contact email for DNS server"
:type: "string"
```
```{config:option} dns.nameservers network_zone-common
:required: "no"
:shortdesc: "Comma-separated list of DNS server FQDNs (for NS records)"
:type: "string set"
```
```{config:option} network.nat network_zone-common
:defaultdesc: "`true`"
:required: "no"
:shortdesc: "Whether to generate records for NAT-ed subnets"
:type: "bool"
```
```{config:option} peers.NAME.address network_zone-common
:required: "no"
:shortdesc: "IP address of a DNS server"
:type: "string"
```
```{config:option} peers.NAME.key network_zone-common
:required: "no"
:shortdesc: "TSIG key for the server"
:type: "string"
```
```{config:option} user.* network_zone-common
:required: "no"
:shortdesc: "User-provided free-form key/value pairs"
:type: "string"
```
<!-- config group network_zone-common end -->
<!-- config group project-features start -->
```{config:option} features.images project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`true`"
:shortdesc: "Whether to use a separate set of images for the project"
:type: "bool"
This setting applies to both images and image aliases.
```
```{config:option} features.networks project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`false`"
:shortdesc: "Whether to use a separate set of networks for the project"
:type: "bool"
```
```{config:option} features.networks.zones project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`false`"
:shortdesc: "Whether to use a separate set of network zones for the project"
:type: "bool"
```
```{config:option} features.profiles project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`true`"
:shortdesc: "Whether to use a separate set of profiles for the project"
:type: "bool"
```
```{config:option} features.storage.buckets project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`true`"
:shortdesc: "Whether to use a separate set of storage buckets for the project"
:type: "bool"
```
```{config:option} features.storage.volumes project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`true`"
:shortdesc: "Whether to use a separate set of storage volumes for the project"
:type: "bool"
```
<!-- config group project-features end -->
<!-- config group project-limits start -->
```{config:option} limits.containers project-limits
:shortdesc: "Maximum number of containers that can be created in the project"
:type: "integer"
```
```{config:option} limits.cpu project-limits
:shortdesc: "Maximum number of CPUs to use in the project"
:type: "integer"
This value is the maximum value for the sum of the individual {config:option}`instance-resource-limits:limits.cpu` configurations set on the instances of the project.
```
```{config:option} limits.disk project-limits
:shortdesc: "Maximum disk space used by the project"
:type: "string"
This value is the maximum value of the aggregate disk space used by all instance volumes, custom volumes, and images of the project.
```
```{config:option} limits.disk.pool.POOL_NAME project-limits
:shortdesc: "Maximum disk space used by the project on this pool"
:type: "string"
This value is the maximum value of the aggregate disk
space used by all instance volumes, custom volumes, and images of the
project on this specific storage pool.
```
```{config:option} limits.instances project-limits
:shortdesc: "Maximum number of instances that can be created in the project"
:type: "integer"
```
```{config:option} limits.memory project-limits
:shortdesc: "Usage limit for the host's memory for the project"
:type: "string"
The value is the maximum value for the sum of the individual {config:option}`instance-resource-limits:limits.memory` configurations set on the instances of the project.
```
```{config:option} limits.networks project-limits
:shortdesc: "Maximum number of networks that the project can have"
:type: "integer"
```
```{config:option} limits.processes project-limits
:shortdesc: "Maximum number of processes within the project"
:type: "integer"
This value is the maximum value for the sum of the individual {config:option}`instance-resource-limits:limits.processes` configurations set on the instances of the project.
```
```{config:option} limits.virtual-machines project-limits
:shortdesc: "Maximum number of VMs that can be created in the project"
:type: "integer"
```
<!-- config group project-limits end -->
<!-- config group project-restricted start -->
```{config:option} restricted project-restricted
:defaultdesc: "`false`"
:shortdesc: "Whether to block access to security-sensitive features"
:type: "bool"
This option must be enabled to allow the `restricted.*` keys to take effect.
To temporarily remove the restrictions, you can disable this option instead of clearing the related keys.
```
```{config:option} restricted.backups project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent creating instance or volume backups"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.cluster.groups project-restricted
:shortdesc: "Cluster groups that can be targeted"
:type: "string"
If specified, this option prevents targeting cluster groups other than the provided ones.
```
```{config:option} restricted.cluster.target project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent targeting of cluster members"
:type: "string"
Possible values are `allow` or `block`.
When set to `allow`, this option allows targeting of cluster members (either directly or via a group) when creating or moving instances.
```
```{config:option} restricted.containers.interception project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using system call interception options"
:type: "string"
Possible values are `allow`, `block`, or `full`.
When set to `allow`, interception options that are usually safe are allowed.
File system mounting remains blocked.
```
```{config:option} restricted.containers.lowlevel project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using low-level container options"
:type: "string"
Possible values are `allow` or `block`.
When set to `allow`, low-level container options like {config:option}`instance-raw:raw.lxc`, {config:option}`instance-raw:raw.idmap`, `volatile.*`, etc. can be used.
```
```{config:option} restricted.containers.nesting project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent running nested Incus"
:type: "string"
Possible values are `allow` or `block`.
When set to `allow`, {config:option}`instance-security:security.nesting` can be set to `true` for an instance.
```
```{config:option} restricted.containers.privilege project-restricted
:defaultdesc: "`unprivileged`"
:shortdesc: "Which settings for privileged containers to prevent"
:type: "string"
Possible values are `unprivileged`, `isolated`, and `allow`.
- When set to `unprivileged`, this option prevents setting {config:option}`instance-security:security.privileged` to `true`.
- When set to `isolated`, this option prevents setting {config:option}`instance-security:security.privileged` and {config:option}`instance-security:security.idmap.isolated` to `true`.
- When set to `allow`, there is no restriction.
```
```{config:option} restricted.devices.disk project-restricted
:defaultdesc: "`managed`"
:shortdesc: "Which disk devices can be used"
:type: "string"
Possible values are `allow`, `block`, or `managed`.
- When set to `block`, this option prevents using all disk devices except the root one.
- When set to `managed`, this option allows using disk devices only if `pool=` is set.
- When set to `allow`, there is no restriction on which disk devices can be used.
```
```{config:option} restricted.devices.disk.paths project-restricted
:shortdesc: "Which `source` can be used for `disk` devices"
:type: "string"
If {config:option}`project-restricted:restricted.devices.disk` is set to `allow`, this option controls which `source` can be used for `disk` devices.
Specify a comma-separated list of path prefixes that restrict the `source` setting.
If this option is left empty, all paths are allowed.
```
```{config:option} restricted.devices.gpu project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `gpu`"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.devices.infiniband project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `infiniband`"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.devices.nic project-restricted
:defaultdesc: "`managed`"
:shortdesc: "Which network devices can be used"
:type: "string"
Possible values are `allow`, `block`, or `managed`.
- When set to `block`, this option prevents using all network devices.
- When set to `managed`, this option allows using network devices only if `network=` is set.
- When set to `allow`, there is no restriction on which network devices can be used.
```
```{config:option} restricted.devices.pci project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `pci`"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.devices.proxy project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `proxy`"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.devices.unix-block project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `unix-block`"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.devices.unix-char project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `unix-char`"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.devices.unix-hotplug project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `unix-hotplug`"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.devices.usb project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `usb`"
:type: "string"
Possible values are `allow` or `block`.
```
```{config:option} restricted.idmap.gid project-restricted
:shortdesc: "Which host GID ranges are allowed in `raw.idmap`"
:type: "string"
This option specifies the host GID ranges that are allowed in the instance's {config:option}`instance-raw:raw.idmap` setting.
```
```{config:option} restricted.idmap.uid project-restricted
:shortdesc: "Which host UID ranges are allowed in `raw.idmap`"
:type: "string"
This option specifies the host UID ranges that are allowed in the instance's {config:option}`instance-raw:raw.idmap` setting.
```
```{config:option} restricted.networks.access project-restricted
:shortdesc: "Which network names are allowed for use in this project"
:type: "string"
Specify a comma-delimited list of network names that are allowed for use in this project.
If this option is not set, all networks are accessible.
Note that this setting depends on the {config:option}`project-restricted:restricted.devices.nic` setting.
```
```{config:option} restricted.networks.integrations project-restricted
:shortdesc: "Which network integrations can be used in this project"
:type: "string"
Specify a comma-delimited list of network integrations that can be used by networks in this project.
```
```{config:option} restricted.networks.subnets project-restricted
:defaultdesc: "`block`"
:shortdesc: "Which network subnets are allocated for use in this project"
:type: "string"
Specify a comma-delimited list of network subnets from the uplink networks that are allocated for use in this project.
Use the form `<uplink>:<subnet>`.
```
```{config:option} restricted.networks.uplinks project-restricted
:shortdesc: "Which network names can be used as uplink in this project"
:type: "string"
Specify a comma-delimited list of network names that can be used as uplink for networks in this project.
```
```{config:option} restricted.networks.zones project-restricted
:defaultdesc: "`block`"
:shortdesc: "Which network zones can be used in this project"
:type: "string"
Specify a comma-delimited list of network zones that can be used (or something under them) in this project.
```
```{config:option} restricted.snapshots project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent creating instance or volume snapshots"
:type: "string"
```
```{config:option} restricted.virtual-machines.lowlevel project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using low-level VM options"
:type: "string"
Possible values are `allow` or `block`.
When set to `allow`, low-level VM options like {config:option}`instance-raw:raw.qemu`, `volatile.*`, etc. can be used.
```
<!-- config group project-restricted end -->
<!-- config group project-specific start -->
```{config:option} backups.compression_algorithm project-specific
:shortdesc: "Compression algorithm to use for backups"
:type: "string"
Specify which compression algorithm to use for backups in this project.
Possible values are `bzip2`, `gzip`, `lz4`, `lzma`, `xz`, `zstd` or `none`.
```
```{config:option} images.auto_update_cached project-specific
:shortdesc: "Whether to automatically update cached images in the project"
:type: "bool"
```
```{config:option} images.auto_update_interval project-specific
:shortdesc: "Interval at which to look for updates to cached images"
:type: "integer"
Specify the interval in hours.
To disable looking for updates to cached images, set this option to `0`.
```
```{config:option} images.compression_algorithm project-specific
:shortdesc: "Compression algorithm to use for new images in the project"
:type: "string"
Possible values are `bzip2`, `gzip`, `lz4`, `lzma`, `xz`, `zstd` or `none`.
```
```{config:option} images.default_architecture project-specific
:shortdesc: "Default architecture to use in a mixed-architecture cluster"
:type: "string"
```
```{config:option} images.remote_cache_expiry project-specific
:shortdesc: "When an unused cached remote image is flushed in the project"
:type: "integer"
Specify the number of days after which the unused cached image expires.
```
```{config:option} network.hwaddr_pattern project-specific
:scope: "global"
:shortdesc: "MAC address template"
:type: "string"
Specify a MAC address template, e.g. `10:66:6a:xx:xx:xx`, to use within the cluster.
Every `x` in the template will be replaced by a random character in `0``f`.
Beware of the birthday paradox! A single `xx` block leads to a 10% collision probability with only 8 addresses; for a double `xx:xx` block, 118 addresses; for a triple `xx:xx:xx` block, 1881; for a quadruple `xx:xx:xx:xx` block, 30084. We provide absolutely no guardrail against that.
```
```{config:option} user.* project-specific
:shortdesc: "User-provided free-form key/value pairs"
:type: "string"
```
<!-- config group project-specific end -->
<!-- config group server-acme start -->
```{config:option} acme.agree_tos server-acme
:defaultdesc: "`false`"
:scope: "global"
:shortdesc: "Agree to ACME terms of service"
:type: "bool"
```
```{config:option} acme.ca_url server-acme
:defaultdesc: "`https://acme-v02.api.letsencrypt.org/directory`"
:scope: "global"
:shortdesc: "URL to the directory resource of the ACME service"
:type: "string"
```
```{config:option} acme.challenge server-acme
:defaultdesc: "`HTTP-01`"
:scope: "global"
:shortdesc: "ACME challenge type to use"
:type: "string"
Possible values are `DNS-01` and `HTTP-01`.
```
```{config:option} acme.domain server-acme
:scope: "global"
:shortdesc: "Domain for which the certificate is issued"
:type: "string"
```
```{config:option} acme.email server-acme
:scope: "global"
:shortdesc: "Email address used for the account registration"
:type: "string"
```
```{config:option} acme.http.port server-acme
:defaultdesc: "`:80`"
:scope: "global"
:shortdesc: "Port and interface for HTTP server (used by HTTP-01)"
:type: "string"
Set the port and interface to use for HTTP-01 based challenges to listen on
```
```{config:option} acme.provider server-acme
:defaultdesc: "``"
:scope: "global"
:shortdesc: "Backend provider for the challenge (used by DNS-01)"
:type: "string"
```
```{config:option} acme.provider.environment server-acme
:defaultdesc: "``"
:scope: "global"
:shortdesc: "Environment variables to set during the challenge (used by DNS-01)"
:type: "string"
```
```{config:option} acme.provider.resolvers server-acme
:defaultdesc: "``"
:scope: "global"
:shortdesc: "Comma-separated list of DNS resolvers (used by DNS-01)"
:type: "string"
DNS resolvers to use for performing (recursive) `CNAME` resolving and apex domain determination during DNS-01 challenge.
```
<!-- config group server-acme end -->
<!-- config group server-cluster start -->
```{config:option} cluster.healing_threshold server-cluster
:defaultdesc: "`0`"
:scope: "global"
:shortdesc: "Threshold when to evacuate an offline cluster member"
:type: "integer"
Specify the number of seconds after which an offline cluster member is to be evacuated.
To disable evacuating offline members, set this option to `0`.
```
```{config:option} cluster.https_address server-cluster
:scope: "local"
:shortdesc: "Address to use for clustering traffic"
:type: "string"
See {ref}`cluster-https-address`.
```
```{config:option} cluster.images_minimal_replica server-cluster
:defaultdesc: "`3`"
:scope: "global"
:shortdesc: "Number of cluster members that replicate an image"
:type: "integer"
Specify the minimal number of cluster members that keep a copy of a particular image.
Set this option to `1` for no replication, or to `-1` to replicate images on all members.
```
```{config:option} cluster.join_token_expiry server-cluster
:defaultdesc: "`3H`"
:scope: "global"
:shortdesc: "Time after which a cluster join token expires"
:type: "string"
```
```{config:option} cluster.max_standby server-cluster
:defaultdesc: "`2`"
:scope: "global"
:shortdesc: "Number of database stand-by members"
:type: "integer"
Specify the maximum number of cluster members that are assigned the database stand-by role.
This must be a number between `0` and `5`.
```
```{config:option} cluster.max_voters server-cluster
:defaultdesc: "`3`"
:scope: "global"
:shortdesc: "Number of database voter members"
:type: "integer"
Specify the maximum number of cluster members that are assigned the database voter role.
This must be an odd number >= `3`.
```
```{config:option} cluster.offline_threshold server-cluster
:defaultdesc: "`20`"
:scope: "global"
:shortdesc: "Threshold when an unresponsive member is considered offline"
:type: "integer"
Specify the number of seconds after which an unresponsive member is considered offline.
```
```{config:option} cluster.rebalance.batch server-cluster
:defaultdesc: "`1`"
:scope: "global"
:shortdesc: "Maximum number of instances to move during one re-balancing run"
:type: "integer"
```
```{config:option} cluster.rebalance.cooldown server-cluster
:defaultdesc: "`6H`"
:scope: "global"
:shortdesc: "Amount of time during which an instance will not be moved again"
:type: "string"
```
```{config:option} cluster.rebalance.interval server-cluster
:defaultdesc: "`0`"
:scope: "global"
:shortdesc: "How often (in minutes) to consider re-balancing things. 0 to disable (default)"
:type: "integer"
```
```{config:option} cluster.rebalance.threshold server-cluster
:defaultdesc: "`20`"
:scope: "global"
:shortdesc: "Percentage load difference between most and least busy server needed to trigger a migration"
:type: "integer"
```
<!-- config group server-cluster end -->
<!-- config group server-core start -->
```{config:option} core.bgp_address server-core
:scope: "local"
:shortdesc: "Address to bind the BGP server to"
:type: "string"
See {ref}`network-bgp`.
```
```{config:option} core.bgp_asn server-core
:scope: "global"
:shortdesc: "BGP Autonomous System Number for the local server"
:type: "string"
```
```{config:option} core.bgp_routerid server-core
:scope: "local"
:shortdesc: "A unique identifier for the BGP server"
:type: "string"
The identifier must be formatted as an IPv4 address.
```
```{config:option} core.debug_address server-core
:scope: "local"
:shortdesc: "Address to bind the `pprof` debug server to (HTTP)"
:type: "string"
```
```{config:option} core.dns_address server-core
:scope: "local"
:shortdesc: "Address to bind the authoritative DNS server to"
:type: "string"
See {ref}`network-dns-server`.
```
```{config:option} core.https_address server-core
:scope: "local"
:shortdesc: "Address to bind for the remote API (HTTPS)"
:type: "string"
See {ref}`server-expose`.
```
```{config:option} core.https_allowed_credentials server-core
:defaultdesc: "`false`"
:scope: "global"
:shortdesc: "Whether to set `Access-Control-Allow-Credentials`"
:type: "bool"
If enabled, the `Access-Control-Allow-Credentials` HTTP header value is set to `true`.
```
```{config:option} core.https_allowed_headers server-core
:scope: "global"
:shortdesc: "`Access-Control-Allow-Headers` HTTP header value"
:type: "string"
```
```{config:option} core.https_allowed_methods server-core
:scope: "global"
:shortdesc: "`Access-Control-Allow-Methods` HTTP header value"
:type: "string"
```
```{config:option} core.https_allowed_origin server-core
:scope: "global"
:shortdesc: "`Access-Control-Allow-Origin` HTTP header value"
:type: "string"
```
```{config:option} core.https_trusted_proxy server-core
:scope: "global"
:shortdesc: "Trusted servers to provide the client's address"
:type: "string"
Specify a comma-separated list of IP addresses of trusted servers that provide the client's address through the proxy connection header.
```
```{config:option} core.metrics_address server-core
:scope: "local"
:shortdesc: "Address to bind the metrics server to (HTTPS)"
:type: "string"
See {ref}`metrics`.
```
```{config:option} core.metrics_authentication server-core
:defaultdesc: "`true`"
:scope: "global"
:shortdesc: "Whether to enforce authentication on the metrics endpoint"
:type: "bool"
```
```{config:option} core.proxy_http server-core
:scope: "global"
:shortdesc: "HTTP proxy to use"
:type: "string"
If this option is not specified, the daemon falls back to the `HTTP_PROXY` environment variable (if set).
```
```{config:option} core.proxy_https server-core
:scope: "global"
:shortdesc: "HTTPS proxy to use"
:type: "string"
If this option is not specified, the daemon falls back to the `HTTPS_PROXY` environment variable (if set).
```
```{config:option} core.proxy_ignore_hosts server-core
:scope: "global"
:shortdesc: "Hosts that don't need the proxy"
:type: "string"
Specify this option in a similar format to `NO_PROXY` (for example, `1.2.3.4,1.2.3.5`)
If this option is not specified, the daemon falls back to the `NO_PROXY` environment variable (if set).
```
```{config:option} core.remote_token_expiry server-core
:defaultdesc: "no expiry"
:scope: "global"
:shortdesc: "Time after which a remote add token expires"
:type: "string"
```
```{config:option} core.shutdown_timeout server-core
:defaultdesc: "`5`"
:scope: "global"
:shortdesc: "How long to wait before shutdown"
:type: "integer"
Specify the number of minutes to wait for running operations to complete before the daemon shuts down.
```
```{config:option} core.storage_buckets_address server-core
:scope: "local"
:shortdesc: "Address to bind the storage object server to (HTTPS)"
:type: "string"
See {ref}`howto-storage-buckets`.
```
```{config:option} core.syslog_socket server-core
:defaultdesc: "`false`"
:scope: "local"
:shortdesc: "Whether to enable the syslog unixgram socket listener"
:type: "bool"
Set this option to `true` to enable the syslog unixgram socket to receive log messages from external processes.
```
```{config:option} core.trust_ca_certificates server-core
:defaultdesc: "`false`"
:scope: "global"
:shortdesc: "Whether to automatically trust clients signed by the CA"
:type: "bool"
```
<!-- config group server-core end -->
<!-- config group server-images start -->
```{config:option} images.auto_update_cached server-images
:defaultdesc: "`true`"
:scope: "global"
:shortdesc: "Whether to automatically update cached images"
:type: "bool"
```
```{config:option} images.auto_update_interval server-images
:defaultdesc: "`6`"
:scope: "global"
:shortdesc: "Interval at which to look for updates to cached images"
:type: "integer"
Specify the interval in hours.
To disable looking for updates to cached images, set this option to `0`.
```
```{config:option} images.compression_algorithm server-images
:defaultdesc: "`gzip`"
:scope: "global"
:shortdesc: "Compression algorithm to use for new images"
:type: "string"
Possible values are `bzip2`, `gzip`, `lz4`, `lzma`, `xz`, `zstd` or `none`.
```
```{config:option} images.default_architecture server-images
:shortdesc: "Default architecture to use in a mixed-architecture cluster"
:type: "string"
```
```{config:option} images.remote_cache_expiry server-images
:defaultdesc: "`10`"
:scope: "global"
:shortdesc: "When an unused cached remote image is flushed"
:type: "integer"
Specify the number of days after which the unused cached image expires.
```
<!-- config group server-images end -->
<!-- config group server-logging start -->
```{config:option} logging.NAME.lifecycle.projects server-logging
:scope: "global"
:shortdesc: "Comma separate list of projects, empty means all"
:type: "string"
```
```{config:option} logging.NAME.lifecycle.types server-logging
:scope: "global"
:shortdesc: "E.g., `instance`, comma separate, empty means all"
:type: "string"
```
```{config:option} logging.NAME.logging.level server-logging
:defaultdesc: "`info`"
:scope: "global"
:shortdesc: "Minimum log level to send to the logger"
:type: "string"
```
```{config:option} logging.NAME.target.address server-logging
:scope: "global"
:shortdesc: "Address of the logger"
:type: "string"
Specify the protocol, name or IP and port. For example `tcp://syslog01.int.example.net:514`.
```
```{config:option} logging.NAME.target.ca_cert server-logging
:scope: "global"
:shortdesc: "CA certificate for the server"
:type: "string"
```
```{config:option} logging.NAME.target.facility server-logging
:scope: "global"
:shortdesc: "The syslog facility defines the category of the log message"
:type: "string"
```
```{config:option} logging.NAME.target.instance server-logging
:defaultdesc: "Local server host name or cluster member name"
:scope: "global"
:shortdesc: "Name to use as the instance field in Loki events."
:type: "string"
This allows replacing the default instance value (server host name) by a more relevant value like a cluster identifier.
```
```{config:option} logging.NAME.target.labels server-logging
:scope: "global"
:shortdesc: "Labels for a Loki log entry"
:type: "string"
Specify a comma-separated list of values that should be used as labels for a Loki log entry.
```
```{config:option} logging.NAME.target.password server-logging
:scope: "global"
:shortdesc: "Password used for authentication"
:type: "string"
```
```{config:option} logging.NAME.target.retry server-logging
:scope: "global"
:shortdesc: "number of delivery retries, default 3"
:type: "integer"
```
```{config:option} logging.NAME.target.type server-logging
:scope: "global"
:shortdesc: "The type of the logger. One of `loki`, `syslog` or `webhook`."
:type: "string"
```
```{config:option} logging.NAME.target.username server-logging
:scope: "global"
:shortdesc: "User name used for authentication"
:type: "string"
```
```{config:option} logging.NAME.types server-logging
:defaultdesc: "`lifecycle,logging`"
:scope: "global"
:shortdesc: "Events to send to the logger"
:type: "string"
Specify a comma-separated list of events to send to the logger.
The events can be any combination of `lifecycle`, `logging`, and `network-acl`.
```
<!-- config group server-logging end -->
<!-- config group server-loki start -->
```{config:option} loki.api.ca_cert server-loki
:scope: "global"
:shortdesc: "CA certificate for the Loki server"
:type: "string"
```
```{config:option} loki.api.url server-loki
:scope: "global"
:shortdesc: "URL to the Loki server"
:type: "string"
Specify the protocol, name or IP and port. For example `https://loki.example.com:3100`. Incus will automatically add the `/loki/api/v1/push` suffix so there's no need to add it here.
```
```{config:option} loki.auth.password server-loki
:scope: "global"
:shortdesc: "Password used for Loki authentication"
:type: "string"
```
```{config:option} loki.auth.username server-loki
:scope: "global"
:shortdesc: "User name used for Loki authentication"
:type: "string"
```
```{config:option} loki.instance server-loki
:defaultdesc: "Local server host name or cluster member name"
:scope: "global"
:shortdesc: "Name to use as the instance field in Loki events."
:type: "string"
This allows replacing the default instance value (server host name) by a more relevant value like a cluster identifier.
```
```{config:option} loki.labels server-loki
:scope: "global"
:shortdesc: "Labels for a Loki log entry"
:type: "string"
Specify a comma-separated list of values that should be used as labels for a Loki log entry.
```
```{config:option} loki.loglevel server-loki
:defaultdesc: "`info`"
:scope: "global"
:shortdesc: "Minimum log level to send to the Loki server"
:type: "string"
```
```{config:option} loki.types server-loki
:defaultdesc: "`lifecycle,logging`"
:scope: "global"
:shortdesc: "Events to send to the Loki server"
:type: "string"
Specify a comma-separated list of events to send to the Loki server.
The events can be any combination of `lifecycle`, `logging`, and `network-acl`.
```
<!-- config group server-loki end -->
<!-- config group server-miscellaneous start -->
```{config:option} authorization.scriptlet server-miscellaneous
:scope: "global"
:shortdesc: "Authorization scriptlet"
:type: "string"
When using scriptlet-based authorization, this option stores the scriptlet.
```
```{config:option} backups.compression_algorithm server-miscellaneous
:defaultdesc: "`gzip`"
:scope: "global"
:shortdesc: "Compression algorithm to use for backups"
:type: "string"
Possible values are `bzip2`, `gzip`, `lz4`, `lzma`, `xz`, `zstd` or `none`.
```
```{config:option} instances.lxcfs.per_instance server-miscellaneous
:defaultdesc: "`false`"
:scope: "global"
:shortdesc: "Whether to run LXCFS on a per-instance basis"
:type: "bool"
LXCFS is used to provide overlays for common `/proc` and `/sys`
files which reflect the resource limits applied to the container.
It normally operates through a single file system mount on the host which is then shared by all containers.
This is very efficient but comes with the downside that a crash of LXCFS will break all containers.
With this option, it's now possible to run a LXCFS instance per
container instead, using more system resources but reducing the impact
of a crash.
```
```{config:option} instances.nic.host_name server-miscellaneous
:defaultdesc: "`random`"
:scope: "global"
:shortdesc: "How to set the host name for a NIC"
:type: "string"
Possible values are `random` and `mac`.
If set to `random`, use the random host interface name as the host name.
If set to `mac`, generate a host name in the form `inc<mac_address>` (MAC without leading two digits).
```
```{config:option} instances.placement.scriptlet server-miscellaneous
:scope: "global"
:shortdesc: "Instance placement scriptlet for automatic instance placement"
:type: "string"
When using custom automatic instance placement logic, this option stores the scriptlet.
See {ref}`clustering-instance-placement-scriptlet` for more information.
```
```{config:option} network.ovn.ca_cert server-miscellaneous
:defaultdesc: "Content of `/etc/ovn/ovn-central.crt` if present"
:scope: "global"
:shortdesc: "OVN SSL certificate authority"
:type: "string"
```
```{config:option} network.ovn.client_cert server-miscellaneous
:defaultdesc: "Content of `/etc/ovn/cert_host` if present"
:scope: "global"
:shortdesc: "OVN SSL client certificate"
:type: "string"
```
```{config:option} network.ovn.client_key server-miscellaneous
:defaultdesc: "Content of `/etc/ovn/key_host` if present"
:scope: "global"
:shortdesc: "OVN SSL client key"
:type: "string"
```
```{config:option} network.ovn.integration_bridge server-miscellaneous
:defaultdesc: "`br-int`"
:scope: "global"
:shortdesc: "OVS integration bridge to use for OVN networks"
:type: "string"
```
```{config:option} network.ovn.northbound_connection server-miscellaneous
:defaultdesc: "`unix:/run/ovn/ovnnb_db.sock`"
:scope: "global"
:shortdesc: "OVN northbound database connection string"
:type: "string"
```
```{config:option} network.ovs.connection server-miscellaneous
:defaultdesc: "`unix:/run/openvswitch/db.sock`"
:scope: "global"
:shortdesc: "OVS socket path"
:type: "string"
```
```{config:option} storage.backups_volume server-miscellaneous
:scope: "local"
:shortdesc: "Volume to use to store backup tarballs"
:type: "string"
Specify the volume using the syntax `POOL/VOLUME`.
```
```{config:option} storage.images_volume server-miscellaneous
:scope: "local"
:shortdesc: "Volume to use to store the image tarballs"
:type: "string"
Specify the volume using the syntax `POOL/VOLUME`.
```
```{config:option} storage.linstor.ca_cert server-miscellaneous
:scope: "global"
:shortdesc: "LINSTOR SSL certificate authority"
:type: "string"
```
```{config:option} storage.linstor.client_cert server-miscellaneous
:scope: "global"
:shortdesc: "LINSTOR SSL client certificate"
:type: "string"
```
```{config:option} storage.linstor.client_key server-miscellaneous
:scope: "global"
:shortdesc: "LINSTOR SSL client key"
:type: "string"
```
```{config:option} storage.linstor.controller_connection server-miscellaneous
:scope: "global"
:shortdesc: "LINSTOR controller connection string"
:type: "string"
```
```{config:option} storage.linstor.satellite.name server-miscellaneous
:scope: "global"
:shortdesc: "LINSTOR satellite node name override"
:type: "string"
Set this option to the name of the local LINSTOR satellite node, should it be different from the Incus server name.
```
<!-- config group server-miscellaneous end -->
<!-- config group server-network start -->
```{config:option} network.hwaddr_pattern server-network
:defaultdesc: "`10:66:6a:xx:xx:xx`"
:scope: "global"
:shortdesc: "MAC address template"
:type: "string"
Specify a MAC address template, e.g. `10:66:6a:xx:xx:xx`, to use within the cluster.
Every `x` in the template will be replaced by a random character in `0``f`.
Beware of the birthday paradox! A single `xx` block leads to a 10% collision probability with only 8 addresses; for a double `xx:xx` block, 118 addresses; for a triple `xx:xx:xx` block, 1881; for a quadruple `xx:xx:xx:xx` block, 30084. We provide absolutely no guardrail against that.
```
<!-- config group server-network end -->
<!-- config group server-oidc start -->
```{config:option} oidc.audience server-oidc
:scope: "global"
:shortdesc: "Expected audience value for the application"
:type: "string"
This value is required by some providers.
```
```{config:option} oidc.claim server-oidc
:scope: "global"
:shortdesc: "OpenID Connect claim to use as the username"
:type: "string"
```
```{config:option} oidc.client.id server-oidc
:scope: "global"
:shortdesc: "OpenID Connect client ID"
:type: "string"
```
```{config:option} oidc.issuer server-oidc
:scope: "global"
:shortdesc: "OpenID Connect Discovery URL for the provider"
:type: "string"
```
```{config:option} oidc.scopes server-oidc
:scope: "global"
:shortdesc: "Comma separated list of OpenID Connect scopes"
:type: "string"
```
<!-- config group server-oidc end -->
<!-- config group server-openfga start -->
```{config:option} openfga.api.token server-openfga
:scope: "global"
:shortdesc: "API token of the OpenFGA server"
:type: "string"
```
```{config:option} openfga.api.url server-openfga
:scope: "global"
:shortdesc: "URL of the OpenFGA server"
:type: "string"
```
```{config:option} openfga.store.id server-openfga
:scope: "global"
:shortdesc: "ID of the OpenFGA permission store"
:type: "string"
```
<!-- config group server-openfga end -->
<!-- config group storage_btrfs-common start -->
```{config:option} btrfs.mount_options storage_btrfs-common
:default: "`user_subvol_rm_allowed`"
:scope: "global"
:shortdesc: "Mount options for block devices"
:type: "string"
```
```{config:option} size storage_btrfs-common
:default: "auto (20% of free disk space, >= 5 GiB and <= 30 GiB)"
:scope: "local"
:shortdesc: "Size of the storage pool when creating loop-based pools (in bytes, suffixes supported, can be increased to grow storage pool)"
:type: "string"
```
```{config:option} source storage_btrfs-common
:default: "-"
:scope: "local"
:shortdesc: "Path to an existing block device, loop file or Btrfs subvolume"
:type: "string"
```
```{config:option} source.wipe storage_btrfs-common
:default: "`false`"
:scope: "local"
:shortdesc: "Wipe the block device specified in `source` prior to creating the storage pool"
:type: "bool"
```
<!-- config group storage_btrfs-common end -->
<!-- config group storage_bucket_btrfs-common start -->
```{config:option} size storage_bucket_btrfs-common
:condition: "appropriate driver"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage bucket"
:type: "string"
```
<!-- config group storage_bucket_btrfs-common end -->
<!-- config group storage_bucket_cephobject-common start -->
```{config:option} size storage_bucket_cephobject-common
:default: "-"
:shortdesc: "Quota of the storage bucket"
:type: "string"
```
<!-- config group storage_bucket_cephobject-common end -->
<!-- config group storage_bucket_lvm-common start -->
```{config:option} size storage_bucket_lvm-common
:condition: "appropriate driver"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage bucket"
:type: "string"
```
<!-- config group storage_bucket_lvm-common end -->
<!-- config group storage_bucket_zfs-common start -->
```{config:option} size storage_bucket_zfs-common
:condition: "appropriate driver"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage bucket"
:type: "string"
```
<!-- config group storage_bucket_zfs-common end -->
<!-- config group storage_ceph-common start -->
```{config:option} ceph.cluster_name storage_ceph-common
:default: "`ceph`"
:scope: "global"
:shortdesc: "Name of the Ceph cluster in which to create new storage pools"
:type: "string"
```
```{config:option} ceph.osd.data_pool_name storage_ceph-common
:default: "-"
:scope: "global"
:shortdesc: "Name of the OSD data pool"
:type: "string"
```
```{config:option} ceph.osd.force_reuse storage_ceph-common
:default: "-"
:scope: "global"
:shortdesc: "Deprecated, should not be used."
:type: "bool"
```
```{config:option} ceph.osd.pg_name storage_ceph-common
:default: "`32`"
:scope: "global"
:shortdesc: "Number of placement groups for the OSD storage pool"
:type: "string"
```
```{config:option} ceph.osd.pool_name storage_ceph-common
:default: "name of the pool"
:scope: "global"
:shortdesc: "Name of the OSD storage pool"
:type: "string"
```
```{config:option} ceph.rbd.clone_copy storage_ceph-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether to use RBD lightweight clones rather than full dataset copies"
:type: "bool"
```
```{config:option} ceph.rbd.du storage_ceph-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether to use RBD `du` to obtain disk usage data for stopped instances"
:type: "bool"
```
```{config:option} ceph.rbd.features storage_ceph-common
:default: "`layering`"
:scope: "global"
:shortdesc: "Comma-separated list of RBD features to enable on the volumes"
:type: "string"
```
```{config:option} ceph.user.name storage_ceph-common
:default: "`admin`"
:scope: "global"
:shortdesc: "The Ceph user to use when creating storage pools and volumes"
:type: "string"
```
```{config:option} source storage_ceph-common
:default: "-"
:scope: "local"
:shortdesc: "Existing OSD storage pool to use"
:type: "string"
```
```{config:option} volatile.pool.pristine storage_ceph-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether the pool was empty on creation time"
:type: "string"
```
<!-- config group storage_ceph-common end -->
<!-- config group storage_cephfs-common start -->
```{config:option} cephfs.cluster_name storage_cephfs-common
:default: "`ceph`"
:scope: "global"
:shortdesc: "Name of the Ceph cluster that contains the CephFS file system"
:type: "string"
```
```{config:option} cephfs.create_missing storage_cephfs-common
:default: "`false`"
:scope: "global"
:shortdesc: "Create the file system and the missing data and metadata OSD pools"
:type: "bool"
```
```{config:option} cephfs.data_pool storage_cephfs-common
:default: "-"
:scope: "global"
:shortdesc: "Data OSD pool name to create for the file system"
:type: "string"
```
```{config:option} cephfs.fscache storage_cephfs-common
:default: "`false`"
:scope: "global"
:shortdesc: "Enable use of kernel `fscache` and `cachefilesd`"
:type: "bool"
```
```{config:option} cephfs.meta_pool storage_cephfs-common
:default: "-"
:scope: "global"
:shortdesc: "Metadata OSD pool name to create for the file system"
:type: "string"
```
```{config:option} cephfs.osd_pg_num storage_cephfs-common
:default: "-"
:scope: "global"
:shortdesc: "OSD pool `pg_num` to use when creating missing OSD pools"
:type: "string"
```
```{config:option} cephfs.path storage_cephfs-common
:default: "`/`"
:scope: "global"
:shortdesc: "The base path for the CephFS mount"
:type: "string"
```
```{config:option} cephfs.user.name storage_cephfs-common
:default: "`admin`"
:scope: "global"
:shortdesc: "The Ceph user to use"
:type: "string"
```
```{config:option} source storage_cephfs-common
:default: "-"
:scope: "local"
:shortdesc: "Existing CephFS file system or file system path to use"
:type: "string"
```
```{config:option} volatile.pool.pristine storage_cephfs-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether the CephFS file system was empty on creation time"
:type: "string"
```
<!-- config group storage_cephfs-common end -->
<!-- config group storage_cephobject-common start -->
```{config:option} cephobject.bucket_name_prefix storage_cephobject-common
:default: "-"
:scope: "global"
:shortdesc: "Prefix to add to bucket names in Ceph"
:type: "string"
```
```{config:option} cephobject.cluster_name storage_cephobject-common
:default: "`ceph`"
:scope: "global"
:shortdesc: "The Ceph cluster to use"
:type: "string"
```
```{config:option} cephobject.radosgw.endpoint storage_cephobject-common
:default: "-"
:scope: "global"
:shortdesc: "URL of the `radosgw` gateway process"
:type: "string"
```
```{config:option} cephobject.radosgw.endpoint_cert_file storage_cephobject-common
:default: "-"
:scope: "global"
:shortdesc: "Path to the file containing the TLS client certificate to use for endpoint communication"
:type: "string"
```
```{config:option} cephobject.user.name storage_cephobject-common
:default: "`admin`"
:scope: "global"
:shortdesc: "The Ceph user to use"
:type: "string"
```
```{config:option} volatile.pool.pristine storage_cephobject-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether the `radosgw` `incus-admin` user existed at creation time"
:type: "string"
```
<!-- config group storage_cephobject-common end -->
<!-- config group storage_dir-common start -->
```{config:option} rsync.bwlimit storage_dir-common
:default: "`0` (no limit)"
:scope: "global"
:shortdesc: "The upper limit to be placed on the socket I/O when `rsync` must be used to transfer storage entities"
:type: "string"
```
```{config:option} rsync.compression storage_dir-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether to use compression while migrating storage pools"
:type: "bool"
```
```{config:option} source storage_dir-common
:default: "-"
:scope: "local"
:shortdesc: "Path to an existing directory"
:type: "string"
```
<!-- config group storage_dir-common end -->
<!-- config group storage_linstor-common start -->
```{config:option} drbd.auto_add_quorum_tiebreaker storage_linstor-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether to allow LINSTOR to automatically create diskless resources to act as quorum tiebreakers if needed (applied to the resource group)"
:type: "bool"
```
```{config:option} drbd.auto_diskful storage_linstor-common
:default: "-"
:scope: "global"
:shortdesc: "A duration string describing the time after which a primary diskless resource can be converted to diskful if storage is available on the node (applied to the resource group)"
:type: "string"
```
```{config:option} drbd.on_no_quorum storage_linstor-common
:default: "-"
:scope: "global"
:shortdesc: "The DRBD policy to use on resources when quorum is lost (applied to the resource group)"
:type: "string"
```
```{config:option} linstor.resource_group.name storage_linstor-common
:default: "`incus`"
:scope: "global"
:shortdesc: "Name of the LINSTOR resource group that will be used for the storage pool"
:type: "string"
```
```{config:option} linstor.resource_group.place_count storage_linstor-common
:default: "`2`"
:scope: "global"
:shortdesc: "Number of diskful replicas that should be created for resources in the resource group. Increasing the value of this option on a pool that already has volumes will result in LINSTOR creating new diskful replicas for all existing resources to match the new value"
:type: "int"
```
```{config:option} linstor.resource_group.storage_pool storage_linstor-common
:default: "-"
:scope: "global"
:shortdesc: "The storage pool name in which resources should be placed on satellite nodes"
:type: "string"
```
```{config:option} linstor.volume.prefix storage_linstor-common
:default: "`incus-volume-`"
:scope: "global"
:shortdesc: "The prefix to use for the internal names of LINSTOR-managed volumes. Cannot be updated after the storage pool is created"
:type: "string"
```
```{config:option} source storage_linstor-common
:default: "`incus`"
:scope: "global"
:shortdesc: "LINSTOR storage pool name. Alias for `linstor.resource_group.name`. Use either either one or the other or make sure they have the same value."
:type: "string"
```
```{config:option} volatile.pool.pristine storage_linstor-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether the pool was empty on creation time"
:type: "string"
```
<!-- config group storage_linstor-common end -->
<!-- config group storage_lvm-common start -->
```{config:option} block.type storage_lvm-common
:condition: "block-based volume"
:default: "same as `volume.block.type`"
:shortdesc: "Type of the block volume"
```
```{config:option} lvm.metadata_size storage_lvm-common
:default: "`0` (auto)"
:scope: "global"
:shortdesc: "The size of the metadata space for the physical volume."
:type: "string"
```
```{config:option} lvm.thinpool_metadata_size storage_lvm-common
:default: "`0` (auto)"
:scope: "global"
:shortdesc: "The size of the thin pool metadata volume (the default is to let LVM calculate an appropriate size). Not usable with `lvmcluster`."
:type: "string"
```
```{config:option} lvm.thinpool_name storage_lvm-common
:default: "`IncusThinPool`"
:scope: "local"
:shortdesc: "Thin pool where volumes are created. Not usable with `lvmcluster`."
:type: "string"
```
```{config:option} lvm.use_thinpool storage_lvm-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether the storage pool uses a thin pool for logical volumes. Not usable with `lvmcluster`."
:type: "bool"
```
```{config:option} lvm.vg.force_reuse storage_lvm-common
:default: "`false`"
:scope: "local"
:shortdesc: "Force using an existing non-empty volume group. Not usable with `lvmcluster`."
:type: "bool"
```
```{config:option} lvm.vg_name storage_lvm-common
:default: "name of the pool"
:scope: "local"
:shortdesc: "Name of the volume group to create."
:type: "string"
```
```{config:option} size storage_lvm-common
:default: "auto (20% of free disk space, >= 5 GiB and <= 30 GiB)"
:scope: "local"
:shortdesc: "Size of the storage pool when creating loop-based pools (in bytes, suffixes supported, can be increased to grow storage pool). Not usable with `lvmcluster`."
:type: "string"
```
```{config:option} source storage_lvm-common
:default: "-"
:scope: "local"
:shortdesc: "Path to an existing block device, loop file or LVM volume group."
:type: "string"
```
```{config:option} source.wipe storage_lvm-common
:default: "`false`"
:scope: "local"
:shortdesc: "Wipe the block device specified in `source` prior to creating the storage pool."
:type: "bool"
```
<!-- config group storage_lvm-common end -->
<!-- config group storage_truenas-common start -->
```{config:option} source storage_truenas-common
:default: "-"
:scope: "local"
:shortdesc: "ZFS dataset to use on the remote TrueNAS host. Format: `[<host>:]<pool>[/<dataset>][/]`. If `host` is omitted here, it must be set via `truenas.host`."
:type: "string"
```
```{config:option} truenas.allow_insecure storage_truenas-common
:default: "`false`"
:scope: "global"
:shortdesc: "If set to `true`, allows insecure (non-TLS) connections to the TrueNAS API."
:type: "bool"
```
```{config:option} truenas.api_key storage_truenas-common
:default: "-"
:scope: "global"
:shortdesc: "API key used to authenticate with the TrueNAS host."
:type: "string"
```
```{config:option} truenas.clone_copy storage_truenas-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether to use lightweight clones rather than full {spellexception}`dataset` copies."
:type: "bool"
```
```{config:option} truenas.config storage_truenas-common
:default: "-"
:scope: "global"
:shortdesc: "Path to a configuration file for the TrueNAS client tool."
:type: "string"
```
```{config:option} truenas.dataset storage_truenas-common
:default: "-"
:scope: "global"
:shortdesc: "Remote dataset name. Typically inferred from `source`, but can be overridden."
:type: "string"
```
```{config:option} truenas.force_reuse storage_truenas-common
:default: "`false`"
:scope: "global"
:shortdesc: "Allow to use an existing non-empty pool."
:type: "bool"
```
```{config:option} truenas.host storage_truenas-common
:default: "-"
:scope: "global"
:shortdesc: "Hostname or IP address of the remote TrueNAS system. Optional if included in the `source`, or a configuration is used."
:type: "string"
```
```{config:option} truenas.initiator storage_truenas-common
:default: "-"
:scope: "global"
:shortdesc: "iSCSI initiator name used during block volume attachment."
:type: "string"
```
```{config:option} truenas.portal storage_truenas-common
:default: "-"
:scope: "global"
:shortdesc: "iSCSI portal address to use for block volume connections."
:type: "string"
```
<!-- config group storage_truenas-common end -->
<!-- config group storage_volume_btrfs-common start -->
```{config:option} initial.gid storage_volume_btrfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.gid` or `0`"
:shortdesc: "GID of the volume owner in the instance"
:type: "int"
```
```{config:option} initial.mode storage_volume_btrfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.mode` or `711`"
:shortdesc: "Mode of the volume in the instance"
:type: "int"
```
```{config:option} initial.uid storage_volume_btrfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.uid` or `0`"
:shortdesc: "UID of the volume owner in the instance"
:type: "int"
```
```{config:option} security.shared storage_volume_btrfs-common
:condition: "custom block volume"
:default: "same as `volume.security.shared` or `false`"
:shortdesc: "Enable sharing the volume across multiple instances"
:type: "bool"
```
```{config:option} security.shifted storage_volume_btrfs-common
:condition: "custom volume"
:default: "same as `volume.security.shifted` or `false`"
:shortdesc: "{{enable_ID_shifting}}"
:type: "bool"
```
```{config:option} security.unmapped storage_volume_btrfs-common
:condition: "custom volume"
:default: "same as `volume.security.unmapped` or `false`"
:shortdesc: "Disable ID mapping for the volume"
:type: "bool"
```
```{config:option} size storage_volume_btrfs-common
:condition: "appropriate driver"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage volume"
:type: "string"
```
```{config:option} snapshots.expiry storage_volume_btrfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.expiry.manual storage_volume_btrfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry.manual`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.pattern storage_volume_btrfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.pattern` or `snap%d`"
:shortdesc: "{{snapshot_pattern_format}} [^*]"
:type: "string"
```
```{config:option} snapshots.schedule storage_volume_btrfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.schedule`"
:shortdesc: "{{snapshot_schedule_format}}"
:type: "string"
```
<!-- config group storage_volume_btrfs-common end -->
<!-- config group storage_volume_ceph-common start -->
```{config:option} block.filesystem storage_volume_ceph-common
:condition: "block-based volume with content type `filesystem`"
:default: "same as `volume.block.filesystem`"
:shortdesc: "{{block_filesystem}}"
:type: "string"
```
```{config:option} block.mount_options storage_volume_ceph-common
:condition: "block-based volume with content type `filesystem`"
:default: "same as `volume.block.mount_options`"
:shortdesc: "Mount options for block-backed file system volumes"
:type: "string"
```
```{config:option} initial.gid storage_volume_ceph-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.gid` or `0`"
:shortdesc: "GID of the volume owner in the instance"
:type: "int"
```
```{config:option} initial.mode storage_volume_ceph-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.mode` or `711`"
:shortdesc: "Mode of the volume in the instance"
:type: "int"
```
```{config:option} initial.uid storage_volume_ceph-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.uid` or `0`"
:shortdesc: "UID of the volume owner in the instance"
:type: "int"
```
```{config:option} security.shared storage_volume_ceph-common
:condition: "custom block volume"
:default: "same as `volume.security.shared` or `false`"
:shortdesc: "Enable sharing the volume across multiple instances"
:type: "bool"
```
```{config:option} security.shifted storage_volume_ceph-common
:condition: "custom volume"
:default: "same as `volume.security.shifted` or `false`"
:shortdesc: "{{enable_ID_shifting}}"
:type: "bool"
```
```{config:option} security.unmapped storage_volume_ceph-common
:condition: "custom volume"
:default: "same as `volume.security.unmapped` or `false`"
:shortdesc: "Disable ID mapping for the volume"
:type: "bool"
```
```{config:option} size storage_volume_ceph-common
:condition: "-"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage volume"
:type: "string"
```
```{config:option} snapshots.expiry storage_volume_ceph-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.expiry.manual storage_volume_ceph-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry.manual`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.pattern storage_volume_ceph-common
:condition: "custom volume"
:default: "same as `volume.snapshot.pattern` or `snap%d`"
:shortdesc: "{{snapshot_pattern_format}} [^*]"
:type: "string"
```
```{config:option} snapshots.schedule storage_volume_ceph-common
:condition: "custom volume"
:default: "same as `volume.snapshot.schedule`"
:shortdesc: "{{snapshot_schedule_format}}"
:type: "string"
```
<!-- config group storage_volume_ceph-common end -->
<!-- config group storage_volume_cephfs-common start -->
```{config:option} initial.gid storage_volume_cephfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.gid` or `0`"
:shortdesc: "GID of the volume owner in the instance"
:type: "int"
```
```{config:option} initial.mode storage_volume_cephfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.mode` or `711`"
:shortdesc: "Mode of the volume in the instance"
:type: "int"
```
```{config:option} initial.uid storage_volume_cephfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.uid` or `0`"
:shortdesc: "UID of the volume owner in the instance"
:type: "int"
```
```{config:option} security.shared storage_volume_cephfs-common
:condition: "custom block volume"
:default: "same as `volume.security.shared` or `false`"
:shortdesc: "Enable sharing the volume across multiple instances"
:type: "bool"
```
```{config:option} security.shifted storage_volume_cephfs-common
:condition: "custom volume"
:default: "same as `volume.security.shifted` or `false`"
:shortdesc: "{{enable_ID_shifting}}"
:type: "bool"
```
```{config:option} security.unmapped storage_volume_cephfs-common
:condition: "custom volume"
:default: "same as `volume.security.unmapped` or `false`"
:shortdesc: "Disable ID mapping for the volume"
:type: "bool"
```
```{config:option} size storage_volume_cephfs-common
:condition: "appropriate driver"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage volume"
:type: "string"
```
```{config:option} snapshots.expiry storage_volume_cephfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.expiry.manual storage_volume_cephfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry.manual`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.pattern storage_volume_cephfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.pattern` or `snap%d`"
:shortdesc: "{{snapshot_pattern_format}} [^*]"
:type: "string"
```
```{config:option} snapshots.schedule storage_volume_cephfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.schedule`"
:shortdesc: "{{snapshot_schedule_format}}"
:type: "string"
```
<!-- config group storage_volume_cephfs-common end -->
<!-- config group storage_volume_dir-common start -->
```{config:option} initial.gid storage_volume_dir-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.gid` or `0`"
:shortdesc: "GID of the volume owner in the instance"
:type: "int"
```
```{config:option} initial.mode storage_volume_dir-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.mode` or `711`"
:shortdesc: "Mode of the volume in the instance"
:type: "int"
```
```{config:option} initial.uid storage_volume_dir-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.uid` or `0`"
:shortdesc: "UID of the volume owner in the instance"
:type: "int"
```
```{config:option} security.shared storage_volume_dir-common
:condition: "custom block volume"
:default: "same as `volume.security.shared` or `false`"
:shortdesc: "Enable sharing the volume across multiple instances"
:type: "bool"
```
```{config:option} security.shifted storage_volume_dir-common
:condition: "custom volume"
:default: "same as `volume.security.shifted` or `false`"
:shortdesc: "{{enable_ID_shifting}}"
:type: "bool"
```
```{config:option} security.size storage_volume_dir-common
:condition: "appropriate driver"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage volume"
:type: "string"
```
```{config:option} security.unmapped storage_volume_dir-common
:condition: "custom volume"
:default: "same as `volume.security.unmapped` or `false`"
:shortdesc: "Disable ID mapping for the volume"
:type: "bool"
```
```{config:option} snapshots.expiry storage_volume_dir-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.expiry.manual storage_volume_dir-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry.manual`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.pattern storage_volume_dir-common
:condition: "custom volume"
:default: "same as `volume.snapshot.pattern` or `snap%d`"
:shortdesc: "{{snapshot_pattern_format}} [^*]"
:type: "string"
```
```{config:option} snapshots.schedule storage_volume_dir-common
:condition: "custom volume"
:default: "same as `volume.snapshot.schedule`"
:shortdesc: "{{snapshot_schedule_format}}"
:type: "string"
```
<!-- config group storage_volume_dir-common end -->
<!-- config group storage_volume_linstor-common start -->
```{config:option} block.filesystem storage_volume_linstor-common
:condition: "block-based volume with content type `filesystem`"
:default: "same as `volume.block.filesystem`"
:shortdesc: "{{block_filesystem}}"
:type: "string"
```
```{config:option} block.mount_options storage_volume_linstor-common
:condition: "block-based volume with content type `filesystem`"
:default: "same as `volume.block.mount_options`"
:shortdesc: "Mount options for block-backed file system volumes"
:type: "string"
```
```{config:option} drbd.auto_add_quorum_tiebreaker storage_volume_linstor-common
:condition: "-"
:default: "`true`"
:shortdesc: "Whether to allow LINSTOR to automatically create diskless resources to act as quorum tiebreakers if needed (applied to the resource definition)"
:type: "bool"
```
```{config:option} drbd.auto_diskful storage_volume_linstor-common
:condition: "-"
:default: "-"
:shortdesc: "A duration string describing the time after which a primary diskless resource can be converted to diskful if storage is available on the node (applied to the resource definition)"
:type: "string"
```
```{config:option} drbd.on_no_quorum storage_volume_linstor-common
:condition: "-"
:default: "-"
:shortdesc: "The DRBD policy to use on resources when quorum is lost (applied to the resource definition)"
:type: "string"
```
```{config:option} initial.gid storage_volume_linstor-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.gid` or `0`"
:shortdesc: "GID of the volume owner in the instance"
:type: "int"
```
```{config:option} initial.mode storage_volume_linstor-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.mode` or `711`"
:shortdesc: "Mode of the volume in the instance"
:type: "int"
```
```{config:option} initial.uid storage_volume_linstor-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.uid` or `0`"
:shortdesc: "UID of the volume owner in the instance"
:type: "int"
```
```{config:option} linstor.remove_snapshots storage_volume_linstor-common
:condition: "-"
:default: "same as `volume.linstor.remove_snapshots` or `false`"
:shortdesc: "Remove snapshots as needed"
:type: "bool"
```
```{config:option} security.shared storage_volume_linstor-common
:condition: "custom block volume"
:default: "same as `volume.security.shared` or `false`"
:shortdesc: "Enable sharing the volume across multiple instances"
:type: "bool"
```
```{config:option} security.shifted storage_volume_linstor-common
:condition: "custom volume"
:default: "same as `volume.security.shifted` or `false`"
:shortdesc: "{{enable_ID_shifting}}"
:type: "bool"
```
```{config:option} security.unmapped storage_volume_linstor-common
:condition: "custom volume"
:default: "same as `volume.security.unmapped` or `false`"
:shortdesc: "Disable ID mapping for the volume"
:type: "bool"
```
```{config:option} size storage_volume_linstor-common
:condition: "-"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage volume"
:type: "string"
```
```{config:option} snapshots.expiry storage_volume_linstor-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.expiry.manual storage_volume_linstor-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry.manual`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.pattern storage_volume_linstor-common
:condition: "custom volume"
:default: "same as `volume.snapshot.pattern` or `snap%d`"
:shortdesc: "{{snapshot_pattern_format}} [^*]"
:type: "string"
```
```{config:option} snapshots.schedule storage_volume_linstor-common
:condition: "custom volume"
:default: "same as `volume.snapshot.schedule`"
:shortdesc: "{{snapshot_schedule_format}}"
:type: "string"
```
<!-- config group storage_volume_linstor-common end -->
<!-- config group storage_volume_lvm-common start -->
```{config:option} block.filesystem storage_volume_lvm-common
:condition: "block-based volume with content type `filesystem`"
:default: "same as `volume.block.filesystem`"
:shortdesc: "{{block_filesystem}}"
:type: "string"
```
```{config:option} block.mount_options storage_volume_lvm-common
:condition: "block-based volume with content type `filesystem`"
:default: "same as `volume.block.mount_options`"
:shortdesc: "Mount options for block-backed file system volumes"
:type: "string"
```
```{config:option} initial.gid storage_volume_lvm-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.gid` or `0`"
:shortdesc: "GID of the volume owner in the instance"
:type: "int"
```
```{config:option} initial.mode storage_volume_lvm-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.mode` or `711`"
:shortdesc: "Mode of the volume in the instance"
:type: "int"
```
```{config:option} initial.uid storage_volume_lvm-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.uid` or `0`"
:shortdesc: "UID of the volume owner in the instance"
:type: "int"
```
```{config:option} lvm.stripes storage_volume_lvm-common
:condition: "-"
:default: "same as `volume.lvm.stripes`"
:shortdesc: "Number of stripes to use for new volumes (or thin pool volume)"
:type: "string"
```
```{config:option} lvm.stripes.size storage_volume_lvm-common
:condition: "-"
:default: "same as `volume.lvm.stripes.size`"
:shortdesc: "Size of stripes to use (at least 4096 bytes and multiple of 512 bytes)"
:type: "string"
```
```{config:option} security.shared storage_volume_lvm-common
:condition: "custom block volume"
:default: "same as `volume.security.shared` or `false`"
:shortdesc: "Enable sharing the volume across multiple instances"
:type: "bool"
```
```{config:option} security.shifted storage_volume_lvm-common
:condition: "custom volume"
:default: "same as `volume.security.shifted` or `false`"
:shortdesc: "{{enable_ID_shifting}}"
:type: "bool"
```
```{config:option} security.unmapped storage_volume_lvm-common
:condition: "custom volume"
:default: "same as `volume.security.unmapped` or `false`"
:shortdesc: "Disable ID mapping for the volume"
:type: "bool"
```
```{config:option} size storage_volume_lvm-common
:condition: "default: same as `volume.size`"
:shortdesc: "Size/quota of the storage volume"
:type: "string"
```
```{config:option} snapshots.expiry storage_volume_lvm-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.expiry.manual storage_volume_lvm-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry.manual`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.pattern storage_volume_lvm-common
:condition: "custom volume"
:default: "same as `volume.snapshot.pattern` or `snap%d`"
:shortdesc: "{{snapshot_pattern_format}} [^*]"
:type: "string"
```
```{config:option} snapshots.schedule storage_volume_lvm-common
:condition: "custom volume"
:default: "same as `volume.snapshot.schedule`"
:shortdesc: "{{snapshot_schedule_format}}"
:type: "string"
```
<!-- config group storage_volume_lvm-common end -->
<!-- config group storage_volume_truenas-common start -->
```{config:option} block.filesystem storage_volume_truenas-common
:condition: "-"
:default: "same as `volume.block.filesystem`"
:shortdesc: "{{block_filesystem}}"
:type: "string"
```
```{config:option} block.mount_options storage_volume_truenas-common
:condition: "-"
:default: "same as `volume.block.mount_options`"
:shortdesc: "Mount options for block-backed file system volumes"
:type: "string"
```
```{config:option} initial.gid storage_volume_truenas-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.gid` or `0`"
:shortdesc: "GID of the volume owner in the instance"
:type: "int"
```
```{config:option} initial.mode storage_volume_truenas-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.mode` or `711`"
:shortdesc: "Mode of the volume in the instance"
:type: "int"
```
```{config:option} initial.uid storage_volume_truenas-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.uid` or `0`"
:shortdesc: "UID of the volume owner in the instance"
:type: "int"
```
```{config:option} security.shared storage_volume_truenas-common
:condition: "custom block volume"
:default: "same as `volume.security.shared` or `false`"
:shortdesc: "Enable sharing the volume across multiple instances"
:type: "bool"
```
```{config:option} security.shifted storage_volume_truenas-common
:condition: "custom volume"
:default: "same as `volume.security.shifted` or `false`"
:shortdesc: "{{enable_ID_shifting}}"
:type: "bool"
```
```{config:option} security.unmapped storage_volume_truenas-common
:condition: "custom volume"
:default: "same as `volume.security.unmapped` or `false`"
:shortdesc: "Disable ID mapping for the volume"
:type: "bool"
```
```{config:option} size storage_volume_truenas-common
:condition: "appropriate driver"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage volume"
:type: "string"
```
```{config:option} snapshots.expiry storage_volume_truenas-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.expiry.manual storage_volume_truenas-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry.manual`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.pattern storage_volume_truenas-common
:condition: "custom volume"
:default: "same as `volume.snapshot.pattern` or `snap%d`"
:shortdesc: "{{snapshot_pattern_format}}"
:type: "string"
```
```{config:option} snapshots.schedule storage_volume_truenas-common
:condition: "custom volume"
:default: "same as `volume.snapshot.schedule`"
:shortdesc: "{{snapshot_schedule_format}}"
:type: "string"
```
```{config:option} truenas.blocksize storage_volume_truenas-common
:condition: "-"
:default: "same as `volume.truenas.blocksize`"
:shortdesc: "Size of the ZFS block in range from 512 bytes to 16 MiB (must be power of 2) - for block volume, a maximum value of 128 KiB will be used even if a higher value is set"
:type: "string"
```
```{config:option} truenas.remove_snapshots storage_volume_truenas-common
:condition: "-"
:default: "same as `volume.truenas.remove_snapshots` or `false`"
:shortdesc: "Remove snapshots as needed"
:type: "bool"
```
```{config:option} truenas.use_refquota storage_volume_truenas-common
:condition: "-"
:default: "same as `volume.truenas.use_refquota` or `false`"
:shortdesc: "Use `refquota` instead of `quota` for space"
:type: "bool"
```
<!-- config group storage_volume_truenas-common end -->
<!-- config group storage_volume_zfs-common start -->
```{config:option} block.filesystem storage_volume_zfs-common
:condition: "block-based volume with content type `filesystem` (`zfs.block_mode` enabled)"
:default: "same as `volume.block.filesystem`"
:shortdesc: "{{block_filesystem}}"
:type: "string"
```
```{config:option} block.mount_options storage_volume_zfs-common
:condition: "block-based volume with content type `filesystem` (`zfs.block_mode` enabled)"
:default: "same as `volume.block.mount_options`"
:shortdesc: "Mount options for block-backed file system volumes"
:type: "string"
```
```{config:option} initial.gid storage_volume_zfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.gid` or `0`"
:shortdesc: "GID of the volume owner in the instance"
:type: "int"
```
```{config:option} initial.mode storage_volume_zfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.mode` or `711`"
:shortdesc: "Mode of the volume in the instance"
:type: "int"
```
```{config:option} initial.uid storage_volume_zfs-common
:condition: "custom volume with content type `filesystem`"
:default: "same as `volume.initial.uid` or `0`"
:shortdesc: "UID of the volume owner in the instance"
:type: "int"
```
```{config:option} security.shared storage_volume_zfs-common
:condition: "custom block volume"
:default: "same as `volume.security.shared` or `false`"
:shortdesc: "Enable sharing the volume across multiple instances"
:type: "bool"
```
```{config:option} security.shifted storage_volume_zfs-common
:condition: "custom volume"
:default: "same as `volume.security.shifted` or `false`"
:shortdesc: "{{enable_ID_shifting}}"
:type: "bool"
```
```{config:option} security.unmapped storage_volume_zfs-common
:condition: "custom volume"
:default: "same as `volume.security.unmapped` or `false`"
:shortdesc: "Disable ID mapping for the volume"
:type: "bool"
```
```{config:option} size storage_volume_zfs-common
:condition: "-"
:default: "same as `volume.size`"
:shortdesc: "Size/quota of the storage volume"
:type: "string"
```
```{config:option} snapshots.expiry storage_volume_zfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.expiry.manual storage_volume_zfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.expiry.manual`"
:shortdesc: "{{snapshot_expiry_format}}"
:type: "string"
```
```{config:option} snapshots.pattern storage_volume_zfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.pattern` or `snap%d`"
:shortdesc: "{{snapshot_pattern_format}} [^*]"
:type: "string"
```
```{config:option} snapshots.schedule storage_volume_zfs-common
:condition: "custom volume"
:default: "same as `volume.snapshot.schedule`"
:shortdesc: "{{snapshot_schedule_format}}"
:type: "string"
```
```{config:option} zfs.block_mode storage_volume_zfs-common
:condition: "-"
:default: "same as `volume.zfs.block_mode`"
:shortdesc: "Whether to use a formatted `zvol` rather than a {spellexception}`dataset` (`zfs.block_mode` can be set only for custom storage volumes; use `volume.zfs.block_mode` to enable ZFS block mode for all storage volumes in the pool, including instance volumes)"
:type: "bool"
```
```{config:option} zfs.blocksize storage_volume_zfs-common
:condition: "-"
:default: "same as `volume.zfs.blocksize`"
:shortdesc: "Size of the ZFS block in range from 512 bytes to 16 MiB (must be power of 2) - for block volume, a maximum value of 128 KiB will be used even if a higher value is set"
:type: "string"
```
```{config:option} zfs.delegate storage_volume_zfs-common
:condition: "ZFS 2.2 or higher"
:default: "same as `volume.zfs.delegate`"
:shortdesc: "Controls whether to delegate the ZFS dataset and anything underneath it to the container(s) using it. Allows the use of the `zfs` command in the container"
:type: "bool"
```
```{config:option} zfs.remove_snapshots storage_volume_zfs-common
:condition: "-"
:default: "same as `volume.zfs.remove_snapshots` or `false`"
:shortdesc: "Remove snapshots as needed"
:type: "bool"
```
```{config:option} zfs.reserve_space storage_volume_zfs-common
:condition: "-"
:default: "same as `volume.zfs.reserve_space` or `false`"
:shortdesc: "Use `reservation`/`refreservation` along with `quota`/`refquota`"
:type: "bool"
```
```{config:option} zfs.use_refquota storage_volume_zfs-common
:condition: "-"
:default: "same as `volume.zfsuse_refquota` or `false`"
:shortdesc: "Use `refquota` instead of `quota` for space"
:type: "bool"
```
<!-- config group storage_volume_zfs-common end -->
<!-- config group storage_zfs-common start -->
```{config:option} size storage_zfs-common
:default: "auto (20% of free disk space, >= 5 GiB and <= 30 GiB)"
:scope: "local"
:shortdesc: "Size of the storage pool when creating loop-based pools (in bytes, suffixes supported, can be increased to grow storage pool)"
:type: "string"
```
```{config:option} source storage_zfs-common
:default: "-"
:scope: "local"
:shortdesc: "Path to existing block device(s), loop file or ZFS dataset/pool. Multiple block devices should be separated by `,`. When listing block devices, you can also prefix them with `vdev` type. To specify a `vdev` type, use an `=` sign between the `vdev` type and the block devices (e.g., `mirror=/dev/sda,/dev/sdb`). Only `stripe`, `mirror`, `raidz1` and `raidz2` `vdev` types are supported."
:type: "string"
```
```{config:option} source.wipe storage_zfs-common
:default: "`false`"
:scope: "local"
:shortdesc: "Wipe the block device specified in `source` prior to creating the storage pool"
:type: "bool"
```
```{config:option} zfs.clone_copy storage_zfs-common
:default: "`true`"
:scope: "global"
:shortdesc: "Whether to use ZFS lightweight clones rather than full {spellexception}`dataset` copies (Boolean), or `rebase` to copy based on the initial image"
:type: "string"
```
```{config:option} zfs.export storage_zfs-common
:default: "`true`"
:scope: "global"
:shortdesc: "Disable zpool export while unmount performed"
:type: "bool"
```
```{config:option} zfs.pool_name storage_zfs-common
:default: "name of the pool"
:scope: "local"
:shortdesc: "Name of the zpool"
:type: "string"
```
<!-- config group storage_zfs-common end -->
View Git Blame Copy Permalink