// Code generated by lxd-metadata; DO NOT EDIT.

<!-- config group cluster-cluster start -->
```{config:option} scheduler.instance cluster-cluster
:defaultdesc: "`all`"
:shortdesc: "Controls how instances are scheduled to run on this member"
:type: "string"
Possible values are `all`, `manual`, and `group`. See
{ref}`clustering-instance-placement` for more information.
```

```{config:option} user.* cluster-cluster
:shortdesc: "Free form user key/value storage"
:type: "string"
User keys can be used in search.
```

<!-- config group cluster-cluster end -->
<!-- config group instance-boot start -->
```{config:option} boot.autostart instance-boot
:liveupdate: "no"
:shortdesc: "Whether to always start the instance when LXD starts"
:type: "bool"
If set to `false`, restore the last state.
```

```{config:option} boot.autostart.delay instance-boot
:defaultdesc: "0"
:liveupdate: "no"
:shortdesc: "Delay after starting the instance"
:type: "integer"
The number of seconds to wait after the instance started before starting the next one.
```

```{config:option} boot.autostart.priority instance-boot
:defaultdesc: "0"
:liveupdate: "no"
:shortdesc: "What order to start the instances in"
:type: "integer"
The instance with the highest value is started first.
```

```{config:option} boot.debug_edk2 instance-boot
:shortdesc: "Enable debug version of the `edk2`"
:type: "bool"
The instance should use a debug version of the `edk2`.
A log file can be found in `$LXD_DIR/logs/<instance_name>/edk2.log`.
```

```{config:option} boot.host_shutdown_timeout instance-boot
:defaultdesc: "30"
:liveupdate: "yes"
:shortdesc: "How long to wait for the instance to shut down"
:type: "integer"
Number of seconds to wait for the instance to shut down before it is force-stopped.
```

```{config:option} boot.stop.priority instance-boot
:defaultdesc: "0"
:liveupdate: "no"
:shortdesc: "What order to shut down the instances in"
:type: "integer"
The instance with the highest value is shut down first.
```

<!-- config group instance-boot end -->
<!-- config group instance-cloud-init start -->
```{config:option} cloud-init.network-config instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`DHCP on eth0`"
:liveupdate: "no"
:shortdesc: "Network configuration for `cloud-init`"
:type: "string"
The content is used as seed value for `cloud-init`.
```

```{config:option} cloud-init.user-data instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`#cloud-config`"
:liveupdate: "no"
:shortdesc: "User data for `cloud-init`"
:type: "string"
The content is used as seed value for `cloud-init`.
```

```{config:option} cloud-init.vendor-data instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`#cloud-config`"
:liveupdate: "no"
:shortdesc: "Vendor data for `cloud-init`"
:type: "string"
The content is used as seed value for `cloud-init`.
```

```{config:option} user.network-config instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`DHCP on eth0`"
:liveupdate: "no"
:shortdesc: "Legacy version of `cloud-init.network-config`"
:type: "string"

```

```{config:option} user.user-data instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`#cloud-config`"
:liveupdate: "no"
:shortdesc: "Legacy version of `cloud-init.user-data`"
:type: "string"

```

```{config:option} user.vendor-data instance-cloud-init
:condition: "If supported by image"
:defaultdesc: "`#cloud-config`"
:liveupdate: "no"
:shortdesc: "Legacy version of `cloud-init.vendor-data`"
:type: "string"

```

<!-- config group instance-cloud-init end -->
<!-- config group instance-migration start -->
```{config:option} migration.incremental.memory instance-migration
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Whether to use incremental memory transfer"
:type: "bool"
Using incremental memory transfer of the instance's memory can reduce downtime.
```

```{config:option} migration.incremental.memory.goal instance-migration
:condition: "container"
:defaultdesc: "`70`"
:liveupdate: "yes"
:shortdesc: "Percentage of memory to have in sync before stopping the instance"
:type: "integer"

```

```{config:option} migration.incremental.memory.iterations instance-migration
:condition: "container"
:defaultdesc: "`10`"
:liveupdate: "yes"
:shortdesc: "Maximum number of transfer operations to go through before stopping the instance"
:type: "integer"

```

```{config:option} migration.stateful instance-migration
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to allow for stateful stop/start and snapshots"
:type: "bool"
Enabling this option prevents the use of some features that are incompatible with it.
```

<!-- config group instance-migration end -->
<!-- config group instance-miscellaneous start -->
```{config:option} agent.nic_config instance-miscellaneous
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to use the name and MTU of the default network interfaces"
:type: "bool"
For containers, the name and MTU of the default network interfaces is used for the instance devices.
For virtual machines, set this option to `true` to set the name and MTU of the default network interfaces to be the same as the instance devices.
```

```{config:option} cluster.evacuate instance-miscellaneous
:defaultdesc: "`auto`"
:liveupdate: "no"
:shortdesc: "What to do when evacuating the instance"
:type: "string"
The `cluster.evacuate` provides control over how instances are handled when a cluster member is being
evacuated.

Available Modes:
  - `auto` *(default)*: The system will automatically decide the best evacuation method based on the
     instance's type and configured devices:
    + If any device is not suitable for migration, the instance will not be migrated (only stopped).
    + Live migration will be used only for virtual machines with the `migration.stateful` setting
      enabled and for which all its devices can be migrated as well.
  - `live-migrate`: Instances are live-migrated to another node. This means the instance remains running
     and operational during the migration process, ensuring minimal disruption.
  - `migrate`: In this mode, instances are migrated to another node in the cluster. The migration
     process will not be live, meaning there will be a brief downtime for the instance during the
     migration.
  -  `stop`: Instances are not migrated. Instead, they are stopped on the current node.

See {ref}`cluster-evacuate` for more information.
```

```{config:option} linux.kernel_modules instance-miscellaneous
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Kernel modules to load before starting the instance"
:type: "string"
Specify the kernel modules as a comma-separated list.
```

```{config:option} linux.sysctl.* instance-miscellaneous
:condition: "container"
:liveupdate: "no"
:shortdesc: "Override for the corresponding `sysctl` setting in the container"
:type: "string"

```

```{config:option} user.* instance-miscellaneous
:liveupdate: "no"
:shortdesc: "Free-form user key/value storage"
:type: "string"
User keys can be used in search.
```

<!-- config group instance-miscellaneous end -->
<!-- config group instance-nvidia start -->
```{config:option} nvidia.driver.capabilities instance-nvidia
:condition: "container"
:defaultdesc: "`compute,utility`"
:liveupdate: "no"
:shortdesc: "What driver capabilities the instance needs"
:type: "string"
The specified driver capabilities are used to set `libnvidia-container NVIDIA_DRIVER_CAPABILITIES`.
```

```{config:option} nvidia.require.cuda instance-nvidia
:condition: "container"
:liveupdate: "no"
:shortdesc: "Required CUDA version"
:type: "string"
The specified version expression is used to set `libnvidia-container NVIDIA_REQUIRE_CUDA`.
```

```{config:option} nvidia.require.driver instance-nvidia
:condition: "container"
:liveupdate: "no"
:shortdesc: "Required driver version"
:type: "string"
The specified version expression is used to set `libnvidia-container NVIDIA_REQUIRE_DRIVER`.
```

```{config:option} nvidia.runtime instance-nvidia
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to pass the host NVIDIA and CUDA runtime libraries into the instance"
:type: "bool"

```

<!-- config group instance-nvidia end -->
<!-- config group instance-raw start -->
```{config:option} raw.apparmor instance-raw
:liveupdate: "yes"
:shortdesc: "AppArmor profile entries"
:type: "blob"
The specified entries are appended to the generated profile.
```

```{config:option} raw.idmap instance-raw
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "Raw idmap configuration"
:type: "blob"
For example: `both 1000 1000`
```

```{config:option} raw.lxc instance-raw
:condition: "container"
:liveupdate: "no"
:shortdesc: "Raw LXC configuration to be appended to the generated one"
:type: "blob"

```

```{config:option} raw.qemu instance-raw
:condition: "virtual machine"
:liveupdate: "no"
:shortdesc: "Raw QEMU configuration to be appended to the generated command line"
:type: "blob"

```

```{config:option} raw.qemu.conf instance-raw
:condition: "virtual machine"
:liveupdate: "no"
:shortdesc: "Addition/override to the generated `qemu.conf` file"
:type: "blob"
See {ref}`instance-options-qemu` for more information.
```

```{config:option} raw.seccomp instance-raw
:condition: "container"
:liveupdate: "no"
:shortdesc: "Raw Seccomp configuration"
:type: "blob"

```

<!-- config group instance-raw end -->
<!-- config group instance-resource-limits start -->
```{config:option} limits.cpu instance-resource-limits
:defaultdesc: "1 (VMs)"
:liveupdate: "yes"
:shortdesc: "Which CPUs to expose to the instance"
:type: "string"
A number or a specific range of CPUs to expose to the instance.

See {ref}`instance-options-limits-cpu` for more information.
```

```{config:option} limits.cpu.allowance instance-resource-limits
:condition: "container"
:defaultdesc: "100%"
:liveupdate: "yes"
:shortdesc: "How much of the CPU can be used"
:type: "string"
To control how much of the CPU can be used, specify either a percentage (`50%`) for a soft limit
or a chunk of time (`25ms/100ms`) for a hard limit.

See {ref}`instance-options-limits-cpu-container` for more information.
```

```{config:option} limits.cpu.nodes instance-resource-limits
:liveupdate: "yes"
:shortdesc: "Which NUMA nodes to place the instance CPUs on"
:type: "string"
A comma-separated list of NUMA node IDs or ranges to place the instance CPUs on.

See {ref}`instance-options-limits-cpu-container` for more information.
```

```{config:option} limits.cpu.priority instance-resource-limits
:condition: "container"
:defaultdesc: "`10` (maximum)"
:liveupdate: "yes"
:shortdesc: "CPU scheduling priority compared to other instances"
:type: "integer"
When overcommitting resources, specify the CPU scheduling priority compared to other instances that share the same CPUs.
Specify an integer between 0 and 10.

See {ref}`instance-options-limits-cpu-container` for more information.
```

```{config:option} limits.disk.priority instance-resource-limits
:defaultdesc: "`5` (medium)"
:liveupdate: "yes"
:shortdesc: "Priority of the instance's I/O requests"
:type: "integer"
Controls how much priority to give to the instance's I/O requests when under load.

Specify an integer between 0 and 10.
```

```{config:option} limits.hugepages.1GB instance-resource-limits
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Limit for the number of 1 GB huge pages"
:type: "string"
Fixed value (in bytes) to limit the number of 1 GB huge pages.
Various suffixes are supported (see {ref}`instances-limit-units`).

See {ref}`instance-options-limits-hugepages` for more information.
```

```{config:option} limits.hugepages.1MB instance-resource-limits
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Limit for the number of 1 MB huge pages"
:type: "string"
Fixed value (in bytes) to limit the number of 1 MB huge pages.
Various suffixes are supported (see {ref}`instances-limit-units`).

See {ref}`instance-options-limits-hugepages` for more information.
```

```{config:option} limits.hugepages.2MB instance-resource-limits
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Limit for the number of 2 MB huge pages"
:type: "string"
Fixed value (in bytes) to limit the number of 2 MB huge pages.
Various suffixes are supported (see {ref}`instances-limit-units`).

See {ref}`instance-options-limits-hugepages` for more information.
```

```{config:option} limits.hugepages.64KB instance-resource-limits
:condition: "container"
:liveupdate: "yes"
:shortdesc: "Limit for the number of 64 KB huge pages"
:type: "string"
Fixed value (in bytes) to limit the number of 64 KB huge pages.
Various suffixes are supported (see {ref}`instances-limit-units`).

See {ref}`instance-options-limits-hugepages` for more information.
```

```{config:option} limits.memory instance-resource-limits
:defaultdesc: "`1Gib` (VMs)"
:liveupdate: "yes"
:shortdesc: "Usage limit for the host's memory"
:type: "string"
Percentage of the host's memory or a fixed value in bytes.
Various suffixes are supported.

See {ref}`instances-limit-units` for details.
```

```{config:option} limits.memory.enforce instance-resource-limits
:condition: "container"
:defaultdesc: "`hard`"
:liveupdate: "yes"
:shortdesc: "Whether the memory limit is `hard` or `soft`"
:type: "string"
If the instance's memory limit is `hard`, the instance cannot exceed its limit.
If it is `soft`, the instance can exceed its memory limit when extra host memory is available.
```

```{config:option} limits.memory.hugepages instance-resource-limits
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to back the instance using huge pages"
:type: "bool"
If this option is set to `false`, regular system memory is used.
```

```{config:option} limits.memory.swap instance-resource-limits
:condition: "container"
:defaultdesc: "`true`"
:liveupdate: "yes"
:shortdesc: "Whether to encourage/discourage swapping less used pages for this instance"
:type: "bool"

```

```{config:option} limits.memory.swap.priority instance-resource-limits
:condition: "container"
:defaultdesc: "`10` (maximum)"
:liveupdate: "yes"
:shortdesc: "Prevents the instance from being swapped to disk"
:type: "integer"
Specify an integer between 0 and 10.
The higher the value, the less likely the instance is to be swapped to disk.
```

````{config:option} limits.network.priority instance-resource-limits
:defaultdesc: "`0` (minimum)"
:liveupdate: "yes"
:shortdesc: "Priority of the instance's network requests"
:type: "integer"
```{important}
This option is deprecated. Use the per-NIC `limits.priority` option instead.
```

Controls how much priority to give to the instance's network requests when under load.

Specify an integer between 0 and 10.
````

```{config:option} limits.processes instance-resource-limits
:condition: "container"
:defaultdesc: "empty"
:liveupdate: "yes"
:shortdesc: "Maximum number of processes that can run in the instance"
:type: "integer"
If left empty, no limit is set.
```

<!-- config group instance-resource-limits end -->
<!-- config group instance-security start -->
```{config:option} security.agent.metrics instance-security
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "Whether the `lxd-agent` is queried for state information and metrics"
:type: "bool"

```

```{config:option} security.csm instance-security
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to use a firmware that supports UEFI-incompatible operating systems"
:type: "bool"
When enabling this option, set {config:option}`instance-security:security.secureboot` to `false`.
```

```{config:option} security.devlxd instance-security
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "Whether `/dev/lxd` is present in the instance"
:type: "bool"
See {ref}`dev-lxd` for more information.
```

```{config:option} security.devlxd.images instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Controls the availability of the `/1.0/images` API over `devlxd`"
:type: "bool"

```

```{config:option} security.idmap.base instance-security
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "The base host ID to use for the allocation"
:type: "integer"
Setting this option overrides auto-detection.
```

```{config:option} security.idmap.isolated instance-security
:condition: "unprivileged container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to use a unique idmap for this instance"
:type: "bool"
If specified, the idmap used for this instance is unique among instances that have this option set.
```

```{config:option} security.idmap.size instance-security
:condition: "unprivileged container"
:liveupdate: "no"
:shortdesc: "The size of the idmap to use"
:type: "integer"

```

```{config:option} security.nesting instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Whether to support running LXD (nested) inside the instance"
:type: "bool"

```

```{config:option} security.privileged instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to run the instance in privileged mode"
:type: "bool"

```

```{config:option} security.protection.delete instance-security
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Prevents the instance from being deleted"
:type: "bool"

```

```{config:option} security.protection.shift instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Whether to protect the file system from being UID/GID shifted"
:type: "bool"
Set this option to `true` to prevent the instance's file system from being UID/GID shifted on startup.
```

```{config:option} security.secureboot instance-security
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "Whether UEFI secure boot is enabled with the default Microsoft keys"
:type: "bool"
When disabling this option, consider enabling {config:option}`instance-security:security.csm`.
```

```{config:option} security.sev instance-security
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether AMD SEV (Secure Encrypted Virtualization) is enabled for this VM"
:type: "bool"

```

```{config:option} security.sev.policy.es instance-security
:condition: "virtual machine"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether AMD SEV-ES (SEV Encrypted State) is enabled for this VM"
:type: "bool"

```

```{config:option} security.sev.session.data instance-security
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "The guest owner's `base64`-encoded session blob"
:type: "string"

```

```{config:option} security.sev.session.dh instance-security
:condition: "virtual machine"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "The guest owner's `base64`-encoded Diffie-Hellman key"
:type: "string"

```

```{config:option} security.syscalls.allow instance-security
:condition: "container"
:liveupdate: "no"
:shortdesc: "List of syscalls to allow"
:type: "string"
A `\n`-separated list of syscalls to allow.
This list must be mutually exclusive with `security.syscalls.deny*`.
```

```{config:option} security.syscalls.deny instance-security
:condition: "container"
:liveupdate: "no"
:shortdesc: "List of syscalls to deny"
:type: "string"
A `\n`-separated list of syscalls to deny.
This list must be mutually exclusive with `security.syscalls.allow`.
```

```{config:option} security.syscalls.deny_compat instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to block `compat_*` syscalls (`x86_64` only)"
:type: "bool"
On `x86_64`, this option controls whether to block `compat_*` syscalls.
On other architectures, the option is ignored.
```

```{config:option} security.syscalls.deny_default instance-security
:condition: "container"
:defaultdesc: "`true`"
:liveupdate: "no"
:shortdesc: "Whether to enable the default syscall deny"
:type: "bool"

```

```{config:option} security.syscalls.intercept.bpf instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `bpf()` system call"
:type: "bool"

```

```{config:option} security.syscalls.intercept.bpf.devices instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to allow BPF programs"
:type: "bool"
This option controls whether to allow BPF programs for the devices cgroup in the unified hierarchy to be loaded.
```

```{config:option} security.syscalls.intercept.mknod instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `mknod` and `mknodat` system calls"
:type: "bool"
These system calls allow creation of a limited subset of char/block devices.
```

```{config:option} security.syscalls.intercept.mount instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `mount` system call"
:type: "bool"

```

```{config:option} security.syscalls.intercept.mount.allowed instance-security
:condition: "container"
:liveupdate: "yes"
:shortdesc: "File systems that can be mounted"
:type: "string"
Specify a comma-separated list of file systems that are safe to mount for processes inside the instance.
```

```{config:option} security.syscalls.intercept.mount.fuse instance-security
:condition: "container"
:liveupdate: "yes"
:shortdesc: "File system that should be redirected to FUSE implementation"
:type: "string"
Specify the mounts of a given file system that should be redirected to their FUSE implementation (for example, `ext4=fuse2fs`).
```

```{config:option} security.syscalls.intercept.mount.shift instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "yes"
:shortdesc: "Whether to use idmapped mounts for syscall interception"
:type: "bool"

```

```{config:option} security.syscalls.intercept.sched_setcheduler instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `sched_setscheduler` system call"
:type: "bool"
This system call allows increasing process priority.
```

```{config:option} security.syscalls.intercept.setxattr instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `setxattr` system call"
:type: "bool"
This system call allows setting a limited subset of restricted extended attributes.
```

```{config:option} security.syscalls.intercept.sysinfo instance-security
:condition: "container"
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to handle the `sysinfo` system call"
:type: "bool"
This system call can be used to get cgroup-based resource usage information.
```

<!-- config group instance-security end -->
<!-- config group instance-snapshots start -->
```{config:option} snapshots.expiry instance-snapshots
:liveupdate: "no"
:shortdesc: "When snapshots are to be deleted"
:type: "string"
Specify an expression like `1M 2H 3d 4w 5m 6y`.
```

```{config:option} snapshots.pattern instance-snapshots
:defaultdesc: "`snap%d`"
:liveupdate: "no"
:shortdesc: "Template for the snapshot name"
:type: "string"
Specify a Pongo2 template string that represents the snapshot name.
This template is used for scheduled snapshots and for unnamed snapshots.

See {ref}`instance-options-snapshots-names` for more information.
```

```{config:option} snapshots.schedule instance-snapshots
:defaultdesc: "empty"
:liveupdate: "no"
:shortdesc: "Schedule for automatic instance snapshots"
:type: "string"
Specify either a cron expression (`<minute> <hour> <dom> <month> <dow>`), a comma-separated list of schedule aliases (`@hourly`, `@daily`, `@midnight`, `@weekly`, `@monthly`, `@annually`, `@yearly`), or leave empty to disable automatic snapshots.

```

```{config:option} snapshots.schedule.stopped instance-snapshots
:defaultdesc: "`false`"
:liveupdate: "no"
:shortdesc: "Whether to automatically snapshot stopped instances"
:type: "bool"

```

<!-- config group instance-snapshots end -->
<!-- config group instance-volatile start -->
```{config:option} volatile.<name>.apply_quota instance-volatile
:shortdesc: "Disk quota"
:type: "string"
The disk quota is applied the next time the instance starts.
```

```{config:option} volatile.<name>.ceph_rbd instance-volatile
:shortdesc: "RBD device path for Ceph disk devices"
:type: "string"

```

```{config:option} volatile.<name>.host_name instance-volatile
:shortdesc: "Network device name on the host"
:type: "string"

```

```{config:option} volatile.<name>.hwaddr instance-volatile
:shortdesc: "Network device MAC address"
:type: "string"
The network device MAC address is used when no `hwaddr` property is set on the device itself.
```

```{config:option} volatile.<name>.last_state.created instance-volatile
:shortdesc: "Whether the network device physical device was created"
:type: "string"
Possible values are `true` or `false`.
```

```{config:option} volatile.<name>.last_state.hwaddr instance-volatile
:shortdesc: "Network device original MAC"
:type: "string"
The original MAC that was used when moving a physical device into an instance.
```

```{config:option} volatile.<name>.last_state.ip_addresses instance-volatile
:shortdesc: "Last used IP addresses"
:type: "string"
Comma-separated list of the last used IP addresses of the network device.
```

```{config:option} volatile.<name>.last_state.mtu instance-volatile
:shortdesc: "Network device original MTU"
:type: "string"
The original MTU that was used when moving a physical device into an instance.
```

```{config:option} volatile.<name>.last_state.vdpa.name instance-volatile
:shortdesc: "VDPA device name"
:type: "string"
The VDPA device name used when moving a VDPA device file descriptor into an instance.
```

```{config:option} volatile.<name>.last_state.vf.hwaddr instance-volatile
:shortdesc: "SR-IOV virtual function original MAC"
:type: "string"
The original MAC used when moving a VF into an instance.
```

```{config:option} volatile.<name>.last_state.vf.id instance-volatile
:shortdesc: "SR-IOV virtual function ID"
:type: "string"
The ID used when moving a VF into an instance.
```

```{config:option} volatile.<name>.last_state.vf.spoofcheck instance-volatile
:shortdesc: "SR-IOV virtual function original spoof check setting"
:type: "string"
The original spoof check setting used when moving a VF into an instance.
```

```{config:option} volatile.<name>.last_state.vf.vlan instance-volatile
:shortdesc: "SR-IOV virtual function original VLAN"
:type: "string"
The original VLAN used when moving a VF into an instance.
```

```{config:option} volatile.apply_nvram instance-volatile
:shortdesc: "Whether to regenerate VM NVRAM the next time the instance starts"
:type: "bool"

```

```{config:option} volatile.apply_template instance-volatile
:shortdesc: "Template hook"
:type: "string"
The template with the given name is triggered upon next startup.
```

```{config:option} volatile.base_image instance-volatile
:shortdesc: "Hash of the base image"
:type: "string"
The hash of the image that the instance was created from (empty if the instance was not created from an image).
```

```{config:option} volatile.cloud_init.instance-id instance-volatile
:shortdesc: "`instance-id` (UUID) exposed to `cloud-init`"
:type: "string"

```

```{config:option} volatile.evacuate.origin instance-volatile
:shortdesc: "The origin of the evacuated instance"
:type: "string"
The cluster member that the instance lived on before evacuation.
```

```{config:option} volatile.idmap.base instance-volatile
:shortdesc: "The first ID in the instance's primary idmap range"
:type: "integer"

```

```{config:option} volatile.idmap.current instance-volatile
:shortdesc: "The idmap currently in use by the instance"
:type: "string"

```

```{config:option} volatile.idmap.next instance-volatile
:shortdesc: "The idmap to use the next time the instance starts"
:type: "string"

```

```{config:option} volatile.last_state.idmap instance-volatile
:shortdesc: "Serialized instance UID/GID map"
:type: "string"

```

```{config:option} volatile.last_state.power instance-volatile
:shortdesc: "Instance state as of last host shutdown"
:type: "string"

```

```{config:option} volatile.uuid instance-volatile
:shortdesc: "Instance UUID"
:type: "string"
The instance UUID is globally unique across all servers and projects.
```

```{config:option} volatile.uuid.generation instance-volatile
:shortdesc: "Instance generation UUID"
:type: "string"
The instance generation UUID changes whenever the instance's place in time moves backwards.
It is globally unique across all servers and projects.
```

```{config:option} volatile.vsock_id instance-volatile
:shortdesc: "Instance `vsock ID` used as of last start"
:type: "string"

```

<!-- config group instance-volatile end -->
<!-- config group project-features start -->
```{config:option} features.images project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`true`"
:shortdesc: "Whether to use a separate set of images for the project"
:type: "bool"
This setting applies to both images and image aliases.
```

```{config:option} features.networks project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`false`"
:shortdesc: "Whether to use a separate set of networks for the project"
:type: "bool"

```

```{config:option} features.networks.zones project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`false`"
:shortdesc: "Whether to use a separate set of network zones for the project"
:type: "bool"

```

```{config:option} features.profiles project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`true`"
:shortdesc: "Whether to use a separate set of profiles for the project"
:type: "bool"

```

```{config:option} features.storage.buckets project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`true`"
:shortdesc: "Whether to use a separate set of storage buckets for the project"
:type: "bool"

```

```{config:option} features.storage.volumes project-features
:defaultdesc: "`false`"
:initialvaluedesc: "`true`"
:shortdesc: "Whether to use a separate set of storage volumes for the project"
:type: "bool"

```

<!-- config group project-features end -->
<!-- config group project-limits start -->
```{config:option} limits.containers project-limits
:shortdesc: "Maximum number of containers that can be created in the project"
:type: "integer"

```

```{config:option} limits.cpu project-limits
:shortdesc: "Maximum number of CPUs to use in the project"
:type: "integer"
This value is the maximum value for the sum of the individual {config:option}`instance-resource-limits:limits.cpu` configurations set on the instances of the project.
```

```{config:option} limits.disk project-limits
:shortdesc: "Maximum disk space used by the project"
:type: "string"
This value is the maximum value of the aggregate disk space used by all instance volumes, custom volumes, and images of the project.
```

```{config:option} limits.instances project-limits
:shortdesc: "Maximum number of instances that can be created in the project"
:type: "integer"

```

```{config:option} limits.memory project-limits
:shortdesc: "Usage limit for the host's memory for the project"
:type: "string"
The value is the maximum value for the sum of the individual {config:option}`instance-resource-limits:limits.memory` configurations set on the instances of the project.
```

```{config:option} limits.networks project-limits
:shortdesc: "Maximum number of networks that the project can have"
:type: "integer"

```

```{config:option} limits.processes project-limits
:shortdesc: "Maximum number of processes within the project"
:type: "integer"
This value is the maximum value for the sum of the individual {config:option}`instance-resource-limits:limits.processes` configurations set on the instances of the project.
```

```{config:option} limits.virtual-machines project-limits
:shortdesc: "Maximum number of VMs that can be created in the project"
:type: "integer"

```

<!-- config group project-limits end -->
<!-- config group project-restricted start -->
```{config:option} restricted project-restricted
:defaultdesc: "`false`"
:shortdesc: "Whether to block access to security-sensitive features"
:type: "bool"
This option must be enabled to allow the `restricted.*` keys to take effect.
To temporarily remove the restrictions, you can disable this option instead of clearing the related keys.
```

```{config:option} restricted.backups project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent creating instance or volume backups"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.cluster.groups project-restricted
:shortdesc: "Cluster groups that can be targeted"
:type: "string"
If specified, this option prevents targeting cluster groups other than the provided ones.
```

```{config:option} restricted.cluster.target project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent targeting of cluster members"
:type: "string"
Possible values are `allow` or `block`.
When set to `allow`, this option allows targeting of cluster members (either directly or via a group) when creating or moving instances.
```

```{config:option} restricted.containers.interception project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using system call interception options"
:type: "string"
Possible values are `allow`, `block`, or `full`.
When set to `allow`, interception options that are usually safe are allowed.
File system mounting remains blocked.
```

```{config:option} restricted.containers.lowlevel project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using low-level container options"
:type: "string"
Possible values are `allow` or `block`.
When set to `allow`, low-level container options like {config:option}`instance-raw:raw.lxc`, {config:option}`instance-raw:raw.idmap`, `volatile.*`, etc. can be used.
```

```{config:option} restricted.containers.nesting project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent running nested LXD"
:type: "string"
Possible values are `allow` or `block`.
When set to `allow`, {config:option}`instance-security:security.nesting` can be set to `true` for an instance.
```

```{config:option} restricted.containers.privilege project-restricted
:defaultdesc: "`unprivileged`"
:shortdesc: "Which settings for privileged containers to prevent"
:type: "string"
Possible values are `unprivileged`, `isolated`, and `allow`.

- When set to `unpriviliged`, this option prevents setting {config:option}`instance-security:security.privileged` to `true`.
- When set to `isolated`, this option prevents setting {config:option}`instance-security:security.privileged` and {config:option}`instance-security:security.idmap.isolated` to `true`.
- When set to `allow`, there is no restriction.
```

```{config:option} restricted.devices.disk project-restricted
:defaultdesc: "`managed`"
:shortdesc: "Which disk devices can be used"
:type: "string"
Possible values are `allow`, `block`, or `managed`.

- When set to `block`, this option prevents using all disk devices except the root one.
- When set to `managed`, this option allows using disk devices only if `pool=` is set.
- When set to `allow`, there is no restriction on which disk devices can be used.
```

```{config:option} restricted.devices.disk.paths project-restricted
:shortdesc: "Which `source` can be used for `disk` devices"
:type: "string"
If {config:option}`project-restricted:restricted.devices.disk` is set to `allow`, this option controls which `source` can be used for `disk` devices.
Specify a comma-separated list of path prefixes that restrict the `source` setting.
If this option is left empty, all paths are allowed.
```

```{config:option} restricted.devices.gpu project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `gpu`"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.devices.infiniband project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `infiniband`"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.devices.nic project-restricted
:defaultdesc: "`managed`"
:shortdesc: "Which network devices can be used"
:type: "string"
Possible values are `allow`, `block`, or `managed`.

- When set to `block`, this option prevents using all network devices.
- When set to `managed`, this option allows using network devices only if `network=` is set.
- When set to `allow`, there is no restriction on which network devices can be used.
```

```{config:option} restricted.devices.pci project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `pci`"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.devices.proxy project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `proxy`"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.devices.unix-block project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `unix-block`"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.devices.unix-char project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `unix-char`"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.devices.unix-hotplug project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `unix-hotplug`"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.devices.usb project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using devices of type `usb`"
:type: "string"
Possible values are `allow` or `block`.
```

```{config:option} restricted.idmap.gid project-restricted
:shortdesc: "Which host GID ranges are allowed in `raw.idmap`"
:type: "string"
This option specifies the host GID ranges that are allowed in the instance's {config:option}`instance-raw:raw.idmap` setting.
```

```{config:option} restricted.idmap.uid project-restricted
:shortdesc: "Which host UID ranges are allowed in `raw.idmap`"
:type: "string"
This option specifies the host UID ranges that are allowed in the instance's {config:option}`instance-raw:raw.idmap` setting.
```

```{config:option} restricted.networks.access project-restricted
:shortdesc: "Which network names are allowed for use in this project"
:type: "string"
Specify a comma-delimited list of network names that are allowed for use in this project.
If this option is not set, all networks are accessible.

Note that this setting depends on the {config:option}`project-restricted:restricted.devices.nic` setting.
```

```{config:option} restricted.networks.subnets project-restricted
:defaultdesc: "`block`"
:shortdesc: "Which network subnets are allocated for use in this project"
:type: "string"
Specify a comma-delimited list of network subnets from the uplink networks that are allocated for use in this project.
Use the form `<uplink>:<subnet>`.
```

```{config:option} restricted.networks.uplinks project-restricted
:defaultdesc: "`block`"
:shortdesc: "Which network names can be used as uplink in this project"
:type: "string"
Specify a comma-delimited list of network names that can be used as uplink for networks in this project.
```

```{config:option} restricted.networks.zones project-restricted
:defaultdesc: "`block`"
:shortdesc: "Which network zones can be used in this project"
:type: "string"
Specify a comma-delimited list of network zones that can be used (or something under them) in this project.
```

```{config:option} restricted.snapshots project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent creating instance or volume snapshots"
:type: "string"

```

```{config:option} restricted.virtual-machines.lowlevel project-restricted
:defaultdesc: "`block`"
:shortdesc: "Whether to prevent using low-level VM options"
:type: "string"
Possible values are `allow` or `block`.
When set to `allow`, low-level VM options like {config:option}`instance-raw:raw.qemu`, `volatile.*`, etc. can be used.
```

<!-- config group project-restricted end -->
<!-- config group project-specific start -->
```{config:option} backups.compression_algorithm project-specific
:shortdesc: "Compression algorithm to use for backups"
:type: "string"
Specify which compression algorithm to use for backups in this project.
Possible values are `bzip2`, `gzip`, `lzma`, `xz`, or `none`.
```

```{config:option} images.auto_update_cached project-specific
:shortdesc: "Whether to automatically update cached images in the project"
:type: "bool"

```

```{config:option} images.auto_update_interval project-specific
:shortdesc: "Interval at which to look for updates to cached images"
:type: "integer"
Specify the interval in hours.
To disable looking for updates to cached images, set this option to `0`.
```

```{config:option} images.compression_algorithm project-specific
:shortdesc: "Compression algorithm to use for new images in the project"
:type: "string"
Possible values are `bzip2`, `gzip`, `lzma`, `xz`, or `none`.
```

```{config:option} images.default_architecture project-specific
:shortdesc: "Default architecture to use in a mixed-architecture cluster"
:type: "string"

```

```{config:option} images.remote_cache_expiry project-specific
:shortdesc: "When an unused cached remote image is flushed in the project"
:type: "integer"
Specify the number of days after which the unused cached image expires.
```

```{config:option} user.* project-specific
:shortdesc: "User-provided free-form key/value pairs"
:type: "string"

```

<!-- config group project-specific end -->
<!-- config group server-acme start -->
```{config:option} acme.agree_tos server-acme
:defaultdesc: "`false`"
:scope: "global"
:shortdesc: "Agree to ACME terms of service"
:type: "bool"

```

```{config:option} acme.ca_url server-acme
:defaultdesc: "`https://acme-v02.api.letsencrypt.org/directory`"
:scope: "global"
:shortdesc: "URL to the directory resource of the ACME service"
:type: "string"

```

```{config:option} acme.domain server-acme
:scope: "global"
:shortdesc: "Domain for which the certificate is issued"
:type: "string"

```

```{config:option} acme.email server-acme
:scope: "global"
:shortdesc: "Email address used for the account registration"
:type: "string"

```

<!-- config group server-acme end -->
<!-- config group server-candid-and-rbac start -->
```{config:option} candid.api_key server-candid-and-rbac
:condition: "required for HTTP-only servers"
:scope: "global"
:shortdesc: "Public key of the Candid server"
:type: "string"

```

```{config:option} candid.api_url server-candid-and-rbac
:scope: "global"
:shortdesc: "URL of the external authentication endpoint using Candid"
:type: "string"

```

```{config:option} candid.domains server-candid-and-rbac
:scope: "global"
:shortdesc: "Allowed Candid domains"
:type: "string"
Specify a comma-separated list of allowed Candid domains.
An empty string means all domains are valid.
```

```{config:option} candid.expiry server-candid-and-rbac
:defaultdesc: "`3600`"
:scope: "global"
:shortdesc: "Candid macaroon expiry"
:type: "integer"
Specify the expiry time in seconds.
```

```{config:option} rbac.agent.private_key server-candid-and-rbac
:scope: "global"
:shortdesc: "Private key of the Candid agent"
:type: "string"
Specify the private key as provided during RBAC registration.
```

```{config:option} rbac.agent.public_key server-candid-and-rbac
:scope: "global"
:shortdesc: "Public key of the Candid agent"
:type: "string"
Specify the public key as provided during RBAC registration.
```

```{config:option} rbac.agent.url server-candid-and-rbac
:scope: "global"
:shortdesc: "URL of the Candid agent"
:type: "string"
Specify the URL as provided during RBAC registration.
```

```{config:option} rbac.agent.username server-candid-and-rbac
:scope: "global"
:shortdesc: "User name of the Candid agent"
:type: "string"
Specify the user name as provided during RBAC registration.
```

```{config:option} rbac.api.expiry server-candid-and-rbac
:scope: "global"
:shortdesc: "RBAC macaroon expiry"
:type: "integer"
Specify the expiry time in seconds.
```

```{config:option} rbac.api.key server-candid-and-rbac
:condition: "required for HTTP-only servers"
:scope: "global"
:shortdesc: "Public key of the RBAC server"
:type: "string"

```

```{config:option} rbac.api.url server-candid-and-rbac
:scope: "global"
:shortdesc: "URL of the external RBAC server"
:type: "string"

```

<!-- config group server-candid-and-rbac end -->
<!-- config group server-cluster start -->
```{config:option} cluster.healing_threshold server-cluster
:defaultdesc: "`0`"
:scope: "global"
:shortdesc: "Threshold when to evacuate an offline cluster member"
:type: "integer"
Specify the number of seconds after which an offline cluster member is to be evacuated.
To disable evacuating offline members, set this option to `0`.
```

```{config:option} cluster.https_address server-cluster
:scope: "local"
:shortdesc: "Address to use for clustering traffic"
:type: "string"
See {ref}`cluster-https-address`.
```

```{config:option} cluster.images_minimal_replica server-cluster
:defaultdesc: "`3`"
:scope: "global"
:shortdesc: "Number of cluster members that replicate an image"
:type: "integer"
Specify the minimal number of cluster members that keep a copy of a particular image.
Set this option to `1` for no replication, or to `-1` to replicate images on all members.
```

```{config:option} cluster.join_token_expiry server-cluster
:defaultdesc: "`3H`"
:scope: "global"
:shortdesc: "Time after which a cluster join token expires"
:type: "string"

```

```{config:option} cluster.max_standby server-cluster
:defaultdesc: "`2`"
:scope: "global"
:shortdesc: "Number of database stand-by members"
:type: "integer"
Specify the maximum number of cluster members that are assigned the database stand-by role.
This must be a number between `0` and `5`.
```

```{config:option} cluster.max_voters server-cluster
:defaultdesc: "`3`"
:scope: "global"
:shortdesc: "Number of database voter members"
:type: "integer"
Specify the maximum number of cluster members that are assigned the database voter role.
This must be an odd number >= `3`.
```

```{config:option} cluster.offline_threshold server-cluster
:defaultdesc: "`20`"
:scope: "global"
:shortdesc: "Threshold when an unresponsive member is considered offline"
:type: "integer"
Specify the number of seconds after which an unresponsive member is considered offline.
```

<!-- config group server-cluster end -->
<!-- config group server-core start -->
```{config:option} core.bgp_address server-core
:scope: "local"
:shortdesc: "Address to bind the BGP server to"
:type: "string"
See {ref}`network-bgp`.
```

```{config:option} core.bgp_asn server-core
:scope: "global"
:shortdesc: "BGP Autonomous System Number for the local server"
:type: "string"

```

```{config:option} core.bgp_routerid server-core
:scope: "local"
:shortdesc: "A unique identifier for the BGP server"
:type: "string"
The identifier must be formatted as an IPv4 address.
```

```{config:option} core.debug_address server-core
:scope: "local"
:shortdesc: "Address to bind the `pprof` debug server to (HTTP)"
:type: "string"

```

```{config:option} core.dns_address server-core
:scope: "local"
:shortdesc: "Address to bind the authoritative DNS server to"
:type: "string"
See {ref}`network-dns-server`.
```

```{config:option} core.https_address server-core
:scope: "local"
:shortdesc: "Address to bind for the remote API (HTTPS)"
:type: "string"
See {ref}`server-expose`.
```

```{config:option} core.https_allowed_credentials server-core
:defaultdesc: "`false`"
:scope: "global"
:shortdesc: "Whether to set `Access-Control-Allow-Credentials`"
:type: "bool"
If enabled, the `Access-Control-Allow-Credentials` HTTP header value is set to `true`.
```

```{config:option} core.https_allowed_headers server-core
:scope: "global"
:shortdesc: "`Access-Control-Allow-Headers` HTTP header value"
:type: "string"

```

```{config:option} core.https_allowed_methods server-core
:scope: "global"
:shortdesc: "`Access-Control-Allow-Methods` HTTP header value"
:type: "string"

```

```{config:option} core.https_allowed_origin server-core
:scope: "global"
:shortdesc: "`Access-Control-Allow-Origin` HTTP header value"
:type: "string"

```

```{config:option} core.https_trusted_proxy server-core
:scope: "global"
:shortdesc: "Trusted servers to provide the client's address"
:type: "string"
Specify a comma-separated list of IP addresses of trusted servers that provide the client's address through the proxy connection header.
```

```{config:option} core.metrics_address server-core
:scope: "local"
:shortdesc: "Address to bind the metrics server to (HTTPS)"
:type: "string"
See {ref}`metrics`.
```

```{config:option} core.metrics_authentication server-core
:defaultdesc: "`true`"
:scope: "global"
:shortdesc: "Whether to enforce authentication on the metrics endpoint"
:type: "bool"

```

```{config:option} core.proxy_http server-core
:scope: "global"
:shortdesc: "HTTP proxy to use"
:type: "string"
If this option is not specified, LXD falls back to the `HTTP_PROXY` environment variable (if set).
```

```{config:option} core.proxy_https server-core
:scope: "global"
:shortdesc: "HTTPS proxy to use"
:type: "string"
If this option is not specified, LXD falls back to the `HTTPS_PROXY` environment variable (if set).
```

```{config:option} core.proxy_ignore_hosts server-core
:scope: "global"
:shortdesc: "Hosts that don't need the proxy"
:type: "string"
Specify this option in a similar format to `NO_PROXY` (for example, `1.2.3.4,1.2.3.5`)

If this option is not specified, LXD falls back to the `NO_PROXY` environment variable (if set).
```

```{config:option} core.remote_token_expiry server-core
:defaultdesc: "no expiry"
:scope: "global"
:shortdesc: "Time after which a remote add token expires"
:type: "string"

```

```{config:option} core.shutdown_timeout server-core
:defaultdesc: "`5`"
:scope: "global"
:shortdesc: "How long to wait before shutdown"
:type: "integer"
Specify the number of minutes to wait for running operations to complete before the LXD server shuts down.
```

```{config:option} core.storage_buckets_address server-core
:scope: "local"
:shortdesc: "Address to bind the storage object server to (HTTPS)"
:type: "string"
See {ref}`howto-storage-buckets`.
```

```{config:option} core.syslog_socket server-core
:defaultdesc: "`false`"
:scope: "local"
:shortdesc: "Whether to enable the syslog unixgram socket listener"
:type: "bool"
Set this option to `true` to enable the syslog unixgram socket to receive log messages from external processes.
```

```{config:option} core.trust_ca_certificates server-core
:defaultdesc: "`false`"
:scope: "global"
:shortdesc: "Whether to automatically trust clients signed by the CA"
:type: "bool"

```

```{config:option} core.trust_password server-core
:scope: "global"
:shortdesc: "Password to be provided by clients to set up a trust"
:type: "string"

```

<!-- config group server-core end -->
<!-- config group server-images start -->
```{config:option} images.auto_update_cached server-images
:defaultdesc: "`true`"
:scope: "global"
:shortdesc: "Whether to automatically update cached images"
:type: "bool"

```

```{config:option} images.auto_update_interval server-images
:defaultdesc: "`6`"
:scope: "global"
:shortdesc: "Interval at which to look for updates to cached images"
:type: "integer"
Specify the interval in hours.
To disable looking for updates to cached images, set this option to `0`.
```

```{config:option} images.compression_algorithm server-images
:defaultdesc: "`gzip`"
:scope: "global"
:shortdesc: "Compression algorithm to use for new images"
:type: "string"
Possible values are `bzip2`, `gzip`, `lzma`, `xz`, or `none`.
```

```{config:option} images.default_architecture server-images
:shortdesc: "Default architecture to use in a mixed-architecture cluster"
:type: "string"

```

```{config:option} images.remote_cache_expiry server-images
:defaultdesc: "`10`"
:scope: "global"
:shortdesc: "When an unused cached remote image is flushed"
:type: "integer"
Specify the number of days after which the unused cached image expires.
```

<!-- config group server-images end -->
<!-- config group server-loki start -->
```{config:option} loki.api.ca_cert server-loki
:scope: "global"
:shortdesc: "CA certificate for the Loki server"
:type: "string"

```

```{config:option} loki.api.url server-loki
:scope: "global"
:shortdesc: "URL to the Loki server"
:type: "string"
Specify the protocol, name or IP and port. For example `https://loki.example.com:3100`. LXD will automatically add the `/loki/api/v1/push` suffix so there's no need to add it here.
```

```{config:option} loki.auth.password server-loki
:scope: "global"
:shortdesc: "Password used for Loki authentication"
:type: "string"

```

```{config:option} loki.auth.username server-loki
:scope: "global"
:shortdesc: "User name used for Loki authentication"
:type: "string"

```

```{config:option} loki.labels server-loki
:scope: "global"
:shortdesc: "Labels for a Loki log entry"
:type: "string"
Specify a comma-separated list of values that should be used as labels for a Loki log entry.
```

```{config:option} loki.loglevel server-loki
:defaultdesc: "`info`"
:scope: "global"
:shortdesc: "Minimum log level to send to the Loki server"
:type: "string"

```

```{config:option} loki.types server-loki
:defaultdesc: "`lifecycle,logging`"
:scope: "global"
:shortdesc: "Events to send to the Loki server"
:type: "string"
Specify a comma-separated list of events to send to the Loki server.
The events can be any combination of `lifecycle`, `logging`, and `ovn`.
```

<!-- config group server-loki end -->
<!-- config group server-miscellaneous start -->
```{config:option} backups.compression_algorithm server-miscellaneous
:defaultdesc: "`gzip`"
:scope: "global"
:shortdesc: "Compression algorithm to use for backups"
:type: "string"
Possible values are `bzip2`, `gzip`, `lzma`, `xz`, or `none`.
```

```{config:option} instances.nic.host_name server-miscellaneous
:defaultdesc: "`random`"
:scope: "global"
:shortdesc: "How to set the host name for a NIC"
:type: "string"
Possible values are `random` and `mac`.

If set to `random`, use the random host interface name as the host name.
If set to `mac`, generate a host name in the form `lxd<mac_address>` (MAC without leading two digits).
```

```{config:option} instances.placement.scriptlet server-miscellaneous
:scope: "global"
:shortdesc: "Instance placement scriptlet for automatic instance placement"
:type: "string"
When using custom automatic instance placement logic, this option stores the scriptlet.
See {ref}`clustering-instance-placement-scriptlet` for more information.
```

```{config:option} maas.api.key server-miscellaneous
:scope: "global"
:shortdesc: "API key to manage MAAS"
:type: "string"

```

```{config:option} maas.api.url server-miscellaneous
:scope: "global"
:shortdesc: "URL of the MAAS server"
:type: "string"

```

```{config:option} maas.machine server-miscellaneous
:defaultdesc: "host name"
:scope: "local"
:shortdesc: "Name of this LXD host in MAAS"
:type: "string"

```

```{config:option} network.ovn.integration_bridge server-miscellaneous
:defaultdesc: "`br-int`"
:scope: "global"
:shortdesc: "OVS integration bridge to use for OVN networks"
:type: "string"

```

```{config:option} network.ovn.northbound_connection server-miscellaneous
:defaultdesc: "`unix:/var/run/ovn/ovnnb_db.sock`"
:scope: "global"
:shortdesc: "OVN northbound database connection string"
:type: "string"

```

```{config:option} storage.backups_volume server-miscellaneous
:scope: "local"
:shortdesc: "Volume to use to store backup tarballs"
:type: "string"
Specify the volume using the syntax `POOL/VOLUME`.
```

```{config:option} storage.images_volume server-miscellaneous
:scope: "local"
:shortdesc: "Volume to use to store the image tarballs"
:type: "string"
Specify the volume using the syntax `POOL/VOLUME`.
```

<!-- config group server-miscellaneous end -->
<!-- config group server-oidc start -->
```{config:option} oidc.audience server-oidc
:scope: "global"
:shortdesc: "Expected audience value for the application"
:type: "string"
This value is required by some providers.
```

```{config:option} oidc.client.id server-oidc
:scope: "global"
:shortdesc: "OpenID Connect client ID"
:type: "string"

```

```{config:option} oidc.issuer server-oidc
:scope: "global"
:shortdesc: "OpenID Connect Discovery URL for the provider"
:type: "string"

```

<!-- config group server-oidc end -->
