When recursive is enabled, adds -ignorelinks flag to lndir

It causes lndir to not treat symbolic links in the source directory specially

Name that SLURM uses to refer to a node (or base partition for BlueGene systems)

The user's auxiliary groups.

Path to certificate private key (PEM with private key)

Server name to be used for this virtual host

Whether the service should be reloaded during a NixOS configuration switch if its definition has changed

Path to serial port this printer is connected to

Opens port in firewall for fedimintd's api port

Backups jobs to schedule for this stanza as described in: https://pgbackrest.org/user-guide.html#quickstart/schedule-backup

The value full-apivfs (the default) sets up private /dev, /proc, /sys, /tmp and /var/tmp file systems in a separate user name space

This optional key specifies whether initgroups(3) should be called before running the job

This optional key specifies whether the job participates in advanced communication with launchd

The force_run option is used to tell the PAM module for KWallet to forcefully run even if no graphical session (such as a GUI display manager) is detected

This optional key specifies the node to connect(2) or bind(2) to.

The video-format to read from input-stream.

This option can be used to store the username / password credentials with the "auth-user-pass" authentication method

Makes this vhost the default.

Extra settings to add to easytier-‹name›.toml.

Additional command line options as a dictionary to pass to the unison program

IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).

This optional key specifies the group to run the job as

Whether to enable the installation of this Helm chart

The fallback instance name if not configured into the admin UI

A set of files to be copied to /boot

Listen on remote and forwards traffic from local

An ipset.

Ports to forward in the zone.

Declarative location config

The vault package to use.

The labels to apply to the container.

For each user matching one of comma-separated glob patterns, enable TTY auditing

DNS full-qualified domain name of a database server

DNS full-qualified domain name of a database server

Whether to enable intra-zone forwarding

A list of the given alerting or recording rules against configured "datasource.url" compatible with Prometheus HTTP API for vmalert to execute

The static host map defines a set of hosts with fixed IP addresses on the internet (or any network)

Each attribute in this set specifies an option in the [IPv6SendRA] section of the unit

Name of the mute time interval, must be unique

If set, use the Duo Security pam module pam_duo for authentication

The criteria can either be an output name, an output description or "*"

This optional key specifies whether the job participates in advanced communication with launchd

Whether to support proxying websocket connections with HTTP/1.1.

Path to encrypted luks device that contains the user's home directory.

Automatically wake up the service after the specified number of seconds

Additional names of virtual hosts served by this virtual host configuration.

Specification of pages to be ignored by web crawlers

Path to certificate (PEM with certificate chain)

Opens port in firewall for fedimintd's p2p port (both TCP and UDP)

Additional names of virtual hosts served by this virtual host configuration.

Additional names of virtual hosts served by this virtual host configuration.

Reserve the name in the namespace, but cause bootstrap_look_up() to fail until the job has checked in with launchd.

User part of the JID for the recorder.

Optional configuration string for this interface.

All authentication providers to provision

Set the log-level

Services to include for the service.

Host which to proxy requests to if ACME challenge is not found

The URL prefix under which the awstats pages appear.

Create the database and database user locally.

This configuration file only applies to the hosts listed with this key

The listener type to enable.

Path to a git repository

Canonical hostname for the server.

This optional key tells launchctl what type of socket to create

Hostname shown in peer list and web console.

The address Anubis' metrics server listens to

This key maps to the first argument of execvp(3)

Configuration of defcfg other than linux-dev (generated from the devices option) and linux-continue-if-no-devs-found (hardcoded to be yes)

File name in the rsa folder for which this passphrase should be used.

The name of the database to use

Key file for securing RPC connections.

Extra preferences to add to user.js.

Additional arguments for borg init

Topic patterns to be shared between the two brokers

How often to run ytdl-sub

The resource to which access should be allowed.

configuration options for btrbk

The OAuth2 client secret.

Each attribute in this set specifies an option in the [Match] section of the unit

Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.

Whether to enable this mount.

Path to directory of CRLs (Certificate Revocation Lists) in PEM format

Extra SSL configuration options.

Only consider archive names starting with this prefix for pruning

The largest size (in bytes) file that may be created.

The largest size (in bytes) file that may be created.

Each attribute in this set specifies an option in the [MACVLAN] section of the unit

Whether the service is chrooted to have only access to the services.postfix.queueDir and the closure of store paths specified by the program option.

A short description of the user account, typically the user's full name

This configuration file only applies to the hosts listed with this key

This key maps to the first argument of execvp(3)

Structural Wordpress configuration

Where to mount this dataset.

Whether to begin the synchronisation by running notmuch new on the remote side.

The furl for a Tahoe introducer node

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Declarative location config

The type of virtual interface used for the network connection.