Location of a file containing the SMTP password

A path of a profile file to include

The directory where Duplicati stores its data files.

Permissions on the UNIX socket.

This directory is used for uploads of pictures

The name of the device that should be remapped

File containing the SMTP password

File containing the Flask secret key

Where to store the backups

Whether to configure permissions to allow integration with Postfix.

The directory or NFS/SMB network share where MPD reads music from

Location of the Django secret key

The profile-sync-daemon package to use.

The data directory for PostgreSQL

The data directory for PostgreSQL

Host of the postgresql server

Postgresql database user with read-only permissions used for Nominatim web API service.

Port that the /debug/pprof endpoint will listen on.

The directory where config.txt and serversettings.json is saved

List of users allowed to operate with the config. "root" is always implicitly included

Host of the postgresql server

List of groups allowed to operate with the config

Whether to install a JSON formatted list of all Home Manager options

File containing the JWT private key

The input method configure in profile file in ini format.

The input method configure in profile file in ini format.

File containing an API key to talk to the Immich server

This directory is used for uploads of pictures

The read permissions to include for this token

Named AWS profile used to connect to the API.

Whether to run reaction as root

The read permissions to include for this token

API key to talk to the Immich server

Directory for storing certificates to be used by Neo4j for TLS connections

This is the name that will be displayed by NetworkManager and GUIs.

The directory where MPD stores playlists

The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.

Bulk PDF import from consume directory

Path of the data directory

Unix Permissions in octal on the rtorrent directory.

The data directory for PostgreSQL

Path of the subvolume or mount point

Automatically login user on remote or other kind of externally supplied authentication, otherwise redirect to login form as normal

The directory used to store all data for healthchecks.

If not null, is used as the permissions set by system.activationScripts.transmission-daemon on the directories services.transmission.settings.download-dir, services.transmission.settings.incomplete-dir. and services.transmission.settings.watch-dir

Base directory used for logging.

Path to directory of CRLs (Certificate Revocation Lists) in PEM format

The directory or URI where MPD reads music from

If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad ("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").

(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@" followed by the name of an abstract socket ("@myvarnishd") accept connections on a Unix domain socket

Host of the postgresql server

This directory is used for uploads of attachments and cache

The directory to store the database files in

Extra permission groups to attach to the KMonad instance for this keyboard

Path to directory of X.509 certificates in PEM format for trusted parties

The mandatory base directory for cryptographic objects of this policy

Whether to enable Libravatar as profile picture source on your instance

default permissions for all unauthenticated accesses.

Grant capabilities to the uWSGI instance

Path used for the database file.

List of additional portals that should be added to the environment

The docker package to use

The ASF home directory used to store all data

Default PPD profile.

Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)

Whether to enable incusd, a daemon that manages containers and virtual machines

Whether to enable API access for mobile apps and third-party clients (Google Reader API and Fever API)

The path to a file containing the API key

To configure Slack auth, you'll need to create an Application at https://api.slack.com/apps

When configuring the Client ID, add a redirect URL under "OAuth & Permissions" to https://[publicUrl]/auth/slack.callback.

Specifies the path to a file containing the clear text password for the MQTT user

Path to a file containing the Cloudflare API authentication token

The directory where MPD stores playlists

Whether to add the activation script to the system profile

The default permissions (in octal) to create the UNIX socket with.

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Additional groups under which Traefik runs

Path to the postgres socket directory

If the conflict.rateLimitIsAggregate option is true, then after each tick one point of conflict-credit is given to just one domain: the one at the front of the queue

As an alternative to specifying config, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile.

Account certificate file, necessary to create, delete and manage tunnels

Sets the step between the points of the scroll acceleration function

Grants the user created inherit permissions

Sets the step between the points of the (pointer) motion acceleration function

Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)

This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles

Specifies the path to a file containing the hashed password for the MQTT user

Enable CIS Hardening for RKE2

Grants the user, created by the ensureUser attr, createdb permissions

Sets the points of the scroll acceleration function

A list of browsers to sync

Sets the points of the (pointer) motion acceleration function

Grants the user, created by the ensureUser attr, login permissions

The default permissions (in octal) to create the UNIX socket with.

Hide profile banner.

The profile file to load from "/var/lib/OpenRGB" at startup.

Sets the step between the points of the fallback acceleration function

Mounts to be added to every container under the Nvidia CDI profile.

Grants the user, created by the ensureUser attr, replication permissions

Account certificate file, necessary to create, delete and manage tunnels

Grants the user, created by the ensureUser attr, superuser permissions