| services.cfssl.remote | Remote CFSSL server.
|
| networking.sits.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.gitwatch.<name>.remote | Optional url of remote repository
|
| networking.ipips.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.echoip.remoteIpHeader | Header to trust for remote IP, if present
|
| services.nsd.remoteControl.port | Port number for remote control operations (uses TLS over TCP).
|
| services.prometheus.remoteRead.*.name | Name of the remote read config, which if specified must be unique among remote read configs
|
| services.quicktun.<name>.remotePort | Remote UDP port
|
| services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| services.prometheus.remoteWrite.*.name | Name of the remote write config, which if specified must be unique among remote write configs
|
| services.nsd.remoteControl.enable | Whether to enable remote control via nsd-control.
|
| services.journald.remote.port | The port to listen to
|
| services.journald.remote.settings | Configuration in the journal-remote configuration file
|
| services.journald.remote.listen | Which protocol to listen to.
|
| services.journald.remote.output | The location of the output journal
|
| services.prometheus.remoteRead.*.remote_timeout | Timeout for requests to the remote read endpoint.
|
| services.quicktun.<name>.remoteFloat | Whether to allow the remote address and port to change when properly encrypted packets are received.
|
| services.journald.remote.enable | Whether to enable receiving systemd journals from the network.
|
| services.prometheus.remoteWrite.*.remote_timeout | Timeout for requests to the remote write endpoint.
|
| programs.steam.remotePlay.openFirewall | Open ports in the firewall for Steam Remote Play.
|
| services.cassandra.remoteJmx | Cassandra ships with JMX accessible only from localhost
|
| services.gnome.gnome-remote-desktop.enable | Whether to enable Remote Desktop support using Pipewire.
|
| services.vmagent.remoteWrite.url | Endpoint for prometheus compatible remote_write
|
| services.vlagent.remoteWrite.url | Endpoint for the victorialogs instance
|
| services.wstunnel.clients.<name>.remoteToLocal | Listen on remote and forwards traffic from local
|
| services.nsd.remoteControl.interfaces | Which interfaces NSD should bind to for remote control.
|
| services.thanos.receive.remote-write.address | Address to listen on for remote write requests
|
| services.prometheus.remoteRead.*.headers | Custom HTTP headers to be sent along with each remote read request
|
| programs.proxychains.remoteDNSSubnet | Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.
|
| services.prometheus.remoteWrite.*.headers | Custom HTTP headers to be sent along with each remote write request
|
| services.journald.remote.settings.Remote.Seal | Periodically sign the data in the journal using Forward Secure
Sealing.
|
| services.nsd.remoteControl.serverKeyFile | Path to the server private key, which is used by the server
but not by nsd-control
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote | Section for a remote authentication round
|
| services.prometheus.remoteRead | Parameters of the endpoints to query from
|
| services.nsd.remoteControl.serverCertFile | Path to the server self signed certificate, which is used by the server
but and by nsd-control
|
| services.prometheus.remoteRead.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.journald.remote.settings.Remote.ServerKeyFile | A path to a SSL secret key file in PEM format
|
| services.nsd.remoteControl.controlKeyFile | Path to the client private key, which is used by nsd-control
but not by the server
|
| services.slskd.settings.remote_file_management | Whether to enable modification of share contents through the web ui.
|
| services.prometheus.remoteWrite | Parameters of the endpoints to send samples to
|
| services.prometheus.remoteWrite.*.url | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.journald.remote.settings.Remote.SplitMode | With "host", a separate output file is used, based on the
hostname of the other endpoint of a connection
|
| services.nsd.remoteControl.controlCertFile | Path to the client certificate signed with the server certificate
|
| services.prometheus.remoteRead.*.tls_config | Configures the remote read request's TLS settings.
|
| services.prometheus.remoteWrite.*.tls_config | Configures the remote write request's TLS settings.
|
| services.prometheus.remoteWrite.*.sigv4 | Configures AWS Signature Version 4 settings.
|
| services.prometheus.remoteRead.*.basic_auth | Sets the Authorization header on every remote read request with the
configured username and password.
password and password_file are mutually exclusive.
|
| services.vlagent.remoteWrite.maxDiskUsagePerUrl | The maximum file-based buffer size in bytes
|
| services.prometheus.remoteWrite.*.basic_auth | Sets the Authorization header on every remote write request with the
configured username and password.
password and password_file are mutually exclusive.
|
| services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.zfs.autoReplication.remoteFilesystem | Remote ZFS filesystem where snapshots should be sent.
|
| services.vmagent.remoteWrite.basicAuthPasswordFile | File that contains the Basic Auth password used to connect to remote_write endpoint
|
| services.vlagent.remoteWrite.basicAuthPasswordFile | File that contains the Basic Auth password used to connect to remote_write endpoint
|
| services.prometheus.remoteWrite.*.sigv4.region | The AWS region.
|
| services.nullmailer.config.remotes | A list of remote servers to which to send each message
|
| services.prometheus.remoteWrite.*.queue_config | Configures the queue used to write to remote storage.
|
| services.prometheus.remoteRead.*.bearer_token | Sets the Authorization header on every remote read request with
the configured bearer token
|
| services.prometheus.remoteWrite.*.sigv4.profile | The named AWS profile used to authenticate.
|
| services.prometheus.remoteWrite.*.bearer_token | Sets the Authorization header on every remote write request with
the configured bearer token
|
| services.prometheus.remoteRead.*.proxy_url | Optional Proxy URL.
|
| services.nullmailer.remotesFile | Path to the remotes control file
|
| services.prometheus.remoteWrite.*.proxy_url | Optional Proxy URL.
|
| services.prometheus.remoteWrite.*.sigv4.role_arn | The AWS role ARN.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id | Identity in CA certificate to accept for authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth | Authentication to expect from remote
|
| nix.sshServe.write | Whether to enable writing to the Nix store as a remote store via SSH
|
| services.prometheus.remoteWrite.*.sigv4.access_key | The Access Key ID.
|
| services.prometheus.remoteWrite.*.sigv4.secret_key | The Secret Access Key.
|
| services.journald.remote.settings.Remote.ServerCertificateFile | A path to a SSL certificate file in PEM format
|
| services.prometheus.remoteRead.*.read_recent | Whether reads should be made for queries for time ranges that
the local storage should have complete data for.
|
| services.prometheus.remoteWrite.*.queue_config.capacity | Number of samples to buffer per shard before we block reading of more
samples from the WAL
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.prometheus.remoteWrite.*.metadata_config | Configures the sending of series metadata to remote storage
|
| services.prometheus.remoteWrite.*.metadata_config.send | Whether metric metadata is sent to remote storage or not.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.prometheus.remoteRead.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_id | Identity to use as peer identity during EAP authentication
|
| services.prometheus.remoteWrite.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.remoteRead.*.basic_auth.username | HTTP username
|
| services.prometheus.remoteRead.*.basic_auth.password | HTTP password
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module | Optional PKCS#11 module name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.prometheus.remoteRead.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.remoteWrite.*.basic_auth.password | HTTP password
|
| services.prometheus.remoteWrite.*.basic_auth.username | HTTP username
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys | List of raw public keys to accept for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups | Authorization group memberships to require
|
| services.prometheus.remoteWrite.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module | Optional PKCS#11 module name.
|
| services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.prometheus.remoteWrite.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.remoteRead.*.required_matchers | An optional list of equality matchers which have to be
present in a selector to query the remote read endpoint.
|
| services.prometheus.remoteRead.*.bearer_token_file | Sets the Authorization header on every remote read request with the bearer token
read from the configured file
|
| nix.sshServe.enable | Whether to enable serving the Nix store as a remote store via SSH.
|
| services.prometheus.remoteWrite.*.bearer_token_file | Sets the Authorization header on every remote write request with the bearer token
read from the configured file
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.remoteWrite.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.rustdesk-server.enable | Whether to enable RustDesk, a remote access and remote control software, allowing maintenance of computers and other devices.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation | Certificate revocation policy for CRL or OCSP revocation.
- A
strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.- The default revocation policy
relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad
|
| services.prometheus.remoteWrite.*.queue_config.max_shards | Maximum number of shards, i.e. amount of concurrency.
|
| services.prometheus.remoteWrite.*.queue_config.min_shards | Minimum number of shards, i.e. amount of concurrency.
|
| hardware.sane.netConf | Network hosts that should be probed for remote scanners.
|
| services.prometheus.remoteWrite.*.metadata_config.send_interval | How frequently metric metadata is sent to remote storage.
|
| services.prometheus.remoteRead.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.remoteWrite.*.queue_config.max_backoff | Maximum retry delay.
|
| services.prometheus.remoteWrite.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.remoteWrite.*.queue_config.min_backoff | Initial retry delay
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_port | Remote UDP port for IKE communication
|
| services.prometheus.remoteWrite.*.write_relabel_configs | List of remote write relabel configurations.
|
| services.xrdp.enable | Whether to enable xrdp, the Remote Desktop Protocol server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.syncoid.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| services.murmur.dbus | Enable D-Bus remote control
|
| services.cfssl.tlsRemoteCa | CAs to trust for remote TLS requests.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts | List of remote selectors to include in CHILD_SA
|
| services.unbound.localControlSocketPath | When not set to null this option defines the path
at which the unbound remote control socket should be created at
|
| networking.sits.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| boot.initrd.network.ssh.shell | Login shell of the remote user
|
| services.syncoid.sshKey | SSH private key file to use to login to the remote system
|
| services.znapzend.features.sendRaw | Whether to enable sendRaw feature which adds the options -w to the
zfs send command
|
| services.openssh.banner | Message to display to the remote user before authentication is allowed.
|
| networking.ipips.<name>.ttl | The time-to-live of the connection to the remote tunnel endpoint.
|
| services.btrbk.sshAccess.*.key | SSH public key allowed to login as user btrbk to run remote backups.
|
| services.exim.user | User to use when no root privileges are required
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| networking.sits.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.thanos.store.stateDir | Data directory relative to /var/lib
in which to cache remote blocks.
|
| services.openssh.enable | Whether to enable the OpenSSH secure shell daemon, which
allows secure remote logins.
|
| nix.buildMachines.*.sshUser | The username to log in as on the remote host
|
| nix.buildMachines | This option lists the machines to be used if distributed builds are
enabled (see nix.distributedBuilds)
|
| services.saned.enable | Enable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| networking.ipips.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.neo4j.shell.enable | Enable a remote shell server which Neo4j Shell clients can log in to
|
| services.uptime.usesRemoteMongo | Whether the configuration file specifies a remote mongo instance
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.regex | Regular expression against which the extracted value is matched
|
| services.autossh.sessions.*.extraArguments | Arguments to be passed to AutoSSH and retransmitted to SSH
process
|
| services.gitwatch.<name>.branch | Optional branch in remote repository
|
| services.btrbk.niceness | Niceness for local instances of btrbk
|
| services.prometheus.remoteRead.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.action | Action to perform based on regex matching
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.modulus | Modulus to take of the hash of the source label values.
|
| services.tt-rss.auth.autoLogin | Automatically login user on remote or other kind of externally supplied
authentication, otherwise redirect to login form as normal
|
| services.prometheus.remoteWrite.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.remoteWrite.*.queue_config.batch_send_deadline | Maximum time a sample will wait in buffer.
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.cfssl.mutualTlsClientCert | Mutual TLS - client certificate to call remote instance requiring client certs.
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.separator | Separator placed between concatenated source label values
|
| services.cfssl.mutualTlsClientKey | Mutual TLS - client key to call remote instance requiring client certs
|
| security.pam.sshAgentAuth.enable | Whether to enable authenticating using a signature performed by the ssh-agent
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|
| services.prometheus.remoteWrite.*.queue_config.max_samples_per_send | Maximum number of samples per send.
|
| users.mysql.pam.logging.rHostColumn | The name of the column in the log table to which the name of the remote
host that initiates the session is stored
|
| services.nar-serve.cacheURL | Binary cache URL to connect to
|
| services.icecream.daemon.user | User to run the icecream daemon as
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.replacement | Replacement value against which a regex replace is performed if the
regular expression matches
|
| networking.greTunnels.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.hylafax.faxcron.infoDays | Set the expiration time for data in the
remote machine information directory in days.
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.target_label | Label to which the resulting value is written in a replace action
|
| services.quicktun.<name>.publicKey | Remote public key in hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.boinc.allowRemoteGuiRpc | If set to true, any remote host can connect to and control this BOINC
client (subject to password authentication)
|
| services.journald.upload.enable | Whether to enable uploading the systemd journal to a remote server.
|
| services.thanos.receive.enable | Whether to enable the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb.
|
| services.unifi.openFirewall | Whether or not to open the minimum required ports on the firewall
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| services.borgbackup.jobs.<name>.repo | Remote or local repository to back up to.
|
| boot.initrd.network.ssh.enable | Start SSH service during initrd boot
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.source_labels | The source labels select values from existing labels
|
| services.shairport-sync.enable | Enable the shairport-sync daemon
|
| nix.buildMachines.*.protocol | The protocol used for communicating with the build machine
|
| services.printing.browsed.enable | Whether to enable the CUPS Remote Printer Discovery (browsed) daemon.
|
| services.tinc.networks.<name>.name | The name of the node which is used as an identifier when communicating
with the remote nodes in the mesh
|
| services.syncoid.commands.<name>.sshKey | SSH private key file to use to login to the remote system
|
| services.wordpress.sites.<name>.fontsDir | This directory is used to download fonts from a remote location, e.g.
to host google fonts locally.
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| services.mastodon.mediaAutoRemove.startAt | How often to remove remote media
|
| services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.thanos.store.sync-block-duration | Repeat interval for syncing the blocks between local and remote view
|
| services.neo4j.ssl.policies.<name>.trustAll | Makes this policy trust all remote parties
|
| services.teeworlds.rconPassword | Password to access the remote console
|
| services.zfs.autoReplication.host | Remote host where snapshots should be sent. lz4 is expected to be installed on this host.
|
| services.mastodon.mediaAutoRemove.olderThanDays | How old remote media needs to be in order to be removed.
|
| services.wstunnel.clients.<name>.localToRemote | Listen on local and forwards traffic from remote.
|
| boot.binfmt.addEmulatedSystemsToNixSandbox | Whether to add the boot.binfmt.emulatedSystems to nix.settings.extra-platforms
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|
| services.mastodon.mediaAutoRemove.enable | Automatically remove remote media attachments and preview cards older than the configured amount of days
|
| services.gitlab.backup.uploadOptions | GitLab automatic upload specification
|
| services.btrbk.ioSchedulingClass | IO scheduling class for btrbk (see ionice(1) for a quick description)
|
| services.rosenpass.settings.peers.*.peer | WireGuard public key corresponding to the remote Rosenpass peer.
|
| services.multipath.devices.*.fast_io_fail_tmo | Specify the number of seconds the SCSI layer will wait after a problem has been
detected on a FC remote port before failing I/O to devices on that remote port
|
| services.openssh.settings.GatewayPorts | Specifies whether remote hosts are allowed to connect to
ports forwarded for the client
|
| services.prosody.s2sInsecureDomains | Some servers have invalid or self-signed certificates
|
| services.mirakurun.openFirewall | Open ports in the firewall for Mirakurun.
Exposing Mirakurun to the open internet is generally advised
against
|
| services.i2pd.inTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.buildbot-master.pbPort | The buildmaster will listen on a TCP port of your choosing
for connections from workers
|
| services.i2pd.outTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.zfs.autoReplication.followDelete | Remove remote snapshots that don't have a local correspondent.
|
| services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| services.cjdns.authorizedPasswords | Any remote cjdns nodes that offer these passwords on
connection will be allowed to route through this node.
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.mosquitto.bridges.<name>.addresses | Remote endpoints for the bridge.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".socket_dir | Path to the postgres socket directory
|
| services.amule.settings.ExternalConnect.ECPort | TCP port for external connections, like remote control via amule-gui
|
| programs.ssh.forwardX11 | Whether to request X11 forwarding on outgoing connections by default
|
| services.epgstation.openFirewall | Open ports in the firewall for the EPGStation web interface.
Exposing EPGStation to the open internet is generally advised
against
|
| services.rosenpass.settings.peers.*.endpoint | Endpoint of the remote Rosenpass peer.
|
| services.komodo-periphery.disableTerminals | Disable remote shell access through Periphery.
|
| services.mosquitto.bridges.<name>.addresses.*.port | Port of the remote MQTT broker.
|
| services.kubernetes.pki.pkiTrustOnBootstrap | Whether to always trust remote cfssl server upon initial PKI bootstrap.
|
| services.komodo-periphery.disableContainerExec | Disable remote container shell access through Periphery.
|
| services.kapacitor.defaultDatabase.password | The password to connect to the remote InfluxDB server
|
| services.kapacitor.defaultDatabase.username | The username to connect to the remote InfluxDB server
|
| services.transmission.enable | Whether to enable the headless Transmission BitTorrent daemon
|
| services.strongswan-swanctl.swanctl.connections.<name>.unique | Connection uniqueness policy to enforce
|
| services.mosquitto.bridges.<name>.addresses.*.address | Address of the remote MQTT broker.
|
| services.postfix.settings.main.mynetworks | List of trusted remote SMTP clients, that are allowed to relay mail
|
| services.rosenpass.settings.peers.*.public_key | Path to a file containing the public key of the remote Rosenpass peer.
|
| services.postfix.settings.main.smtp_tls_CAfile | File containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates
|
| services.matrix-synapse.settings.presence.enabled | Whether to enable presence tracking
|
| services.akkoma.config.":pleroma".":media_proxy".enabled | Whether to enable proxying of remote media through the instance's proxy.
|
| services.journald.upload.settings.Upload.ServerKeyFile | SSL key in PEM format
|
| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.nullmailer.config.sendtimeout | The time to wait for a remote module listed above to complete sending
a message before killing it and trying again, in seconds
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| services.prometheus.exporters.wireguard.withRemoteIp | Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.
|
| services.prometheus.exporters.restic.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.dependency-track.settings."alpine.database.mode" | Defines the database mode of operation
|
| services.icingaweb2.modules.monitoring.transports.<name>.host | Host for the api or remote transport
|
| services.icingaweb2.modules.monitoring.transports.<name>.path | Path to the socket for local or remote transports
|
| services.icingaweb2.modules.monitoring.transports.<name>.port | Port to connect to for the api or remote transport
|
| services.znapzend.zetup.<name>.destinations.<name>.postsend | Command to run after sending the snapshot to the destination
|
| services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| virtualisation.spiceUSBRedirection.enable | Install the SPICE USB redirection helper with setuid
privileges
|
| services.journald.upload.settings.Upload.TrustedCertificateFile | SSL CA certificate
|
| services.multipath.devices.*.dev_loss_tmo | Specify the number of seconds the SCSI layer will wait after a problem has
been detected on a FC remote port before removing it from the system
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.prometheus.globalConfig.external_labels | The labels to add to any time series or alerts when
communicating with external systems (federation, remote
storage, Alertmanager).
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| services.nextcloud.settings.mail_smtpmode | Which mode to use for sending mail
|
| services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer | Identity under which the peer is registered at the mediation server, that
is, the IKE identity the other end of this connection uses as its local
identity on its connection to the mediation server
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| services.fwupd.extraRemotes | Enables extra remotes in fwupd
|
| services.btrbk.sshAccess | SSH keys that should be able to make or push snapshots on this system remotely with btrbk
|
| services.pgbackrest.repos.<name>.host | Repository host when operating remotely
|
| boot.initrd.network.openvpn.enable | Starts an OpenVPN client during initrd boot
|
| services.pgbackrest.stanzas.<name>.instances.<name>.host | PostgreSQL host for operating remotely.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|