Anubis policy configuration

Additional bot rules appended to the policy

Additional policy settings merged into the policy file

The policy file to use

Whether to include Anubis's default bot detection rules via the (data)/meta/default-config.yaml import

The policy file to use

An attribute set of Anubis instances

add will additionally listen for TLS connections. only will disable TLS connections. force will redirect non-TLS traffic to the TLS connection.

Anubis policy configuration in Nix syntax

The Wake-on-LAN policy to set for the device

Defines the SSL policies for use with Neo4j connectors

Key policy for zone signing keys

Key policy for key signing keys

Anubis policy configuration

The mandatory base directory for cryptographic objects of this policy

The client authentication stance for this policy.

The name of private PKCS #8 key file for this policy to be found in the baseDirectory, or the absolute path to the key file

Additional policy settings merged into the policy file

Restrict the allowed ciphers of this policy to those defined here

Connection uniqueness policy to enforce

Additional bot rules appended to the policy

List of certificate policy OIDs the peer's certificate must have

Makes this policy trust all remote parties

How strictly this policy should be enforced

Certificate revocation policy for CRL or OCSP revocation.

• A strict revocation policy fails if no revocation information is available, i.e. the certificate is not known to be unrevoked.
• ifuri fails only if a CRL/OCSP URI is available, but certificate revocation checking fails, i.e. there should be revocation information available, but it could not be obtained.
• The default revocation policy relaxed fails only if a certificate is revoked, i.e. it is explicitly known that it is bad

DEPRECATED, use driverOptions

Restrict the TLS protocol versions of this policy to those defined here.

install policy for the worker (always, if-not-present, never, prompt)

Default pull-policy for Docker images

Whether to enable this angrr policy.

A list of routing policy rules sections to be added to the unit

A set of policies to apply to the IPsec connections.

Whether to include Anubis's default bot detection rules via the (data)/meta/default-config.yaml import

Whether to enable this angrr policy.

All policies to provision

Retention period for the GC roots matched by this policy.

The name of public X.509 certificate (chain) file in PEM format for this policy to be found in the baseDirectory, or the absolute path to the certificate file

add will additionally listen for TLS connections. only will disable TLS connections. force will redirect non-TLS traffic to the TLS connection.

External filter program to further filter GC roots matched by this policy.

The kernel routing table to add this interface's associated routes to

Specifies the policy to use for reconnecting to an unavailable LDAP server

Allows the generation of a private key and associated self-signed certificate

The description of this policy

The user under which Anubis is run

Priority of this policy

Mark all wireguard packets originating from this interface with the given firewall mark

The group under which Anubis is run

The kernel routing table to add this interface's associated routes to

Whether to enable this instance of Anubis.

add will additionally listen for TLS connections. only will disable TLS connections. force will redirect non-TLS traffic to the TLS connection.

Nix daemon process CPU scheduling policy

By default, all networks will get same priority group (0)

A list of extra flags to be passed to Anubis.

Neo4j SSL policy for BOLT traffic

The address that Anubis listens to

Neo4j SSL policy for HTTPS traffic

Freeform configuration via environment variables for Anubis

Action to perform for this CHILD_SA on DPD timeout

Image pull policy for the container

Netfilter mark and mask for output traffic

Netfilter mark and mask for input traffic

Whether to set mark_in on the inbound SA

Whether to enable the policy_conditions feature for this account.

Action to perform after a CHILD_SA gets closed by the peer.

• The default of none does not take any action,
• trap installs a trap policy for the CHILD_SA.
• start tries to re-create the CHILD_SA.

close_action does not provide any guarantee that the CHILD_SA is kept alive

The mode can be "file" or "database" that defines where the ACL policies are stored and read from.

If the mode is set to "file", the path to a HuJSON file containing ACL policies.

The reverse proxy target that Anubis is protecting

The address Anubis' metrics server listens to

Netfilter mark applied to packets after the inbound IPsec SA processed them

Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.

Netfilter mark applied to packets after the outbound IPsec SA processed them

Action to perform after loading the configuration.

• The default of none loads the connection only, which then can be manually initiated or used as a responder configuration.
• The value trap installs a trap policy, which triggers the tunnel as soon as matching traffic has been detected.
• The value start initiates the connection actively.
• Since version 5.9.6 two modes above can be combined with trap|start, to immediately initiate a connection for which trap policies have been installed

Signature verification policy file

Whether to install outbound FWD IPsec policies or not

The network family that Anubis should bind to

The error-policy setting applies to all app-layer parsers

Grants the user, created by the ensureUser attr, replication permissions

The difficulty required for clients to solve the challenge

If set, shows a contact email address when rendering error pages

Anubis policy configuration in Nix syntax

The network family that the metrics server should bind to

Whether to enable Open Graph tag passthrough

The USBGuard daemon will load this as the policy rule set

StartTLS policy when connecting to server.

Define a common behavior for all exception policies

The name of the instance.

Name is used as a suffix for the service name, user, and group

Name of the UKI

Extra chromium policy options

The name of the user account

The name identifying the runner instance towards the Gitea/Forgejo instance.

The name of the group

The name of this nylon instance.

How often or when the retention policy is performed.

Adapter name that is used in the radicle-ci-broker configuration

The name of the user account

Name of the zone.

How to treat USB devices that are already connected when the daemon starts

Name of the PPP peer.

The name of the system used in the system.build.toplevel derivation

The name of the group

Policy for warnings and action based on battery levels

Whether battery percentage based policy should be used

The frp consists of client and server

A directory that should contain the policy files, used to customize Botan’s behaviour when negotiating the TLS connections with the IRC servers.

The name of the user for this authelia instance.

The name the camera will show up as.

Errbot backend name.

Whether to enable frp.

Etcd unique node name.

The name of this systemd unit, including its extension

The endpoint name.

The name of the group for this authelia instance.

The endpoint name.

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

Data directory for errbot instance.

Whether to enable ytdl-sub instance.

User under which this instance runs.

Configuration for ytdl-sub

Name of the PAM service.

Username for JSON-RPC connections.

Errbot log level

SMTP bind interface and port.

PostgreSQL host for operating remotely.

Group under which this instance runs.

The name of this systemd unit, including its extension

Primary name for use (as a suffix) in:

• systemd service name,
• hardened user name and group,
• systemd *Directory= names,
• desktop application identification,

Primary name for use (as a suffix) in:

• systemd service name,
• hardened user name and group,
• systemd *Directory= names,
• desktop application identification,

Name of the worker

List of identifiers of errbot admins.

Maximum number of emails to keep

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

List of paths that ytdl-sub can write to.

Whether to enable this vault-agent instance.

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

Whether to enable this v4l2-relayd instance.

Frp configuration, for configuration options see the example of client or server on github.

Name of modem device, will be searched for in /dev.

List of errbot plugin derivations.

HTTP bind interface and port for UI.

Nix daemon process I/O scheduling priority

Settings to generate easytier-‹name›.toml

A list of the given alerting or recording rules against configured "datasource.url" compatible with Prometheus HTTP API for vmalert to execute

Name i2pd appears in UPnP forwardings list.

Whether to enable go-csp-collector, a content security policy violation collector.

The name of the node which is used as an identifier when communicating with the remote nodes in the mesh

String to be appended to the config verbatim

Name of the runner to configure

The vault package to use.

Specifies the Name of the Storage daemon.

How often to run ytdl-sub

Path to the directory with database, registration, and other data for the bridge service

This tells the USBGuard daemon which file to load as policy rule set

configuration options for btrbk

The width to read from input-stream.

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

Specify the discard policy for the swap device

Wether to enable VictoriaMetrics's vmalert.

vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.

Path to the files with alerting and/or recording rules.

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

Enable the instance.

Errbot identity configuration

Whether to enable Authelia instance.

SCSI link power management policy

Name for the device

Extra args append to the easytier command-line.

Name of the image

Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.

Extra settings to add to easytier-‹name›.toml.

The height to read from input-stream.

The video-format to read from input-stream.

How often this btrbk instance is started

The endpoint name.

The endpoint name.

Database name.

The name of the Helm chart

The director name used by the system administrator

The client name that must be used by the Director when connecting

Base URL of your Gitea/Forgejo instance.

User under which this instance runs.

The name of the Helm chart

Name of the redis server

The authelia package to use.

The default path grouping policy to apply to unspecified multipaths

Keyboard name.

A system user name for this client instance.

A system user name for this client instance.

User to be set as owner of the UNIX socket.

Socket type: 'unix', 'tcp' or 'tcp6'.

The video-format to write to output-stream.

The name of the host

The name of the agent as seen in the buildkite dashboard.

Akkoma frontend name.

output directory; ${HOME} will be expanded to the user's home directory, ${USER} will be expanded to the user name.

The endpoint name.

The endpoint name.

Path to easytier config file

Group under which this instance runs.

Mode to be set on the UNIX socket

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

Database name.

The name of the service to run

Whether to enable this cups-pdf instance.

vmalert configuration, passed via command line flags

Agent name, usually same as the hostname

Mail "from" name.

Hostname shown in peer list and web console.

Name of the control, as it appears in alsamixer

Group to be set as owner of the UNIX socket.

Plain token to register at the configured Gitea/Forgejo instance.

Free-form settings written directly to the config.json file

An attribute set of database instances as described in: https://pgbackrest.org/configuration.html#section-stanza

Each instance defaults to set pg-host to the attribute's name

Whether to run in snapshot only mode

Font name, as used by fontconfig.

Whether to enable this consul-template instance.

Extra packages to add to GST_PLUGIN_PATH for the instance.

It is recommended you keep your secrets separate from the configuration

Specify the local database filename to store persistent data

This will contain the contents of cups-pdf.conf for this instance, derived from settings

Whether to enable Gitea Actions Runner instance.

The gstreamer-pipeline to use for the input-stream.

The systemd unit (a service or a target) for other services to depend on if they need to be started after matrix-synapse

User as which this instance of fcgiwrap will be run

Group as which this instance of fcgiwrap will be run.

Name is referenced in logs

config.yaml configuration as a Nix attribute set

The name to return in service discovery responses for the MUC service itself

Path to an environment file, containing the TOKEN environment variable, that holds a token to register at the configured Gitea/Forgejo instance.

Your Authelia config.yml as a Nix attribute set

The consul-template package to use.

Name of the redis server

Runner name declared to the PeerTube instance.

Mail "reply-to" name.

Name of the rule.

The name of the mailbox.

EasyTier network name.

Automatically determine the IPv4 address of this peer based on existing peers on network.

Socket address

The theme to display.

Configure the instance from config server

Name of the machine when registering it at the central or local api.

The framerate to read from input-stream.

Labels used to map jobs to their runtime environment

The endpoint name.

Relay address (the local IP address that will be used to relay the packets to the peer)

IPv4 cidr address of this peer in the virtual network

Peers to connect initially

The policy during reload.

Number of processes to prefork.

Level of verbosity for logs.

A systemd service name to use (without .service suffix).

A systemd service name to use (without .service suffix).

How to treat USB devices that are already connected after the daemon starts

Name of the user to ensure.

Name of the existing database.

The name of the service to run

Configuration for act_runner daemon

Path to your JWT secret used during identity verificaton.

Here you can provide authelia with configuration files or directories

URL of the PeerTube instance.

Configuring authelia's secret files via the secrets attribute set is intended to be convenient and help catch cases where values are required to run at all

The name of the server

The name of this systemd unit, including its extension

The endpoint name.

The logical name of the Galera cluster

spool directory

Name of the beat

Name of the wiki.

Name of the server.

Format the logs are written as.

Path to use for the pid file.

The name of the network interface to match against.

How to treat USB devices that don't match any rule in the policy

List of paths files that follows systemd environmentfile structure

Name of this iscsi initiator

Template section of vault-agent

The friendly name you give to the network device

The friendly name you give to the network device

Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package

Whether to add registration file to services.matrix-synapse.settings.app_service_config_files and make Synapse wait for registration service.

List of packages, that are available to actions, when the runner is configured with a host execution label.

Free-form settings written directly to the config.json file

Database name.

Database name.

Server name to be used for this virtual host

Name of the service.

Database name.

path for anonymously created PDF files

Name of ICMP pinging job.

Caching rules that overrule the origin's caching policy

Path to your HMAC secret used to sign OIDC JWTs.

Database name.

The name of this gateway as shown in firezone

The name of the cookie that the oauth_proxy creates.

Whether to enable this radicle-native-ci instance.

The endpoint name.

Prometheus Alertmanager URL

The name of this authentication provider

This primary server will notify all given secondary servers about zone changes

Whether to enable WirePlumber, a modular session / policy manager for PipeWire

Email address listed in the privacy policy.

Whether to enable a CUPS printer queue for this instance

Database name, only used when the databse is created locally.

The name of the host in the network as well as the configuration for that host

The name of an existing user account under which the rsync process should run.

The database name

Name of the redis server

location of GhostScript binary

The endpoint name.

Database name.

Database name.

Database name.

The radicle-native-ci package to use.

The advertised name for zeroconf discovery.

Group policies to install

Whether or not SSL verification should be enabled for outgoing connections to the homeserver.

The name of the immich database.

name of the virtualhost

Path to your session secret

Set to true to add the Content-Security-Policy header to your requests

The address to listen on.

The name of this actor

The name of this group

Database name

The name of the database to use for Wakapi.

Group policies to install

Subscriptions for ytdl-sub

Database name.

The name of the device.

User for anonymous PDF creation

Identify different instances on same host

The name of an existing user group under which the rsync process should run.

The directory where pantalaimon should store its state such as the database file.

Environment files for this instance

Set the log level of the daemon.

The name of this client as shown in firezone

Configuration of radicle-native-ci

Path to your private key file used to encrypt OIDC JWTs.

Path to use for the pid file.

The name of this server.

Datasource compatible with Prometheus HTTP API.

Listener addresses to accept connections from other peers

File path where the logs will be written

This is the target address is to match against

Template section of consul-template

Database name.

Database name.

User to run the cgit service as.

The name of this relay group

Path to the yaml registration file of the appservice.

File where radicle-native-ci should write the run log.

How to treat USB controller devices that are already connected when the daemon starts

PostgreSQL database name

File containing environment variables to substitute when copying the configuration out of Nix store to the services.mautrix-meta.dataDir

Name of the local AutoSSH session

Table name.

The name of this gateway as shown in firezone

Database name.

The name of services's user

Directory where per-run directories are stored.

Name of the font to use for regreet.

When set to something distinct to null NSD is able to collect statistics per zone

Name of the existing database (has no effect if type is "sqlite").

Name of the interface.

Each attribute of this option defines a systemd service that runs hans

Server name.

The port where the daemon will listen to client connections for this homeserver

The user's home directory.

Bind port for ‹name› endpoint.

The name of this gateway group

Port number Go Ethereum will be listening on, both TCP and UDP.

The name of this resource

Name of the interface

Group to run the cgit service as.

Name of the game as it will appear in the game listing.

Bind port for ‹name› endpoint.

Node name

Name of the iSCSI initiator to boot from

Database name.

Database name.

Database name.

Database name.

Database name.

Database name.

Database name.

Database name.

Name of the beat

Packages added to the adapter's PATH.

Name of the theme to use for regreet.

The name of the dawarich database.

MySQL database name.

Database name for FreshRSS.

Name of the satellite.

A path which will be scanned for repositories.

List of Systemd services to require and wait for when starting the application service.

The user's home directory mode in numeric format

What port to listen for client requests, default is 1080.

The specified name-string gives the system file name of the storage device managed by this storage daemon

The name of an explicit dtb to be loaded, relative to the dtb base

Path to the directory storing the hooks

Whether to also log to stdout when a file_path is defined.

TLS options for virtual host

The address where the daemon will listen to client connections for this homeserver.

Name of the modifier.

APIs to enable over WebSocket

cgit repository settings, see cgitrc(5)

Database name.

The account name

The account UID

Path to your storage encryption key.

Extra configuration options

Replace any existing runner with the same name

Format: [AXFR|UDP] <ip-address> <key-name | NOKEY>

Name of this virtual host

Rename nodes to different name.

Database name.

Whether to enable cgit.

Base URL for build logs (mandatory for access from CI broker page).

Each attribute of this option defines a systemd service that runs iodine

The nickname of this Tahoe node.

The user's primary group.

ACME options for virtual host.

HTTP options for virtual host

Whether to enable ‹name›.

Name of Google storage bucket

Name of directory from which to import ZFS device, this is passed to zpool import as the value of the -d option

Blockchain garbage collection mode.

Whether to enable hub instance.

Name of the symlink (relative to /var/lib/rancher/k3s/server/manifests)

Port number of Go Ethereum HTTP API.

The registration service that generates the registration file

Database name.

Database name.

Name of the icon theme to use for regreet.

DNS full-qualified domain name of a database server

DNS full-qualified domain name of a database server

Name of the symlink (relative to /var/lib/rancher/rke2/server/manifests)

Whether to enable ‹name›.

Whether to enable Go Ethereum Node.

Additional arguments passed to Go Ethereum.

SSID to be used in IEEE 802.11 management frames.

VirtualHost to serve cgit on, defaults to the attribute name.

Discourse database name.

The type of the device.

Name of the remote read config, which if specified must be unique among remote read configs

Additional environment variables to provide to authelia

Username

The name of the database to create.

Enable Metrics.

The URI of the homeserver that the pantalaimon proxy should forward requests to, without the matrix API path but including the http(s) schema.

Whether to enable TLS support.

Local secret key in hexadecimal form.

Name of the model to download and use for speech synthesis

The address to listen on for metrics

The name of the first admin user.

Name of the remote write config, which if specified must be unique among remote write configs

Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).

Members of this group can access the control socket for this interface.

Listed primary servers are allowed to notify this secondary server

Runner description declared to the PeerTube instance.

Name of the user to ensure.

Interface to use when method is iface.

Whether the SSID is to be interpreted using UTF-8 encoding.

Name of modem configuration file, will be searched for in config in the spooling area directory.

The name of this client as shown in firezone

Set the host address for this virtual host

Database name.

Bind address for ‹name› endpoint.

Backup type as described in: https://pgbackrest.org/command.html#command-backup/category-command/option-type

The group GID

The serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.

The cgit package to use.

The geth package to use.

Uhub plugin configuration.

The user's home directory mode in numeric format

Enables nylon as a running service upon activation.

The name of the host in the network as well as the configuration for that host

Set name to shared memory zone.

Override the default TLS port for this virtual host.

Root directory for requests.

Drive name without the full path.

static: Immediately answer any Neighbor Solicitation Messages (if they match the IP rule). iface: Forward the Neighbor Solicitation Message through the specified interface and only respond if a matching Neighbor Advertisement Message is received. auto: Same as iface, but instead of manually specifying the outgoing interface, check for a matching route in /proc/net/ipv6_route.

Bind address for ‹name› endpoint.

Database name.

Database name.

Name of database.

The user's home directory.

Output DPI configuration.

Name of the PostgreSQL database.

The name of the Linkwarden database.

The actual zone data

Name of the cursor theme to use for regreet.

Name of this overlay

Location of the host path to be mounted.

Instance name.

Local Mattermost database name.

Whether to enable DNSSEC.

Output resolution.

Output framerate.

Database name to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned

The name of this systemd unit, including its extension

A program name specifying a Postfix service/daemon process

Remote public key in hexadecimal form.

Zone file resource records contain columns of data, separated by whitespace, that define the record.

Adds index directive.

Alias directory for requests.

Compress the btrfs send stream before transferring it from/to remote locations using a compression command.

Name of the homebridge UI platform

Database name.

Override the default HTTP port for this virtual host.

Output video display controller.

Path to a file containing a registration token for the PeerTube instance

Name of the MySQL database that holds EPGStation's data.

Name of the beat

EasyTier network credential used for verification and encryption

Whether to enable Go Ethereum HTTP API.

The network to connect to

The name of the Grafana database.

Adds DirectoryIndex directive

Alias directory for requests

Name used to derive peer unit name.

Verify peer certificate

Verify peer certificate

Adds try_files directive.

Levels (minimum value for logged events): 0 = verbose debugging 1 = debugging 2 = informational messages 3 = notification 4 = warning

Marks the server as a backup server

Isolate traffic between stations (clients) and prevent them from communicating with each other.

These lines go to the end of cgitrc verbatim.

Shell commands executed to stop the service.

How to name the created archives

The name of the wrapper program

Output gamma configuration.

The device to update.

Enable logging, default is no logging.

Disable running fsck on this filesystem.

Text of this systemd unit.

Location of hardware kiss tnc for this interface.

Password HMAC-SHA-256 for JSON-RPC connections

Specifies the MAC addresses to deny if macAcl is set to "deny" or "radius"

The domain name to collect stats for.

The account UID

Name of symlink (relative to /etc)

Whether to enable this PPP peer.

Port to bind the TTS server to.

User account under which this pool runs.

Start the specified units when this unit is started.

Name of symlink

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Units that want (i.e. depend on) this unit

Determine whether the mounted path will be accessed in read-only mode.

Adds a return directive, for e.g. redirections.

Optional PKCS#11 module name.

Master=false means slave server

Addresses who may request zone transfers.

Limit retry time for secondary zones.

Whether to enable this RAUC slot.

Label for this destination

The user's primary group.

Path to the file which contains the actual base64 encoded key

Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.

The serial port speed of this interface.

Vertical scaling factor/pixels.

Horizontal scaling factor/pixels.

Name of this virtual host

Environment variables used for this PHP-FPM pool.

Whether to enable the output.

Output rotate configuration.

Specifies the MAC addresses to allow if macAcl is set to "allow" or "radius"

The user as which to run bitcoind.

Blockchain sync mode.

Maximum peers to connect to.

Tunnel type.

A system group name for this client instance.

A system group name for this client instance.

Specify the log file name

List of orgIds that should be reset to the default policy.

Kubernetes apiserver authorization policy file

Optional PKCS#11 module name.

A systemd service name to use (without .service suffix).

A systemd service name to use (without .service suffix).

Directory for the ACME challenge, which is public

If the specified units are started at the same time as this unit, delay this unit until they have started.

Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.

Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.

Mount point on the container file system.

Specify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.

The path to repo in local machine

Shell commands executed after the service's main process has exited.

The name of the database to store data in.

Tunnel type.

Text of the file.

When or how often the backup should run

Domain to fetch certificate for (defaults to the entry name).

Override the default port on which to listen for connections.

Keyset used for tunnel identity.

Group account under which this pool runs.

Packages added to the service's PATH environment variable

Configuration for this host

A system group name for this client instance.

A system group name for this client instance.

Enables HTTP/3 over QUIC on the UDP port for TLS

Basic Auth protection for a vhost

Port number of Go Ethereum metrics service.

Listen address of Go Ethereum HTTP API.

Shell commands executed before the service's main process is started.

pppd configuration for this peer, see the pppd(8) man page.

Server name to verify the hostname on the returned gRPC certificates

The data directory for bitcoind.

Source directories.

Adds DirectoryIndex directive

Alias directory for requests

DNS full-qualified domain name of a database server

cgit configuration, see cgitrc(5)

Configuration of uhub

Whether to enable the filesystem mount.

Name of the homebridge

Domain name

Units that want (i.e. depend on) this unit

Keyset used for tunnel identity.

GVPE node name

Optional PKCS#11 module name.

Port number of Go Ethereum Auth RPC API.

Whether to offload computation onto a CUDA compatible GPU.

The specified name-string must be the generic SCSI device name of the autochanger that corresponds to the normal read/write Archive Device specified in the Device resource

These lines go to the end of the location verbatim.

These lines go to the end of the location verbatim.

Location of bitcoind pid file.

The database name.

The packaged Helm chart

Name of the tun device

Whether output should be marked as primary

The Flake URI of the NixOS configuration to use for the container

Dataset name to send snapshots to.

Name of the class implementing the check

The group as which to run bitcoind.

Shell commands executed to stop the service.

Shell commands executed as the service's main process.

The ID of your hook

A program name specifying a Postfix service/daemon process

The location of the Drupal files directory.

The packaged Helm chart

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Whether to enable proxy for this bucket

Guaranteed minimum hops for ‹name› tunnels.

Service port

Shell commands executed after the service's main process is started.

Shell commands executed when the service's main process is reloaded.

The group GID

When to run the job.

Name shown in the website title and on the front page.

The location of the Drupal site state directory.

Start the specified units when this unit is started.

Controls how long a valid or invalid entry remains in the cache, in milliseconds.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Lines which would be added inside ups.conf for handling this UPS.

Name of the runner group to add this runner to (defaults to the default runner group)

Database name to connect to

Root directory for requests.

Output scaling method.

Specifies the BSSID for this BSS

Optional slot number of the token that stores the certificate.

Contents of the PAM service file.

Name of the voice model to use

Guaranteed minimum hops for ‹name› tunnels.

Extra configuration to be appended to awstats.${name}.conf.

Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.

If the specified units are started at the same time as this unit, delay them until this unit has started.

The database engine name

Start the specified units when this unit is started.

Configuration for MPD

Path to file containing local secret key in binary or hexadecimal form.

Attribute set of NetBird client daemons, by default each one will:

1. be manageable using dedicated tooling:

• netbird-<name> script,
• NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),

2. run as a netbird-<name>.service,
3. listen for incoming remote connections on the port 51820 (openFirewall by default),
4. manage the netbird-<name> wireguard interface,
5. use the /var/lib/netbird-/config.json configuration file,
6. override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
7. (hardened) be locally manageable by netbird-<name> system group,

With following caveats:

• multiple daemons will interfere with each other's DNS resolution of netbird.cloud, but should remain fully operational otherwise

Name that will be shown to the user.

Path to world folder containing the dimension to render

List of servers for inclusion in stub and secondary zones.

Whether to operate in tun (IP) or tap (Ethernet) mode.

The IP interface to bind to. null means "all interfaces".

The flake input from is rewritten to.

The port on which the tub will listen

The port on which the Web server will listen

Put the host-side of the veth-pair into the named bridge

The user's auxiliary groups.

Name of a file containing the spiped key

Which local IP to bind the UDP socket to.

Interface name

Output position

Enable unlocking and mounting of encrypted ZFS home dataset at login.

When or how often the backup should run

Aliases of that unit.

Legacy RSA public key of the host in PEM format, including start and end markers

The name of the Stash Box

The address on which to accept FastCGI requests.

Extra lines to add to the tinc service configuration file

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Attribute set of vault-agent instances

Name of the user to log in

The kimai package to use.

The tahoelafs package to use.

Optional slot number of the token that stores the certificate.

Name of the class implementing the check

Name shown in the server list.

The name of the module

Source ZFS dataset

The flake reference from is rewritten to

If set to false, the user account will not be created

Alias directory for requests.

Adds index directive.

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

Text of the file.

Interface name

Whether to enable Drupal web application.

Override the default database cache size in MiB.

Extra arguments to pass to the server commandline.

Whether to enable Coqui TTS server.

Specifies the number of retries for failed notifies

If the specified units are started at the same time as this unit, delay this unit until they have started.

Text of this systemd unit.

The user as which to run blockbook-frontend-‹name›.

Default window size for this interface.

Path to plugin file.

Basic Auth password file for a vhost

Where to mount this dataset.

Override the default port on which to listen for JSON-RPC connections.

Shell commands executed after the service's main process has exited.

Absolute path to the certificate to load

Directory for storing certificates to be used by Neo4j for TLS connections

Target node name on the IBM TSM server.

Each attribute of this option defines a systemd service that runs an OpenVPN instance

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

As which user the backup should run.

Custom name of this poller.

Language of the environment

Type of the file system

Path to encrypted luks device that contains the user's home directory.

The name of the file or block device that should be used as header for the encrypted device.

Adds try_files directive.

Local UDP port.

Specifies a file containing the MAC addresses to deny if macAcl is set to "deny" or "radius"

The path to the user's shell

Whether to enable Enables the axport interface.

Default maximum packet size for this interface.

Packages added to the service's PATH environment variable

The subnets which this tinc daemon will serve

The address of the proxy.

Set maximum cache size

Order of this location block in relation to the others in the vhost

Order of this location block in relation to the others in the vhost

Extra zone config to be appended at the end of the zone section.

Shell commands executed before the service's main process is started.

Keep this unit running as long as the listed units are running

Whether to enable watching for repo.

Optional url of remote repository

Optional branch in remote repository

Whether to enable Bitcoin daemon.

Attributes for user's entry in pam_mount.conf.xml

These lines go to the end of the location verbatim.

Common name attribute of allowed peer certificates

Common name attribute of allowed peer certificates

Limit retry time for secondary zones

Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.

Absolute path to the certificate to load

Guaranteed minimum hops for ‹name› tunnels.

List of virtual hostnames from which to accept requests.

IP address of server running hans

The location for users to install Drupal themes.

Limit refresh time for secondary zones.

Limit on the number of simultaneous connections allowed.

If set, root doesn't need to authenticate (e.g. for the useradd service).

List of address ranges allowed to query this zone

Location of blockbook-frontend-‹name› data directory.

If the specified units are started at the same time as this unit, delay this unit until they have started.

Optional slot number of the token that stores the certificate.

Name of the PCM card to control (slave).

S3 bucket name to use for HTTP-01 based challenges

Whether to show the message of the day.

Station MAC address -based authentication

The group as which to run blockbook-frontend-‹name›.

Output scale configuration

Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"

Location to serve cgit under.

Path of the source file.

Settings for this slot.

Address to which spiped should connect.

Adds a return directive, for e.g. redirections.

Whether to enable Go Ethereum prometheus metrics.

RPC user information for JSON-RPC connections.

IP and port to which this redis instance acts as a slave.

Shell commands executed as the service's main process.

Guaranteed minimum hops for ‹name› tunnels.

Whether to enable the HTTP/3 protocol

The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device

The TCP port to accept connections

The external address where the host can be reached

Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively

The flake reference to be rewritten

Add the necessary actions for a upsmon process to work

If set, the OATH Toolkit will be used.

Listen for any Neighbor Solicitation messages on this interface, and respond to them according to a set of rules

The port where the host can be reached

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Whether to create the home directory and ensure ownership as well as permissions to match the user.

IP of the Redis master

Whether to enable Go Ethereum Auth RPC API.

Shell commands executed after the service's main process is started.

Keeps the specified running while this unit is running

Shell commands executed when the service's main process is reloaded.

Kissattach parameters for this interface.

The drupal package to use.

The name of your network of sr.ht-based sites.

Name of the heat source.

Shell commands executed when the instance is starting.

Whether to enable SFTP service.

Whether to ask Let’s Encrypt to sign a certificate for this virtual host

If the specified units are started at the same time as this unit, delay them until this unit has started.

Run the rsync process with an inhibition lock taken; see systemd-inhibit(1) for a list of possible operations.

Owner's name.

Options for the Kimai PHP pool

Start the specified units when this unit is started.

Start the specified units when this unit is started.

Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.

Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.

Address to bind on for UI connections

Environment variables to set for the kernel.

Enable logging to the system logger.

Whether to enable Redis server.

Number of worker instances to run

The path of the web root directory.

Path to the certificate authority certificate.

Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively

Absolute path to the certificate to load

Arguments passed to date to create a timestamp suffix for the archive name.

A list of one or more units that are activated when this unit enters the "inactive" state.

A list of one or more units that are activated when this unit enters the "failed" state.

The port on which the SFTP server will listen

Name to match.

DDNS server name.

Authentication algorithm for this key.

Automatically start this unit at the given date/time, which must be in the format described in systemd.time(7)

Print global archive statistics upon completion

Refer to xrandr(1) for the documentation of the transform matrix.

Run specified command or script after the tunnel device has been opened.

Maximum number of items to keep in slow log.

A systemd service name to use (without .service suffix).

A systemd service name to use (without .service suffix).

FastCGI parameters to override

Host to use for the destination dataset

Path to the unix socket file on which to accept FastCGI requests.

Specifies if TLS should be enabled

Specifies if TLS should be enabled

Event type.

Remote UDP port

Aliases of that unit.

Hostname alias(es).

Username for this DDNS provider.

TCP Port to bind on for UI connections

File or block device to export.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Number of simultaneous ‹name› tunnels.

Name of the wrapper that is installed into PATH

If set, the OTPW system will be used (if ~/.otpw exists).

Each attribute in this set specifies an option in the [Unit] section of the unit

The name of a .desktop file in the directory specified in the 'package' option.

Extra configuration options to put at the end of this BSS's defintion in the hostapd.conf for the associated interface

Name of user to run the script under.

Whether to enable this PAM service.

The ax25-tools package to use.

Enable verbose output, default is to not be verbose.

Path or reference to the host key.

Adds DirectoryIndex directive

Alias directory for requests

Basic Auth protection for a vhost

Public address for p2p connections from peers (if TCP is used)

Shell commands to run after borg create

The type of this worker

The specified name-string names the type of media supported by this device, for example, DLT7000

The type of log being collected.

Configuration of multiple mautrix-meta instances. services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram come preconfigured with network.mode, appservice.id, bot username, display name and avatar.

Key / certificate pairs for the virtual host.

Turns on or off the router flag for Neighbor Advertisement Messages.

A list of host names and/or IP numbers used for accessing the host's ssh service

Determines how multiple values are joined to create the claim value

Whether users can log in with passwords defined in /etc/shadow.

Specify the server verbosity level, options: debug, verbose, notice, warning.

Number of simultaneous ‹name› tunnels.

Name of the network interface managed by this client.

Name of the network interface managed by this client.

The bitcoind package to use.

Text of the file.

The username to store inside the credentials file.

Page or namespace to restrict

The location of the Drupal config sync directory.

Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40

Command and arguments to start the kernel.

TLS Options for the Director in this Configuration.

The configuration file path to supply bitcoind.

Bind address to be used for this server.

TLS Options for the Director in this Configuration.

port of the Redis master

Port the NetBird client listens on.

Port the NetBird client listens on.

Name of the platform

Allow client if common name appears in the list.

These lines go to the end of the location verbatim.

DNS server to use as an intermediate relay to the iodined server

Order of this location block in relation to the others in the vhost

Name (relative to the root of the filesystem) of the subvolume where the hash table will be stored.

APIs to enable over WebSocket

Path to the host certificate.

Manually specify the hostname

(optional) name your peer has for you

(optional) name your peer has for you

NNTP group name for the inbox.

Device identifiers, as shown by keyd(1).

If given, sets the SO_MARK option on the TCP socket.

If given, sets the SO_MARK option on the TCP socket.

Enable PAM mount (pam_mount) system to mount filesystems on user login.

This setting configures the name of a mailbox for which administrator scripts are configured

Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

Start the specified units when this unit is started.

Allow client if organizational unit name appears in the list.

This option provides a simple way to serve individual, static files.

Indicates the priority over identical Subnets owned by different nodes

The location for users to install Drupal modules.

I2P nodes that are allowed to connect to this service.

Shell commands executed when the instance is shutting down.

URL where this inbox can be accessed over HTTP.

Source port of the external interface on host

Name of the kernel module that provides the card.

Keep this unit running as long as the listed units are running

Arguments passed to the main process script

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Set to true to add the Content-Security-Policy-Report-Only header to your requests

Whether to use the testnet instead of mainnet.

Port to bind on for p2p connections from peers (both TCP and UDP)

Address to bind on for p2p connections from peers (both TCP and UDP)

Whether this file locals should be generated

Domain part of the web interface URL (no web interface for this domain if null)

Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: [ "0.0.0.0/0" ] To block all other access than the allowed.

The path to the xkb types file

Canonical hostname for the server.

Path of the source file.

Canonical hostname for the server.

The URL at which to fetch the feed.

The path to the socket to bind to.

Aliases of that unit.

Aliases of that unit.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Listen address of Go Ethereum metrics service.

Options for PHP's php.ini file for this Drupal site.

Whether to enable this proxy cache path entry.

Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.

Whether to enable fedimintd.

If the specified units are started at the same time as this unit, delay this unit until they have started.

If the specified units are started at the same time as this unit, delay them until this unit has started.

The user names of the group members, added to the /etc/group file.

If the specified units are started at the same time as this unit, delay this unit until they have started.

The prefix length of the subnet

Subordinate group ids that user is allowed to use

Subordinate user ids that user is allowed to use

To enable SSL, specify path to the name of certificate files without extension

IP Address of a database server

IP Address of a database server

Whether to enable helper service.

Set size to shared memory zone.

Default 2FA method for new users and fallback for preferred but disabled methods.

Public URL of the API address of the reverse proxy/tls terminator

Options for the Drupal PHP pool

Allow client if URI subject alternative name appears in the list.

Allow client if DNS subject alternative name appears in the list.

Additional command line parameters

Location of the DokuWiki state directory.

Hostname of server running iodined

A list of options for 'restic check'.

Whether to run the rspamd worker.

Count of subordinate user ids

Count of subordinate group ids

The node name of the device

The node name of the device

Structural Kimai's local.yaml configuration

Listen address of Go Ethereum Auth RPC API.

Whether to run the check command with the provided checkOpts options.

The PHP package to use for running this PHP-FPM pool.

Your yandex.com login name.

If set, keys listed in ~/.ssh/authorized_keys and ~/.eid/authorized_certificates can be used to log in with the associated PKCS#11 tokens.

This is a rule that the target address is to match against

Disables scan for overlapping BSSs in HT40+/- mode

(optional) human-readable name for peer

(optional) human-readable name for peer

Name of the printer / printer queue

The external IP address or hostname where the host can be reached.

Port number of Go Ethereum WebSocket API.

The account type

Address to bind on for API connections relied by the reverse proxy/tls terminator.

Port to bind on for API connections relied by the reverse proxy/tls terminator.

Settings that should be passed to rsync via long options

Attrset to be transformed into YAML for host config

Maps kanidm groups to values for the claim.

The user's auxiliary groups.

Allow the user to do certain things with upsd

The znapzend backup plan to use for the source

User or group to restrict

Path to the directory where the pastes will be saved to

User name for RPC connections.

Name of the PCM device to control (slave).

Name of group to run the script under

Additional names of virtual hosts served by this virtual host configuration.

Keeps the specified running while this unit is running

Additional configurations to be appended to bitcoin.conf.

Type of this limit

List of forwarded ports from host to container

Number of simultaneous ‹name› tunnels.

If set, the pam_mysql module will be used to authenticate users against a MySQL/MariaDB database.

The hostname the web service appears under.

Set the logcheck level.

Number of daily snapshots.

Whether to enable this source.

Automatically allocate subordinate user and group ids for this user

The nickname of this Tahoe introducer.

The repo of the Helm chart

If set to false, the user account will not be created

Item this limit applies to

The IPv4 address assigned to the interface in the container

A list of one or more units that are activated when this unit enters the "failed" state.

A list of one or more units that are activated when this unit enters the "inactive" state.

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

Basic Auth password file for a vhost

Number of simultaneous ‹name› tunnels.

Key of taint.

Enables TCP_NODELAY on the TCP socket.

Whitelists the given rrl-types.

The IP and port to forward all traffic to.

The IP and port to forward all traffic to.

Enables TCP_NODELAY on the TCP socket.

Any additional text to be appended to the wp-config.php configuration file

Full legal name

Automatically start this unit at the given date/time, which must be in the format described in systemd.time(7)

Apache configuration can be done by adapting services.httpd.virtualHosts.

The hash of the packaged Helm chart

Whether to try to create home directories for users with $HOMEs pointing to nonexistent locations on session login.

If the specified units are started at the same time as this unit, delay this unit until they have started.

Database user.

User that runs the cronjob.

Paths to SSL files

Whether this node is a relay.

User account under which this instance of redis-server runs.

Require TLS or TLS-PSK encryption

Require TLS or TLS-PSK encryption

Label of the device

Whether to update /var/log/wtmp.

Protocol names to hide in summary tables (RE2 syntax),

Tell nylon which interface to use as an uplink, default is "enp3s0f0".

The name of the module

Path to a certificate signing request to apply when fetching the certificate.

Path to encrypted luks device that contains the user's home directory.

The IPv6 address assigned to the interface in the container

Specifies the frequency band to use, possible values are 2g for 2.4 GHz, 5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz.

Each attribute in this set specifies an option in the [Unit] section of the unit

The type of the service

The repo of the Helm chart

Whether to support proxying websocket connections with HTTP/1.1.

The path to the xkb compat file

If enabled, the pam_umask module will be loaded.

Shell commands to execute when the event is triggered.

Regex specifying which log lines to ignore.

These lines go to the end of the location verbatim.

Tags for the agent.

Which protocol to use.

Order of this location block in relation to the others in the vhost

Extra configuration values that you want to insert into settings.php

Allowed time window for first received packet in seconds (positive number allows packets from history)

"Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."

Whether to enable the QUIC transport protocol

Name resolution of a backends host name is done at start up, or configuration reload

The path to the user's shell

The callsign of the physical interface to bind to.

Database host address.

Database host port.

Log level of the NetBird daemon.

Log level of the NetBird daemon.

Settings specific to this plugin.

Start the specified units when this unit is started.

Start the specified units when this unit is started.

The email address used to authenticate as this account

Limit refresh time for secondary zones

The input type

The furl for a Tahoe helper node

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Path of the source file.

The hash of the packaged Helm chart

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

Database name.

Akkoma frontend reference.

The tinc_pre package to use.

Change permissions for the socket

The github-runner package to use.

Whether the delay after typing a wrong password should be disabled.

The auth adapter type

The znapzend backup plan to use for the source

User under which to run the service

Attributes for user's entry in pam_mount.conf.xml

Extra lines that go into the pool configuration

E-mail address of the server administrator.

Key size in bits

See torrc manual.

Key size in bits

The server name.

If set to false, this unit will be a symlink to /dev/null

If set, fingerprint reader will be used (if exists and your fingerprints are enrolled).

Label of the unlocked encrypted device

Optional text to use in as commit message; all occurrences of %d will be replaced by formatted date/time

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Location of the dokuwiki acl rules

If set, the calling user's SSH agent is used to authenticate against the configured keys

Value of this limit

Path of the source .yaml file.

Whether this manifest file should be generated.

An existing Let’s Encrypt certificate to use for this virtual host

Hostname alias(es).

Username for this DDNS provider.

Path to host the API on and forward to the daemon's api port

Whether the PPP session is automatically started at boot time.

Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests

The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes

Permission level to restrict the actor(s) to

Path to the working directory (used for config and pidfile)

Take unencrypted connections from the source socket and send encrypted connections to the target socket.

Take encrypted connections from the source socket and send unencrypted connections to the target socket.

Location where the file system will be mounted

Short description for the zone.

Rich rules for the zone.

Ports to allow in the zone.

The restic package to use.

Start the specified units when this unit is started.

Start the specified units when this unit is started.

Extra parameters to append to redis-server invocation

Permits to raise one or more cups-pdf instances

Controls how long to wait for a Neighbor Advertisement Message before invalidating the entry, in milliseconds.

Whether to allow the remote address and port to change when properly encrypted packets are received.

The fedimint package to use.

Text of the file.

Attribute set describing resource limits

Arguments passed to the main process script

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Keep this unit running as long as the listed units are running

Keep this unit running as long as the listed units are running

Whether to enable storage service.

URI to bind the wyoming server to.

The path to the xkb symbols file

Public domain of the API address of the reverse proxy/tls terminator.

Path to key file

The workdir for the agent

Directory for the acme challenge which is PUBLIC, don't put certs or keys in here

Directory for the ACME challenge, which is public

Path to the data dir fedimintd will use to store its data

Whether to enable HTTPS in addition to plain HTTP

Whether to enable HTTPS in addition to plain HTTP

Whether to create the home directory and ensure ownership as well as permissions to match the user.

Configure unit start rate limiting

Path to 64x64 logo png.

Path to 32x32 logo png.

Enable SSL.

TTL for dnssec records

Path of the source .yaml file.

Whether this manifest file should be generated.

Aliases of that unit.

Aliases of that unit.

How often to fsync the append-only log, options: no, always, everysec.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Path of the source file.

Number of yearly snapshots.

Number of hourly snapshots.

Enable or disable this network.

Path to the private key to the matching certificate signing request.

If the specified units are started at the same time as this unit, delay them until this unit has started.

If the specified units are started at the same time as this unit, delay them until this unit has started.

Group account under which this instance of redis-server runs.

Number of ElGamal/AES tags to send.

IP to listen on. 0.0.0.0 for IPv4 only, * for all.

If true, the user's shell will be set to users.defaultUserShell.

If enabled, checks all masters for the last zone version

Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: [ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]

By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.

Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed

Whether to enable HTTPS and reject plain HTTP connections

Whether to enable HTTPS and reject plain HTTP connections

Name that will be shown to the user.

The location of the Drupal private files directory.

The delay time (in microseconds) on failure.

Whether this OpenVPN instance should be started automatically.

Local name of the IBM TSM server, must not contain space or more than 64 chars.

This option provides a simple way to serve individual, static files.

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

The path of a PEM encoded TLS private key

If set, users listed in ~/.yubico/authorized_yubikeys are able to log in with the associated Yubikey tokens.

The path of a PEM encoded TLS private key

Group running the ACME client.

User name of file owner

IP address or hostname of the local end.

Path to the key file.

Whether the from reference needs to match exactly

The set of packages that should be made available to the user

The name of the cluster.

FastCGI parameters to override

The dokuwiki package to use.

Database user.

The dataset to use for this source.

Number of ElGamal/AES tags to send.

Path to the SSH host public key.

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

Additional TLS/SSL-related configuration options

Paths for public-inbox-watch(1) to monitor for new mail.

Name of the default administrator user

Email address to which to send feed items

The members of this group

If the specified units are started at the same time as this unit, delay this unit until they have started.

If the specified units are started at the same time as this unit, delay this unit until they have started.

Keeps the specified running while this unit is running

Sets the number of worker threads to use

Name of the font to use.

Database host address.

Remote or local repository to back up to.

Database host port.

Port to listen on

Additional command line parameters

Listen address.

User name.

Use 'name' instead of 'spn' in the preferred_username claim

Whether to enable SSL (https) support.

Patterns to exclude when backing up

Optional hostname to add to /etc/hosts; prevents reverse lookup failures.

Optional hostname to add to /etc/hosts; prevents reverse lookup failures.

The object to make available inside the initrd.

Name of the theme to use for the lightdm-gtk-greeter.

The name of the column that contains a unix login name.

File that contains password

Makes this vhost the default.

If set, users listed in $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set) are able to log in with the associated U2F key

ID of the user in initrd.

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

The fallback instance name if not configured into the admin UI

Whether to enable Go Ethereum WebSocket API.

An application timeout on receiving data from the TCP socket.

An application timeout on receiving data from the TCP socket.

List of IPs of relays that this node should allow traffic from.

If the specified units are started, then this unit is stopped and vice versa.

Host which to proxy requests to if ACME challenge is not found

If NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR.

Whether to enable ‹name› in postgresql's syscall filter.

Order of this location block in relation to the others in the vhost

Specify delay (in seconds) before sending snaps to the destination

Attribute set of consul-template instances

Units that require (i.e. depend on and need to go down with) this unit

Aliases of that unit.

Aliases of that unit.

Path to server SSL certificate key.

Language of the environment

Name to match.

Start of the range of subordinate user ids that user is allowed to use.

Start of the range of subordinate group ids that user is allowed to use.

Whether to enable kTLS support

Don't send the password immediately after login, but store for PAM session.

Filesystem type

The vlan identifier

Name of the accessory

If the specified units are started at the same time as this unit, delay them until this unit has started.

If the specified units are started at the same time as this unit, delay this unit until they have started.

If the specified units are started at the same time as this unit, delay this unit until they have started.

Whether the application is a system component or not.

Path to the certificate file.

Display name