| services.i2pd.ifname6 | IPv6 interface to bind to.
|
| services.pgbackrest.stanzas.<name>.instances.<name>.host | PostgreSQL host for operating remotely.
|
| services.fedimintd.<name>.nginx.fqdn | Public domain of the API address of the reverse proxy/tls terminator.
|
| services.netbird.clients.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.netbird.tunnels.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.rss2email.feeds.<name>.to | Email address to which to send feed items
|
| services.redis.servers.<name>.extraParams | Extra parameters to append to redis-server invocation
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.h2o.hosts.<name>.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| security.pam.services.<name>.limits.*.value | Value of this limit
|
| services.k3s.manifests.<name>.source | Path of the source .yaml file.
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.drupal.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|
| systemd.user.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| networking.vswitches.<name>.interfaces.<name>.name | Name of the interface
|
| security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| services.bitcoind.<name>.package | The bitcoind package to use.
|
| services.pid-fan-controller.settings.heatSources.*.name | Name of the heat source.
|
| services.neo4j.ssl.policies.<name>.trustAll | Makes this policy trust all remote parties
|
| services.wyoming.piper.servers.<name>.useCUDA | Whether to accelerate the underlying onnxruntime library with CUDA.
|
| services.anubis.instances.<name>.settings.BIND | The address that Anubis listens to
|
| services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| systemd.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.hostapd.radios.<name>.networks.<name>.settings | Extra configuration options to put at the end of this BSS's defintion in the
hostapd.conf for the associated interface
|
| services.awstats.configs.<name>.webService.hostname | The hostname the web service appears under.
|
| services.wyoming.piper.servers.<name>.piper | The piper-tts package to use.
|
| services.neo4j.ssl.policies.<name>.clientAuth | The client authentication stance for this policy.
|
| services.bacula-sd.autochanger.<name>.extraAutochangerConfig | Extra configuration to be passed in Autochanger directive.
|
| services.i2pd.inTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.keepalived.vrrpScripts.<name>.user | Name of user to run the script under.
|
| services.firewalld.zones.<name>.short | Short description for the zone.
|
| services.firewalld.zones.<name>.ports | Ports to allow in the zone.
|
| services.firewalld.zones.<name>.rules | Rich rules for the zone.
|
| services.restic.backups.<name>.package | The restic package to use.
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses | The external address where the host can be reached
|
| services.blockbook-frontend.<name>.user | The user as which to run blockbook-frontend-‹name›.
|
| users.groups.<name>.gid | The group GID
|
| services.xserver.displayManager.lightdm.greeters.gtk.theme.name | Name of the theme to use for the lightdm-gtk-greeter.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.honk.servername | The server name.
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.xserver.displayManager.lightdm.greeters.slick.font.name | Name of the font to use.
|
| services.inadyn.settings.custom.<name>.ssl | Whether to use HTTPS for this DDNS provider.
|
| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.nsd.zones.<name>.children | Children zones inherit all options of their parents
|
| services.netbird.tunnels.<name>.interface | Name of the network interface managed by this client.
|
| services.netbird.clients.<name>.interface | Name of the network interface managed by this client.
|
| services.prometheus.exporters.rtl_433.ids.*.name | Name to match.
|
| services.davis.nginx.locations.<name>.root | Root directory for requests.
|
| services.movim.nginx.locations.<name>.root | Root directory for requests.
|
| services.slskd.nginx.locations.<name>.root | Root directory for requests.
|
| services.jupyter.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyter.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| services.beesd.filesystems.<name>.workDir | Name (relative to the root of the filesystem) of the subvolume where
the hash table will be stored.
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.udp-over-tcp.tcp2udp.<name>.threads | Sets the number of worker threads to use
|
| services.i2pd.outTunnels.<name>.outbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.kubernetes.kubelet.taints.<name>.key | Key of taint.
|
| services.public-inbox.inboxes.<name>.watch | Paths for public-inbox-watch(1) to monitor for new mail.
|
| services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| security.pam.services.<name>.ttyAudit.openOnly | Set the TTY audit flag when opening the session,
but do not restore it when closing the session
|
| services.easytier.instances.<name>.environmentFiles | Environment files for this instance
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.valuesByGroup | Maps kanidm groups to values for the claim.
|
| services.ghostunnel.servers.<name>.allowCN | Allow client if common name appears in the list.
|
| services.bitcoind.<name>.testnet | Whether to use the testnet instead of mainnet.
|
| security.pam.services.<name>.setLoginUid | Set the login uid of the process
(/proc/self/loginuid) for auditing
purposes
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses.*.port | The port where the host can be reached
|
| services.openvpn.servers.<name>.autoStart | Whether this OpenVPN instance should be started automatically.
|
| services.sanoid.datasets.<name>.yearly | Number of yearly snapshots.
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| services.sanoid.datasets.<name>.hourly | Number of hourly snapshots.
|
| services.znapzend.zetup.<name>.sendDelay | Specify delay (in seconds) before sending snaps to the destination
|
| services.spiped.config.<name>.waitForDNS | Wait for DNS
|
| services.firezone.server.provision.accounts.<name>.actors.<name>.type | The account type
|
| services.kanidm.provision.persons.<name>.legalName | Full legal name
|
| services.agate.hostnames | Domain name of this Gemini server, enables checking hostname and port
in requests. (multiple occurrences means basic vhosts)
|
| systemd.network.links.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.nginx.proxyCachePath.<name>.levels | The levels parameter defines structure of subdirectories in cache: from
1 to 3, each level accepts values 1 or 2
|
| services.openvpn.servers | Each attribute of this option defines a systemd service that
runs an OpenVPN instance
|
| services.ghostunnel.servers.<name>.allowOU | Allow client if organizational unit name appears in the list.
|
| services.tailscale.authKeyFile | A file containing the auth key
|
| security.pam.services.<name>.howdy.enable | Whether to enable the Howdy PAM module
|
| services.drupal.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| services.snipe-it.nginx.locations.<name>.root | Root directory for requests.
|
| services.nebula.networks.<name>.listen.host | IP address to listen on.
|
| services.nebula.networks.<name>.listen.port | Port number to listen on.
|
| services.znc.confOptions.networks.<name>.port | IRC server port.
|
| services.xserver.displayManager.lightdm.greeters.enso.theme.name | Name of the theme to use for the lightdm-enso-os-greeter
|
| services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| services.nginx.proxyCachePath.<name>.useTempPath | Nginx first writes files that are destined for the cache to a temporary
storage area, and the use_temp_path=off directive instructs Nginx to
write them to the same directories where they will be cached
|
| services.kimai.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| security.pam.services.<name>.howdy.control | This option sets the PAM "control" used for this module.
|
| services.fedimintd.<name>.nginx.config.http3 | Whether to enable the HTTP/3 protocol
|
| services.nsd.zones.<name>.allowAXFRFallback | If NSD as secondary server should be allowed to AXFR if the primary
server does not allow IXFR.
|