| services.discourse.siteSettings | Discourse site settings
|
| users.users.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.users.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| boot.initrd.luks.devices.<name>.device | Path of the underlying encrypted block device.
|
| systemd.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.fedimintd.<name>.enable | Whether to enable fedimintd.
|
| services.opensearch.settings."cluster.name" | The name of the cluster.
|
| services.dokuwiki.sites.<name>.package | The dokuwiki package to use.
|
| services.znapzend.zetup.<name>.dataset | The dataset to use for this source.
|
| services.kimai.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| security.pam.services.<name>.howdy.control | This option sets the PAM "control" used for this module.
|
| services.kanidm.provision.systems.oauth2.<name>.preferShortUsername | Use 'name' instead of 'spn' in the preferred_username claim
|
| services.znapzend.zetup.<name>.sendDelay | Specify delay (in seconds) before sending snaps to the destination
|
| services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.name | Name of the cursor theme to use for the lightdm-enso-os-greeter
|
| security.pam.services.<name>.ttyAudit.openOnly | Set the TTY audit flag when opening the session,
but do not restore it when closing the session
|
| services.httpd.virtualHosts.<name>.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.restic.backups.<name>.exclude | Patterns to exclude when backing up
|
| services.nsd.zones.<name>.dnssecPolicy.zsk.prePublish | How long in advance to publish new keys
|
| services.nsd.zones.<name>.dnssecPolicy.ksk.prePublish | How long in advance to publish new keys
|
| services.nsd.zones.<name>.allowAXFRFallback | If NSD as secondary server should be allowed to AXFR if the primary
server does not allow IXFR.
|
| services.pgpkeyserver-lite.hostname | Which hostname to set the vHost to that is proxying to sks.
|
| services.grafana.provision.alerting.rules.settings.groups.*.name | Name of the rule group
|
| services.sourcehut.settings."builds.sr.ht::worker".name | Listening address and listening port
of the build runner (with HTTP port if not 80).
|
| services.graylog.rootUsername | Name of the default administrator user
|
| services.httpd.virtualHosts.<name>.listen.*.port | Port to listen on
|
| services.borgbackup.jobs.<name>.repo | Remote or local repository to back up to.
|
| services.iodine.clients.<name>.extraConfig | Additional command line parameters
|
| services.nginx.virtualHosts.<name>.listen.*.addr | Listen address.
|
| security.acme.certs.<name>.keyType | Key type to use for private keys
|
| users.extraUsers.<name>.subUidRanges | Subordinate user ids that user is allowed to use
|
| users.extraUsers.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| services.geth.<name>.websocket.enable | Whether to enable Go Ethereum WebSocket API.
|
| services.udp-over-tcp.tcp2udp.<name>.recvTimeout | An application timeout on receiving data from the TCP socket.
|
| services.udp-over-tcp.udp2tcp.<name>.recvTimeout | An application timeout on receiving data from the TCP socket.
|
| systemd.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| security.pam.services.<name>.howdy.enable | Whether to enable the Howdy PAM module
|
| services.drupal.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.snapper.configs.<name>.FSTYPE | Filesystem type
|
| programs.tsmClient.servers.<name>.servername | Local name of the IBM TSM server,
must not contain space or more than 64 chars.
|
| systemd.user.sockets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.targets.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.timers.<name>.aliases | Aliases of that unit.
|
| systemd.user.slices.<name>.aliases | Aliases of that unit.
|
| systemd.services.<name>.serviceConfig | Each attribute in this set specifies an option in the
[Service] section of the unit
|
| services.wstunnel.clients.<name>.tlsSNI | Use this as the SNI while connecting via TLS
|
| services.hans.clients.<name>.passwordFile | File that contains password
|
| services.nginx.virtualHosts.<name>.default | Makes this vhost the default.
|
| fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.nginx.virtualHosts.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.httpd.virtualHosts.<name>.sslServerKey | Path to server SSL certificate key.
|
| services.davis.nginx.locations.<name>.index | Adds index directive.
|
| services.davis.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.movim.nginx.locations.<name>.index | Adds index directive.
|
| services.slskd.nginx.locations.<name>.index | Adds index directive.
|
| services.movim.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.slskd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.awstats.configs.<name>.logFile | The log file to be scanned
|
| security.pam.services.<name>.setLoginUid | Set the login uid of the process
(/proc/self/loginuid) for auditing
purposes
|
| services.bitcoind.<name>.extraConfig | Additional configurations to be appended to bitcoin.conf.
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| services.nginx.proxyCachePath.<name>.levels | The levels parameter defines structure of subdirectories in cache: from
1 to 3, each level accepts values 1 or 2
|
| systemd.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.ddclient.username | User name.
|
| services.drupal.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| services.firewalld.zones.<name>.ports.*.port | |
| services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.name | Name of the cursor theme to use for the lightdm-slick-greeter.
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| services.wstunnel.servers.<name>.tlsKey | TLS key to use instead of the hardcoded on in case of HTTPS connections
|
| services.fedimintd.<name>.api_ws.url | Public URL of the API address of the reverse proxy/tls terminator
|
| systemd.user.services.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.neo4j.ssl.policies.<name>.ciphers | Restrict the allowed ciphers of this policy to those defined
here
|
| services.errbot.instances.<name>.dataDir | Data directory for errbot instance.
|
| services.kanidm.provision.persons.<name>.displayName | Display name
|
| services.drupal.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| security.pam.services.<name>.failDelay.enable | If enabled, this will replace the FAIL_DELAY setting from login.defs
|
| services.xserver.xkb.extraLayouts.<name>.keycodesFile | The path to the xkb keycodes file
|
| services.rke2.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| services.fedimintd.<name>.nginx.config.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| systemd.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| services.drupal.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.group | The group which should be allowed access to the given resource.
|
| hardware.alsa.cardAliases.<name>.id | The ID of the sound card
|
| services.kanata.keyboards.<name>.port | Port to run the TCP server on. null will not run the server.
|
| services.sympa.settingsFile.<name>.enable | Whether this file should be generated
|
| networking.vlans.<name>.id | The vlan identifier
|
| services.github-runners.<name>.user | User under which to run the service
|
| services.nsd.zones.<name>.children | Children zones inherit all options of their parents
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| services.dokuwiki.sites.<name>.phpPackage | The php package to use.
|
| services.redis.servers.<name>.requirePassFile | File with password for the database.
|
| services.sanoid.templates.<name>.daily | Number of daily snapshots.
|
| services.vault-agent.instances.<name>.user | User under which this instance runs.
|
| services.nghttpx.backends.*.params.dns | Name resolution of a backends host name is done at start up,
or configuration reload
|
| environment.etc.<name>.user | User name of file owner
|
| networking.sits.<name>.dev | The underlying network device on which the tunnel resides.
|
| services.postfix.masterConfig.<name>.args | Arguments to pass to the command
|