| services.kanidm.provision.persons.<name>.displayName | Display name
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| networking.greTunnels.<name>.type | Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.group | The group which should be allowed access to the given resource.
|
| systemd.user.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| programs.ssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.ndppd.proxies.<name>.timeout | Controls how long to wait for a Neighbor Advertisement Message before
invalidating the entry, in milliseconds.
|
| services.drupal.sites.<name>.database.host | Database host address.
|
| services.drupal.sites.<name>.database.port | Database host port.
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| programs.ssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.name | Name of the cursor theme to use for the lightdm-gtk-greeter.
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| services.jupyter.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyter.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| services.fedimintd.<name>.nginx.fqdn | Public domain of the API address of the reverse proxy/tls terminator.
|
| services.mobilizon.settings.":mobilizon".":instance".name | The fallback instance name if not configured into the admin UI
|
| services.tahoe.nodes.<name>.client.shares.total | The number of shares required to store a file.
|
| security.pam.services.<name>.rssh | If set, the calling user's SSH agent is used to authenticate
against the configured keys
|
| services.grafana.provision.alerting.rules.settings.groups.*.name | Name of the rule group
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| systemd.user.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.services.<name>.scriptArgs | Arguments passed to the main process script
|
| systemd.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.sanoid.datasets.<name>.yearly | Number of yearly snapshots.
|
| services.sympa.settingsFile.<name>.source | Path of the source file.
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| services.sanoid.datasets.<name>.hourly | Number of hourly snapshots.
|
| services.httpd.virtualHosts.<name>.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.nginx.virtualHosts.<name>.acmeRoot | Directory for the ACME challenge, which is public
|
| systemd.user.timers.<name>.requisite | Similar to requires
|
| systemd.user.slices.<name>.requisite | Similar to requires
|
| services.redis.servers.<name>.appendFsync | How often to fsync the append-only log, options: no, always, everysec.
|
| services.easytier.instances.<name>.settings | Settings to generate easytier-‹name›.toml
|
| fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| services.redis.servers.<name>.save | The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes
|
| networking.greTunnels.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.nylon.<name>.bindInterface | Tell nylon which interface to use as an uplink, default is "enp3s0f0".
|
| services.graylog.rootUsername | Name of the default administrator user
|
| boot.initrd.luks.devices.<name>.yubikey.twoFactor | Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
|
| boot.initrd.luks.devices.<name>.yubikey.keyLength | Length of the LUKS slot key derived with PBKDF2 in byte.
|
| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.type | The resource type
|
| services.buildkite-agents.<name>.tags | Tags for the agent.
|
| services.quicktun.<name>.protocol | Which protocol to use.
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.tahoe.nodes.<name>.sftpd.accounts.url | URL of the accounts server.
|
| security.pam.services.<name>.gnupg.storeOnly | Don't send the password immediately after login, but store for PAM
session.
|
| fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.prosody.virtualHosts.<name>.ssl.cert | Path to the certificate file.
|
| services.fedimintd.<name>.nginx.config.http3 | Whether to enable the HTTP/3 protocol
|
| services.drupal.sites.<name>.privateFilesDir | The location of the Drupal private files directory.
|
| services.openvpn.servers.<name>.autoStart | Whether this OpenVPN instance should be started automatically.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.suricata.settings.outputs.*.<name>.enabled | Whether to enable .
|
| services.akkoma.initDb.username | Name of the database user to initialise the database with
|
| services.ddclient.username | User name.
|
| services.ax25.axports.<name>.callsign | The callsign of the physical interface to bind to.
|
| services.uhub.<name>.plugins.*.settings | Settings specific to this plugin.
|
| services.spiped.config.<name>.timeout | Timeout, in seconds, after which an attempt to connect to
the target or a protocol handshake will be aborted (and the
connection dropped) if not completed
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| boot.initrd.luks.devices.<name>.postOpenCommands | Commands that should be run right after we have mounted our LUKS device.
|
| systemd.network.netdevs.<name>.extraConfig | Extra configuration append to unit
|
| systemd.user.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| networking.interfaces.<name>.useDHCP | Whether this interface should be configured with DHCP
|
| services.postgresql.systemCallFilter.<name>.enable | Whether to enable ‹name› in postgresql's syscall filter.
|
| services.github-runners.<name>.package | The github-runner package to use.
|
| services.httpd.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.nginx.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.rke2.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| services.jupyterhub.kernels.<name>.language | Language of the environment
|
| services.dokuwiki.sites.<name>.package | The dokuwiki package to use.
|
| services.znapzend.zetup.<name>.dataset | The dataset to use for this source.
|
| security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| services.quicktun.<name>.timeWindow | Allowed time window for first received packet in seconds (positive number allows packets from history)
|
| services.nsd.zones.<name>.multiMasterCheck | If enabled, checks all masters for the last zone version
|
| boot.initrd.luks.devices.<name>.keyFileOffset | The offset of the key file
|
| services.sourcehut.settings."builds.sr.ht::worker".name | Listening address and listening port
of the build runner (with HTTP port if not 80).
|
| services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.name | Name of the cursor theme to use for the lightdm-enso-os-greeter
|
| services.redis.servers.<name>.group | Group account under which this instance of redis-server runs.
If left as the default value this group will automatically be
created on system activation, otherwise you are responsible for
ensuring the group exists before the redis service starts.
|
| services.tahoe.nodes.<name>.client.shares.happy | The number of distinct storage nodes required to store
a file.
|
| systemd.services.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.xserver.xkb.extraLayouts.<name>.keycodesFile | The path to the xkb keycodes file
|
| services.nginx.virtualHosts.<name>.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.drupal.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|
| services.public-inbox.inboxes.<name>.watch | Paths for public-inbox-watch(1) to monitor for new mail.
|
| services.prometheus.exporters.fritz.settings.devices.*.name | Name to use for the device.
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| systemd.network.netdevs.<name>.tapConfig | Each attribute in this set specifies an option in the
[Tap] section of the unit
|
| systemd.network.networks.<name>.vxlan | A list of vxlan interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.tunConfig | Each attribute in this set specifies an option in the
[Tun] section of the unit
|
| services.rke2.autoDeployCharts.<name>.hash | The hash of the packaged Helm chart
|
| services.keepalived.vrrpInstances.<name>.vmacInterface | Name of the vmac interface to use. keepalived will come up with a name
if you don't specify one.
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| services.httpd.virtualHosts.<name>.listen.*.port | Port to listen on
|