| services.hylafax.autostart | Autostart the HylaFAX queue manager at system start
|
| services.grafana.settings.users.viewers_can_edit | Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to
|
| security.duosec.autopush | If true, Duo Unix will automatically send
a push login request to the user’s phone, falling back on a
phone call if push is unavailable
|
| services.coder.database.createLocally | Create the database and database user locally.
|
| services.davis.database.createLocally | Create the database and database user locally.
|
| services.atuin.database.createLocally | Create the database and database user locally.
|
| services.lldap.database.createLocally | Create the database and database user locally.
|
| services.maddy.ensureAccounts | List of IMAP accounts which get automatically created
|
| services.rke2.cisHardening | Enable CIS Hardening for RKE2
|
| services.writefreely.admin.name | The name of the first admin user.
|
| services.hologram-server.enableLdapRoles | Whether to assign user roles based on the user's LDAP group memberships
|
| services.prometheus.exporters.unpoller.controllers.*.pass | Path of a file containing the password for the unifi service user
|
| services.xserver.desktopManager.surf-display.inactivityInterval | Setting for internal inactivity timer to restart surf-display if the
user goes inactive/idle to get a fresh session for the next user of
the kiosk
|
| services.hbase-standalone.dataDir | Specifies location of HBase database files
|
| services.bookstack.nginx.kTLS | Whether to enable kTLS support
|
| services.postgresql.ensureUsers.*.name | Name of the user to ensure.
|
| services.oncall.secretFile | A YAML file containing secrets such as database or user passwords
|
| services.tcsd.platformCred | Path to the platform credential for your TPM
|
| services.snipe-it.database.createLocally | Create the database and database user locally.
|
| services.weblate.djangoSecretKeyFile | Location of the Django secret key
|
| services.jenkins.jobBuilder.accessTokenFile | File containing the API token for the accessUser
user.
|
| security.duosec.acceptEnvFactor | Look for factor selection or passcode in the
$DUO_PASSCODE environment variable before
prompting the user for input
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| services.fwupd.extraTrustedKeys | Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.firezone.relay.tokenFile | A file containing the firezone relay token
|
| boot.initrd.network.ssh.authorizedKeys | Authorized keys for the root user on initrd
|
| services.librenms.database.socket | A unix socket to mysql, accessible by the librenms user
|
| programs.dsearch.systemd.target | The systemd target that will automatically start the dsearch service
|
| services.opensearch.dataDir | Data directory for OpenSearch
|
| services.part-db.enablePostgresql | Whether to configure the postgresql database for part-db
|
| services.lldap.settings.http_port | The port on which to have the HTTP server, for user login and administration.
|
| services.monado.forceDefaultRuntime | Whether to ensure that Monado is the active runtime set for the current
user
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| services.maubot.settings.admins | List of administrator users
|
| programs.miriway.enable | Whether to enable Miriway, a Mir based Wayland compositor
|
| programs.atop.setuidWrapper.enable | Whether to install a setuid wrapper for Atop
|
| services.buildkite-agents.<name>.extraGroups | Groups the user for this buildkite agent should belong to
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| services.monica.database.createLocally | Create the database and database user locally.
|
| services.moodle.database.createLocally | Create the database and database user locally.
|
| services.physlock.enable | Whether to enable the physlock screen locking mechanism
|
| services.moodle.initialPassword | Specifies the initial password for the admin, i.e. the password assigned if the user does not already exist
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| services.angrr.settings.owned-only | Only monitors owned symbolic link target of GC roots.
- "auto": behaves like true for normal users, false for root.
- "true": only monitor GC roots owned by the current user.
- "false": monitor all GC roots.
|
| services.coturn.static-auth-secret | 'Static' authentication secret value (a string) for TURN REST API only
|
| services.bitmagnet.useLocalPostgresDB | Use a local postgresql database, create user and database
|
| services.power-profiles-daemon.enable | Whether to enable power-profiles-daemon, a DBus daemon that allows
changing system behavior based upon user-selected power profiles.
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|
| services.roundcube.database.host | Host of the postgresql server
|
| services.jirafeau.nginxConfig.kTLS | Whether to enable kTLS support
|
| programs.gnupg.agent.enableSSHSupport | Enable SSH agent support in GnuPG agent
|
| services.oncall.database.createLocally | Whether to enable Create the database and database user locally..
|
| services.nominatim.database.apiUser | Postgresql database user with read-only permissions used for Nominatim
web API service.
|
| services.openssh.settings.PermitRootLogin | Whether the root user can login using ssh.
|
| services.smartd.notifications.systembus-notify.enable | Whenever to send systembus-notify notifications
|
| services.thelounge.public | Make your The Lounge instance public
|
| services.distccd.allowedClients | Client IPs which are allowed to connect to distccd in CIDR notation
|
| services.journald.gateway.key | Specify the path to a file or AF_UNIX stream socket to read the
secret server key corresponding to the certificate specified with
services.journald.gateway.cert from
|
| services.graylog.passwordSecret | You MUST set a secret to secure/pepper the stored user passwords here
|
| services.borgbackup.repos.<name>.group | The group borg serve is run as
|
| services.mongodb.initialRootPasswordFile | Path to the file containing the password for the root user if auth is enabled.
|
| services.pretix.settings.pretix.datadir | Directory for storing user uploads and similar data.
|
| services.zabbixWeb.nginx.virtualHost.kTLS | Whether to enable kTLS support
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| security.polkit.adminIdentities | Specifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value)
|
| services.kbfs.enableRedirector | Whether to enable the Keybase root redirector service, allowing
any user to access KBFS files via /keybase,
which will show different contents depending on the requester.
|
| services.displayManager.lemurs.enable | Whether to enable lemurs, a customizable TUI display/login manager.
For Wayland compositors, your user must be in the "seat" group.
|
| services.systembus-notify.enable | Whether to enable System bus notification support
WARNING: enabling this option (while convenient) should not be done on a
machine where you do not trust the other users as it allows any other
local user to DoS your session by spamming notifications
.
|
| services.multipath.devices.*.deferred_remove | If set to "yes", multipathd will do a deferred remove instead of a
regular remove when the last path device has been deleted
|
| services.dovecot2.sieve.extensions | Sieve extensions for use in user scripts
|
| networking.dhcpcd.runHook | Shell code that will be run after all other hooks
|
| services.gitolite.description | Gitolite user account's description.
|
| services.gokapi.mutableSettings | Allow changes to the program config made by the program to persist between restarts
|
| services.redmine.database.createLocally | Create the database and database user locally.
|
| services.nextcloud.extraAppsEnable | Automatically enable the apps in services.nextcloud.extraApps every time Nextcloud starts
|
| services.openvscode-server.extraGroups | An array of additional groups for the openvscode-server user.
|
| services.xscreensaver.enable | Whether to enable xscreensaver user service.
|
| services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| services.atuin.openRegistration | Allow new user registrations with the atuin server.
|
| boot.initrd.network.ssh.authorizedKeyFiles | Authorized keys taken from files for the root user on initrd
|
| services.vsftpd.anonymousUserNoPassword | Whether to disable the password for the anonymous FTP user.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.username | Credentials are used to authenticate the requests to Uyuni API.
|
| services.mysql.replication.masterUser | Username of the MySQL replication user.
|
| services.firezone.gateway.tokenFile | A file containing the firezone gateway token
|
| services.jenkins.jobBuilder.accessToken | User token in Jenkins used to reload config
|
| services.heisenbridge.owner | Set owner MXID otherwise first talking local user will claim the bridge
|
| services.grafana-to-ntfy.settings.ntfyBAuthPass | The path to the password for the specified ntfy-sh user
|
| services.keycloak.database.name | Database name to use when connecting to an external or
manually provisioned database; has no effect when a local
database is automatically provisioned
|
| services.borgbackup.repos | Serve BorgBackup repositories to given public SSH keys,
restricting their access to the repository only
|
| services.ocis.configDir | Path to directory containing oCIS config file
|
| services.authelia.instances.<name>.name | Name is used as a suffix for the service name, user, and group
|
| services.grafana-to-ntfy.settings.ntfyBAuthUser | The ntfy-sh user to use for authenticating with the ntfy-sh instance
|
| services.cloudlog.database.passwordFile | MySQL user password file.
|
| services.kimai.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.gitlab.databasePasswordFile | File containing the GitLab database user password
|
| services.crossfire-server.stateDir | Where to store runtime data (save files, persistent items, etc)
|
| services.calibre-server.libraries | Make sure each library path is initialized before service startup
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| services.reaction.runAsRoot | Whether to run reaction as root
|