Differentiated Services Field Codepoint to set on outgoing IKE packets for this connection

If your gotify endpoint uses https, leave this option set to default

List of named IP pools to allocate virtual IP addresses and other configuration attributes from

The value full-apivfs (the default) sets up private /dev, /proc, /sys, /tmp and /var/tmp file systems in a separate user name space

The device handle of the EFI System Partition (ESP) where the Windows bootloader is located

List of orgIds that should be reset to the default policy.

Scrapping interval in seconds

Collectors to disable which are enabled by default

This option is for generating PostScript and PDF output

Per-target timeout when scraping this job

Grants the user, created by the ensureUser attr, createdb permissions

List of CRL distribution points (ldap, http, or file URI)

Environment file as defined in systemd.exec(5)

Address or CIDR subnets

StrongSwan default: []

Address or CIDR subnets

StrongSwan default: []

List of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config

List of local traffic selectors to include in CHILD_SA

Whether the hypervisor should flush the L1 data cache before entering guests

List of OCSP URIs

IKE identity to expect for authentication round

If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader

Optional numeric identifier by which authentication rounds are sorted

Override the default working directory for the container.

The method used for generating the default value for mynetworks, if that option is unset.

https://www.postfix.org/postconf.5.html#mynetworks_style

How frequently to scrape targets by default

"bantime.multipliers" used to calculate next value of ban time instead of formula, corresponding previously ban count and given "bantime.factor" (for multipliers default is 1); following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count, always used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours

List of certificates to accept for authentication

Optional numeric identifier by which authentication rounds are sorted

The minimum interval at which to write out the persistence file.

null will default to 5m.

How long to retain samples in storage

How frequently to scrape targets from this job

Grants the user, created by the ensureUser attr, replication permissions

To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the NAT detection payloads

Additional configuration for the WirePlumber daemon when run in single-instance mode (the default in nixpkgs and currently the only supported way to run WirePlumber configured via extraConfig)

Only the MySQL driver supports isolation levels in Grafana

Grants the user, created by the ensureUser attr, superuser permissions

Default admin password

Organization ID, default = 1.

A printf-style string that is output at the beginning of each log line

Configures the syscall filter for postgresql.service

List of allowed indicator modules to use for the lightdm gtk greeter panel

Whether this connection is a mediation connection, that is, whether this connection is used to mediate other connections using the IKEv2 Mediation Extension

List of CA certificates to accept for authentication

Organization ID, default = 1.

List of raw public keys to accept for authentication

List of certificate candidates to use for authentication

The name-string specifies an external program to be called that will automatically change volumes as required by Bacula

Interval to check the liveness of a peer actively using IKEv2 INFORMATIONAL exchanges or IKEv1 R_U_THERE messages

Authorization group memberships to require

Time range from which to choose a random value to subtract from rekey/reauth times

Override the default entrypoint of the image.

Enable IPComp compression before encryption

Environment variables to set for the service

XFRM interface ID set on inbound policies/SA, can be overridden by child config, see there for details

List of raw public key candidates to use for authentication

The directory where MPD stores playlists

Defines where FileSender logging is sent

The threshold in seconds which indicates how long we should wait for a metric message from MQTT broker

Logging driver for the container

Grants the user, created by the ensureUser attr, replication permissions

This is optional and is by default off, because most users will not need it

If not null, is used as the permissions set by system.activationScripts.transmission-daemon on the directories services.transmission.settings.download-dir, services.transmission.settings.incomplete-dir. and services.transmission.settings.watch-dir

Whether a Postquantum Preshared Key (PPK) is required for this connection

Whether to copy the DF bit to the outer IPv4 header in tunnel mode

XFRM interface ID set on outbound policies/SA, can be overridden by child config, see there for details

The default permissions (in octal) to create the UNIX socket with.

Whether to install IPsec policies or not

Grants the user, created by the ensureUser attr, createrole permissions

List of remote selectors to include in CHILD_SA

Enables Aggressive Mode instead of Main Mode with Identity Protection

Whether to copy the ECN (Explicit Congestion Notification) header field to/from the outer IP header in tunnel mode

Time range from which to choose a random value to subtract from rekey_time

Hostaccess variable to pass to updown script

Configuration from which XMonad gets compiled

Listen on a UNIX socket at the specified path

Set to true to enable the X-XSS-Protection header, which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.

Note: this is the default in Grafana, it's turned off here since it's recommended to not use this header anymore.

List of certificate policy OIDs the peer's certificate must have

Hard IKE_SA lifetime if rekey/reauth does not complete, as time

Byte range from which to choose a random value to subtract from rekey_bytes

Force Nextcloud to always use HTTP or HTTPS i.e. for link generation

Maximum lifetime before CHILD_SA gets closed

When the dynamic endpoint refresh that is configured via dynamicEndpointRefreshSeconds exits (likely due to a failure), restart that service after this many seconds

Sets the maximum amount of time a connection may be reused

Absolute path to a file with environment variables used for gitlab-runner registration with runner registration tokens

This is optional and is by default off, because most users will not need it

XFRM interface ID set on inbound policies/SA

Maximum bytes processed before CHILD_SA gets closed

Capabilities to configure for the container

HMAC-SHA-256 is used with 128-bit truncation with IPsec

How many server connections to allow per user/database pair

Packet range from which to choose a random value to subtract from rekey_packets

IPsec Mode to establish CHILD_SA with.

• tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,
• whereas transport uses IPsec Transport Mode.
• transport_proxy signifying the special Mobile IPv6 Transport Proxy Mode.
• beet is the Bound End to End Tunnel mixture mode, working with fixed inner addresses without the need to include them in each packet.
• Both transport and beet modes are subject to mode negotiation; tunnel mode is negotiated if the preferred mode is not available.
• pass and drop are used to install shunt policies which explicitly bypass the defined traffic from IPsec processing or drop it, respectively

Local address(es) to use for IKE communication

How frequently to evaluate rules by default

XFRM interface ID set on outbound policies/SA

The default path grouping policy to apply to unspecified multipaths

The system-wide memory allocator

Replaces the default mail template layout

When set to true, disables the Background Plugin Installer, which runs before Grafana starts

Connection uniqueness policy to enforce