| services.pixelfed.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.firewalld.services.<name>.sourcePorts | Source ports for the service.
|
| systemd.user.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.wstunnel.servers.<name>.restrictTo.*.port | The port.
|
| services.wstunnel.servers.<name>.restrictTo.*.host | The hostname.
|
| services.firewalld.zones.<name>.protocols | Protocols to allow in the zone.
|
| services.zeronsd.servedNetworks.<name>.package | The zeronsd package to use.
|
| services.firezone.server.provision.accounts.<name>.actors | All actors (users) to provision
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| services.borgbackup.jobs.<name>.privateTmp | Set the PrivateTmp option for
the systemd-service
|
| boot.initrd.clevis.devices.<name>.secretFile | Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).
|
| services.fedimintd.<name>.nginx.config.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.postfix.settings.master.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| services.strongswan-swanctl.swanctl.connections.<name>.pools | List of named IP pools to allocate virtual IP addresses
and other configuration attributes from
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| services.firewalld.zones.<name>.forwardPorts.*.to-addr | Destination IP address.
|
| systemd.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| systemd.network.netdevs.<name>.extraConfig | Extra configuration append to unit
|
| services.jibri.xmppEnvironments.<name>.control.login.username | User part of the JID.
|
| systemd.user.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| virtualisation.libvirtd.hooks.qemu | Hooks that will be placed under /var/lib/libvirt/hooks/qemu.d/
and called for qemu domains begin/end/migrate events
|
| services.httpd.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| systemd.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.requisite | Similar to requires
|
| systemd.sockets.<name>.requisite | Similar to requires
|
| security.pam.services.<name>.kwallet.enable | If enabled, pam_wallet will attempt to automatically unlock the
user's default KDE wallet upon login
|
| services.borgbackup.jobs.<name>.dumpCommand | Backup the stdout of this program instead of filesystem paths
|
| services.peertube-runner.instancesToRegister.<name>.runnerName | Runner name declared to the PeerTube instance.
|
| services.znc.confOptions.networks.<name>.channels | IRC channels to join.
|
| services.tahoe.nodes.<name>.client.introducer | The furl for a Tahoe introducer node
|
| services.consul-template.instances.<name>.user | User under which this instance runs.
|
| services.radicle.httpd.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.radicle.httpd.nginx.locations.<name>.index | Adds index directive.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file | File name in the pkcs12 folder for which this
passphrase should be used.
|
| services.rshim.device | Specify the device name to attach
|
| services.ghostunnel.servers.<name>.target | Address to forward connections to (can be HOST:PORT or unix:PATH).
|
| services.ghostunnel.servers.<name>.listen | Address and port to listen on (can be HOST:PORT, unix:PATH).
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys | List of raw public keys to accept for
authentication
|
| systemd.user.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.tarsnap.archives.<name>.includes | Include only files and directories matching these
patterns (the empty list includes everything)
|
| services.mautrix-meta.instances.<name>.enable | Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.
|
| services.pgbackrest.stanzas.<name>.instances | An attribute set of database instances as described in:
https://pgbackrest.org/configuration.html#section-stanza
Each instance defaults to set pg-host to the attribute's name
|
| services.gitlab-runner.services.<name>.dockerExtraHosts | Add a custom host-to-IP mapping.
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.fluidd.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.fedimintd.<name>.nginx.config.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.gancio.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.akkoma.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.monica.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.matomo.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.gitea-actions-runner.instances.<name>.url | Base URL of your Gitea/Forgejo instance.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readBuckets | The organization's buckets which should be allowed to be read
|
| services.gitlab-runner.services.<name>.postBuildScript | Runner-specific command script executed after code is pulled
and just after build executes.
|
| services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| services.postfix.settings.master.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups | Authorization group memberships to require
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| hardware.sane.brscan5.netDevices.<name>.model | The model of the network device.
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| services.github-runners.<name>.tokenType | Type of token to use for runner registration
|
| boot.initrd.luks.devices.<name>.postOpenCommands | Commands that should be run right after we have mounted our LUKS device.
|
| services.autorandr.profiles.<name>.fingerprint | Output name to EDID mapping
|
| systemd.network.netdevs.<name>.tapConfig | Each attribute in this set specifies an option in the
[Tap] section of the unit
|
| systemd.network.networks.<name>.vxlan | A list of vxlan interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.tunConfig | Each attribute in this set specifies an option in the
[Tun] section of the unit
|
| services.fediwall.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.anuko-time-tracker.nginx.locations.<name>.root | Root directory for requests.
|
| services.kanboard.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.dolibarr.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.librenms.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.agorakit.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.pixelfed.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.mainsail.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.vdirsyncer.jobs.<name>.config.statusPath | vdirsyncer's status path
|
| services.borgbackup.jobs.<name>.prune.prefix | Only consider archive names starting with this prefix for pruning
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| networking.interfaces.<name>.virtualType | The type of interface to create
|
| services.authelia.instances.<name>.package | The authelia package to use.
|
| services.mosquitto.bridges.<name>.settings | Additional settings for this bridge.
|
| services.wstunnel.clients.<name>.customHeaders | Custom HTTP headers to send during the upgrade request.
|
| systemd.user.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.orangefs.server.fileSystems.<name>.troveSyncData | Sync data.
|
| services.vdirsyncer.jobs.<name>.config.general | general configuration
|
| services.gitlab-runner.services.<name>.dockerPullPolicy | Default pull-policy for Docker images
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.operator | Grants all permissions in all organizations.
|
| services.openvpn.servers.<name>.authUserPass.password | The password to store inside the credentials file.
|
| services.fcgiwrap.instances.<name>.socket.type | Socket type: 'unix', 'tcp' or 'tcp6'.
|
| services.fcgiwrap.instances.<name>.socket.user | User to be set as owner of the UNIX socket.
|
| services.znc.confOptions.networks.<name>.password | IRC server password, such as for a Slack gateway.
|
| services.v4l2-relayd.instances.<name>.output.format | The video-format to write to output-stream.
|
| boot.initrd.luks.devices.<name>.yubikey.twoFactor | Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
|
| boot.initrd.luks.devices.<name>.yubikey.keyLength | Length of the LUKS slot key derived with PBKDF2 in byte.
|