| services.snapper.configs.<name>.SUBVOLUME | Path of the subvolume or mount point
|
| systemd.services.<name>.notSocketActivated | If set, a changed unit is never assumed to be
socket-activated on configuration switch, even if
it might have associated socket units
|
| services.honk.username | The admin account username.
|
| services.davis.nginx.serverName | Name of this virtual host
|
| services.movim.nginx.serverName | Name of this virtual host
|
| services.slskd.nginx.serverName | Name of this virtual host
|
| systemd.user.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.kimai.sites.<name>.environmentFile | Securely pass environment variabels to Kimai
|
| services.orangefs.server.fileSystems.<name>.troveSyncMeta | Sync meta data.
|
| services.public-inbox.settings.coderepo.<name>.cgitUrl | URL of a cgit instance
|
| services.i2pd.inTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.drupal.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.mosquitto.listeners.*.users.<name>.acl | Control client access to topics on the broker.
|
| services.simplesamlphp.<name>.libDir | Path to the SimpleSAMLphp library directory.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_DAILY | Limits for timeline cleanup.
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|
| containers.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| users.extraUsers.<name>.isSystemUser | Indicates if the user is a system user or not
|
| services.fedimintd.<name>.nginx.config.listen.*.port | Port number to listen on
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.nagios.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.restic.backups.<name>.repositoryFile | Path to the file containing the repository location to backup to.
|
| services.nagios.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.moodle.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.wordpress.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| services.wstunnel.servers.<name>.loggingLevel | Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct
|
| services.wstunnel.clients.<name>.loggingLevel | Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct
|
| services.gitlab-runner.services.<name>.preGetSourcesScript | Runner-specific command script executed before code is pulled.
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.zeronsd.servedNetworks.<name>.settings | Settings for zeronsd
|
| services.drupal.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.drupal.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| systemd.user.sockets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.user.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.bacula-fd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.bacula-sd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| services.orangefs.server.fileSystems.<name>.rootHandle | File system root ID.
|
| services.syncthing.settings.folders.<name>.id | The ID of the folder
|
| services.sanoid.templates.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.syncthing.settings.devices.<name>.id | The device ID
|
| services.rke2.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.rke2.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| security.pam.services.<name>.gnupg.noAutostart | Don't start gpg-agent if it is not running
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp | Enable IPComp compression before encryption
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.module | Optional PKCS#11 module name to access the token.
|
| services.gitlab-runner.services.<name>.runUntagged | Register to run untagged builds; defaults to
true when tagList is empty
|
| services.bookstack.nginx.locations.<name>.root | Root directory for requests.
|
| services.borgbackup.jobs.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| systemd.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| openstack.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| services.displayManager.dms-greeter.compositor.name | The Wayland compositor to run the greeter in
|
| services.fedimintd.<name>.nginx.config.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.i2pd.outTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.drupal.sites.<name>.virtualHost.locations | Declarative location config
|
| services.ttyd.username | Username for basic http authentication.
|
| services.davis.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.borgbackup.jobs.<name>.readWritePaths | By default, borg cannot write anywhere on the system but
$HOME/.config/borg and $HOME/.cache/borg
|
| services.movim.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id | Server side EAP-Identity to expect in the EAP method
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys | List of raw public key candidates to use for
authentication
|
| services.nebula.networks.<name>.isLighthouse | Whether this node is a lighthouse.
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| systemd.user.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| systemd.timers.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.slices.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| security.acme.certs.<name>.server | ACME Directory Resource URI
|
| services.snipe-it.nginx.serverName | Name of this virtual host
|
| services.hostapd.radios.<name>.settings | Extra configuration options to put at the end of global initialization, before defining BSSs
|
| services.drupal.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nginx.virtualHosts.<name>.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| systemd.user.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.wordpress.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.radicle.httpd.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.nginx.virtualHosts.<name>.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.strongswan-swanctl.swanctl.secrets.private.<name>.file | File name in the private folder for which this passphrase should be used.
|
| services.kanata.keyboards.<name>.configFile | The config file
|
| services.keyd.keyboards.<name>.settings | Configuration, except ids section, that is written to /etc/keyd/.conf
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| services.firewalld.services.<name>.protocols | Protocols for the service.
|
| services.firewalld.services.<name>.ports.*.protocol | |
| security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| systemd.network.networks.<name>.DHCP | Whether to enable DHCP on the interfaces matched.
|
| services.anuko-time-tracker.nginx.locations.<name>.index | Adds index directive.
|
| services.anuko-time-tracker.nginx.locations.<name>.alias | Alias directory for requests.
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| services.bacula-sd.autochanger.<name>.devices | |
| services.wyoming.piper.servers.<name>.streaming | Whether to enable audio streaming on sentence boundaries.
|
| services.firewalld.zones.<name>.egressPriority | Priority for outbound traffic
|