| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| services.caddy.virtualHosts.<name>.listenAddresses | A list of host interfaces to bind to for this virtual host.
|
| services.restic.backups.<name>.backupPrepareCommand | A script that must run before starting the backup process.
|
| services.restic.backups.<name>.backupCleanupCommand | A script that must run after finishing the backup process.
|
| services.anuko-time-tracker.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| systemd.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.syncthing.settings.folders.<name>.path | The path to the folder which should be shared
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.bookstack.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.wordpress.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| boot.initrd.systemd.users.<name>.uid | ID of the user in initrd.
|
| services.kanidm.provision.systems.oauth2.<name>.scopeMaps | Maps kanidm groups to returned oauth scopes
|
| services.borgbackup.jobs.<name>.extraCompactArgs | Additional arguments for borg compact
|
| services.vdirsyncer.jobs.<name>.forceDiscover | Run yes | vdirsyncer discover prior to vdirsyncer sync
|
| services.tarsnap.archives.<name>.followSymlinks | Whether to follow all symlinks in archive trees.
|
| services.netbird.tunnels.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| services.netbird.clients.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| services.openbao.settings.listener.<name>.address | The TCP address or UNIX socket path to listen on.
|
| services.nebula.networks.<name>.firewall.outbound | Firewall rules for outbound traffic.
|
| services.authelia.instances.<name>.settings.log.level | Level of verbosity for logs.
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.name | Name of the contact point
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| services.znc.user | The name of an existing user account to use to own the ZNC server
process
|
| systemd.user.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_id | Identity to use as peer identity during EAP authentication
|
| services.i2pd.outTunnels.<name>.destinationPort | Connect to particular port at destination.
|
| services.firezone.server.provision.accounts.<name>.policies | All policies to provision
|
| services.firewalld.zones.<name>.interfaces | Interfaces to bind.
|
| services.bacula-sd.autochanger.<name>.devices | |
| services.cjdns.ETHInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.cjdns.UDPInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.bitcoind.<name>.extraCmdlineOptions | Extra command line options to pass to bitcoind
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| services.borgbackup.repos.<name>.allowSubRepos | Allow clients to create repositories in subdirectories of the
specified path
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanidm.provision.systems.oauth2.<name>.originUrl | The redirect URL of the service
|
| services.fluidd.nginx.serverName | Name of this virtual host
|
| services.akkoma.nginx.serverName | Name of this virtual host
|
| services.gancio.nginx.serverName | Name of this virtual host
|
| services.monica.nginx.serverName | Name of this virtual host
|
| services.matomo.nginx.serverName | Name of this virtual host
|
| services.fedimintd.<name>.nginx.config.reuseport | Create an individual listening socket
|
| services.snapper.configs.<name>.TIMELINE_CLEANUP | Defines whether the timeline cleanup algorithm should be run for the config.
|
| systemd.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.nitter.server.hostname | Hostname of the instance.
|
| services.anubis.instances.<name>.settings.TARGET | The reverse proxy target that Anubis is protecting
|
| systemd.user.timers.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.user.slices.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.angrr.settings.profile-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.tor.relay.onionServices.<name>.authorizeClient | See torrc manual.
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| systemd.user.timers.<name>.wants | Start the specified units when this unit is started.
|
| systemd.user.slices.<name>.wants | Start the specified units when this unit is started.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.pgbackrest.repos.<name>.sftp-private-key-file | SFTP private key file
|
| services.bookstack.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.bookstack.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.description | The description of this policy
|
| services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| services.autosuspend.checks.<name>.enabled | Whether to enable this activity check.
|
| services.keepalived.vrrpScripts.<name>.timeout | Seconds after which script is considered to have failed.
|
| services.firewalld.zones.<name>.masquerade | Whether to enable masquerading in the zone.
|
| services.angrr.settings.profile-policies.<name>.keep-since | Retention period for the GC roots in this profile.
|
| services.strongswan-swanctl.swanctl.pools.<name>.dns | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id | Client XAuth username used in the XAuth exchange.
|
| boot.initrd.luks.devices.<name>.preLVM | Whether the luksOpen will be attempted before LVM scan or after it.
|
| services.akkoma.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fluidd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matomo.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.monica.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.borgbackup.jobs.<name>.failOnWarnings | Fail the whole backup job if any borg command returns a warning
(exit code 1), for example because a file changed during backup.
|
| systemd.slices.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| users.groups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| systemd.timers.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| hardware.alsa.cardAliases.<name>.driver | Name of the kernel module that provides the card.
|
| security.acme.certs.<name>.csrKey | Path to the private key to the matching certificate signing request.
|
| services.sabnzbd.settings.servers.<name>.required | In case of connection failures, wait for the
server to come back online instead of skipping
it.
|
| services.sabnzbd.settings.servers.<name>.priority | Priority of this servers
|
| services.httpd.virtualHosts.<name>.listenAddresses | Listen addresses for this virtual host
|
| services.nebula.networks.<name>.lighthouse.dns.enable | Whether this lighthouse node should serve DNS.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles | List of roles for this stream
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.consul-template.instances.<name>.enable | Whether to enable this consul-template instance.
|
| services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| services.radicle.ci.broker.settings.adapters.<name>.command | Adapter command to run.
|