| services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.file | File name in the ecdsa folder for which this
passphrase should be used.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.file | File name in the pkcs8 folder for which this
passphrase should be used.
|
| services.borgbackup.jobs.<name>.readWritePaths | By default, borg cannot write anywhere on the system but
$HOME/.config/borg and $HOME/.cache/borg
|
| services.jibri.xmppEnvironments.<name>.control.login.username | User part of the JID.
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| virtualisation.oci-containers.containers.<name>.hostname | The hostname of the container.
|
| systemd.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.restic.backups.<name>.initialize | Create the repository if it doesn't exist.
|
| systemd.user.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.slices.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.user.timers.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| programs.neovim.runtime.<name>.target | Name of symlink
|
| services.radicle.ci.broker.settings.adapters.<name>.command | Adapter command to run.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id | IKE identity to use for authentication round
|
| services.firezone.server.provision.accounts.<name>.actors | All actors (users) to provision
|
| services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.jupyterhub.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyterhub.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.tinc.networks.<name>.ed25519PrivateKeyFile | Path of the private ed25519 keyfile.
|
| services.gitlab-runner.services.<name>.preGetSourcesScript | Runner-specific command script executed before code is pulled.
|
| virtualisation.fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.logrotate.settings.<name>.global | Whether this setting is a global option or not: set to have these
settings apply to all files settings with a higher priority.
|
| services.fcgiwrap.instances.<name>.process.user | User as which this instance of fcgiwrap will be run
|
| virtualisation.fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.v4l2-relayd.instances.<name>.input.pipeline | The gstreamer-pipeline to use for the input-stream.
|
| services.snapper.configs.<name>.SUBVOLUME | Path of the subvolume or mount point
|
| services.syncthing.settings.folders.<name>.label | The label of the folder.
|
| services.firewalld.zones.<name>.forwardPorts.*.to-addr | Destination IP address.
|
| services.kanidm.provision.systems.oauth2.<name>.originUrl | The redirect URL of the service
|
| services.nebula.networks.<name>.lighthouse.dns.host | IP address on which nebula lighthouse should serve DNS.
'localhost' is a good default to ensure the service does not listen on public interfaces;
use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.firewalld.zones.<name>.ports.*.protocol | |
| services.prometheus.exporters.rtl_433.channels.*.name | Name to match.
|
| services.wstunnel.servers.<name>.loggingLevel | Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct
|
| services.wstunnel.clients.<name>.loggingLevel | Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct
|
| services.woodpecker-agents.agents.<name>.path | Additional packages that should be added to the agent's PATH
|
| services.roundcube.database.dbname | Name of the postgresql database
|
| services.nominatim.database.dbname | Name of the postgresql database.
|
| services.vdirsyncer.jobs.<name>.config.storages | vdirsyncer storage configurations
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| security.acme.certs.<name>.group | Group running the ACME client.
|
| services.ghostunnel.servers.<name>.listen | Address and port to listen on (can be HOST:PORT, unix:PATH).
|
| services.ghostunnel.servers.<name>.target | Address to forward connections to (can be HOST:PORT or unix:PATH).
|
| services.authelia.instances.<name>.settings.log.level | Level of verbosity for logs.
|
| services.wstunnel.servers.<name>.restrictTo.*.port | The port.
|
| services.wstunnel.servers.<name>.restrictTo.*.host | The hostname.
|
| services.firewalld.zones.<name>.protocols | Protocols to allow in the zone.
|
| services.zeronsd.servedNetworks.<name>.package | The zeronsd package to use.
|
| services.xonotic.settings.hostname | The name that will appear in the server list. $g_xonoticversion
gets replaced with the current version.
|
| services.openafsServer.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.openafsClient.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.homebridge.settings.accessories.*.name | Name of the accessory
|
| services.geoclue2.appConfig.<name>.isAllowed | Whether the application will be allowed access to location information.
|
| services.gitlab-runner.services.<name>.protected | When set to true Runner will only run on pipelines
triggered on protected branches
|
| services.github-runners.<name>.nodeRuntimes | List of Node.js runtimes the runner should support.
|
| services.anubis.instances.<name>.settings | Freeform configuration via environment variables for Anubis
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| systemd.slices.<name>.wants | Start the specified units when this unit is started.
|
| systemd.timers.<name>.wants | Start the specified units when this unit is started.
|
| services.borgbackup.jobs.<name>.extraCreateArgs | Additional arguments for borg create
|
| services.fcgiwrap.instances.<name>.process.group | Group as which this instance of fcgiwrap will be run.
|
| services.syncthing.settings.folders.<name>.path | The path to the folder which should be shared
|
| services.kubernetes.kubelet.taints.<name>.effect | Effect of taint.
|
| users.users.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.kmonad.keyboards.<name>.extraGroups | Extra permission groups to attach to the KMonad instance for
this keyboard
|
| services.gitea-actions-runner.instances.<name>.url | Base URL of your Gitea/Forgejo instance.
|
| boot.initrd.extraFiles.<name>.source | The object to make available inside the initrd.
|
| users.extraUsers.<name>.pamMount | Attributes for user's entry in
pam_mount.conf.xml
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| boot.initrd.systemd.users.<name>.shell | The path to the user's shell in initrd.
|
| boot.initrd.systemd.users.<name>.group | Group the user belongs to in initrd.
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| services.nsd.zones.<name>.outgoingInterface | This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server
|
| services.wstunnel.clients.<name>.customHeaders | Custom HTTP headers to send during the upgrade request.
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| services.consul-template.instances.<name>.user | User under which this instance runs.
|
| services.easytier.instances.<name>.extraSettings | Extra settings to add to easytier-‹name›.toml.
|
| services.gitlab-runner.services.<name>.postGetSourcesScript | Runner-specific command script executed after code is pulled.
|
| systemd.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.netbird.tunnels.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| services.netbird.clients.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| virtualisation.interfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.kanidm.provision.systems.oauth2.<name>.imageFile | Application image to display in the WebUI
|
| services.iodine.clients | Each attribute of this option defines a systemd service that
runs iodine
|
| services.nebula.networks.<name>.lighthouse.dns.enable | Whether this lighthouse node should serve DNS.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles | List of roles for this stream
|
| services.radicle.ci.adapters.native.instances.<name>.enable | Whether to enable this radicle-native-ci instance.
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.kimai.sites.<name>.environmentFile | Securely pass environment variabels to Kimai
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from | The start of the port range, inclusive.
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| services.snapper.configs.<name>.TIMELINE_CREATE | Defines whether hourly snapshots should be created.
|