| networking.greTunnels.<name>.dev | The underlying network device on which the tunnel resides.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| services.gitea-actions-runner.instances.<name>.url | Base URL of your Gitea/Forgejo instance.
|
| services.wstunnel.servers.<name>.listen.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| services.snipe-it.nginx.serverName | Name of this virtual host
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument | An argument whose meaning depends on the type of operation
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| services.fedimintd.<name>.nginx.config.listen.*.port | Port number to listen on
|
| openstack.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| services.pgbackrest.stanzas.<name>.instances | An attribute set of database instances as described in:
https://pgbackrest.org/configuration.html#section-stanza
Each instance defaults to set pg-host to the attribute's name
|
| services.peertube-runner.instancesToRegister.<name>.runnerName | Runner name declared to the PeerTube instance.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updown | Updown script to invoke on CHILD_SA up and down events.
|
| services.drupal.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.gerrit.plugins | List of plugins to add to Gerrit
|
| services.orangefs.server.fileSystems.<name>.troveSyncMeta | Sync meta data.
|
| services.public-inbox.settings.coderepo.<name>.cgitUrl | URL of a cgit instance
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.tokenFile | The token value
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.description | The description of this policy
|
| services.gitlab-runner.services.<name>.dockerVolumes | Bind-mount a volume and create it
if it doesn't exist prior to mounting.
|
| services.displayManager.dms-greeter.compositor.name | The Wayland compositor to run the greeter in
|
| security.pam.services.<name>.gnupg.noAutostart | Don't start gpg-agent if it is not running
|
| environment.etc.<name>.source | Path of the source file.
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.davis.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.movim.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.drupal.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.drupal.sites.<name>.virtualHost.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| services.authelia.instances.<name>.package | The authelia package to use.
|
| services.mosquitto.bridges.<name>.settings | Additional settings for this bridge.
|
| services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.woodpecker-agents.agents.<name>.path | Additional packages that should be added to the agent's PATH
|
| services.drupal.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.nagios.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.moodle.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.nagios.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.moodle.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.wordpress.sites.<name>.virtualHost.adminAddr | E-mail address of the server administrator.
|
| services.wstunnel.clients.<name>.customHeaders | Custom HTTP headers to send during the upgrade request.
|
| security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.protocol | The protocol specifier for port forwarding between host and container
|
| services.netbird.tunnels.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.netbird.clients.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.fedimintd.<name>.nginx.config.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nebula.networks.<name>.enableReload | Enable automatic config reload on config change
|
| services.logrotate.settings.<name>.global | Whether this setting is a global option or not: set to have these
settings apply to all files settings with a higher priority.
|
| services.orangefs.server.fileSystems.<name>.rootHandle | File system root ID.
|
| services.syncthing.settings.folders.<name>.id | The ID of the folder
|
| services.syncthing.settings.devices.<name>.id | The device ID
|
| services.snapper.configs.<name>.TIMELINE_CREATE | Defines whether hourly snapshots should be created.
|
| services.borgbackup.jobs.<name>.exclude | Exclude paths matching any of the given patterns
|
| services.kmonad.keyboards.<name>.defcfg.compose.key | The (optional) compose key to use.
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.github-runners.<name>.tokenType | Type of token to use for runner registration
|
| services.autorandr.profiles.<name>.fingerprint | Output name to EDID mapping
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.drupal.sites.<name>.virtualHost.locations | Declarative location config
|
| programs.neovim.runtime.<name>.source | Path of the source file.
|
| services.nginx.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.xonotic.settings.hostname | The name that will appear in the server list. $g_xonoticversion
gets replaced with the current version.
|
| services.bookstack.nginx.locations.<name>.root | Root directory for requests.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.module | Optional PKCS#11 module name to access the token.
|
| security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| services.openvpn.servers.<name>.updateResolvConf | Use the script from the update-resolv-conf package to automatically
update resolv.conf with the DNS information provided by openvpn
|
| services.snipe-it.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.wordpress.sites.<name>.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| services.fedimintd.<name>.nginx.config.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| services.fcgiwrap.instances.<name>.socket.mode | Mode to be set on the UNIX socket
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.printing.cups-pdf.instances.<name>.enable | Whether to enable this cups-pdf instance.
|
| services.nntp-proxy.users.<name>.maxConnections | Maximum number of concurrent connections to the proxy for this user
|
| services.bcg.mqtt.username | MQTT server access username.
|
| services.murmur.registerHostname | DNS hostname where your server can be reached
|
| services.restic.backups.<name>.rcloneOptions | Options to pass to rclone to control its behavior
|
| services.drupal.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| services.anubis.instances.<name>.botPolicy | Anubis policy configuration in Nix syntax
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| services.borgbackup.jobs.<name>.extraCreateArgs | Additional arguments for borg create
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.logrotate.settings.<name>.files | Single or list of files for which rules are defined
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.name | Name of the contact point
|
| services.wstunnel.clients.<name>.settings | Command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.settings | Command line arguments to pass to wstunnel
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|