| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac | If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff),
the entry is available for any station (client) to use
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.outline.smtp.username | Username to authenticate with.
|
| services.fedimintd.<name>.consensus.finalityDelay | Consensus peg-in finality delay.
|
| services.hostapd.radios.<name>.wifi7.singleUserBeamformee | EHT single user beamformee support
|
| services.hostapd.radios.<name>.wifi7.singleUserBeamformer | EHT single user beamformer support
|
| services.wordpress.sites.<name>.database.createLocally | Create the database and database user locally.
|
| hardware.alsa.cardAliases.<name>.driver | Name of the kernel module that provides the card.
|
| services.invoiceplane.sites.<name>.settings | Structural InvoicePlane configuration
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wordpress.sites.<name>.database.tablePrefix | The $table_prefix is the value placed in the front of your database tables
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| systemd.user.paths.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.keepalived.vrrpInstances.<name>.virtualIps | Declarative vhost config
|
| systemd.units.<name>.aliases | Aliases of that unit.
|
| systemd.paths.<name>.aliases | Aliases of that unit.
|
| services.wordpress.sites.<name>.virtualHost.locations | Declarative location config
|
| services.kanidm.provision.systems.oauth2.<name>.present | Whether to ensure that this oauth2 resource server is present or absent.
|
| users.users.<name>.subUidRanges | Subordinate user ids that user is allowed to use
|
| users.users.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.borgbackup.jobs.<name>.encryption.mode | Encryption mode to use
|
| services.moodle.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nagios.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| systemd.slices.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| users.groups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| systemd.timers.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.printing.cups-pdf.instances.<name>.settings.Spool | spool directory
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.host | The hostname.
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.port | The port.
|
| services.xserver.xkb.extraLayouts.<name>.description | A short description of the layout.
|
| systemd.user.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.radicle.httpd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid | If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.
|
| services.grafana.provision.alerting.templates.settings.templates.*.name | Name of the template, must be unique
|
| services.blockbook-frontend.<name>.messageQueueBinding | Message Queue Binding address:port.
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode | IPsec Mode to establish CHILD_SA with.
tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,- whereas
transport uses IPsec Transport Mode.
transport_proxy signifying the special Mobile IPv6
Transport Proxy Mode.beet is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.- Both
transport and beet modes are
subject to mode negotiation; tunnel mode is
negotiated if the preferred mode is not available.
pass and drop are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively
|
| services.authelia.instances.<name>.settings.log.format | Format the logs are written as.
|
| services.vault-agent.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| users.users.<name>.subUidRanges.*.count | Count of subordinate user ids
|
| users.users.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| services.librenms.hostname | The hostname to serve LibreNMS on.
|
| services.gerrit.plugins | List of plugins to add to Gerrit
|
| services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.anubis.instances.<name>.policy.useDefaultBotRules | Whether to include Anubis's default bot detection rules via the
(data)/meta/default-config.yaml import
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess | Hostaccess variable to pass to updown script
|
| services.jibri.xmppEnvironments.<name>.xmppServerHosts | Hostnames of the XMPP servers to connect to.
|
| services.sanoid.datasets.<name>.use_template | Names of the templates to use for this dataset.
|
| services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.keepalived.vrrpInstances.<name>.extraConfig | Extra lines to be added verbatim to the vrrp_instance section.
|
| services.autorandr.profiles.<name>.hooks.preswitch | Preswitch hook executed before mode switch.
|
| services.strongswan-swanctl.swanctl.pools.<name>.p_cscf | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.server | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.subnet | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| hardware.sane.brscan4.netDevices.<name>.nodename | The node name of the device
|
| hardware.sane.brscan5.netDevices.<name>.nodename | The node name of the device
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| services.dawarich.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process.
If left empty, all job classes will be executed by this process.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time | Maximum lifetime before CHILD_SA gets closed
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| services.bookstack.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.namecoind.extraNodes | List of additional peer IP addresses to connect to.
|
| power.ups.users.<name>.actions | Allow the user to do certain things with upsd
|
| services.invoiceplane.sites.<name>.database.user | Database user.
|
| services.ghostunnel.servers.<name>.extraArguments | Extra arguments to pass to ghostunnel server
|
| services.vdirsyncer.jobs.<name>.additionalGroups | additional groups to add the dynamic user to
|
| users.extraUsers.<name>.extraGroups | The user's auxiliary groups.
|
| services.simplesamlphp.<name>.settings | Configuration options used by SimpleSAMLphp
|
| services.roundcube.database.username | Username for the postgresql connection
|
| services.nebula.networks.<name>.lighthouse.dns.host | IP address on which nebula lighthouse should serve DNS.
'localhost' is a good default to ensure the service does not listen on public interfaces;
use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.
|
| hardware.printers.ensurePrinters.*.name | Name of the printer / printer queue
|
| services.anubis.instances.<name>.settings.BIND_NETWORK | The network family that Anubis should bind to
|
| services.invoiceplane.sites.<name>.database.host | Database host address.
|
| services.invoiceplane.sites.<name>.database.port | Database host port.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| services.davis.nginx.serverName | Name of this virtual host
|
| services.movim.nginx.serverName | Name of this virtual host
|
| services.slskd.nginx.serverName | Name of this virtual host
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| services.autorandr.profiles.<name>.hooks.predetect | Predetect hook executed before autorandr attempts to run xrandr.
|
| services.davis.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.movim.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.slskd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.borgbackup.jobs.<name>.compression | Compression method to use
|
| services.wstunnel.servers.<name>.tlsCertificate | TLS certificate to use instead of the hardcoded one in case of HTTPS connections
|
| services.nitter.server.hostname | Hostname of the instance.
|
| containers.<name>.extraVeths.<name>.forwardPorts | List of forwarded ports from host to container
|
| hardware.alsa.controls.<name>.device | Name of the PCM device to control (slave).
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.brd | The broadcast address on the interface.
|
| users.users.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.snapserver.streams.<name>.location | For type pipe or file, the path to the pipe or file
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.vault-agent.instances.<name>.settings.template | Template section of vault-agent
|
| services.borgbackup.jobs.<name>.environment | Environment variables passed to the backup script
|