| systemd.user.services.<name>.environment | Environment variables passed to the service's processes.
|
| services.kanidm.provision.systems.oauth2.<name>.present | Whether to ensure that this oauth2 resource server is present or absent.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file | File name in the pkcs12 folder for which this
passphrase should be used.
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.wordpress.sites.<name>.languages | List of path(s) to respective language(s) which are copied from the 'languages' directory.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups | A list of gateway groups (sites) which can reach the resource and may be used to connect to it.
|
| services.sanoid.datasets.<name>.recursive | Whether to recursively snapshot dataset children
|
| services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.name | Name of the mute time interval, must be unique
|
| services.tor.settings.Nickname | See torrc manual.
|
| services.nntp-proxy.users.<name>.maxConnections | Maximum number of concurrent connections to the proxy for this user
|
| services.authelia.instances.<name>.package | The authelia package to use.
|
| services.mosquitto.bridges.<name>.settings | Additional settings for this bridge.
|
| users.extraUsers.<name>.enable | If set to false, the user account will not be created
|
| services.anubis.instances.<name>.settings.TARGET | The reverse proxy target that Anubis is protecting
|
| services.rke2.manifests.<name>.content | Content of the manifest file
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.mpdscribble.endpoints.<name>.username | Username for the scrobble service.
|
| services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| systemd.user.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| hardware.alsa.controls.<name>.card | Name of the PCM card to control (slave).
|
| services.openafsServer.roles.backup.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| systemd.user.services.<name>.notSocketActivated | If set, a changed unit is never assumed to be
socket-activated on configuration switch, even if
it might have associated socket units
|
| services.firewalld.services.<name>.protocols | Protocols for the service.
|
| services.firewalld.services.<name>.ports.*.protocol | |
| services.openbao.settings.listener.<name>.address | The TCP address or UNIX socket path to listen on.
|
| services.jitsi-videobridge.xmppConfigs.<name>.hostName | Hostname of the XMPP server to connect to
|
| virtualisation.allInterfaces.<name>.assignIP | Automatically assign an IP address to the network interface using the same scheme as
virtualisation.vlans.
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.grafana.settings.smtp.from_name | Name to be used as client identity for EHLO in SMTP dialog.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.nebula.networks.<name>.firewall.outbound | Firewall rules for outbound traffic.
|
| services.borgbackup.repos.<name>.allowSubRepos | Allow clients to create repositories in subdirectories of the
specified path
|
| systemd.user.timers.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.paths.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.slices.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.units.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.postfix.hostname | Hostname to use
|
| services.printing.cups-pdf.instances.<name>.settings.Spool | spool directory
|
| systemd.slices.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| users.groups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| systemd.timers.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.cjdns.ETHInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.cjdns.UDPInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| boot.initrd.luks.devices.<name>.device | Path of the underlying encrypted block device.
|
| services.i2pd.inTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.mosquitto.listeners.*.users.<name>.acl | Control client access to topics on the broker.
|
| services.blockbook-frontend.<name>.sync | Synchronizes until tip, if together with zeromq, keeps index synchronized.
|
| services.dovecot2.mailboxes.<name>.auto | Whether to automatically create or create and subscribe to the mailbox or not.
|
| systemd.user.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| services.authelia.instances.<name>.settings.log.format | Format the logs are written as.
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| services.frigate.hostname | Hostname of the nginx vhost to configure
|
| services.easytier.instances.<name>.configFile | Path to easytier config file
|
| services.anubis.instances.<name>.policy.settings | Additional policy settings merged into the policy file
|
| systemd.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.sabnzbd.settings.servers.<name>.required | In case of connection failures, wait for the
server to come back online instead of skipping
it.
|
| services.sabnzbd.settings.servers.<name>.priority | Priority of this servers
|
| systemd.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.keepalived.vrrpScripts.<name>.weight | Following a failure, adjust the priority by this weight.
|
| services.k3s.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.k3s.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| nix.registry.<name>.exact | Whether the from reference needs to match exactly
|
| systemd.automounts.*.name | The name of this systemd unit, including its extension
|
| services.sabnzbd.settings.servers.<name>.optional | In case of connection failures, temporarily
disable this server. (See sabnzbd's documentation
for usage guides).
|
| services.angrr.settings.profile-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.tor.relay.onionServices.<name>.authorizeClient | See torrc manual.
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| services.namecoind.rpc.address | IP address the RPC server will bind to.
|
| services.restic.backups.<name>.repositoryFile | Path to the file containing the repository location to backup to.
|
| services.consul-template.instances.<name>.group | Group under which this instance runs.
|
| services.tahoe.introducers.<name>.package | The tahoelafs package to use.
|
| services.angrr.settings.profile-policies.<name>.keep-since | Retention period for the GC roots in this profile.
|
| services.strongswan-swanctl.swanctl.pools.<name>.dns | Address or CIDR subnets
StrongSwan default: []
|
| systemd.user.paths.<name>.aliases | Aliases of that unit.
|
| systemd.user.units.<name>.aliases | Aliases of that unit.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.module | Optional PKCS#11 module name to access the token.
|
| services.easytier.instances.<name>.settings.dhcp | Automatically determine the IPv4 address of this peer based on
existing peers on network.
|
| services.i2pd.outTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.headscale.settings.dns.extra_records.*.name | DNS record name.
|
| services.gitlab-runner.services.<name>.debugTraceDisabled | When set to true Runner will disable the possibility of
using the CI_DEBUG_TRACE feature.
|
| services.gitlab-runner.services.<name>.dockerAllowedImages | Whitelist allowed images.
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| services.fcgiwrap.instances.<name>.socket.address | Socket address
|
| services.zeronsd.servedNetworks.<name>.settings.token | Path to a file containing the API Token for ZeroTier Central.
|
| services.firezone.server.provision.accounts.<name>.relayGroups | All relay groups to provision
|
| services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.sanoid.templates.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.vmalert.instances.<name>.settings | vmalert configuration, passed via command line flags
|