| systemd.user.sockets.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.targets.<name>.upholds | Keeps the specified running while this unit is running
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface | Optional interface name to restrict outbound IPsec policies.
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| boot.initrd.luks.devices.<name>.gpgCard.gracePeriod | Time in seconds to wait for the GPG Smartcard.
|
| services.prometheus.exporters.imap-mailstat.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.imap-mailstat.openFirewall is true.
|
| services.orangefs.server.fileSystems.<name>.extraConfig | Extra config for <FileSystem> section.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.port | Port to listen on
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs | List of inputs for this camera.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.index | Adds index directive.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.alias | Alias directory for requests.
|
| services.postfix.settings.master.<name>.private | Whether the service's sockets and storage directory is restricted to
be only available via the mail system
|
| services.wyoming.faster-whisper.servers.<name>.enable | Whether to enable Wyoming faster-whisper server.
|
| services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.woodpecker-agents.agents.<name>.path | Additional packages that should be added to the agent's PATH
|
| services.buildkite-agents.<name>.extraGroups | Groups the user for this buildkite agent should belong to
|
| services.wyoming.faster-whisper.servers.<name>.beamSize | The number of beams to use in beam search
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.module | Optional PKCS#11 module name to access the token.
|
| services.logrotate.settings.<name>.global | Whether this setting is a global option or not: set to have these
settings apply to all files settings with a higher priority.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| systemd.user.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| boot.specialFileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.prometheus.exporters.mailman3.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.mailman3.openFirewall is true.
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucNickname | Videobridges use the same XMPP account and need to be distinguished by the
nickname (aka resource part of the JID)
|
| users.extraUsers.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.blockbook-frontend.<name>.cssDir | Location of the dir with main.css CSS file
|
| services.bookstack.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.anuko-time-tracker.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.bookstack.nginx.locations.<name>.index | Adds index directive.
|
| services.wstunnel.clients.<name>.customHeaders | Custom HTTP headers to send during the upgrade request.
|
| services.namecoind.rpc.port | Port the RPC server will bind to.
|
| systemd.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.inadyn.settings.provider.<name>.include | File to include additional settings for this provider from.
|
| services.wordpress.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.sabnzbd.settings.servers.<name>.timeout | Time, in seconds, to wait for a response before
attempting error recovery.
|
| services.fedimintd.<name>.nginx.config.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.kanboard.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fediwall.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.agorakit.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.dolibarr.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.librenms.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.agorakit.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.librenms.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.dolibarr.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.kanboard.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.fediwall.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.mainsail.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.pixelfed.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.mainsail.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.pixelfed.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| services.nginx.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.wstunnel.clients.<name>.settings | Command line arguments to pass to wstunnel
|
| services.wstunnel.servers.<name>.settings | Command line arguments to pass to wstunnel
|
| services.github-runners.<name>.tokenType | Type of token to use for runner registration
|
| services.buildkite-agents.<name>.extraConfig | Extra lines to be added verbatim to the configuration file.
|
| boot.loader.systemd-boot.windows.<name>.title | The title of the boot menu entry.
|
| services.wordpress.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.mosquitto.bridges.<name>.settings | Additional settings for this bridge.
|
| services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.name | Name of the contact point
|
| services.kanata.keyboards.<name>.configFile | The config file
|
| services.keyd.keyboards.<name>.settings | Configuration, except ids section, that is written to /etc/keyd/.conf
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.snapper.configs.<name>.TIMELINE_CREATE | Defines whether hourly snapshots should be created.
|
| systemd.user.services.<name>.environment | Environment variables passed to the service's processes.
|
| services.nginx.virtualHosts.<name>.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.inadyn.settings.custom.<name>.password | Password for this DDNS provider
|
| services.moodle.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.syncthing.settings.folders.<name>.type | Controls how the folder is handled by Syncthing
|
| services.nagios.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.borgbackup.jobs.<name>.extraCreateArgs | Additional arguments for borg create
|
| services.strongswan-swanctl.swanctl.secrets.private.<name>.file | File name in the private folder for which this passphrase should be used.
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.snapper.configs.<name>.SUBVOLUME | Path of the subvolume or mount point
|
| services.rke2.manifests.<name>.content | Content of the manifest file
|
| systemd.user.sockets.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.targets.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.targets.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.sockets.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.sockets.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.targets.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.sockets.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.targets.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| services.prometheus.exporters.surfboard.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.surfboard.openFirewall is true.
|
| services.prometheus.exporters.pgbouncer.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.pgbouncer.openFirewall is true.
|
| services.prometheus.exporters.smokeping.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.smokeping.openFirewall is true.
|
| services.prometheus.exporters.borgmatic.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.borgmatic.openFirewall is true.
|
| services.prometheus.exporters.wireguard.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.wireguard.openFirewall is true.
|
| services.prometheus.exporters.nextcloud.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nextcloud.openFirewall is true.
|
| services.prometheus.exporters.tailscale.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.tailscale.openFirewall is true.
|
| services.prometheus.exporters.rasdaemon.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.rasdaemon.openFirewall is true.
|
| services.firezone.server.provision.accounts.<name>.relayGroups | All relay groups to provision
|
| security.acme.certs.<name>.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| services.nebula.networks.<name>.lighthouse.dns.port | UDP port number for lighthouse DNS server.
|
| services.jirafeau.nginxConfig.locations.<name>.root | Root directory for requests.
|
| power.ups.ups.<name>.description | Description of the UPS.
|
| services.gitlab-runner.services.<name>.runUntagged | Register to run untagged builds; defaults to
true when tagList is empty
|