| services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| systemd.user.services.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.firezone.server.provision.accounts.<name>.policies | All policies to provision
|
| services.wordpress.sites.<name>.virtualHost.logFormat | Log format for Apache's log files
|
| services.wordpress.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.wstunnel.servers.<name>.loggingLevel | Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct
|
| services.wstunnel.clients.<name>.loggingLevel | Passed to --log-lvl
Control the log verbosity. i.e: TRACE, DEBUG, INFO, WARN, ERROR, OFF
For more details, checkout [EnvFilter](https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct
|
| services.github-runners.<name>.noDefaultLabels | Disables adding the default labels
|
| services.wordpress.sites.<name>.languages | List of path(s) to respective language(s) which are copied from the 'languages' directory.
|
| services.fedimintd.<name>.nginx.config.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.tryFiles | Adds try_files directive.
|
| services.borgbackup.jobs.<name>.readWritePaths | By default, borg cannot write anywhere on the system but
$HOME/.config/borg and $HOME/.cache/borg
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| services.kimai.sites.<name>.environmentFile | Securely pass environment variabels to Kimai
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| services.radicle.httpd.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.query | The SQL query to run.
|
| systemd.user.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.bookstack.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.vdirsyncer.jobs.<name>.config.storages | vdirsyncer storage configurations
|
| hardware.display.outputs.<name>.edid | An EDID filename to be used for configured display, as in edid/<filename>
|
| systemd.user.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.gancio.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.github-runners.<name>.tokenType | Type of token to use for runner registration
|
| security.auditd.plugins.<name>.type | This tells the dispatcher how the plugin wants to be run
|
| services.v4l2-relayd.instances.<name>.input.pipeline | The gstreamer-pipeline to use for the input-stream.
|
| services.consul-template.instances.<name>.group | Group under which this instance runs.
|
| services.tahoe.introducers.<name>.package | The tahoelafs package to use.
|
| systemd.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| services.fedimintd.<name>.bitcoin.rpc.secretFile | If set the URL specified in bitcoin.rpc.url will get the content of this file added
as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com
|
| services.keepalived.vrrpScripts.<name>.weight | Following a failure, adjust the priority by this weight.
|
| services.k3s.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.k3s.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| boot.initrd.luks.devices.<name>.yubikey.saltLength | Length of the new salt in byte (64 is the effective maximum).
|
| services.mautrix-meta.instances.<name>.serviceUnit | The systemd unit (a service or a target) for other services to depend on if they
need to be started after matrix-synapse
|
| services.stash.username | Username for login.
|
| services.kubernetes.kubelet.taints.<name>.effect | Effect of taint.
|
| security.acme.certs.<name>.dnsProvider | DNS Challenge provider
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys | List of raw public keys to accept for
authentication
|
| services.i2pd.inTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.mosquitto.listeners.*.users.<name>.acl | Control client access to topics on the broker.
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|
| services.nullmailer.config.defaulthost | The content of this attribute is appended to any address that
is missing a host name
|
| services.librenms.database.username | Name of the user on the MySQL/MariaDB server
|
| services.wordpress.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups | Authorization group memberships to require
|
| programs.ssh.knownHosts.<name>.publicKey | The public key data for the host
|
| networking.supplicant.<name>.bridge | Name of the bridge interface that wpa_supplicant should listen at.
|
| systemd.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.restic.backups.<name>.repositoryFile | Path to the file containing the repository location to backup to.
|
| services.grafana.settings.smtp.from_name | Name to be used as client identity for EHLO in SMTP dialog.
|
| services.reposilite.database.dbname | Database name.
|
| services.xserver.xkb.extraLayouts.<name>.languages | A list of languages provided by the layout.
(Use ISO 639-2 codes, for example: "eng" for english)
|
| services.peertube-runner.instancesToRegister.<name>.runnerName | Runner name declared to the PeerTube instance.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id | Identity in CA certificate to accept for authentication
|
| networking.bonds.<name>.mode | DEPRECATED, use driverOptions
|
| services.anuko-time-tracker.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fcgiwrap.instances.<name>.process.group | Group as which this instance of fcgiwrap will be run.
|
| services.openafsServer.roles.backup.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| boot.initrd.luks.devices.<name>.postOpenCommands | Commands that should be run right after we have mounted our LUKS device.
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_DAILY | Limits for timeline cleanup.
|
| services.tor.relay.onionServices.<name>.settings.RendPostPeriod | See torrc manual.
|
| systemd.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| systemd.nspawn.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of this unit
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.sanoid.templates.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.blockbook-frontend.<name>.enable | Whether to enable blockbook-frontend application.
|
| systemd.services.<name>.environment | Environment variables passed to the service's processes.
|
| hardware.sane.brscan5.netDevices.<name>.ip | The ip address of the device
|
| hardware.sane.brscan4.netDevices.<name>.ip | The ip address of the device
|
| services.blockbook-frontend.<name>.coinName | See https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61
for current of coins supported in master (Note: may differ from release).
|
| services.nextcloud-spreed-signaling.hostName | The host name to bind the nginx virtual host to, if
config.services.nextcloud-spreed-signaling.configureNginx is set to true.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.allAccess | Grants all permissions in the associated organization.
|
| services.namecoind.rpc.port | Port the RPC server will bind to.
|
| services.wyoming.faster-whisper.servers.<name>.device | Determines the platform faster-whisper is run on
|
| services.i2pd.outTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.zeronsd.servedNetworks.<name>.settings | Settings for zeronsd
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.autorandr.profiles.<name>.fingerprint | Output name to EDID mapping
|