| services.angrr.settings.profile-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.tor.relay.onionServices.<name>.authorizeClient | See torrc manual.
|
| services.postfix.masterConfig.<name>.privileged | |
| services.firezone.server.provision.accounts.<name>.resources | All resources to provision
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.name | Name of the template, must be unique
|
| services.netbird.tunnels.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| services.netbird.clients.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| systemd.network.netdevs.<name>.extraConfig | Extra configuration append to unit
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanidm.provision.systems.oauth2.<name>.originUrl | The redirect URL of the service
|
| services.snapper.configs.<name>.TIMELINE_CLEANUP | Defines whether the timeline cleanup algorithm should be run for the config.
|
| services.kmonad.keyboards.<name>.extraGroups | Extra permission groups to attach to the KMonad instance for
this keyboard
|
| services.fedimintd.<name>.nginx.config.reuseport | Create an individual listening socket
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| systemd.network.links.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.autosuspend.checks.<name>.enabled | Whether to enable this activity check.
|
| services.keepalived.vrrpScripts.<name>.timeout | Seconds after which script is considered to have failed.
|
| services.firewalld.zones.<name>.masquerade | Whether to enable masquerading in the zone.
|
| boot.initrd.luks.devices.<name>.yubikey.storage.path | Absolute path of the salt on the unencrypted device with
that device's root directory as "/".
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| virtualisation.emptyDiskImages.*.driveConfig.name | A name for the drive
|
| services.angrr.settings.profile-policies.<name>.keep-since | Retention period for the GC roots in this profile.
|
| services.moodle.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.pools.<name>.dns | Address or CIDR subnets
StrongSwan default: []
|
| services.nagios.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.gitlab-runner.services.<name>.postGetSourcesScript | Runner-specific command script executed after code is pulled.
|
| services.bitcoind.<name>.extraCmdlineOptions | Extra command line options to pass to bitcoind
|
| systemd.network.netdevs.<name>.tunConfig | Each attribute in this set specifies an option in the
[Tun] section of the unit
|
| systemd.network.netdevs.<name>.tapConfig | Each attribute in this set specifies an option in the
[Tap] section of the unit
|
| services.firewalld.services.<name>.protocols | Protocols for the service.
|
| services.firewalld.services.<name>.ports.*.protocol | |
| services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| services.blockbook-frontend.<name>.configFile | Location of the blockbook configuration file.
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| services.bookstack.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.bookstack.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.wordpress.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.authelia.instances.<name>.settings.theme | The theme to display.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_HOURLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_YEARLY | Limits for timeline cleanup.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_WEEKLY | Limits for timeline cleanup.
|
| services.mosquitto.bridges.<name>.addresses | Remote endpoints for the bridge.
|
| services.radicle.ci.broker.settings.adapters.<name>.command | Adapter command to run.
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.roles | List of roles for this stream
|
| services.pgbackrest.repos.<name>.sftp-private-key-file | SFTP private key file
|
| services.consul-template.instances.<name>.enable | Whether to enable this consul-template instance.
|
| services.anubis.instances.<name>.settings.TARGET | The reverse proxy target that Anubis is protecting
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readBuckets | The organization's buckets which should be allowed to be read
|
| services.blockbook-frontend.<name>.package | The blockbook package to use.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.sabnzbd.settings.servers.<name>.required | In case of connection failures, wait for the
server to come back online instead of skipping
it.
|
| services.sabnzbd.settings.servers.<name>.priority | Priority of this servers
|
| services.ax25.axports.<name>.description | Free format description of this interface.
|
| systemd.user.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| hardware.sane.brscan5.netDevices.<name>.model | The model of the network device.
|
| services.akkoma.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fluidd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matomo.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.monica.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.httpd.virtualHosts.<name>.listenAddresses | Listen addresses for this virtual host
|
| systemd.user.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| services.fcgiwrap.instances.<name>.socket.address | Socket address
|
| services.zeronsd.servedNetworks.<name>.settings.token | Path to a file containing the API Token for ZeroTier Central.
|
| services.v4l2-relayd.instances.<name>.extraPackages | Extra packages to add to GST_PLUGIN_PATH for the instance.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.easytier.instances.<name>.settings.dhcp | Automatically determine the IPv4 address of this peer based on
existing peers on network.
|
| services.borgbackup.jobs.<name>.failOnWarnings | Fail the whole backup job if any borg command returns a warning
(exit code 1), for example because a file changed during backup.
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.sabnzbd.settings.servers.<name>.optional | In case of connection failures, temporarily
disable this server. (See sabnzbd's documentation
for usage guides).
|
| services.snapserver.streams.<name>.sampleFormat | Default sample format.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.operator | Grants all permissions in all organizations.
|
| services.v4l2-relayd.instances.<name>.input.framerate | The framerate to read from input-stream.
|
| services.kanidm.provision.systems.oauth2.<name>.present | Whether to ensure that this oauth2 resource server is present or absent.
|
| services.keycloak.settings.hostname-backchannel-dynamic | Enables dynamic resolving of backchannel URLs,
including hostname, scheme, port and context path
|
| systemd.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| boot.specialFileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.armagetronad.servers.<name>.dns | DNS address to use for this server
|
| services.invoiceplane.sites.<name>.enable | Whether to enable InvoicePlane web application.
|
| services.printing.cups-pdf.instances.<name>.settings.Spool | spool directory
|
| networking.greTunnels.<name>.type | Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| services.firewalld.zones.<name>.sourcePorts.*.protocol | |
| systemd.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| services.strongswan-swanctl.swanctl.pools.<name>.dhcp | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.nbns | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.return | Adds a return directive, for e.g. redirections.
|