| services.moodle.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.nagios.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.hostapd.radios.<name>.wifi7.multiUserBeamformer | EHT multi user beamformee support
|
| services.radicle.ci.adapters.native.instances.<name>.enable | Whether to enable this radicle-native-ci instance.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.addressDescription | An optional description for resource address, usually a full link to the resource including a schema.
|
| services.jibri.xmppEnvironments.<name>.call.login.domain | The domain part of the JID for the recorder.
|
| services.parsedmarc.provision.localMail.hostname | The hostname to use when configuring Postfix
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.host | The hostname.
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.port | The port.
|
| services.xserver.xkb.extraLayouts.<name>.description | A short description of the layout.
|
| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| services.grafana.provision.datasources.settings.datasources.*.name | Name of the datasource
|
| services.borgbackup.jobs.<name>.createCommand | Borg command to use for archive creation
|
| systemd.timers.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.slices.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid | If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.
|
| environment.etc.<name>.source | Path of the source file.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode | IPsec Mode to establish CHILD_SA with.
tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,- whereas
transport uses IPsec Transport Mode.
transport_proxy signifying the special Mobile IPv6
Transport Proxy Mode.beet is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.- Both
transport and beet modes are
subject to mode negotiation; tunnel mode is
negotiated if the preferred mode is not available.
pass and drop are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively
|
| systemd.timers.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.slices.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.printing.cups-pdf.instances.<name>.settings.AnonDirName | path for anonymously created PDF files
|
| services.vault-agent.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.znapzend.zetup.<name>.destinations | Additional destinations.
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.anubis.instances.<name>.policy.useDefaultBotRules | Whether to include Anubis's default bot detection rules via the
(data)/meta/default-config.yaml import
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess | Hostaccess variable to pass to updown script
|
| services.matomo.webServerUser | Name of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used
|
| security.acme.certs.<name>.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.strongswan-swanctl.swanctl.pools.<name>.p_cscf | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.server | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.subnet | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| hardware.alsa.controls.<name>.maxVolume | The maximum volume in dB.
|
| services.public-inbox.inboxes.<name>.watchheader | If specified, public-inbox-watch(1) will only process
mail containing a matching header.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time | Maximum lifetime before CHILD_SA gets closed
|
| boot.initrd.luks.devices.<name>.fido2.gracePeriod | Time in seconds to wait for the FIDO2 key.
|
| services.easytier.instances.<name>.configServer | Configure the instance from config server
|
| services.klipper.firmwares.<name>.klipperFlashPackage | Path to the built klipper-flash package.
|
| services.simplesamlphp.<name>.configDir | Path to the SimpleSAMLphp config directory.
|
| services.bookstack.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.invoiceplane.sites.<name>.database.user | Database user.
|
| systemd.targets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.sockets.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.keepalived.vrrpInstances.<name>.vmacXmitBase | Send/Recv VRRP messages from base interface instead of VMAC interface.
|
| services.firewalld.services.<name>.destination | Destinations for the service.
|
| services.firewalld.services.<name>.description | Description for the service.
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.retention | The duration in seconds for which the bucket will retain data (0 is infinite).
|
| security.auditd.plugins.<name>.active | Whether to enable Whether to enable this plugin.
|
| services.postfix.hostname | Hostname to use
|
| services.roundcube.database.username | Username for the postgresql connection
|
| services.anubis.instances.<name>.settings.BIND_NETWORK | The network family that Anubis should bind to
|
| networking.supplicant.<name>.bridge | Name of the bridge interface that wpa_supplicant should listen at.
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| security.acme.certs.<name>.extraDomainNames | A list of extra domain names, which are included in the one certificate to be issued.
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| networking.greTunnels.<name>.ttl | The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
|
| systemd.user.paths.<name>.requisite | Similar to requires
|
| services.invoiceplane.sites.<name>.database.host | Database host address.
|
| services.invoiceplane.sites.<name>.database.port | Database host port.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| containers.<name>.extraVeths.<name>.forwardPorts | List of forwarded ports from host to container
|
| services.davis.nginx.serverName | Name of this virtual host
|
| services.movim.nginx.serverName | Name of this virtual host
|
| services.slskd.nginx.serverName | Name of this virtual host
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.davis.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.movim.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.slskd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.nebula.networks.<name>.lighthouses | List of IPs of lighthouse hosts this node should report to and query from
|
| services.nitter.server.hostname | Hostname of the instance.
|
| services.gitea-actions-runner.instances.<name>.labels | Labels used to map jobs to their runtime environment
|
| services.jitsi-videobridge.xmppConfigs.<name>.domain | Domain part of JID of the XMPP user, if it is different from hostName.
|
| systemd.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.github-runners.<name>.extraEnvironment | Extra environment variables to set for the runner, as an attrset.
|
| services.frigate.hostname | Hostname of the nginx vhost to configure
|
| networking.bonds.<name>.mode | DEPRECATED, use driverOptions
|
| services.vault-agent.instances.<name>.settings.template | Template section of vault-agent
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| systemd.sockets.<name>.socketConfig | Each attribute in this set specifies an option in the
[Socket] section of the unit
|
| systemd.nspawn.<name>.networkConfig | Each attribute in this set specifies an option in the
[Network] section of this unit
|
| services.anuko-time-tracker.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.authelia.instances.<name>.secrets.manual | Configuring authelia's secret files via the secrets attribute set
is intended to be convenient and help catch cases where values are required
to run at all
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytes | Byte range from which to choose a random value to subtract from
rekey_bytes
|
| services.nginx.virtualHosts.<name>.listen.*.extraParameters | Extra parameters of this listen directive.
|
| systemd.network.networks.<name>.dns | A list of dns servers to be added to the network section of the
unit
|
| systemd.network.networks.<name>.vrf | A list of vrf interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.ntp | A list of ntp servers to be added to the network section of the
unit
|
| containers.<name>.extraVeths.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|