Name of the template, must be unique

The network family that Anubis should bind to

Password for RPC connections.

Authentication to perform locally.

• The default pubkey uses public key authentication using a private key associated to a usable certificate.
• psk uses pre-shared key authentication.
• The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
• while the IKEv2 specific eap keyword defines EAP authentication.
• For xauth, a specific backend name may be appended, separated by a dash

Indicates if the user is a system user or not

Extra lines to be added verbatim to the vrrp_script section.

Public http server binding [address]:port.

config.yaml configuration as a Nix attribute set

If set, all the required runtime store paths for this service are bind-mounted into a tmpfs-based chroot(2).

Whether to enable or disable lingering for this user

Override the username or UID (and optionally groupname or GID) used in the container.

List of raw public key candidates to use for authentication

Start the specified units when this unit is started.

Start the specified units when this unit is started.

Description of this unit used in systemd messages and progress indicators.

Host to listen on

Use VRRP Virtual MAC.

Port to listen on

Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package

All gateway groups (sites) to provision

IPv4 destination.

IPv6 destination.

Image pull policy for the container

Borg command to use for archive creation

If set, all sae password entries that have a non-wildcard MAC associated to them will additionally be used to populate the MAC allow list

Updown script to invoke on CHILD_SA up and down events.

Aliases of that unit.

Aliases of that unit.

The hostname.

The port.

A short description of the layout.

The timestamp format to use for constructing snapshot names

All of these scripts will be executed in lexicographical order before hostapd is started, right after the global segment was generated and may dynamically append global options the generated configuration file

If the specified units are started at the same time as this unit, delay them until this unit has started.

If the specified units are started at the same time as this unit, delay them until this unit has started.

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

If set, a changed unit is never assumed to be socket-activated on configuration switch, even if it might have associated socket units

Path to use for the pid file.

User name under which the nginxlog exporter shall be run.

Extra command line options to pass to bitcoind

Specifies the clear text password for the account

Minimum remaining validity before renewal in days.

The hostname to show in the Datadog dashboard (optional)

Restrictions on the connections that the server will accept

Identity the EAP/XAuth secret belongs to

The domain part of the MUC to connect to for control.

Optional slot number to access the token.

All resources to provision

Your Authelia config.yml as a Nix attribute set

Preswitch hook executed before mode switch.

Address or CIDR subnets

StrongSwan default: []

Address or CIDR subnets

StrongSwan default: []

Address or CIDR subnets

StrongSwan default: []

OCI image to run.

Path to an environment file, containing the TOKEN environment variable, that holds a token to register at the configured Gitea/Forgejo instance.

The devices this folder should be shared with

Fixed reqid to use for this CHILD_SA

Additional groups for the systemd service.

The ID of the sound card

location of GhostScript binary

Number of power supplies that the UPS feeds on this system

Optional PIN required to access the key on the token

Subordinate group ids that user is allowed to use

Subordinate user ids that user is allowed to use

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

The url endpoint where the scrobble API is listening.

Predetect hook executed before autorandr attempts to run xrandr.

Reduce memory consumption by a factor of 2 beyond what lowmem does, at the cost of significantly slowing down the archiving process.

Optional interface name to restrict outbound IPsec policies.

List of names of the systemd-networkd operational states which should trigger the script

A unique identifier for this authentication token

When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.

Shell commands executed on specified operational states.

Template section of vault-agent

Name of the PCM device to control (slave).

If true, the user's shell will be set to users.defaultUserShell.

Extra command-line options passed to the daemon

Your factorio.com login credentials

Database user.

The address to listen on

RPC password for JSON-RPC connections

Whether to enable this wake-up check.

The consul-template package to use.

Database host address.

Database host port.

Opens UDP port in firewall for fedimintd's API Iroh endpoint

Path within the configuration store where Patroni will keep information about the cluster.

If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets

Start of the range of subordinate group ids that user is allowed to use.

Start of the range of subordinate user ids that user is allowed to use.

Give extended privileges to container.

Whether to invert the icmp block handling

Value of decryption passphrase for RSA key.

Ingress rules

Catch-all service if no ingress matches

Port of the remote MQTT broker.

Seconds between script invocations.