| programs.ssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| boot.initrd.clevis.devices.<name>.secretFile | Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).
|
| services.grafana.settings.smtp.from_name | Name to be used as client identity for EHLO in SMTP dialog.
|
| fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.firezone.server.provision.accounts.<name>.resources | All resources to provision
|
| services.firezone.server.provision.accounts.<name>.gatewayGroups | All gateway groups (sites) to provision
|
| services.sanoid.datasets.<name>.processChildrenOnly | Whether to only snapshot child datasets if recursing.
|
| services.spiped.config.<name>.disableKeepalives | Disable transport layer keep-alives.
|
| services.anuko-time-tracker.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| networking.wlanInterfaces | Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)
|
| programs.ssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.openbao.settings.listener.<name>.address | The TCP address or UNIX socket path to listen on.
|
| services.jirafeau.nginxConfig.locations.<name>.tryFiles | Adds try_files directive.
|
| services.gitlab-runner.services.<name>.debugTraceDisabled | When set to true Runner will disable the possibility of
using the CI_DEBUG_TRACE feature.
|
| services.openafsServer.roles.backup.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.snipe-it.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.armagetronad.servers.<name>.host | Host to listen on
|
| services.keepalived.vrrpInstances.<name>.useVmac | Use VRRP Virtual MAC.
|
| services.armagetronad.servers.<name>.port | Port to listen on
|
| security.pam.services.<name>.setEnvironment | Whether the service should set the environment variables
listed in environment.sessionVariables
using pam_env.so.
|
| services.firewalld.zones.<name>.ingressPriority | Priority for inbound traffic
|
| services.cjdns.ETHInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.cjdns.UDPInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id | If this attribute is given with non-zero length, it will set the password identifier
for this entry
|
| boot.loader.grub.extraFiles | A set of files to be copied to /boot
|
| services.tor.relay.onionServices.<name>.settings.RendPostPeriod | See torrc manual.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.keepalived.vrrpScripts.<name>.extraConfig | Extra lines to be added verbatim to the vrrp_script section.
|
| services.angrr.settings.profile-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.tor.relay.onionServices.<name>.authorizeClient | See torrc manual.
|
| services.monica.hostname | The hostname to serve monica on.
|
| containers.<name>.extraVeths | Extra veth-pairs to be created for the container.
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.name | Name of the template, must be unique
|
| boot.initrd.luks.devices.<name>.yubikey.keyLength | Length of the LUKS slot key derived with PBKDF2 in byte.
|
| boot.initrd.luks.devices.<name>.yubikey.twoFactor | Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile | Sets the password for WPA-PSK
|
| services.blockbook-frontend.<name>.internal | Internal http server binding [address]:port.
|
| services.grafana.provision.datasources.settings.datasources.*.name | Name of the datasource
|
| services.wordpress.sites.<name>.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|
| services.dovecot2.mailboxes.<name>.specialUse | Null if no special use flag is set
|
| boot.initrd.luks.devices.<name>.postOpenCommands | Commands that should be run right after we have mounted our LUKS device.
|
| services.woodpecker-agents.agents.<name>.extraGroups | Additional groups for the systemd service.
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.fedimintd.<name>.nginx.config.reuseport | Create an individual listening socket
|
| services.namecoind.rpc.key | Key file for securing RPC connections.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies | Whether to install IPsec policies or not
|
| services.angrr.settings.profile-policies.<name>.keep-since | Retention period for the GC roots in this profile.
|
| services.moodle.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.pools.<name>.dns | Address or CIDR subnets
StrongSwan default: []
|
| services.nagios.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.authelia.instances.<name>.settings.theme | The theme to display.
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.syncthing.settings.folders.<name>.path | The path to the folder which should be shared
|
| services.frigate.settings.cameras.<name>.ffmpeg.inputs.*.path | Stream URL
|
| services.nginx.virtualHosts.<name>.listenAddresses | Listen addresses for this virtual host
|
| services.invoiceplane.sites.<name>.stateDir | This directory is used for uploads of attachments and cache
|
| services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| services.netbird.tunnels.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| services.netbird.clients.<name>.dns-resolver.address | An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on
|
| services.wstunnel.clients.<name>.upgradePathPrefix | Use a specific HTTP path prefix that will show up in the upgrade
request to the wstunnel server
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.bookstack.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.bookstack.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.logrotate.settings.<name>.priority | Order of this logrotate block in relation to the others
|
| services.mpdscribble.endpoints.<name>.url | The url endpoint where the scrobble API is listening.
|
| services.borgbackup.repos.<name>.allowSubRepos | Allow clients to create repositories in subdirectories of the
specified path
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| hardware.sane.brscan5.netDevices.<name>.model | The model of the network device.
|
| services.parsedmarc.provision.localMail.hostname | The hostname to use when configuring Postfix
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecn | Whether to copy the ECN (Explicit Congestion Notification) header field
to/from the outer IP header in tunnel mode
|
| services.kanidm.provision.systems.oauth2.<name>.public | Whether this is a public client (enforces PKCE, doesn't use a basic secret)
|
| services.nextcloud-spreed-signaling.backends.<name>.secretFile | The path to the file containing the value for backends.<name>.secret
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.vault-agent.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| services.autosuspend.wakeups.<name>.enabled | Whether to enable this wake-up check.
|
| services.consul-template.instances.<name>.package | The consul-template package to use.
|
| services.nginx.virtualHosts.<name>.sslCertificate | Path to server SSL certificate.
|
| networking.interfaces.<name>.virtualType | The type of interface to create
|
| containers.<name>.bindMounts | An extra list of directories that is bound to the container.
|
| services.fedimintd.<name>.environment | Extra Environment variables to pass to the fedimintd.
|
| services.sabnzbd.settings.servers.<name>.required | In case of connection failures, wait for the
server to come back online instead of skipping
it.
|
| services.sabnzbd.settings.servers.<name>.priority | Priority of this servers
|
| services.keepalived.vrrpScripts.<name>.interval | Seconds between script invocations.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_MONTHLY | Limits for timeline cleanup.
|
| services.fcgiwrap.instances.<name>.socket.address | Socket address
|
| services.zeronsd.servedNetworks.<name>.settings.token | Path to a file containing the API Token for ZeroTier Central.
|
| services.v4l2-relayd.instances.<name>.input.framerate | The framerate to read from input-stream.
|
| services.networkd-dispatcher.rules.<name>.script | Shell commands executed on specified operational states.
|
| networking.greTunnels.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.anubis.instances.<name>.settings.TARGET | The reverse proxy target that Anubis is protecting
|
| services.authelia.instances.<name>.settings.log.level | Level of verbosity for logs.
|
| boot.initrd.luks.devices.<name>.keyFileOffset | The offset of the key file
|
| services.easytier.instances.<name>.settings.dhcp | Automatically determine the IPv4 address of this peer based on
existing peers on network.
|
| services.matrix-synapse.workers.<name>.worker_app | Type of this worker
|
| services.akkoma.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fluidd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matomo.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|