| security.auditd.settings.space_left | If the free space in the filesystem containing log_file drops below this value, the audit daemon takes the action specified by
space_left_action
|
| services.xserver.displayManager.lightdm.greeters.gtk.indicators | List of allowed indicator modules to use for the lightdm gtk
greeter panel
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.nextcloud-spreed-signaling.settings.sessions.blockkeyFile | The path to the file containing the value for sessions.blockkey
|
| services.prometheus.pushgateway.persistence.interval | The minimum interval at which to write out the persistence file.
null will default to 5m.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.grafana.provision.dashboards.settings.providers.*.options.path | Path grafana will watch for dashboards
|
| services.mautrix-meta.instances.<name>.registrationServiceUnit | The registration service that generates the registration file
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.draupnir.secrets.web.synapseHTTPAntispam.authorization | File containing the secret token when using the Synapse HTTP Antispam module
to be used in place of
services.draupnir.settings.web.synapseHTTPAntispam.authorization
|
| virtualisation.lxd.recommendedSysctlSettings | Enables various settings to avoid common pitfalls when
running containers requiring many file operations
|
| services.authelia.instances.<name>.environmentVariables | Additional environment variables to provide to authelia
|
| services.neo4j.directories.certificates | Directory for storing certificates to be used by Neo4j for
TLS connections
|
| services.prometheus.alertmanagerGotify.environmentFile | File containing additional config environment variables for alertmanager-gotify-bridge
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.mode | File permissions on the UNIX domain socket.
|
| services.postgresqlWalReceiver.receivers.<name>.slot | Require pg_receivewal to use an existing replication slot (see
Section 26.2.6 of the PostgreSQL manual)
|
| services.prometheus.exporters.pgbouncer.connectionEnvFile | File that must contain the environment variable
PGBOUNCER_EXPORTER_CONNECTION_STRING which is set to the connection
string used by pgbouncer
|
| services.headscale.settings.noise.private_key_path | Path to noise private key file, generated automatically if it does not exist.
|
| services.mastodon.activeRecordEncryptionKeyDerivationSaltFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.peertube-runner.instancesToRegister.<name>.registrationTokenFile | Path to a file containing a registration token for the PeerTube instance
|
| services.bacula-sd.autochanger.<name>.changerCommand | The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula
|
| programs.openvpn3.log-service.settings.log_dbus_details | Add D-Bus details in log file/syslog
|
| virtualisation.oci-containers.containers.<name>.login.passwordFile | Path to file containing password.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.api_server | The API server addresses
|
| services.headscale.settings.derp.server.private_key_path | Path to derp private key file, generated automatically if it does not exist.
|
| services.prometheus.exporters.ecoflow.ecoflowDevicesPrettyNamesFile | File must contain one line, example: {"R3300000":"Delta 2","R3400000":"Delta Pro",...}
The key/value map of custom names for your devices
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.bacula-sd.device.<name>.mediaType | The specified name-string names the type of media supported by this
device, for example, DLT7000
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile | Sets the password for WPA-PSK
|
| services.sshguard.blacklist_threshold | Blacklist an attacker when its score exceeds threshold
|
| services.changedetection-io.environmentFile | Securely pass environment variables to changedetection-io
|
| services.mastodon.activeRecordEncryptionDeterministicKeyFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| services.headscale.settings.oidc.client_secret_path | Path to OpenID Connect client secret file
|
| services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration with runner registration
tokens
|
| services.nextcloud-spreed-signaling.settings.clients.internalsecretFile | The path to the file containing the value for clients.internalsecret
|
| services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_id | Path to file that contains Client ID.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords | Sets allowed passwords for WPA3-SAE
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| services.multipath.devices.*.user_friendly_names | If set to "yes", using the bindings file /etc/multipath/bindings
to assign a persistent and unique alias to the multipath, in the
form of mpath
|
| services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_secret | Path to file that contains Client Secret.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth | Authentication to expect from remote
|
| services.nixseparatedebuginfod2.substituters | nix substituter to fetch debuginfo from
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| services.buffyboard.settings.quirks.ignore_unused_terminals | If true, buffyboard won't automatically update the layout of a new terminal and
draw the keyboard, if the terminal is not opened by any process
|