Opens up internal firewall ports for the NetBird's network interface.

Opens up internal firewall ports for the NetBird's network interface.

Whether to enable copying of this file and symlinking it.

The full name of the desktop entry file.

Whether to enable armagetronad.

Source port of the external interface on host

Whether the repo (which must be local) is a removable device.

Whether to ensure that this user is present or absent.

See torrc manual.

Address or CIDR subnets

StrongSwan default: []

Address or CIDR subnets

StrongSwan default: []

Adds a return directive, for e.g. redirections.

Custom headers to send in the upgrade request

The model of the network device.

The model of the network device.

List of names of the systemd-networkd operational states which should trigger the script

The hostname to use when configuring Postfix

An IP address or a network IP address with a mask for IPv4 or IPv6

HE multi user beamformee support

Log verbosity (syslog keyword/level).

Whether to follow symlinks specified as archives.

Client-server API URL

A list of URIs referencing documentation for this unit or its configuration.

In case of connection failures, temporarily disable this server. (See sabnzbd's documentation for usage guides).

XFRM interface ID set on inbound policies/SA

If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets

FastCGI parameters to override

FastCGI parameters to override

FastCGI parameters to override

FastCGI parameters to override

FastCGI parameters to override

The size of the key file

Name to be used as client identity for EHLO in SMTP dialog.

The public key data for the host

Options for the InvoicePlane PHP pool

Whether to enable keys to run shell commands.

File containing password of the RPC user

If the specified units are started, then this unit is stopped and vice versa.

If the specified units are started, then this unit is stopped and vice versa.

Give extended privileges to container.

mail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable

Basic Auth protection for a vhost

These lines go to the end of the location verbatim.

EHT multi user beamformee support

The language used to to parse words and sentences.

Stream URL

DNS full-qualified domain name of a database server

Optional description for the bucket.

Additional destinations.

Include/exclude paths matching the given patterns

Whitelist allowed services.

Time for the container to start

Each attribute in this set specifies an option in the [Tun] section of the unit

A list of vxlan interfaces to be added to the network section of the unit

Each attribute in this set specifies an option in the [Tap] section of the unit

List of filesystem paths to archive.

Extra command line options to pass to Blockbook

This option defines the PAM services

Adds a return directive, for e.g. redirections.

IPsec Mode to establish CHILD_SA with.

• tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,
• whereas transport uses IPsec Transport Mode.
• transport_proxy signifying the special Mobile IPv6 Transport Proxy Mode.
• beet is the Bound End to End Tunnel mixture mode, working with fixed inner addresses without the need to include them in each packet.
• Both transport and beet modes are subject to mode negotiation; tunnel mode is negotiated if the preferred mode is not available.
• pass and drop are used to install shunt policies which explicitly bypass the defined traffic from IPsec processing or drop it, respectively

Permissions granted for the services.syncoid.user user for local target datasets

Optional PKCS#11 module name.

How often to rotate the logs

Whether this is a public client (enforces PKCE, doesn't use a basic secret)

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

Per-user rules for creation, deletion and cleaning of volatile and temporary files automatically

Domain under which ZeroTier records will be available.

UUID of the stratis pool that the fs is located in

This is only relevant if you are using stratis.

Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).

Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS

Specifies the path to a file containing the clear text password for the account

Network name to connect to

Path to the built klipper-flash package.

Extra config for <StorageHints> section.

Listen addresses for this virtual host

If empty string mailaddress value is used

Commands that should be run right after we have mounted our LUKS device.

Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.

DEPRECATED, use driverOptions

By default, nixos will check that programs

Configure unit start rate limiting

An arbitrary list of items such as derivations

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.

Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.

The store paths to include in the partition.

HMAC-SHA-256 is used with 128-bit truncation with IPsec

Timeout before closing CHILD_SA after inactivity

These lines go to the end of the location verbatim.

Set the resolver to use for performing recursive DNS queries

Each attribute in this set specifies an option in the [Match] section of the unit

Send/Recv VRRP messages from base interface instead of VMAC interface.