| services.mastodon.mediaAutoRemove.enable | Automatically remove remote media attachments and preview cards older than the configured amount of days
|
| services.gitlab.backup.uploadOptions | GitLab automatic upload specification
|
| services.btrbk.ioSchedulingClass | IO scheduling class for btrbk (see ionice(1) for a quick description)
|
| services.rosenpass.settings.peers.*.peer | WireGuard public key corresponding to the remote Rosenpass peer.
|
| services.multipath.devices.*.fast_io_fail_tmo | Specify the number of seconds the SCSI layer will wait after a problem has been
detected on a FC remote port before failing I/O to devices on that remote port
|
| services.openssh.settings.GatewayPorts | Specifies whether remote hosts are allowed to connect to
ports forwarded for the client
|
| services.prosody.s2sInsecureDomains | Some servers have invalid or self-signed certificates
|
| services.mirakurun.openFirewall | Open ports in the firewall for Mirakurun.
Exposing Mirakurun to the open internet is generally advised
against
|
| services.i2pd.inTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.buildbot-master.pbPort | The buildmaster will listen on a TCP port of your choosing
for connections from workers
|
| services.i2pd.outTunnels.<name>.destination | Remote endpoint, I2P hostname or b32.i2p address.
|
| services.zfs.autoReplication.followDelete | Remove remote snapshots that don't have a local correspondent.
|
| services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| services.cjdns.authorizedPasswords | Any remote cjdns nodes that offer these passwords on
connection will be allowed to route through this node.
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.mosquitto.bridges.<name>.addresses | Remote endpoints for the bridge.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".socket_dir | Path to the postgres socket directory
|
| services.amule.settings.ExternalConnect.ECPort | TCP port for external connections, like remote control via amule-gui
|
| programs.ssh.forwardX11 | Whether to request X11 forwarding on outgoing connections by default
|
| services.epgstation.openFirewall | Open ports in the firewall for the EPGStation web interface.
Exposing EPGStation to the open internet is generally advised
against
|
| services.rosenpass.settings.peers.*.endpoint | Endpoint of the remote Rosenpass peer.
|
| services.komodo-periphery.disableTerminals | Disable remote shell access through Periphery.
|
| services.mosquitto.bridges.<name>.addresses.*.port | Port of the remote MQTT broker.
|
| services.kubernetes.pki.pkiTrustOnBootstrap | Whether to always trust remote cfssl server upon initial PKI bootstrap.
|
| services.komodo-periphery.disableContainerExec | Disable remote container shell access through Periphery.
|
| services.kapacitor.defaultDatabase.password | The password to connect to the remote InfluxDB server
|
| services.kapacitor.defaultDatabase.username | The username to connect to the remote InfluxDB server
|
| services.transmission.enable | Whether to enable the headless Transmission BitTorrent daemon
|
| services.strongswan-swanctl.swanctl.connections.<name>.unique | Connection uniqueness policy to enforce
|
| services.mosquitto.bridges.<name>.addresses.*.address | Address of the remote MQTT broker.
|
| services.postfix.settings.main.mynetworks | List of trusted remote SMTP clients, that are allowed to relay mail
|
| services.rosenpass.settings.peers.*.public_key | Path to a file containing the public key of the remote Rosenpass peer.
|
| services.postfix.settings.main.smtp_tls_CAfile | File containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates
|
| services.matrix-synapse.settings.presence.enabled | Whether to enable presence tracking
|
| services.akkoma.config.":pleroma".":media_proxy".enabled | Whether to enable proxying of remote media through the instance's proxy.
|
| services.journald.upload.settings.Upload.ServerKeyFile | SSL key in PEM format
|
| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.nullmailer.config.sendtimeout | The time to wait for a remote module listed above to complete sending
a message before killing it and trying again, in seconds
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| services.prometheus.exporters.wireguard.withRemoteIp | Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.
|
| services.prometheus.exporters.restic.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.dependency-track.settings."alpine.database.mode" | Defines the database mode of operation
|
| services.icingaweb2.modules.monitoring.transports.<name>.host | Host for the api or remote transport
|
| services.icingaweb2.modules.monitoring.transports.<name>.path | Path to the socket for local or remote transports
|
| services.icingaweb2.modules.monitoring.transports.<name>.port | Port to connect to for the api or remote transport
|
| services.znapzend.zetup.<name>.destinations.<name>.postsend | Command to run after sending the snapshot to the destination
|
| services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| virtualisation.spiceUSBRedirection.enable | Install the SPICE USB redirection helper with setuid
privileges
|
| services.journald.upload.settings.Upload.TrustedCertificateFile | SSL CA certificate
|
| services.multipath.devices.*.dev_loss_tmo | Specify the number of seconds the SCSI layer will wait after a problem has
been detected on a FC remote port before removing it from the system
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.prometheus.globalConfig.external_labels | The labels to add to any time series or alerts when
communicating with external systems (federation, remote
storage, Alertmanager).
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| services.nextcloud.settings.mail_smtpmode | Which mode to use for sending mail
|
| services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer | Identity under which the peer is registered at the mediation server, that
is, the IKE identity the other end of this connection uses as its local
identity on its connection to the mediation server
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| services.fwupd.extraRemotes | Enables extra remotes in fwupd
|
| services.btrbk.sshAccess | SSH keys that should be able to make or push snapshots on this system remotely with btrbk
|
| services.pgbackrest.repos.<name>.host | Repository host when operating remotely
|
| boot.initrd.network.openvpn.enable | Starts an OpenVPN client during initrd boot
|
| services.pgbackrest.stanzas.<name>.instances.<name>.host | PostgreSQL host for operating remotely.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|