| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| services.kanidm.provision.systems.oauth2.<name>.basicSecretFile | The basic secret to use for this service
|
| services.hostapd.radios.<name>.wifi6.multiUserBeamformer | HE multi user beamformee support
|
| services.beesd.filesystems.<name>.verbosity | Log verbosity (syslog keyword/level).
|
| services.tarsnap.archives.<name>.explicitSymlinks | Whether to follow symlinks specified as archives.
|
| services.anuko-time-tracker.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.znapzend.zetup.<name>.timestampFormat | The timestamp format to use for constructing snapshot names
|
| services.blockbook-frontend.<name>.internal | Internal http server binding [address]:port.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac | If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff),
the entry is available for any station (client) to use
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.gitlab-runner.services.<name>.dockerPrivileged | Give extended privileges to container.
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| systemd.user.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.borgbackup.jobs.<name>.createCommand | Borg command to use for archive creation
|
| services.snipe-it.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.hostapd.radios.<name>.wifi7.multiUserBeamformer | EHT multi user beamformee support
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| services.gitlab-runner.services.<name>.dockerAllowedServices | Whitelist allowed services.
|
| containers.<name>.extraVeths.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.namecoind.wallet | Wallet file
|
| services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id | Identity the NTLM secret belongs to
|
| systemd.user.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| hardware.sane.brscan5.netDevices.<name>.model | The model of the network device.
|
| services.librenms.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.agorakit.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dolibarr.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.kanboard.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fediwall.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.pixelfed.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.mainsail.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| boot.specialFileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.znapzend.zetup.<name>.destinations | Additional destinations.
|
| services.wordpress.sites.<name>.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.name | Name of the datasource to delete.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode | IPsec Mode to establish CHILD_SA with.
tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,- whereas
transport uses IPsec Transport Mode.
transport_proxy signifying the special Mobile IPv6
Transport Proxy Mode.beet is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.- Both
transport and beet modes are
subject to mode negotiation; tunnel mode is
negotiated if the preferred mode is not available.
pass and drop are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively
|
| services.fedimintd.<name>.environment | Extra Environment variables to pass to the fedimintd.
|
| services.public-inbox.inboxes.<name>.watchheader | If specified, public-inbox-watch(1) will only process
mail containing a matching header.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid | If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.jibri.xmppEnvironments.<name>.control.muc.domain | The domain part of the MUC to connect to for control.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.slot | Optional slot number to access the token.
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| boot.initrd.luks.devices.<name>.gpgCard.encryptedPass | Path to the GPG encrypted passphrase.
|
| services.kanidm.provision.persons.<name>.mailAddresses | Mail addresses
|
| services.syncthing.settings.folders.<name>.devices | The devices this folder should be shared with
|
| services.bookstack.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| containers.<name>.extraVeths.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.klipper.firmwares.<name>.klipperFlashPackage | Path to the built klipper-flash package.
|
| virtualisation.emptyDiskImages.*.driveConfig.name | A name for the drive
|
| security.dhparams.params.<name>.path | The resulting path of the generated Diffie-Hellman parameters
file for other services to reference
|
| services.keepalived.vrrpInstances.<name>.vmacXmitBase | Send/Recv VRRP messages from base interface instead of VMAC interface.
|
| systemd.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| systemd.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| networking.greTunnels.<name>.type | Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess | Hostaccess variable to pass to updown script
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.stargazer.certOrg | The name of the organization responsible for the X.509
certificate's /O name.
|
| services.namecoind.rpc.address | IP address the RPC server will bind to.
|
| systemd.network.netdevs.<name>.l2tpConfig | Each attribute in this set specifies an option in the
[L2TP] section of the unit
|
| systemd.network.netdevs.<name>.wlanConfig | Each attribute in this set specifies an option in the [WLAN] section of the unit
|
| systemd.network.netdevs.<name>.bondConfig | Each attribute in this set specifies an option in the
[Bond] section of the unit
|
| systemd.network.netdevs.<name>.vlanConfig | Each attribute in this set specifies an option in the
[VLAN] section of the unit
|
| systemd.network.netdevs.<name>.xfrmConfig | Each attribute in this set specifies an option in the
[Xfrm] section of the unit
|
| systemd.network.netdevs.<name>.peerConfig | Each attribute in this set specifies an option in the
[Peer] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time | Maximum lifetime before CHILD_SA gets closed
|
| services.icecream.daemon.netName | Network name to connect to
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.nebula.networks.<name>.lighthouses | List of IPs of lighthouse hosts this node should report to and query from
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| security.pam.services | This option defines the PAM services
|
| services.jitsi-videobridge.xmppConfigs.<name>.domain | Domain part of JID of the XMPP user, if it is different from hostName.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.module | Optional PKCS#11 module name.
|
| services.strongswan-swanctl.swanctl.pools.<name>.netmask | Address or CIDR subnets
StrongSwan default: []
|
| hardware.display.outputs.<name>.mode | A video kernel parameter (framebuffer mode) configuration for the specific output:
<xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m][eDd]
See for more information:
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| services.fluidd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.akkoma.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.gancio.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.monica.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.matomo.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|