| services.vdirsyncer.jobs.<name>.additionalGroups | additional groups to add the dynamic user to
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.printing.cups-pdf.instances.<name>.settings | Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation | Certificate revocation policy for CRL or OCSP revocation.
- A
strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.- The default revocation policy
relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad
|
| hardware.sane.brscan5.netDevices.<name>.ip | The ip address of the device
|
| hardware.sane.brscan4.netDevices.<name>.ip | The ip address of the device
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.name | Name of the datasource to delete.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.limesurvey.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.limesurvey.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.limesurvey.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.printing.cups-pdf.instances.<name>.settings.GhostScript | location of GhostScript binary
|
| services.librenms.hostname | The hostname to serve LibreNMS on.
|
| services.jibri.xmppEnvironments.<name>.control.muc.domain | The domain part of the MUC to connect to for control.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.slot | Optional slot number to access the token.
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| services.borgbackup.jobs.<name>.compression | Compression method to use
|
| services.wstunnel.servers.<name>.tlsCertificate | TLS certificate to use instead of the hardcoded one in case of HTTPS connections
|
| services.tor.settings.Nickname | See torrc manual.
|
| programs.ssh.knownHosts.<name>.extraHostNames | A list of additional host names and/or IP numbers used for
accessing the host's ssh service
|
| programs.neovim.runtime.<name>.enable | Whether this runtime directory should be generated
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.brd | The broadcast address on the interface.
|
| services.zeronsd.servedNetworks.<name>.settings.wildcard | Whether to serve a wildcard record for ZeroTier Nodes.
|
| services.hadoop.hdfs.namenode.enable | Whether to enable HDFS NameNode.
|
| boot.initrd.luks.devices.<name>.yubikey.keyLength | Length of the LUKS slot key derived with PBKDF2 in byte.
|
| boot.initrd.luks.devices.<name>.yubikey.twoFactor | Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| services.mediawiki.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.borgbackup.jobs.<name>.environment | Environment variables passed to the backup script
|
| boot.initrd.luks.devices.<name>.keyFileOffset | The offset of the key file
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter_config.clientSecretFile | A file containing a the client secret for an openid_connect adapter
|
| services.snapserver.streams.<name>.location | For type pipe or file, the path to the pipe or file
|
| systemd.user.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.borgbackup.jobs.<name>.persistentTimer | Set the Persistent option for the
systemd.timer(5)
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| networking.jool.nat64 | Definitions of NAT64 instances of Jool
|
| services.namecoind.extraNodes | List of additional peer IP addresses to connect to.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| services.mosquitto.bridges.<name>.addresses.*.address | Address of the remote MQTT broker.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_QUARTERLY | Limits for timeline cleanup.
|
| services.angrr.settings.temporary-root-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.fedimintd.<name>.nginx.config.sslCertificate | Path to server SSL certificate.
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| systemd.user.timers.<name>.requisite | Similar to requires
|
| systemd.user.slices.<name>.requisite | Similar to requires
|
| services.znc.confOptions.networks.<name>.hasBitlbeeControlChannel | Whether to add the special Bitlbee operations channel.
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.klipper.firmwares.<name>.enableKlipperFlash | Whether to enable flashings scripts for firmware
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| systemd.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.jirafeau.nginxConfig.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.vmalert.instances.<name>.settings."notifier.url" | Prometheus Alertmanager URL
|
| services.gitea-actions-runner.instances.<name>.hostPackages | List of packages, that are available to actions, when the runner is configured
with a host execution label.
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out | Netfilter mark and mask for output traffic
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.mautrix-meta.instances.<name>.registerToSynapse | Whether to add registration file to services.matrix-synapse.settings.app_service_config_files and
make Synapse wait for registration service.
|
| networking.greTunnels.<name>.type | Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| services.mastodon.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class
|
| services.mailman.ldap.attrMap.username | LDAP-attribute that corresponds to the username-attribute in mailman.
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| systemd.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.tarsnap.archives.<name>.checkpointBytes | Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| services.xserver.cmt.models | Which models to enable cmt for
|
| services.jibri.xmppEnvironments.<name>.usageTimeout | The duration that the Jibri session can be
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.simplesamlphp.<name>.localDomain | The domain serving your SimpleSAMLphp instance
|
| boot.initrd.luks.devices.<name>.postOpenCommands | Commands that should be run right after we have mounted our LUKS device.
|
| services.nextcloud.notify_push.dbname | Database name.
|
| virtualisation.emptyDiskImages.*.driveConfig.name | A name for the drive
|
| services.armagetronad.servers.<name>.package | The armagetronad-dedicated package to use
|
| services.authelia.instances.<name>.settings.server.address | The address to listen on.
|
| services.angrr.settings.temporary-root-policies.<name>.period | Retention period for the GC roots matched by this policy.
|
| services.angrr.settings.temporary-root-policies.<name>.path-regex | Regex pattern to match the GC root path.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action | Action to perform for this CHILD_SA on DPD timeout
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.simplesamlphp.<name>.authSources | Auth sources options used by SimpleSAMLphp.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| services.fluidd.nginx.serverName | Name of this virtual host
|
| services.akkoma.nginx.serverName | Name of this virtual host
|
| services.gancio.nginx.serverName | Name of this virtual host
|
| services.monica.nginx.serverName | Name of this virtual host
|
| services.matomo.nginx.serverName | Name of this virtual host
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.description | Optional description for the bucket.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|