| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| services.nextcloud-spreed-signaling.settings.stats.allowed_ips | List of IP addresses that are allowed to access the debug, stats and metrics endpoints
|
| services.headscale.settings.oidc.allowed_domains | Allowed principal domains. if an authenticated user's domain
is not in this list authentication request will be rejected.
|
| services.nextcloud-spreed-signaling.settings.sessions.blockkeyFile | The path to the file containing the value for sessions.blockkey
|
| services.nextcloud.settings.mail_smtpsecure | This depends on mail_smtpmode
|
| services.postfix.settings.main.mynetworks_style | The method used for generating the default value for mynetworks, if that option is unset.
https://www.postfix.org/postconf.5.html#mynetworks_style
|
| services.filebeat.settings.output.elasticsearch.hosts | The list of Elasticsearch nodes to connect to
|
| services.matrix-conduit.settings.global.trusted_servers | Servers trusted with signing server keys.
|
| services.snapserver.settings.tcp.bind_to_address | Address to listen on for snapclient connections.
|
| services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| services.grafana.settings.users.allow_org_create | Set to false to prohibit users from creating new organizations.
|
| virtualisation.xen.store.settings.conflict.burstLimit | Limits applied to domains whose writes cause other domains' transaction
commits to fail
|
| services.wordpress.sites.<name>.extraConfig | Any additional text to be appended to the wp-config.php
configuration file
|
| services.mbpfan.settings.general.polling_interval | The polling interval.
|
| virtualisation.containers.containersConf.settings | containers.conf configuration
|
| services.maubot.settings.server.plugin_base_path | The base path for plugin endpoints
|
| services.matrix-synapse.settings.signing_key_path | Path to the signing key to sign messages with.
|
| services.matrix-synapse.settings.max_image_pixels | Maximum number of pixels that will be thumbnailed
|
| services.matrix-synapse.settings.media_store_path | Directory where uploaded images and attachments are stored.
|
| services.public-inbox.settings.publicinboxmda.spamcheck | If set to spamc, public-inbox-watch(1) will filter spam
using SpamAssassin.
|
| services.grafana.settings.database.client_key_path | The path to the client key
|
| services.grafana.settings.server.static_root_path | Root path for static assets.
|
| services.snapserver.settings.http.bind_to_address | Address to listen on for snapclient connections.
|
| services.openldap.configDir | Use this config directory instead of generating one from the
settings option
|
| nix.checkAllErrors | If enabled, checks the nix.conf parsing for any kind of error
|
| services.tor.settings.VersioningAuthoritativeDirectory | See torrc manual.
|
| services.grafana.settings.users.auto_assign_org | Set to true to automatically add new users to the main organization (id 1)
|
| services.parsedmarc.settings.general.save_aggregate | Save aggregate report data to Elasticsearch and/or Splunk.
|
| services.firezone.server.settingsSecret.LIVE_VIEW_SIGNING_SALT | A file containing a unique base64 encoded secret for the
LIVE_VIEW_SIGNING_SALT
|
| services.swapspace.settings.cache_elasticity | Percentage of cache space considered to be "free"
|
| services.nvme-rs.settings.thresholds.error_threshold | Error count warning threshold
|
| services.grafana.settings.security.admin_password | Default admin password
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints | List of receivers that should be deleted.
|
| services.system76-scheduler.settings.processScheduler.refreshInterval | Process list poll interval, in seconds
|
| services.warpgate.settings.http.sni_certificates.*.key | Path to private key.
|
| services.matrix-synapse.settings.listeners.*.bind_addresses | IP addresses to bind the listener to.
|
| services.grafana.provision.alerting.templates.settings.templates.*.name | Name of the template, must be unique
|
| services.grafana.settings.users.default_language | This setting configures the default UI language, which must be a supported IETF language tag, such as en-US.
|
| services.veilid.settings.core.network.routing_table.bootstrap | Host name of existing well-known Veilid bootstrap servers for the network to connect to.
|
| services.parsedmarc.settings.elasticsearch.password | The password to use when connecting to Elasticsearch,
if required
|
| services.grafana.settings.users.viewers_can_edit | Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to
|
| services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| services.firezone.server.settingsSecret.COOKIE_SIGNING_SALT | A file containing a unique base64 encoded secret for the
COOKIE_SIGNING_SALT
|
| services.grafana.settings.database.isolation_level | Only the MySQL driver supports isolation levels in Grafana
|
| services.postgresql.settings.log_line_prefix | A printf-style string that is output at the beginning of each log line
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.enable | Boost Pipewire client priorities.
|
| services.healthchecks.settings.REGISTRATION_OPEN | A boolean that controls whether site visitors can create new accounts
|
| services.pixelfed.secretFile | A secret file to be sourced for the .env settings
|
| services.kea.dhcp-ddns.configFile | Kea DHCP-DDNS configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/ddns.html
|
| services.easytier.instances.<name>.settings.network_secret | EasyTier network credential used for verification and
encryption
|
| services.matrix-appservice-irc.settings.ircService.passwordEncryptionKeyPath | Location of the key with which IRC passwords are encrypted
for storage
|
| services.kerberos_server.settings.realms.<name>.acl.*.principal | Which principal the rule applies to
|
| services.veilid.settings.core.protected_store.directory | The filesystem directory to store your protected store in.
|
| services.grafana.provision.datasources.settings.datasources | List of datasources to insert/update.
|
| services.hickory-dns.settings.listen_addrs_ipv4 | List of ipv4 addresses on which to listen for DNS queries.
|
| programs.openvpn3.netcfg.settings.systemd_resolved | Whether to use systemd-resolved integration
|
| services.hickory-dns.settings.listen_addrs_ipv6 | List of ipv6 addresses on which to listen for DNS queries.
|
| services.headscale.settings.derp.update_frequency | Frequency to update DERP maps.
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints.*.uid | Unique identifier for the receiver
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| services.grafana.provision.dashboards.settings.providers.*.options.path | Path grafana will watch for dashboards
|
| services.snapserver.settings.stream.bind_to_address | Address to listen on for snapclient connections.
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints.*.orgId | Organization ID, default = 1.
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates | List of alert rule UIDs that should be deleted.
|
| services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| services.grafana.provision.datasources.settings.datasources.*.url | Url of the datasource.
|
| virtualisation.xen.store.settings.conflict.maxHistorySeconds | Limits applied to domains whose writes cause other domains' transaction
commits to fail
|
| services.nextcloud.settings.mail_smtptimeout | This depends on mail_smtpmode
|
| services.discourse.siteSettings | Discourse site settings
|
| services.openssh.settings.KbdInteractiveAuthentication | Specifies whether keyboard-interactive authentication is allowed.
|
| services.headscale.settings.database.postgres.password_file | A file containing the password corresponding to
database.user.
|
| services.grafana.provision.datasources.settings.datasources.*.name | Name of the datasource
|
| services.grafana.provision.datasources.settings.datasources.*.type | Datasource type
|
| services.maubot.settings.plugin_databases.postgres | The connection URL for plugin database
|
| services.matrix-tuwunel.settings.global.allow_federation | Whether this server federates with other servers.
|
| services.matrix-conduit.settings.global.allow_federation | Whether this server federates with other servers.
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.orgId | Organization ID, default = 1.
|
| services.biboumi.settings.realname_from_jid | Whether the realname and username of each biboumi
user will be extracted from their JID
|
| services.system76-scheduler.settings.cfsProfiles.responsive.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| services.headscale.settings.noise.private_key_path | Path to noise private key file, generated automatically if it does not exist.
|
| security.auditd.settings.admin_space_left | This is a numeric value in mebibytes (MiB) that tells the audit daemon when to perform a configurable action because the system is running
low on disk space
|
| services.maubot.settings.plugin_directories | Plugin directory paths
|
| services.filesender.settings.log_facilities | Defines where FileSender logging is sent
|
| services.ergochat.configFile | Path to configuration file
|
| services.radicale.config | Radicale configuration, this will set the service
configuration file
|
| services.kea.ctrl-agent.configFile | Kea Control Agent configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/agent.html
|
| services.grafana.provision.alerting.templates.settings.deleteTemplates.*.name | Name of the template, must be unique
|
| services.nextcloud-spreed-signaling.settings.backend.backendtype | Type of backend configuration
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.nice | Niceness.
|
| services.grafana.settings.database.client_cert_path | The path to the client cert
|
| services.snapserver.settings.tcp-control.bind_to_address | Address to listen on for snapclient connections.
|
| services.grafana.settings.security.disable_gravatar | Set to true to disable the use of Gravatar for user profile images.
|
| services.matrix-tuwunel.settings.global.max_request_size | Max request size in bytes
|
| services.matrix-conduit.settings.global.max_request_size | Max request size in bytes
|
| services.matrix-tuwunel.settings.global.trusted_servers | Servers listed here will be used to gather public keys of other servers
(notary trusted key servers)
|
| programs.openvpn3.log-service.settings.log_dbus_details | Add D-Bus details in log file/syslog
|
| services.system76-scheduler.settings.cfsProfiles.default.wakeup-granularity | sched_wakeup_granularity_ns.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.prio | CPU scheduler priority.
|
| services.grafana.settings.security.allow_embedding | When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses
which will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>
|