| containers.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| services.maubot.settings.homeservers.<name>.url | Client-server API URL
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid | If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.
|
| systemd.services.<name>.notSocketActivated | If set, a changed unit is never assumed to be
socket-activated on configuration switch, even if
it might have associated socket units
|
| services.radicle.ci.broker.settings.adapters.<name>.command | Adapter command to run.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess | Hostaccess variable to pass to updown script
|
| services.woodpecker-agents.agents.<name>.extraGroups | Additional groups for the systemd service.
|
| services.printing.cups-pdf.instances.<name>.settings.Spool | spool directory
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| services.radicle.httpd.nginx.serverName | Name of this virtual host
|
| services.gitlab-runner.services.<name>.preGetSourcesScript | Runner-specific command script executed before code is pulled.
|
| services.fediwall.nginx.serverName | Name of this virtual host
|
| services.librenms.nginx.serverName | Name of this virtual host
|
| services.kanboard.nginx.serverName | Name of this virtual host
|
| services.dolibarr.nginx.serverName | Name of this virtual host
|
| services.agorakit.nginx.serverName | Name of this virtual host
|
| services.mainsail.nginx.serverName | Name of this virtual host
|
| services.pixelfed.nginx.serverName | Name of this virtual host
|
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| systemd.network.netdevs.<name>.wireguardConfig | Each attribute in this set specifies an option in the
[WireGuard] section of the unit
|
| services.rke2.autoDeployCharts.<name>.targetNamespace | The namespace in which the Helm chart gets installed.
|
| services.rke2.autoDeployCharts.<name>.createNamespace | Whether to create the target namespace if not present.
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.kanidm.provision.systems.oauth2.<name>.present | Whether to ensure that this oauth2 resource server is present or absent.
|
| services.slurm.partitionName | Name by which the partition may be referenced
|
| services.i2pd.proto.http.hostname | Expected hostname for WebUI.
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| systemd.user.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.anuko-time-tracker.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.wyoming.faster-whisper.servers.<name>.language | The language used to to parse words and sentences.
|
| services.authelia.instances.<name>.settings.log.format | Format the logs are written as.
|
| services.invoiceplane.sites.<name>.stateDir | This directory is used for uploads of attachments and cache
|
| systemd.network.networks.<name>.tokenBucketFilterConfig | Each attribute in this set specifies an option in the
[TokenBucketFilter] section of the unit
|
| systemd.network.networks.<name>.heavyHitterFilterConfig | Each attribute in this set specifies an option in the
[HeavyHitterFilter] section of the unit
|
| services.mpdscribble.endpoints.<name>.url | The url endpoint where the scrobble API is listening.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.nginx.virtualHosts.<name>.listenAddresses | Listen addresses for this virtual host
|
| virtualisation.kvmgt.vgpus.<name>.uuid | UUID(s) of VGPU device
|
| services.gitlab-runner.services.<name>.runUntagged | Register to run untagged builds; defaults to
true when tagList is empty
|
| services.autosuspend.wakeups.<name>.enabled | Whether to enable this wake-up check.
|
| services.consul-template.instances.<name>.package | The consul-template package to use.
|
| services.nginx.virtualHosts.<name>.sslCertificate | Path to server SSL certificate.
|
| services.logrotate.settings.<name>.priority | Order of this logrotate block in relation to the others
|
| services.stash.username | Username for login.
|
| services.fcgiwrap.instances.<name>.process.prefork | Number of processes to prefork.
|
| services.honk.host | The host name or IP address the server should listen to.
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.wordpress.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| services.wstunnel.clients.<name>.upgradePathPrefix | Use a specific HTTP path prefix that will show up in the upgrade
request to the wstunnel server
|
| services.keepalived.vrrpScripts.<name>.interval | Seconds between script invocations.
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_MONTHLY | Limits for timeline cleanup.
|
| services.zeronsd.servedNetworks.<name>.settings.domain | Domain under which ZeroTier records will be available.
|
| programs.uwsm.waylandCompositors.<name>.extraArgs | Extra command-line arguments pass to to the compsitor.
|
| services.networkd-dispatcher.rules.<name>.script | Shell commands executed on specified operational states.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time | Maximum lifetime before CHILD_SA gets closed
|
| virtualisation.fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| services.easytier.instances.<name>.settings.peers | Peers to connect initially
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.matrix-synapse.workers.<name>.worker_app | Type of this worker
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.retention | The duration in seconds for which the bucket will retain data (0 is infinite).
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| services.drupal.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| services.radicle.httpd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| containers.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.postfix.settings.master.<name>.privileged | |
| services.taskserver.fqdn | The fully qualified domain name of this server, which is also used
as the common name in the certificates.
|
| services.vault-agent.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| security.wrappers.<name>.permissions | The permissions of the wrapper program
|
| services.gitlab-runner.services.<name>.postGetSourcesScript | Runner-specific command script executed after code is pulled.
|
| services.borgbackup.repos.<name>.allowSubRepos | Allow clients to create repositories in subdirectories of the
specified path
|
| services.strongswan-swanctl.swanctl.authorities.<name>.module | Optional PKCS#11 module name.
|
| services.jirafeau.nginxConfig.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.jirafeau.nginxConfig.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.monica.hostname | The hostname to serve monica on.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytes | Byte range from which to choose a random value to subtract from
rekey_bytes
|
| services.bookstack.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| systemd.slices.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.timers.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.timers.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.slices.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.services.<name>.confinement.enable | If set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
|
| services.roundcube.database.username | Username for the postgresql connection
|
| services.cloudflared.tunnels.<name>.ingress | Ingress rules
|
| services.cloudflared.tunnels.<name>.default | Catch-all service if no ingress matches
|
| services.mosquitto.bridges.<name>.addresses.*.port | Port of the remote MQTT broker.
|