| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| services.public-inbox.inboxes.<name>.description | User-visible description for the repository.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies | Whether to install IPsec policies or not
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.host | The hostname.
|
| services.wstunnel.servers.<name>.settings.restrict-to.*.port | The port.
|
| services.xserver.xkb.extraLayouts.<name>.description | A short description of the layout.
|
| networking.supplicant.<name>.bridge | Name of the bridge interface that wpa_supplicant should listen at.
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|
| services.honk.host | The host name or IP address the server should listen to.
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.jitsi-videobridge.xmppConfigs.<name>.userName | User part of the JID.
|
| systemd.targets.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.mailman.ldap.attrMap.username | LDAP-attribute that corresponds to the username-attribute in mailman.
|
| boot.initrd.luks.devices.<name>.yubikey.storage.path | Absolute path of the salt on the unencrypted device with
that device's root directory as "/".
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecn | Whether to copy the ECN (Explicit Congestion Notification) header field
to/from the outer IP header in tunnel mode
|
| services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.mediawiki.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.mediawiki.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.ghostunnel.servers.<name>.unsafeTarget | If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
|
| services.postfix.hostname | Hostname to use
|
| services.firewalld.services.<name>.sourcePorts.*.protocol | |
| services.firewalld.zones.<name>.description | Description for the zone.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.prometheus.exporters.exportarr-prowlarr.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.exportarr-prowlarr.openFirewall is true.
|
| services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.autorandr.profiles.<name>.hooks.preswitch | Preswitch hook executed before mode switch.
|
| services.strongswan-swanctl.swanctl.pools.<name>.p_cscf | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.server | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.subnet | Address or CIDR subnets
StrongSwan default: []
|
| services.jirafeau.nginxConfig.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucJids | JID of the MUC to join
|
| systemd.timers.<name>.requisite | Similar to requires
|
| systemd.slices.<name>.requisite | Similar to requires
|
| services.bookstack.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| systemd.user.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.tailscale.serve.services.<name>.advertised | Whether the service should accept new connections
|
| services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| services.jibri.xmppEnvironments.<name>.xmppDomain | The base XMPP domain.
|
| systemd.user.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.invoiceplane.sites.<name>.database.user | Database user.
|
| containers.<name>.extraVeths.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.description | Optional description for the API token
|
| services.frigate.hostname | Hostname of the nginx vhost to configure
|
| services.netbird.clients.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.netbird.tunnels.<name>.openInternalFirewall | Opens up internal firewall ports for the NetBird's network interface.
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id | PPK identity the PPK belongs to
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority | Optional fixed priority for IPsec policies
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| systemd.network.links.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.invoiceplane.sites.<name>.poolConfig | Options for the InvoicePlane PHP pool
|
| services.hostapd.radios.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the global segment was generated and may dynamically
append global options the generated configuration file
|
| services.dovecot2.mailPlugins.perProtocol.<name>.enable | mail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable
|
| services.dovecot2.mailboxes.<name>.specialUse | Null if no special use flag is set
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.addressDescription | An optional description for resource address, usually a full link to the resource including a schema.
|
| services.invoiceplane.sites.<name>.database.host | Database host address.
|
| services.invoiceplane.sites.<name>.database.port | Database host port.
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.id | Identity the EAP/XAuth secret belongs to
|
| systemd.network.netdevs.<name>.extraConfig | Extra configuration append to unit
|
| services.borgbackup.jobs.<name>.removableDevice | Whether the repo (which must be local) is a removable device.
|
| services.influxdb2.provision.users.<name>.present | Whether to ensure that this user is present or absent.
|
| services.autorandr.profiles.<name>.hooks.predetect | Predetect hook executed before autorandr attempts to run xrandr.
|
| services.davis.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.movim.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.slskd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| services.tor.settings.Nickname | See torrc manual.
|
| systemd.network.netdevs.<name>.tunConfig | Each attribute in this set specifies an option in the
[Tun] section of the unit
|
| systemd.network.networks.<name>.vxlan | A list of vxlan interfaces to be added to the network section of the
unit
|
| systemd.network.netdevs.<name>.tapConfig | Each attribute in this set specifies an option in the
[Tap] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts | List of remote selectors to include in CHILD_SA
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey_time
|
| services.armagetronad.servers.<name>.enable | Whether to enable armagetronad.
|
| services.nextcloud-spreed-signaling.backends.<name>.secretFile | The path to the file containing the value for backends.<name>.secret
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.id | IKE identity the IKE preshared secret belongs to
|
| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| services.kanidm.provision.systems.oauth2.<name>.basicSecretFile | The basic secret to use for this service
|
| services.hostapd.radios.<name>.wifi6.multiUserBeamformer | HE multi user beamformee support
|
| services.beesd.filesystems.<name>.verbosity | Log verbosity (syslog keyword/level).
|
| services.tarsnap.archives.<name>.explicitSymlinks | Whether to follow symlinks specified as archives.
|
| services.anuko-time-tracker.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.znapzend.zetup.<name>.timestampFormat | The timestamp format to use for constructing snapshot names
|
| services.blockbook-frontend.<name>.internal | Internal http server binding [address]:port.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac | If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff),
the entry is available for any station (client) to use
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.gitlab-runner.services.<name>.dockerPrivileged | Give extended privileges to container.
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| systemd.user.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.borgbackup.jobs.<name>.createCommand | Borg command to use for archive creation
|
| services.snipe-it.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|