| services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| services.grafana.settings.security.allow_embedding | When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses
which will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>
|
| services.matrix-tuwunel.settings.global.max_request_size | Max request size in bytes
|
| services.matrix-conduit.settings.global.max_request_size | Max request size in bytes
|
| services.snapserver.settings.tcp-control.bind_to_address | Address to listen on for snapclient connections.
|
| services.grafana.provision.datasources.settings.datasources.*.access | Access mode. proxy or direct (Server or Browser in the UI)
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.orgId | Organization ID of the datasource to delete.
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.name | Name of the datasource to delete.
|
| services.tlsrpt.reportd.settings.organization_name | Name of the organization sending out the reports.
|
| services.omnom.settings.smtp.connection_timeout | Connection timeout duration in seconds.
|
| services.headscale.settings.derp.server.private_key_path | Path to derp private key file, generated automatically if it does not exist.
|
| services.nextcloud.settings.mail_smtptimeout | This depends on mail_smtpmode
|
| services.nipap.settings.auth.auth_cache_timeout | Seconds to store cached auth entries for.
|
| security.apparmor.killUnconfinedConfinables | Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes)
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_admin | Enable the built-in web admin for this interface binding.
|
| services.matrix-conduit.settings.global.database_backend | The database backend for the service
|
| services.nvme-rs.settings.email.smtp_password_file | File containing SMTP password
|
| services.omnom.settings.smtp.tls_allow_insecure | Whether to enable Whether to allow insecure TLS..
|
| services.matrix-conduit.settings.global.allow_encryption | Whether new encrypted rooms can be created
|
| services.matrix-tuwunel.settings.global.allow_encryption | Whether new encrypted rooms can be created
|
| services.openssh.settings.KbdInteractiveAuthentication | Specifies whether keyboard-interactive authentication is allowed.
|
| services.searx.faviconsSettings | Favicons settings for SearXNG.
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| security.auditd.settings.admin_space_left | This is a numeric value in mebibytes (MiB) that tells the audit daemon when to perform a configurable action because the system is running
low on disk space
|
| services.biboumi.settings.realname_from_jid | Whether the realname and username of each biboumi
user will be extracted from their JID
|
| services.filesender.settings.log_facilities | Defines where FileSender logging is sent
|
| services.headscale.settings.database.sqlite.write_ahead_log | Enable WAL mode for SQLite
|
| services.matrix-continuwuity.settings.global.database_path | Path to the continuwuity database, the directory where continuwuity will save its data
|
| services.maubot.settings.plugin_directories | Plugin directory paths
|
| services.snipe-it.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.tags | Tags to add to ntfy.sh messages
|
| services.grafana.settings.security.cookie_samesite | Sets the SameSite cookie attribute and prevents the browser from sending this cookie along with cross-site requests
|
| services.maubot.settings.plugin_directories.load | The directories from which plugins should be loaded
|
| services.grafana.provision.datasources.settings.datasources.*.editable | Allow users to edit datasources from the UI.
|
| services.swapspace.settings.buffer_elasticity | Percentage of buffer space considered to be "free"
|
| services.public-inbox.settings.publicinboxwatch.watchspam | If set, mail in this maildir will be trained as spam and
deleted from all watched inboxes
|
| services.mediagoblin.settings.mediagoblin.email_debug_mode | Disable email debug mode to start sending outgoing mails
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.tags.*.tag | The tag to add
|
| services.prometheus.exporters.fritz.settings.devices.*.password_file | Path to a file which contains the password to authenticate with the target device
|
| services.nezha-agent.settings.disable_send_query | Disable sending TCP/ICMP/HTTP requests.
|
| services.postfix.settings.main.message_size_limit | Maximum size of an email message in bytes.
https://www.postfix.org/postconf.5.html#message_size_limit
|
| services.mpd.settings.playlist_directory | The directory where MPD stores playlists
|
| services.public-inbox.settings.publicinboxwatch.spamcheck | If set to spamc, public-inbox-watch(1) will filter spam
using SpamAssassin.
|
| programs.ryzen-monitor-ng.enable | Whether to enable ryzen_monitor_ng, a userspace application for setting and getting Ryzen SMU (System Management Unit) parameters via the ryzen_smu kernel driver
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.enable | Boost foreground process priorities.
(And de-boost background ones)
|
| services.maubot.settings.plugin_directories.upload | The directory where uploaded new plugins should be stored.
|
| services.snapserver.settings.tcp-streaming.bind_to_address | Address to listen on for snapclient connections.
|
| services.matrix-tuwunel.settings.global.unix_socket_perms | The default permissions (in octal) to create the UNIX socket with.
|
| services.maubot.settings.plugin_directories.trash | The directory where old plugin versions and conflicting plugins should be moved
|
| services.matrix-tuwunel.settings.global.unix_socket_path | Listen on a UNIX socket at the specified path
|
| services.etebase-server.settings.allowed_hosts.allowed_host1 | The main host that is allowed access.
|
| services.system76-scheduler.settings.cfsProfiles.responsive.wakeup-granularity | sched_wakeup_granularity_ns.
|
| services.grafana.settings.security.x_xss_protection | Set to true to enable the X-XSS-Protection header,
which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Note: this is the default in Grafana, it's turned off here
since it's recommended to not use this header anymore.
|
| services.nextcloud.settings.mail_from_address | FROM address that overrides the built-in sharing-noreply and lostpassword-noreply FROM addresses
|
| services.dendrite.settings.mscs.database.connection_string | Database for exerimental MSC's.
|
| services.warpgate.settings.ssh.inactivity_timeout | How long can user be inactive until Warpgate terminates the connection.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".socket_dir | Path to the postgres socket directory
|
| services.xray.enable | Whether to run xray server
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_client | Enable the built-in web client for this interface binding.
|
| services.nvme-rs.settings.check_interval_secs | Check interval in seconds
|
| services.nextcloud.settings.skeletondirectory | The directory where the skeleton files are located
|
| services.warpgate.settings.ssh.keepalive_interval | If nothing is received from the client for this amount of time, server will send a keepalive message.
|
| services.monica.nginx | With this option, you can customize the nginx virtualHost settings.
|
| security.agnos.settings.accounts.*.private_key_path | Path of the PEM-encoded private key for this account
|
| services.livekit.ingress.settings.rtc_config.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| virtualisation.xen.store.settings.conflict.rateLimitIsAggregate | If the conflict.rateLimitIsAggregate option is true, then after each
tick one point of conflict-credit is given to just one domain: the
one at the front of the queue
|
| services.listmonk.database.settings."privacy.domain_blocklist" | E-mail addresses with these domains are disallowed from subscribing.
|
| services.zitadel.extraSettingsPaths | A list of paths to extra settings files
|
| services.stash.settings.preview_exclude_end | Duration of start of video to exclude when generating previews
|
| services.stash.settings.gallery_cover_regex | Regex used to identify images as gallery covers
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.nice | Niceness.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.nice | Niceness.
|
| services.libeufin.bank.settings.libeufin-bank.SUGGESTED_WITHDRAWAL_EXCHANGE | Exchange that is suggested to wallets when withdrawing
|
| services.nextcloud.settings.mail_sendmailmode | For smtp, the sendmail binary is started with the parameter -bs: Use the SMTP protocol on standard input and output
|
| services.grafana.provision.datasources.settings.datasources.*.secureJsonData | Datasource specific secure configuration
|
| services.grafana.settings.database.conn_max_lifetime | Sets the maximum amount of time a connection may be reused
|
| services.grafana.settings.users.auto_assign_org_id | Set this value to automatically add new users to the provided org
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.prio | CPU scheduler priority.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.prio | CPU scheduler priority.
|
| services.livekit.ingress.settings.rtc_config.port_range_start | Start of UDP port range for WebRTC
|
| services.minio.configDir | The config directory, for the access keys and other settings.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.ioPrio | IO scheduler priority.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.ioPrio | IO scheduler priority.
|
| services.firezone.server.settingsSecret.COOKIE_ENCRYPTION_SALT | A file containing a unique base64 encoded secret for the
COOKIE_ENCRYPTION_SALT
|
| services.buffyboard.configFile | Path to an INI format configuration file to provide Buffyboard
|
| services.mollysocket.settings.allowed_endpoints | List of UnifiedPush servers
|
| services.headscale.settings.oidc.strip_email_domain | Whether the domain part of the email address should be removed when generating namespaces.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.class | CPU scheduler class.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.class | CPU scheduler class.
|
| services.nextcloud.settings.overwriteprotocol | Force Nextcloud to always use HTTP or HTTPS i.e. for link generation
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.topic | Note: when using ntfy.sh and other public instances
it is recommended to set this option to an empty string and set the actual topic via
services.prometheus.alertmanager-ntfy.extraConfigFiles since
the topic in ntfy.sh is essentially a password
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.ioClass | IO scheduler class.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.ioClass | IO scheduler class.
|
| services.stash.settings.sequential_scanning | Modifies behaviour of the scanning functionality to generate support files (previews/sprites/phash) at the same time as fingerprinting/screenshotting
|
| services.crab-hole.settings.blocklist.include_subdomains | Whether to enable Include subdomains.
|
| services.cgit.<name>.repos | cgit repository settings, see cgitrc(5)
|
| services.headscale.settings.oidc.client_secret_path | Path to OpenID Connect client secret file
|
| services.mobilizon.settings.":mobilizon".":instance".email_reply_to | The email for the Reply-To: header in emails
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.priority | The ntfy.sh message priority (see https://docs.ntfy.sh/publish/#message-priority for more information)
|
| services.matrix-synapse.settings.turn_shared_secret | The shared secret used to compute passwords for the TURN server
|