| systemd.network.netdevs.<name>.tunnelConfig | Each attribute in this set specifies an option in the
[Tunnel] section of the unit
|
| systemd.network.netdevs.<name>.netdevConfig | Each attribute in this set specifies an option in the
[Netdev] section of the unit
|
| systemd.network.netdevs.<name>.ipvlanConfig | Each attribute in this set specifies an option in the [IPVLAN] section of the unit
|
| systemd.network.netdevs.<name>.ipvtapConfig | Each attribute in this set specifies an option in the [IPVTAP] section of the unit
|
| services.easytier.instances.<name>.configServer | Configure the instance from config server
|
| services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| boot.initrd.luks.devices.<name>.fido2.credential | The FIDO2 credential ID.
|
| services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| programs.xfs_quota.projects.<name>.path | Project directory.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.syncthing.settings.folders.<name>.devices | The devices this folder should be shared with
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| services.blockbook-frontend.<name>.templateDir | Location of the HTML templates
|
| services.gitlab-runner.services.<name>.dockerPrivileged | Give extended privileges to container.
|
| users.mysql.pam.logging.userColumn | The name of the column in the log table to which the name of the
user being authenticated is stored.
|
| services.jitsi-videobridge.xmppConfigs.<name>.domain | Domain part of JID of the XMPP user, if it is different from hostName.
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter_config.clientSecretFile | A file containing a the client secret for an openid_connect adapter
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.nextcloud.notify_push.dbname | Database name.
|
| fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.firezone.server.provision.accounts.<name>.features.self_hosted_relays | Whether to enable the self_hosted_relays feature for this account.
|
| services.radicle.httpd.nginx.serverName | Name of this virtual host
|
| services.gitea.appName | Application name.
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| systemd.paths.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.gitlab-runner.services.<name>.dockerAllowedServices | Whitelist allowed services.
|
| services.nginx.virtualHosts.<name>.listen.*.extraParameters | Extra parameters of this listen directive.
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.strongswan-swanctl.swanctl.pools.<name>.netmask | Address or CIDR subnets
StrongSwan default: []
|
| boot.initrd.luks.devices.<name>.yubikey.storage.device | An unencrypted device that will temporarily be mounted in stage-1
|
| fileSystems.<name>.label | Label of the device
|
| services.tor.settings.Nickname | See torrc manual.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts | List of local traffic selectors to include in CHILD_SA
|
| services.peertube-runner.instancesToRegister.<name>.url | URL of the PeerTube instance.
|
| services.fluidd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.akkoma.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.gancio.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.monica.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.matomo.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.radicle.ci.adapters.native.instances.<name>.settings | Configuration of radicle-native-ci
|
| services.gitea-actions-runner.instances.<name>.labels | Labels used to map jobs to their runtime environment
|
| services.znc.user | The name of an existing user account to use to own the ZNC server
process
|
| services.dawarich.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| services.mastodon.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| systemd.user.slices.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.user.timers.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96 | HMAC-SHA-256 is used with 128-bit truncation with IPsec
|
| fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.fedimintd.<name>.nginx.config.listenAddresses | Listen addresses for this virtual host
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| systemd.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.shutdownRamfs.contents.<name>.target | Path of the symlink.
|
| services.buildkite-agents.<name>.runtimePackages | Add programs to the buildkite-agent environment
|
| services.fedimintd.<name>.consensus.finalityDelay | Consensus peg-in finality delay.
|
| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| services.authelia.instances.<name>.settings.server.address | The address to listen on.
|
| services.limesurvey.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.limesurvey.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.invoiceplane.sites.<name>.settings | Structural InvoicePlane configuration
|
| services.keepalived.vrrpInstances.<name>.virtualIps | Declarative vhost config
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| image.repart.partitions.<name>.contents | The contents to end up in the filesystem image.
|
| services.pcscd.extendReaderNames | String to append to every reader name
|
| services.neo4j.ssl.policies | Defines the SSL policies for use with Neo4j connectors
|
| services.namecoind.wallet | Wallet file
|
| services.botamusique.settings.bot.username | Name the bot should appear with.
|
| services.blockbook-frontend.<name>.extraConfig | Additional configurations to be appended to coin.conf
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity | Timeout before closing CHILD_SA after inactivity
|
| services.printing.cups-pdf.instances.<name>.settings | Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package
|
| services.limesurvey.nginx.virtualHost.locations.<name>.alias | Alias directory for requests.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.index | Adds index directive.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| services.zeronsd.servedNetworks.<name>.settings.wildcard | Whether to serve a wildcard record for ZeroTier Nodes.
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.radicle.ci.adapters.native.instances.<name>.settings.state | Directory where per-run directories are stored.
|
| systemd.shutdownRamfs.contents.<name>.source | Path of the source file.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes | Maximum bytes processed before CHILD_SA gets closed
|
| services.fediwall.nginx.serverName | Name of this virtual host
|
| services.librenms.nginx.serverName | Name of this virtual host
|
| services.kanboard.nginx.serverName | Name of this virtual host
|
| services.dolibarr.nginx.serverName | Name of this virtual host
|
| services.agorakit.nginx.serverName | Name of this virtual host
|
| services.mainsail.nginx.serverName | Name of this virtual host
|
| services.pixelfed.nginx.serverName | Name of this virtual host
|
| systemd.user.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| systemd.timers.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.slices.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.simplesamlphp.<name>.configDir | Path to the SimpleSAMLphp config directory.
|
| services.angrr.settings.temporary-root-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.fedimintd.<name>.nginx.config.sslCertificate | Path to server SSL certificate.
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation | Certificate revocation policy for CRL or OCSP revocation.
- A
strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.- The default revocation policy
relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad
|