| services.wstunnel.servers.<name>.tlsCertificate | TLS certificate to use instead of the hardcoded one in case of HTTPS connections
|
| boot.initrd.luks.devices.<name>.yubikey.storage.device | An unencrypted device that will temporarily be mounted in stage-1
|
| networking.wg-quick.interfaces.<name>.type | The type of the interface
|
| boot.binfmt.registrations.<name>.mask | A mask to be ANDed with the byte sequence of the file before matching
|
| containers.<name>.allowedDevices.*.node | Path to device node
|
| services.icecream.daemon.netName | Network name to connect to
|
| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload | Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation
|
| systemd.network.networks.<name>.addresses | A list of address sections to be added to the unit
|
| containers.<name>.interfaces | The list of interfaces to be moved into the container.
|
| services.borgbackup.jobs.<name>.environment | Environment variables passed to the backup script
|
| services.mediawiki.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.mediawiki.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.tailscale.serve.services.<name>.advertised | Whether the service should accept new connections
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|
| services.bookstack.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| boot.initrd.luks.devices.<name>.fallbackToPassword | Whether to fallback to interactive passphrase prompt if the keyfile
cannot be found
|
| services.authelia.instances.<name>.secrets.manual | Configuring authelia's secret files via the secrets attribute set
is intended to be convenient and help catch cases where values are required
to run at all
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa | Whether to set mark_in on the inbound SA
|
| services.strongswan-swanctl.swanctl.pools.<name>.netmask | Address or CIDR subnets
StrongSwan default: []
|
| networking.wg-quick.interfaces.<name>.preDown | Command called before the interface is taken down.
|
| programs.proxychains.proxies.<name>.host | Proxy host or IP address.
|
| programs.xfs_quota.projects.<name>.sizeSoftLimit | Soft limit of the project size
|
| programs.xfs_quota.projects.<name>.sizeHardLimit | Hard limit of the project size.
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| security.pam.services | This option defines the PAM services
|
| networking.wg-quick.interfaces.<name>.peers | Peers linked to the interface.
|
| containers.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| networking.vswitches.<name>.openFlowRules | OpenFlow rules to insert into the Open vSwitch
|
| services.gitea-actions-runner.instances.<name>.hostPackages | List of packages, that are available to actions, when the runner is configured
with a host execution label.
|
| services.fluidd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.akkoma.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.gancio.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.monica.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.matomo.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| services.borgbackup.jobs.<name>.persistentTimer | Set the Persistent option for the
systemd.timer(5)
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
|
| services.jibri.xmppEnvironments.<name>.usageTimeout | The duration that the Jibri session can be
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.mautrix-meta.instances.<name>.registerToSynapse | Whether to add registration file to services.matrix-synapse.settings.app_service_config_files and
make Synapse wait for registration service.
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.nextcloud.notify_push.dbname | Database name.
|
| services.simplesamlphp.<name>.settings | Configuration options used by SimpleSAMLphp
|
| services.limesurvey.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.limesurvey.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| programs.xfs_quota.projects.<name>.fileSystem | XFS filesystem hosting the xfs_quota project.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| networking.supplicant.<name>.extraCmdArgs | Command line arguments to add when executing wpa_supplicant.
|
| services.syncthing.settings.folders.<name>.devices | The devices this folder should be shared with
|
| services.tor.relay.onionServices.<name>.authorizeClient.authType | Either "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
|
| programs.tsmClient.servers.<name>.genPasswd | Whether to enable automatic client password generation
|
| networking.macvlans.<name>.interface | The interface the macvlan will transmit packets through.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_time | Time to schedule CHILD_SA rekeying
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.armagetronad.servers.<name>.package | The armagetronad-dedicated package to use
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.matomo.hostname | URL of the host, without https prefix
|
| openstack.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| services.zeronsd.servedNetworks.<name>.settings.wildcard | Whether to serve a wildcard record for ZeroTier Nodes.
|
| services.fedimintd.<name>.nginx.config.listenAddresses | Listen addresses for this virtual host
|
| services.mastodon.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class
|
| containers.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| services.bepasty.servers.<name>.defaultPermissions | default permissions for all unauthenticated accesses.
|
| systemd.network.networks.<name>.ipv6PREF64Prefixes | A list of IPv6PREF64Prefix sections to be added to the unit
|
| services.pcscd.extendReaderNames | String to append to every reader name
|
| services.angrr.settings.temporary-root-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.fedimintd.<name>.nginx.config.sslCertificate | Path to server SSL certificate.
|
| services.keepalived.vrrpInstances.<name>.trackScripts | List of script names to invoke for health tracking.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets | Maximum number of packets processed before CHILD_SA gets closed
|
| services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id | PPK identity the PPK belongs to
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| networking.wg-quick.interfaces.<name>.postDown | Command called after the interface is taken down.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.spiped.config.<name>.disableReresolution | Disable target address re-resolution.
|
| services.dolibarr.h2o.serverName | Server name to be used for this virtual host
|
| services.radicle.ci.adapters.native.instances.<name>.package | The radicle-native-ci package to use.
|
| services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| services.znc.confOptions.networks.<name>.hasBitlbeeControlChannel | Whether to add the special Bitlbee operations channel.
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.addr | IP address, optionally with a netmask: IPADDR[/MASK]
|
| services.tarsnap.archives.<name>.checkpointBytes | Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value
|
| services.bonsaid.settings.*.event_name | Name of the event which should trigger this transition when received by bonsaid
|
| services.nextcloud-spreed-signaling.backends.<name>.urls | List of URLs of the Nextcloud instance
|
| services.wstunnel.servers.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.wstunnel.clients.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.klipper.firmwares.<name>.enableKlipperFlash | Whether to enable flashings scripts for firmware
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.id | Identity the EAP/XAuth secret belongs to
|
| programs.schroot.profiles.<name>.copyfiles | A list of files to copy into the chroot from the host system.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding | Pads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality
|
| services.limesurvey.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.printing.cups-pdf.instances.<name>.settings.GhostScript | location of GhostScript binary
|
| services.kanidm.provision.systems.oauth2.<name>.basicSecretFile | The basic secret to use for this service
|
| services.keepalived.vrrpInstances.<name>.priority | For electing MASTER, highest priority wins
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|