| services.hostapd.radios.<name>.wifi7.multiUserBeamformer | EHT multi user beamformee support
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.logrotate.settings.<name>.frequency | How often to rotate the logs
|
| services.gitlab-runner.services.<name>.dockerAllowedServices | Whitelist allowed services.
|
| containers.<name>.extraVeths.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.namecoind.wallet | Wallet file
|
| services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id | Identity the NTLM secret belongs to
|
| systemd.user.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| hardware.sane.brscan5.netDevices.<name>.model | The model of the network device.
|
| services.librenms.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.agorakit.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dolibarr.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.kanboard.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fediwall.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.pixelfed.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.mainsail.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| services.prometheus.exporters.modemmanager.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.modemmanager.openFirewall is true.
|
| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| boot.specialFileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.znapzend.zetup.<name>.destinations | Additional destinations.
|
| services.wordpress.sites.<name>.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.grafana.provision.datasources.settings.deleteDatasources.*.name | Name of the datasource to delete.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode | IPsec Mode to establish CHILD_SA with.
tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,- whereas
transport uses IPsec Transport Mode.
transport_proxy signifying the special Mobile IPv6
Transport Proxy Mode.beet is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.- Both
transport and beet modes are
subject to mode negotiation; tunnel mode is
negotiated if the preferred mode is not available.
pass and drop are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively
|
| services.fedimintd.<name>.environment | Extra Environment variables to pass to the fedimintd.
|
| services.public-inbox.inboxes.<name>.watchheader | If specified, public-inbox-watch(1) will only process
mail containing a matching header.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid | If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.jibri.xmppEnvironments.<name>.control.muc.domain | The domain part of the MUC to connect to for control.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.slot | Optional slot number to access the token.
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| boot.initrd.luks.devices.<name>.gpgCard.encryptedPass | Path to the GPG encrypted passphrase.
|
| services.kanidm.provision.persons.<name>.mailAddresses | Mail addresses
|
| services.syncthing.settings.folders.<name>.devices | The devices this folder should be shared with
|
| services.bookstack.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| containers.<name>.extraVeths.<name>.hostAddress6 | The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.klipper.firmwares.<name>.klipperFlashPackage | Path to the built klipper-flash package.
|
| virtualisation.emptyDiskImages.*.driveConfig.name | A name for the drive
|
| security.dhparams.params.<name>.path | The resulting path of the generated Diffie-Hellman parameters
file for other services to reference
|
| services.keepalived.vrrpInstances.<name>.vmacXmitBase | Send/Recv VRRP messages from base interface instead of VMAC interface.
|
| systemd.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| systemd.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| networking.greTunnels.<name>.type | Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess | Hostaccess variable to pass to updown script
|
| virtualisation.restrictNetwork | If this option is enabled, the guest will be isolated, i.e. it will
not be able to contact the host and no guest IP packets will be
routed over the host to the outside
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.stargazer.certOrg | The name of the organization responsible for the X.509
certificate's /O name.
|
| services.namecoind.rpc.address | IP address the RPC server will bind to.
|
| systemd.network.netdevs.<name>.l2tpConfig | Each attribute in this set specifies an option in the
[L2TP] section of the unit
|
| systemd.network.netdevs.<name>.wlanConfig | Each attribute in this set specifies an option in the [WLAN] section of the unit
|
| systemd.network.netdevs.<name>.bondConfig | Each attribute in this set specifies an option in the
[Bond] section of the unit
|
| systemd.network.netdevs.<name>.vlanConfig | Each attribute in this set specifies an option in the
[VLAN] section of the unit
|
| systemd.network.netdevs.<name>.xfrmConfig | Each attribute in this set specifies an option in the
[Xfrm] section of the unit
|
| systemd.network.netdevs.<name>.peerConfig | Each attribute in this set specifies an option in the
[Peer] section of the unit
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time | Maximum lifetime before CHILD_SA gets closed
|
| services.icecream.daemon.netName | Network name to connect to
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.nebula.networks.<name>.lighthouses | List of IPs of lighthouse hosts this node should report to and query from
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| security.pam.services | This option defines the PAM services
|
| services.jitsi-videobridge.xmppConfigs.<name>.domain | Domain part of JID of the XMPP user, if it is different from hostName.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.module | Optional PKCS#11 module name.
|
| services.strongswan-swanctl.swanctl.pools.<name>.netmask | Address or CIDR subnets
StrongSwan default: []
|
| hardware.display.outputs.<name>.mode | A video kernel parameter (framebuffer mode) configuration for the specific output:
<xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m][eDd]
See for more information:
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| services.fluidd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.akkoma.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.gancio.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.monica.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.matomo.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| security.acme.certs.<name>.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| services.fedimintd.<name>.nginx.config.listenAddresses | Listen addresses for this virtual host
|
| fileSystems.<name>.fsType | Type of the file system
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy | List of certificate policy OIDs the peer's certificate
must have
|
| services.librenms.hostname | The hostname to serve LibreNMS on.
|
| services.nginx.virtualHosts.<name>.listen.*.extraParameters | Extra parameters of this listen directive.
|
| services.blockbook-frontend.<name>.templateDir | Location of the HTML templates
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| services.znc.user | The name of an existing user account to use to own the ZNC server
process
|
| services.dawarich.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| services.mastodon.sidekiqProcesses.<name>.threads | Number of threads this process should use for executing jobs
|
| services.nextcloud.notify_push.dbname | Database name.
|
| systemd.network.networks.<name>.routes | A list of route sections to be added to the unit
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| networking.greTunnels.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| image.repart.partitions.<name>.storePaths | The store paths to include in the partition.
|