| services.firewalld.services.<name>.destination | Destinations for the service.
|
| services.firewalld.services.<name>.description | Description for the service.
|
| services.github-runners.<name>.serviceOverrides | Modify the systemd service
|
| fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformee | HE single user beamformee support
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformer | HE single user beamformer support
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| networking.jool.nat64.<name>.global.pool6 | The prefix used for embedding IPv4 into IPv6 addresses
|
| services.limesurvey.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.limesurvey.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytes | Byte range from which to choose a random value to subtract from
rekey_bytes
|
| services.namecoind.extraNodes | List of additional peer IP addresses to connect to.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.alias | Alias directory for requests.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.index | Adds index directive.
|
| services.fedimintd.<name>.consensus.finalityDelay | Consensus peg-in finality delay.
|
| systemd.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.hostapd.radios.<name>.wifi7.singleUserBeamformee | EHT single user beamformee support
|
| services.hostapd.radios.<name>.wifi7.singleUserBeamformer | EHT single user beamformer support
|
| services.invoiceplane.sites.<name>.settings | Structural InvoicePlane configuration
|
| systemd.user.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.sockets.<name>.requisite | Similar to requires
|
| systemd.user.targets.<name>.requisite | Similar to requires
|
| services.zeronsd.servedNetworks.<name>.settings.wildcard | Whether to serve a wildcard record for ZeroTier Nodes.
|
| services.blockbook-frontend.<name>.extraConfig | Additional configurations to be appended to coin.conf
|
| virtualisation.libvirtd.firewallBackend | The backend used to setup virtual network firewall rules.
|
| systemd.shutdownRamfs.contents.<name>.text | Text of the file.
|
| services.kanidm.provision.systems.oauth2.<name>.originLanding | When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.
|
| services.keepalived.vrrpInstances.<name>.virtualIps | Declarative vhost config
|
| services.dolibarr.h2o.serverName | Server name to be used for this virtual host
|
| services.buildkite-agents.<name>.runtimePackages | Add programs to the buildkite-agent environment
|
| services.botamusique.settings.bot.username | Name the bot should appear with.
|
| services.gitea.appName | Application name.
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter_config.clientSecretFile | A file containing a the client secret for an openid_connect adapter
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.limesurvey.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.limesurvey.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts | List of local traffic selectors to include in CHILD_SA
|
| systemd.user.services.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.angrr.settings.temporary-root-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.fedimintd.<name>.nginx.config.sslCertificate | Path to server SSL certificate.
|
| systemd.network.networks.<name>.enable | Whether to manage network configuration using systemd-network
|
| systemd.network.networks.<name>.tunnel | A list of tunnel interfaces to be added to the network section of the
unit
|
| systemd.network.networks.<name>.bridge | A list of bridge interfaces to be added to the network section of the
unit
|
| services.znc.confOptions.networks.<name>.hasBitlbeeControlChannel | Whether to add the special Bitlbee operations channel.
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.retention | The duration in seconds for which the bucket will retain data (0 is infinite).
|
| services.jirafeau.nginxConfig.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| programs.tsmClient.servers.<name>.tcpport | TCP port of the IBM TSM server
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.autorandr.profiles.<name>.hooks.postswitch | Postswitch hook executed after mode switch.
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| services.limesurvey.nginx.virtualHost.locations.<name>.tryFiles | Adds try_files directive.
|
| services.jibri.xmppEnvironments.<name>.control.login.domain | The domain part of the JID for this Jibri instance.
|
| systemd.user.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96 | HMAC-SHA-256 is used with 128-bit truncation with IPsec
|
| systemd.network.networks.<name>.domains | A list of domains to pass to the network config.
|
| services.jibri.xmppEnvironments.<name>.xmppServerHosts | Hostnames of the XMPP servers to connect to.
|
| services.sanoid.datasets.<name>.use_template | Names of the templates to use for this dataset.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords | Sets allowed passwords for WPA3-SAE
|
| services.simplesamlphp.<name>.configDir | Path to the SimpleSAMLphp config directory.
|
| services.keepalived.vrrpInstances.<name>.extraConfig | Extra lines to be added verbatim to the vrrp_instance section.
|
| systemd.sockets.<name>.requisite | Similar to requires
|
| systemd.targets.<name>.requisite | Similar to requires
|
| systemd.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| services.angrr.settings.temporary-root-policies.<name>.period | Retention period for the GC roots matched by this policy.
|
| services.angrr.settings.temporary-root-policies.<name>.path-regex | Regex pattern to match the GC root path.
|
| services.coder.database.username | Username for accessing the database.
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| systemd.network.networks.<name>.bridgeMDBs | A list of BridgeMDB sections to be added to the unit
|
| systemd.network.networks.<name>.bridgeFDBs | A list of BridgeFDB sections to be added to the unit
|
| services.dawarich.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process.
If left empty, all job classes will be executed by this process.
|
| services.datadog-agent.hostname | The hostname to show in the Datadog dashboard (optional)
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.root | Root directory for requests.
|
| services.ghostunnel.servers.<name>.extraArguments | Extra arguments to pass to ghostunnel server
|
| services.vdirsyncer.jobs.<name>.additionalGroups | additional groups to add the dynamic user to
|
| systemd.network.netdevs.<name>.vxlanConfig | Each attribute in this set specifies an option in the
[VXLAN] section of the unit
|
| boot.loader.grub.users.<name>.hashedPasswordFile | Specifies the path to a file containing the password hash
for the account, generated with grub-mkpasswd-pbkdf2
|
| security.apparmor.policies.<name>.path | A path of a profile file to include
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity | Timeout before closing CHILD_SA after inactivity
|
| services.postfixadmin.database.dbname | Name of the postgresql database
|
| networking.interfaces.<name>.useDHCP | Whether this interface should be configured with DHCP
|
| services.angrr.settings.temporary-root-policies.<name>.filter | External filter program to further filter GC roots matched by this policy.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| services.kanidm.provision.systems.oauth2.<name>.enableLegacyCrypto | Enable legacy crypto on this client
|
| services.bookstack.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes | Maximum bytes processed before CHILD_SA gets closed
|
| services.borgbackup.jobs.<name>.compression | Compression method to use
|
| systemd.network.netdevs.<name>.vrfConfig | Each attribute in this set specifies an option in the
[VRF] section of the unit
|
| boot.initrd.luks.devices.<name>.allowDiscards | Whether to allow TRIM requests to the underlying device
|
| services.wstunnel.servers.<name>.tlsCertificate | TLS certificate to use instead of the hardcoded one in case of HTTPS connections
|
| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| services.github-runners.<name>.extraEnvironment | Extra environment variables to set for the runner, as an attrset.
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation | Certificate revocation policy for CRL or OCSP revocation.
- A
strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.- The default revocation policy
relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad
|
| services.wyoming.faster-whisper.servers.<name>.initialPrompt | Optional text to provide as a prompt for the first window
|