| services.dovecot2.mailboxes.<name>.autoexpunge | To automatically remove all email from the mailbox which is older than the
specified time.
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeout | Timeout after which an idle keepalive connection can be discarded.
|
| fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|
| environment.etc.<name>.uid | UID of created file
|
| environment.etc.<name>.gid | GID of created file
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.mautrix-telegram.environmentFile | File containing environment variables to be passed to the mautrix-telegram service,
in which secret tokens can be specified securely by defining values for e.g.
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN,
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN,
MAUTRIX_TELEGRAM_TELEGRAM_API_ID,
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH and optionally
MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.mailaddress | Your email address (at the moment used as login name)
|
| services.cloudflared.tunnels.<name>.originRequest.proxyAddress | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| services.rspamd.locals | Local configuration files, written into /etc/rspamd/local.d/{name}.
|
| users.extraUsers.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytes | Number of bytes processed before initiating CHILD_SA rekeying
|
| services.microsocks.authUsername | Optional username to use for authentication.
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.davis.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.davis.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.movim.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.slskd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.slskd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| systemd.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| systemd.network.networks.<name>.deficitRoundRobinSchedulerConfig | Each attribute in this set specifies an option in the
[DeficitRoundRobinScheduler] section of the unit
|
| services.prometheus.scrapeConfigs.*.dns_sd_configs.*.names | A list of DNS SRV record names to be queried.
|
| services.wyoming.faster-whisper.servers.<name>.useTransformers | Whether to provide the dependencies to allow using transformer models.
|
| services.borgbackup.repos.<name>.authorizedKeysAppendOnly | Public SSH keys that can only be used to append new data (archives) to the repository
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| systemd.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.hddfancontrol.settings.<drive-bay-name>.disks | Drive(s) to get temperature from
Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives
|
| systemd.user.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| services.kismet.serverName | The name of the server.
|
| systemd.user.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.units.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| security.wrappers.<name>.enable | Whether to enable the wrapper.
|
| systemd.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.nspawn.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.snipe-it.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.snipe-it.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_in | Netfilter mark applied to packets after the inbound IPsec SA processed
them
|
| security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| users.extraUsers.<name>.isSystemUser | Indicates if the user is a system user or not
|
| services.angrr.settings.temporary-root-policies.<name>.filter.arguments | Extra command-line arguments pass to the external filter program.
|
| services.tt-rss.virtualHost | Name of the nginx virtualhost to use and setup
|
| systemd.user.units.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.taskserver.organisations.<name>.users | A list of user names that belong to the organization.
|
| systemd.user.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.buildkite-agents | Attribute set of buildkite agents
|
| services.sanoid.datasets.<name>.pruning_script | Script to run after pruning snapshot.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.slot | Optional slot number of the token that stores the certificate.
|
| networking.fooOverUDP.<name>.local | Local address (and optionally device) to bind to using the given port.
|
| services.librenms.user | Name of the LibreNMS user.
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes | List of path prefixes to ignore
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action | Action to perform after a CHILD_SA gets closed by the peer.
- The default of
none does not take any action,
trap installs a trap policy for the CHILD_SA.start tries to re-create the CHILD_SA.
close_action does not provide any guarantee that the
CHILD_SA is kept alive
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.replay_window | IPsec replay window to configure for this CHILD_SA
|
| services.selfoss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas | Enable per-CPU CHILD_SAs
|
| services.authelia.instances.<name>.settings.telemetry.metrics.enabled | Enable Metrics.
|
| security.wrappers.<name>.source | The absolute path to the program to be wrapped.
|
| openstack.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| systemd.network.networks.<name>.DHCP | Whether to enable DHCP on the interfaces matched.
|
| networking.jool.nat64 | Definitions of NAT64 instances of Jool
|
| services.borgbackup.jobs.<name>.encryption.passphrase | The passphrase the backups are encrypted with
|
| services.samba.nmbd.enable | Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
service requests
|
| services.minidlna.settings.friendly_name | Name that the server presents to clients.
|
| services.bcg.automaticRenameGenericNodes | Automatically rename generic nodes.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit | See torrc manual.
|
| boot.initrd.luks.devices.<name>.fido2.gracePeriod | Time in seconds to wait for the FIDO2 key.
|
| services.bluesky-pds.environmentFiles | File to load environment variables from
|
| networking.fooOverUDP.<name>.local.address | Local address to bind to
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| security.auditd.plugins.<name>.args | This allows you to pass arguments to the child program
|
| systemd.slices.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.timers.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.gancio.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.gancio.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.akkoma.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.monica.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.matomo.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.monica.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.matomo.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.simplesamlphp.<name>.configureNginx | Configure nginx as a reverse proxy for SimpleSAMLphp.
|
| services.grav.virtualHost | Name of the nginx virtualhost to use and setup
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|