| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| services.snapper.configs.<name>.TIMELINE_LIMIT_QUARTERLY | Limits for timeline cleanup.
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| services.borgbackup.jobs.<name>.compression | Compression method to use
|
| services.matomo.hostname | URL of the host, without https prefix
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa | Whether to set mark_in on the inbound SA
|
| services.mosquitto.bridges.<name>.addresses.*.address | Address of the remote MQTT broker.
|
| systemd.services.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| services.angrr.settings.temporary-root-policies.<name>.period | Retention period for the GC roots matched by this policy.
|
| services.angrr.settings.temporary-root-policies.<name>.path-regex | Regex pattern to match the GC root path.
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| services.jirafeau.nginxConfig.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.vmalert.instances.<name>.settings."notifier.url" | Prometheus Alertmanager URL
|
| services.limesurvey.httpd.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.limesurvey.httpd.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.wstunnel.servers.<name>.tlsCertificate | TLS certificate to use instead of the hardcoded one in case of HTTPS connections
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| users.extraUsers.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| services.gitlab-runner.services.<name>.dockerPrivileged | Give extended privileges to container.
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.borgbackup.jobs.<name>.environment | Environment variables passed to the backup script
|
| fileSystems.<name>.options | Options used to mount the file system
|
| fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.nitter.server.hostname | Hostname of the instance.
|
| services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id | Identity the EAP/XAuth secret belongs to
|
| services.prometheus.exporters.mail.configuration.servers.*.name | Value for label 'configname' which will be added to all metrics.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|
| services.gitlab-runner.services.<name>.dockerAllowedServices | Whitelist allowed services.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.tryFiles | Adds try_files directive.
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| services.gitea-actions-runner.instances.<name>.hostPackages | List of packages, that are available to actions, when the runner is configured
with a host execution label.
|
| services.jirafeau.nginxConfig.serverName | Name of this virtual host
|
| services.jibri.xmppEnvironments.<name>.control.login.domain | The domain part of the JID for this Jibri instance.
|
| services.blockbook-frontend.<name>.extraCmdLineOptions | Extra command line options to pass to Blockbook
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| services.fedimintd.<name>.nginx.config.sslCertificateKey | Path to server SSL certificate key.
|
| systemd.network.networks.<name>.controlledDelayConfig | Each attribute in this set specifies an option in the
[ControlledDelay] section of the unit
|
| services.angrr.settings.temporary-root-policies.<name>.filter | External filter program to further filter GC roots matched by this policy.
|
| services.tailscale.serve.services.<name>.advertised | Whether the service should accept new connections
|
| services.borgbackup.jobs.<name>.persistentTimer | Set the Persistent option for the
systemd.timer(5)
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_time | Time to schedule CHILD_SA rekeying
|
| services.printing.cups-pdf.instances.<name>.settings | Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package
|
| services.jibri.xmppEnvironments.<name>.usageTimeout | The duration that the Jibri session can be
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.radicle.ci.adapters.native.instances.<name>.settings.state | Directory where per-run directories are stored.
|
| services.mautrix-meta.instances.<name>.registerToSynapse | Whether to add registration file to services.matrix-synapse.settings.app_service_config_files and
make Synapse wait for registration service.
|
| services.kanidm.provision.systems.oauth2.<name>.originLanding | When redirecting from the Kanidm Apps Listing page, some linked applications may need to land on a specific page to trigger oauth2/oidc interactions.
|
| users.mysql.pam.logging.table | The name of the table to which logs are written.
|
| services.limesurvey.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.zeronsd.servedNetworks.<name>.settings.log_level | Log Level.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets | Maximum number of packets processed before CHILD_SA gets closed
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| services.armagetronad.servers.<name>.package | The armagetronad-dedicated package to use
|
| systemd.network.networks.<name>.stochasticFairBlueConfig | Each attribute in this set specifies an option in the
[StochasticFairBlue] section of the unit
|
| services.cloudflared.tunnels.<name>.originRequest.caPool | Path to the certificate authority (CA) for the certificate of your origin
|
| services.buildkite-agents | Attribute set of buildkite agents
|
| services.bookstack.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.bepasty.servers.<name>.defaultPermissions | default permissions for all unauthenticated accesses.
|
| fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| services.kmonad.keyboards.<name>.defcfg.fallthrough | Whether to enable re-emitting unhandled key events.
|
| services.prometheus.scrapeConfigs.*.job_name | The job name assigned to scraped metrics by default.
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| services.mastodon.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class
|
| services.keepalived.vrrpInstances.<name>.trackScripts | List of script names to invoke for health tracking.
|
| services.mediawiki.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret | Value of decryption passphrase for ECDSA key.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.root | Root directory for requests.
|
| services.printing.cups-pdf.instances.<name>.settings.Anonuser | User for anonymous PDF creation
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| services.simplesamlphp.<name>.authSources | Auth sources options used by SimpleSAMLphp.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding | Pads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality
|
| services.evremap.settings.phys | The physical device name to listen on
|
| services.spiped.config.<name>.disableReresolution | Disable target address re-resolution.
|
| services.jibri.xmppEnvironments.<name>.call.login.passwordFile | File containing the password for the user.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceSingleHopMode | See torrc manual.
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.kanidm.provision.systems.oauth2.<name>.enableLegacyCrypto | Enable legacy crypto on this client
|
| virtualisation.fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.simplesamlphp.<name>.localDomain | The domain serving your SimpleSAMLphp instance
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.addr | IP address, optionally with a netmask: IPADDR[/MASK]
|
| services.sftpgo.user | User account name under which SFTPGo runs.
|
| services.keycloak.themes | Additional theme packages for Keycloak
|
| services.tor.relay.onionServices.<name>.authorizedClients | Authorized clients for a v3 onion service,
as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
See torrc manual.
|
| services.nextcloud-spreed-signaling.backends.<name>.urls | List of URLs of the Nextcloud instance
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret | Value of decryption passphrase for PKCS#8 key.
|
| services.monero.rpc.user | User name for RPC connections.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| services.wstunnel.servers.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.wstunnel.clients.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.tt-rss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.postgresqlWalReceiver.receivers.<name>.connection | Specifies parameters used to connect to the server, as a connection string
|