| services.hadoop.hdfs.namenode.enable | Whether to enable HDFS NameNode.
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| services.mastodon.sidekiqProcesses.<name>.jobClasses | If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret | Value of decryption passphrase for PKCS#8 key.
|
| services.bepasty.servers.<name>.defaultPermissions | default permissions for all unauthenticated accesses.
|
| services.tor.relay.onionServices.<name>.authorizedClients | Authorized clients for a v3 onion service,
as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
See torrc manual.
|
| services.sogo.vhostName | Name of the nginx vhost
|
| services.limesurvey.nginx.virtualHost.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.postfix.hostname | Hostname to use
|
| services.keepalived.vrrpInstances.<name>.trackScripts | List of script names to invoke for health tracking.
|
| fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| services.radicle.httpd.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams | See torrc manual.
|
| services.unpoller.unifi.controllers.*.user | Unifi service user name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding | Pads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality
|
| services.zabbixWeb.nginx.virtualHost.serverName | Name of this virtual host
|
| services.spiped.config.<name>.disableReresolution | Disable target address re-resolution.
|
| services.shorewall.configs | This option defines the Shorewall configs
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.addr | IP address, optionally with a netmask: IPADDR[/MASK]
|
| services.limesurvey.httpd.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.prometheus.exporters.nvidia-gpu.user | User name under which the nvidia-gpu exporter shall be run.
|
| services.tarsnap.archives.<name>.checkpointBytes | Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value
|
| services.sabnzbd.settings.servers.<name>.connections | Number of parallel connections permitted by
the server.
|
| security.dhparams.params | Diffie-Hellman parameters to generate
|
| services.borgbackup.jobs.<name>.encryption.passCommand | A command which prints the passphrase to stdout
|
| services.angrr.settings.profile-policies.<name>.keep-current-system | Whether to keep the current system generation
|
| services.authelia.instances.<name>.secrets.sessionSecretFile | Path to your session secret
|
| services.nextcloud-spreed-signaling.backends.<name>.urls | List of URLs of the Nextcloud instance
|
| services.wordpress.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.prometheus.scrapeConfigs.*.job_name | The job name assigned to scraped metrics by default.
|
| services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| services.wstunnel.servers.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.wstunnel.clients.<name>.websocketPingInterval | Frequency at which the client will send websocket ping to the server.
|
| services.klipper.firmwares.<name>.enableKlipperFlash | Whether to enable flashings scripts for firmware
|
| services.wyoming.faster-whisper.servers.<name>.initialPrompt | Optional text to provide as a prompt for the first window
|
| services.simplesamlphp.<name>.authSources | Auth sources options used by SimpleSAMLphp.
|
| services.frigate.hostname | Hostname of the nginx vhost to configure
|
| networking.wireless.networks.<name>.authProtocols | The list of authentication protocols accepted by this network
|
| services.keepalived.vrrpInstances.<name>.priority | For electing MASTER, highest priority wins
|
| systemd.network.networks.<name>.hierarchyTokenBucketConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucket] section of the unit
|
| services.bacula-sd.autochanger.<name>.changerCommand | The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula
|
| services.firewalld.services.<name>.destination | Destinations for the service.
|
| services.firewalld.services.<name>.description | Description for the service.
|
| services.simplesamlphp.<name>.localDomain | The domain serving your SimpleSAMLphp instance
|
| networking.interfaces.<name>.ipv6.addresses | List of IPv6 addresses that will be statically assigned to the interface.
|
| networking.interfaces.<name>.ipv4.addresses | List of IPv4 addresses that will be statically assigned to the interface.
|
| services.snapserver.streams.<name>.location | For type pipe or file, the path to the pipe or file
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.index | Adds index directive.
|
| virtualisation.fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.handle | Hex-encoded CKA_ID or handle of the private key on the token or TPM,
respectively.
|
| services.printing.cups-pdf.instances.<name>.installPrinter | Whether to enable a CUPS printer queue for this instance
|
| services.jibri.xmppEnvironments.<name>.stripFromRoomDomain | The prefix to strip from the room's JID domain to derive the call URL.
|
| services.tor.settings.Nickname | See torrc manual.
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| services.sabnzbd.settings.servers.<name>.ssl_verify | Level of TLS verification
|
| virtualisation.oci-containers.containers.<name>.hostname | The hostname of the container.
|
| services.nginx.virtualHosts.<name>.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.postgresqlWalReceiver.receivers.<name>.connection | Specifies parameters used to connect to the server, as a connection string
|
| boot.binfmt.registrations.<name>.preserveArgvZero | Whether to pass the original argv[0] to the interpreter
|
| services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.scope | The scope of the area where this address is valid.
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| containers.<name>.macvlans | The list of host interfaces from which macvlans will be
created
|
| services.authelia.instances.<name>.settings.log.file_path | File path where the logs will be written
|
| services.limesurvey.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| boot.loader.systemd-boot.windows.<name>.efiDeviceHandle | The device handle of the EFI System Partition (ESP) where the Windows bootloader is
located
|
| services.namecoind.wallet | Wallet file
|
| services.jirafeau.nginxConfig.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| boot.binfmt.registrations.<name>.magicOrExtension | The magic number or extension to match on.
|
| services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret | Value of the EAP/XAuth secret
|
| services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| services.jirafeau.nginxConfig.serverName | Name of this virtual host
|
| hardware.nvidia-container-toolkit.device-name-strategy | Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
|
| services.syncthing.settings.folders.<name>.versioning.type | The type of versioning
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.fedimintd.<name>.nginx.config.listen.*.extraParameters | Extra parameters of this listen directive.
|
| systemd.network.networks.<name>.trivialLinkEqualizerConfig | Each attribute in this set specifies an option in the
[TrivialLinkEqualizer] section of the unit
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret | Value of decryption passphrase for PKCS#12 container.
|
| services.consul-template.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| fileSystems.<name>.options | Options used to mount the file system
|
| fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| networking.interfaces.<name>.ipv4.routes.*.type | Type of the route
|
| services.prometheus.exporters.mongodb.user | User name under which the mongodb exporter shall be run.
|
| services.prometheus.exporters.klipper.user | User name under which the klipper exporter shall be run.
|
| services.prometheus.exporters.ecoflow.user | User name under which the ecoflow exporter shall be run.
|
| services.prometheus.exporters.bitcoin.user | User name under which the bitcoin exporter shall be run.
|
| services.prometheus.exporters.dovecot.user | User name under which the dovecot exporter shall be run.
|
| services.prometheus.exporters.dnsmasq.user | User name under which the dnsmasq exporter shall be run.
|
| services.prometheus.exporters.unbound.user | User name under which the unbound exporter shall be run.
|
| services.prometheus.exporters.systemd.user | User name under which the systemd exporter shall be run.
|
| services.prometheus.exporters.sabnzbd.user | User name under which the sabnzbd exporter shall be run.
|