| services.healthchecks.settings.ALLOWED_HOSTS | The host/domain names that this site can serve.
|
| networking.hostName | The name of the machine
|
| services.anubis.instances.<name>.settings.BIND | The address that Anubis listens to
|
| services.sftpgo.settings.webdavd.bindings.*.address | Network listen address
|
| services.netbird.server.coturn.useAcmeCertificates | Whether to use ACME certificates corresponding to the given domain for the server.
|
| services.firefox-syncserver.database.createLocally | Whether to create database and user on the local machine if they do not exist
|
| services.prometheus.exporters.unbound.unbound.host | Path to the unbound control socket
|
| services.syncthing.settings.options.limitBandwidthInLan | Whether to apply bandwidth limits to devices in the same broadcast domain as the local device.
|
| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| services.nextcloud-spreed-signaling.configureNginx | Whether to set up and configure an nginx virtual host according to upstream's recommendations
|
| services.matrix-synapse.enableRegistrationScript | Whether to install the register_new_matrix_user script, that
allows account creation on the terminal.
This script does not work when the client listener uses UNIX domain sockets
|
| virtualisation.xen.dom0Resources.maxMemory | Maximum amount of memory (in MiB) that Domain 0 can
dynamically allocate to itself
|
| services.akkoma.config.":pleroma".":media_proxy".base_url | Base path for the media proxy
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| services.netbird.server.management.singleAccountModeDomain | Enables single account mode
|
| services.postfix.settings.main.mydestination | List of domain names intended for local delivery using /etc/passwd and /etc/aliases.
Do not include virtual domains in this list.
https://www.postfix.org/postconf.5.html#mydestination
|
| services.discourse.mail.notificationEmailAddress | The from: email address used when
sending all essential system emails
|
| virtualisation.xen.store.settings.conflict.burstLimit | Limits applied to domains whose writes cause other domains' transaction
commits to fail
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.address | The address of this resource
|
| virtualisation.xen.store.settings.quota.maxOutstanding | Maximum outstanding requests, i.e. in-flight requests / domain.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.mode | File permissions on the UNIX domain socket.
|
| virtualisation.xen.store.settings.conflict.maxHistorySeconds | Limits applied to domains whose writes cause other domains' transaction
commits to fail
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.path | Unix domain socket path to bind this listener to.
|
| services.grafana.settings.security.strict_transport_security_subdomains | Set to true to enable HSTS includeSubDomains option
|
| services.headscale.settings.tls_letsencrypt_hostname | Domain name to request a TLS certificate for.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.userid | username is required if using Identity V2 API
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.username | username is required if using Identity V2 API
|
| services.zapret.blacklist | Specify a list of domains NOT to bypass
|
| services.zapret.whitelist | Specify a list of domains to bypass
|
| services.prometheus.exporters.mail.configuration.servers | List of servers that should be probed.
Note: if your mailserver has rspamd(8) configured,
it can happen that emails from this exporter are marked as spam
|
| services.cloudflare-ddns.ip4Domains | Explicit list of domains to manage only for IPv4
|
| services.cloudflare-ddns.ip6Domains | Explicit list of domains to manage only for IPv6
|
| services.cntlm.noproxy | A list of domains where the proxy is skipped.
|
| services.realmd.enable | Whether to enable realmd service for managing system enrollment in Active Directory domains.
|
| services.pihole-ftl.lists.*.type | Whether domains on this list should be explicitly allowed, or blocked
|
| services.maddy.localDomains | Define list of allowed domains.
|
| services.ncdns.enable | Whether to enable ncdns, a Go daemon to bridge Namecoin to DNS
|
| services.awstats.configs | Attribute set of domains to collect stats for.
|
| services.avahi.browseDomains | List of non-local DNS domains to be browsed.
|
| services.pdfding.allowedHosts | Domains where PdfDing is allowed to run
|
| services.postfix.relayDomains | List of domains we agree to relay to
|
| services.sympa.mta.type | Mail transfer agent (MTA) integration
|
| services.coder.wildcardAccessUrl | If you are providing TLS certificates directly to the Coder server, you must use a single certificate for the root and wildcard domains.
|
| services.pdns-recursor.serveRFC1918 | Whether to directly resolve the RFC1918 reverse-mapping domains:
10.in-addr.arpa,
168.192.in-addr.arpa,
16-31.172.in-addr.arpa
This saves load on the AS112 servers.
|
| services.prosody.s2sSecureDomains | Even if you leave s2s_secure_auth disabled, you can still require valid
certificates for some domains by specifying a list here.
|
| services.stash.settings.no_proxy | A list of domains for which the proxy must not be used
|
| services.nginx.uwsgiResolveWhileRunning | Resolves domains of uwsgi targets at runtime
and not only at start, you have to set
services.nginx.resolver, too.
|
| services.hedgedoc.settings.allowOrigin | List of domains to whitelist.
|
| services.postfix.destination | Full (!) list of domains we deliver locally
|
| services.pdns-recursor.resolveNamecoin | Resolve .bit top-level domains using ncdns and namecoin.
|
| services.headscale.settings.dns.split | Split DNS configuration (map of domains and which DNS server to use for each)
|
| services.nginx.proxyResolveWhileRunning | Resolves domains of proxyPass targets at runtime and not only at startup
|
| services.gotenberg.downloadFrom.denyList | Deny accepting URLs from these domains in the downloadFrom API field
|
| services.invidious-router.nginx.extraDomains | Additional domains to serve invidious-router on.
|
| services.prosody.s2sInsecureDomains | Some servers have invalid or self-signed certificates
|
| services.tinyproxy.settings.Filter | Tinyproxy supports filtering of web sites based on URLs or domains
|
| services.resolved.settings.Resolve.Domains | List of search domains used to complete unqualified name lookups.
|
| networking.stevenblack.whitelist | Domains to exclude from blocking.
|
| virtualisation.libvirtd.hooks.lxc | Hooks that will be placed under /var/lib/libvirt/hooks/lxc.d/
and called for lxc domains begin/end events
|
| virtualisation.libvirtd.hooks.qemu | Hooks that will be placed under /var/lib/libvirt/hooks/qemu.d/
and called for qemu domains begin/end/migrate events
|
| virtualisation.libvirtd.hooks.libxl | Hooks that will be placed under /var/lib/libvirt/hooks/libxl.d/
and called for libxl-handled xen domains begin/end events
|
| services.spamassassin.config | The SpamAssassin local.cf config
If you are using this configuration:
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
Then you can Use this sieve filter:
require ["fileinto", "reject", "envelope"];
if header :contains "X-Spam-Flag" "YES" {
fileinto "spam";
}
Or this procmail filter:
:0:
* ^X-Spam-Flag: YES
/var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new
To filter your messages based on the additional mail headers added by spamassassin.
|
| services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| services.grafana.settings.security.data_source_proxy_whitelist | Define a whitelist of allowed IP addresses or domains, with ports,
to be used in data source URLs with the Grafana data source proxy
|
| services.dendrite.settings.global.trusted_third_party_id_servers | Lists of domains that the server will trust as identity
servers to verify third party identifiers such as phone
numbers and email addresses
|