| services.flannel.iface | Interface to use (IP or name) for inter-host communication
|
| services.bookstack.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.bookstack.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.prosody.muc.*.domain | Domain name of the MUC
|
| services.mjpg-streamer.user | mjpg-streamer user name.
|
| services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.strongswan-swanctl.swanctl.connections.<name>.pull | If the default of yes is used, Mode Config works in pull mode, where the
initiator actively requests a virtual IP
|
| services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris | List of CRL distribution points (ldap, http, or file URI)
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| services.spiped.config | Configuration for a secure pipe daemon
|
| services.asusd.auraConfigs | The content of /etc/asusd/aura_.ron
|
| services.agorakit.mail.fromName | Mail "from" name.
|
| services.gammu-smsd.backend.sql.user | User name used for connection to the database
|
| services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| services.calibre-web.dataDir | Where Calibre-Web stores its data
|
| services.nixops-dns.domain | Fake domain name to resolve to NixOps virtual machines
|
| services.microsocks.authUsername | Optional username to use for authentication.
|
| services.misskey.reverseProxy.webserver.nginx.serverName | Name of this virtual host
|
| virtualisation.oci-containers.containers.<name>.cmd | Commandline arguments to pass to the image's entrypoint.
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries | SQL queries to run.
|
| services.tor.client.onionServices.<name>.clientAuthorizations | Clients' authorizations for a v3 onion service,
as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
See torrc manual.
|
| services.resilio.deviceName | Name of the Resilio Sync device.
|
| services.lasuite-docs.domain | Domain name of the docs instance.
|
| services.lasuite-meet.domain | Domain name of the meet instance.
|
| services.jicofo.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| services.strongswan-swanctl.swanctl.pools.<name>.split_include | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.split_exclude | Address or CIDR subnets
StrongSwan default: []
|
| services.cloudflared.tunnels.<name>.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.znc.confOptions.userName | The user name used to log in to the ZNC web admin interface.
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| security.tpm2.fapi.profileName | Name of the default cryptographic profile chosen from the profile_dir directory.
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.ceph.global.clusterName | Name of cluster
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris | List of OCSP URIs
|
| services.nixops-dns.enable | Whether to enable the nixops-dns resolution
of NixOps virtual machines via dnsmasq and fake domain name.
|
| services.strongswan-swanctl.swanctl.connections.<name>.encap | To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
NAT detection payloads
|
| services.saunafs.masterHost | IP or hostname name of master host.
|
| services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding | Disables chunked transfer encoding
|
| services.jigasi.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| services.dovecot2.group | Dovecot group name.
|
| services.samba.nmbd.enable | Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
service requests
|
| services.bcg.automaticRenameGenericNodes | Automatically rename generic nodes.
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| services.dolibarr.domain | Domain name of your server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local | Section for a local authentication round
|
| services.postgresqlWalReceiver.receivers.<name>.slot | Require pg_receivewal to use an existing replication slot (see
Section 26.2.6 of the PostgreSQL manual)
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serverport | imap port number (at the moment only tls connection is supported)
|
| services.ncdns.identity.hostname | The hostname of this ncdns instance, which defaults to the machine
hostname
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| services.deye-dummycloud.mqttUsername | MQTT username
|
| services.strongswan-swanctl.swanctl.connections.<name>.version | IKE major version to use for connection.
- 1 uses IKEv1 aka ISAKMP,
- 2 uses IKEv2.
- A connection using the default of 0 accepts both IKEv1 and IKEv2 as
responder, and initiates the connection actively with IKEv2
|
| services.strongswan-swanctl.swanctl.pools | Section defining named pools
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.moosefs.masterHost | IP or DNS name of the MooseFS master server.
|
| services.freshrss.pool | Name of the php-fpm pool to use and setup
|
| services.mongodb.replSetName | If this instance is part of a replica set, set its name here
|
| boot.kernelPatches | A list of additional patches to apply to the kernel
|
| services.influxdb2.provision.organizations.<name>.buckets | Buckets to provision in this organization.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.pretalx.nginx.domain | The domain name under which to set up the virtual host.
|
| services.postgresql.ensureUsers.*.ensureClauses.login | Grants the user, created by the ensureUser attr, login permissions
|
| services.pantalaimon-headless.instances.<name>.homeserver | The URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
|
| hardware.nvidia-container-toolkit.enable-hooks | List of hooks to enable when generating the CDI specification
|
| virtualisation.oci-containers.containers.<name>.pull | Image pull policy for the container
|
| services.postgresqlWalReceiver.receivers.<name>.statusInterval | Specifies the number of seconds between status packets sent back to the server
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.jupyter.group | Name of the group used to run the jupyter service
|
| services.rshim.backend | Specify the backend to attach
|
| services.mjpg-streamer.group | mjpg-streamer group name.
|
| services.postgresqlWalReceiver.receivers.<name>.environment | Environment variables passed to the service
|
| services.mautrix-meta.instances.<name>.registrationServiceUnit | The registration service that generates the registration file
|
| services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| services.nginx.resolver | Configures name servers used to resolve names of upstream servers into addresses
|
| services.postgresqlWalReceiver.receivers.<name>.postgresqlPackage | The postgresql package to use.
|
| services.icingaweb2.modules.monitoring.transports.<name>.instance | Assign a icinga instance to this transport
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| services.openafsClient.cellName | Cell name.
|
| services.influxdb2.provision.organizations.<name>.present | Whether to ensure that this organization is present or absent.
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| virtualisation.credentials.<name>.mechanism | The mechanism used to pass the credential to the VM.
|
| boot.initrd.secrets | Secrets to append to the initrd
|
| services.peertube-runner.instancesToRegister.<name>.runnerDescription | Runner description declared to the PeerTube instance.
|
| services.prometheus.remoteWrite.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.sympa.database.user | Database user
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.discourse.database.username | Discourse database user.
|
| services.varnish.listen.*.user | User name who owns the socket file.
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.prometheus.exporters.ebpf.names | List of eBPF programs to load
|