| services.monica.mail.fromName | Mail "from" name.
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| services.kerberos_server.settings.realms.<name>.acl.*.target | The principals that 'access' applies to.
|
| services.skydns.nameservers | Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| services.cassandra.jmxRoles.*.username | Username for JMX
|
| services.maubot.settings.server.hostname | The IP to listen on
|
| virtualisation.oci-containers.containers.<name>.cmd | Commandline arguments to pass to the image's entrypoint.
|
| services.bookstack.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.bookstack.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.cloudflared.tunnels.<name>.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.strongswan-swanctl.swanctl.connections.<name>.pull | If the default of yes is used, Mode Config works in pull mode, where the
initiator actively requests a virtual IP
|
| services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris | List of CRL distribution points (ldap, http, or file URI)
|
| services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|
| services.parsedmarc.provision.localMail.recipientName | The DMARC mail recipient name, i.e. the name part of the
email address which receives DMARC reports
|
| services.freshrss.webserver | Whether to use nginx or caddy for virtual host management
|
| services.dokuwiki.webserver | Whether to use nginx or caddy for virtual host management
|
| virtualisation.credentials.<name>.mechanism | The mechanism used to pass the credential to the VM.
|
| services.castopod.database.hostname | Database hostname.
|
| services.biboumi.settings.hostname | The hostname served by the XMPP gateway
|
| services.postgresqlWalReceiver.receivers.<name>.slot | Require pg_receivewal to use an existing replication slot (see
Section 26.2.6 of the PostgreSQL manual)
|
| services.tor.client.onionServices.<name>.clientAuthorizations | Clients' authorizations for a v3 onion service,
as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
See torrc manual.
|
| services.samba-wsdd.domain | Set domain name (disables workgroup).
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| services.vault.address | The name of the ip interface to listen to
|
| services.strongswan-swanctl.swanctl.pools.<name>.split_exclude | Address or CIDR subnets
StrongSwan default: []
|
| services.strongswan-swanctl.swanctl.pools.<name>.split_include | Address or CIDR subnets
StrongSwan default: []
|
| services.tmate-ssh-server.host | External host name
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.weblate.smtp.user | SMTP login name.
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris | List of OCSP URIs
|
| services.cyrus-imap.group | Cyrus IMAP group name
|
| services.microsocks.authUsername | Optional username to use for authentication.
|
| services.influxdb2.provision.organizations.<name>.buckets | Buckets to provision in this organization.
|
| services.strongswan-swanctl.swanctl.connections.<name>.encap | To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the
NAT detection payloads
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchIface | interface name of the NetworkManager connection
|
| services.pantalaimon-headless.instances.<name>.homeserver | The URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
|
| services.kubernetes.proxy.hostname | Kubernetes proxy hostname override.
|
| virtualisation.oci-containers.containers.<name>.pull | Image pull policy for the container
|
| services.postgresqlWalReceiver.receivers.<name>.statusInterval | Specifies the number of seconds between status packets sent back to the server
|
| services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding | Disables chunked transfer encoding
|
| containers.<name>.ephemeral | Runs container in ephemeral mode with the empty root filesystem at boot
|
| services.hadoop.hdfs.namenode.formatOnInit | Format HDFS namenode on first start
|
| services.postgresqlWalReceiver.receivers.<name>.environment | Environment variables passed to the service
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| services.mautrix-meta.instances.<name>.registrationServiceUnit | The registration service that generates the registration file
|
| services.postgresqlWalReceiver.receivers.<name>.postgresqlPackage | The postgresql package to use.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local | Section for a local authentication round
|
| services.influxdb2.provision.organizations.<name>.present | Whether to ensure that this organization is present or absent.
|
| services.peertube-runner.instancesToRegister.<name>.runnerDescription | Runner description declared to the PeerTube instance.
|
| services.guix.publish.user | Name of the user to change once the server is up.
|
| services.keter.bundle.appName | The name keter assigns to this bundle
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| services.kismet.serverName | The name of the server.
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchId | connection id used by NetworkManager
|
| boot.zfs.forceImportAll | Forcibly import all ZFS pool(s)
|
| services.strongswan-swanctl.swanctl.connections.<name>.version | IKE major version to use for connection.
- 1 uses IKEv1 aka ISAKMP,
- 2 uses IKEv2.
- A connection using the default of 0 accepts both IKEv1 and IKEv2 as
responder, and initiates the connection actively with IKEv2
|
| services.tt-rss.email.fromName | Name for sending outgoing mail
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries | SQL queries to run.
|
| services.murmur.group | The name of an existing group to use to run the service
|
| virtualisation.oci-containers.containers.<name>.labels | Labels to attach to the container at runtime.
|
| services.bcg.automaticRenameGenericNodes | Automatically rename generic nodes.
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.gdomap.enable | Whether to enable GNUstep Distributed Objects name server.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serverport | imap port number (at the moment only tls connection is supported)
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.icingaweb2.modules.monitoring.transports.<name>.instance | Assign a icinga instance to this transport
|
| services.baikal.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.bacula-sd.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.tls.verifyPeer | Verify peer certificate
|
| services.deye-dummycloud.mqttUsername | MQTT username
|
| services.librenms.user | Name of the LibreNMS user.
|
| containers.<name>.privateUsers | Whether to give the container its own private UIDs/GIDs space (user namespacing)
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.authelia.instances.<name>.environmentVariables | Additional environment variables to provide to authelia
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote | Section for a remote authentication round
|
| services.cloudflared.tunnels.<name>.originRequest.keepAliveConnections | Maximum number of idle keepalive connections between Tunnel and your origin
|
| services.bacula-dir.tls.verifyPeer | Verify peer certificate
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| services.prometheus.remoteRead.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints | See torrc manual.
|
| services.outline.smtp.host | Host name or IP address of the SMTP server.
|
| virtualisation.oci-containers.containers.<name>.podman | Podman-specific settings in OCI containers
|
| virtualisation.oci-containers.containers.<name>.devices | List of devices to attach to this container.
|
| services.limesurvey.nginx.virtualHost.serverName | Name of this virtual host
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting | name of the setting section for which secrets are requested
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|