| services.bepasty.servers.<name>.extraConfig | Extra configuration for bepasty server to be appended on the
configuration.
see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty
for all options.
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.postfix.masterConfig.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| systemd.user.services.<name>.requisite | Similar to requires
|
| services.nginx.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.auto-epp.settings.Settings.epp_state_for_BAT | energy_performance_preference when on battery
See available epp states by running:
cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences
|
| services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.anubis.instances.<name>.group | The group under which Anubis is run
|
| services.wordpress.sites.<name>.themes | Path(s) to respective theme(s) which are copied from the 'theme' directory.
These themes need to be packaged before use, see example.
|
| services.borgbackup.jobs.<name>.doInit | Run borg init if the
specified repo does not exist
|
| virtualisation.xen.store.settings.quota.maxSize | Size limit for transactions.
|
| services.znapzend.zetup.<name>.destinations.<name>.presend | Command to run before sending the snapshot to the destination
|
| services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| systemd.user.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| services.warpgate.settings.sso_providers.*.provider | SSO provider configurations.
|
| services.snipe-it.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.borgbackup.jobs.<name>.prune.keep | Prune a repository by deleting all archives not matching any of the
specified retention options
|
| services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| systemd.services.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.system76-scheduler.settings.cfsProfiles.default.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| services.homebridge.settings.accessories.*.accessory | Accessory type
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| environment.etc.<name>.group | Group name of file owner
|
| services.kanidm.server.settings.ldapbindaddress | Address and port the LDAP server is bound to
|
| services.v4l2-relayd.instances.<name>.input.width | The width to read from input-stream.
|
| services.sabnzbd.settings.misc.inet_exposure | Restrictions for access from non-local IP addresses
|
| virtualisation.xen.store.settings.quota.maxPath | Path limit for the quota system.
|
| services.mailpit.instances.<name>.max | Maximum number of emails to keep
|
| services.warpgate.settings.http.session_max_age | How long until a logged in session expires.
|
| services.nsd.zones.<name>.dnssecPolicy.coverage | The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wstunnel.servers.<name>.package | The wstunnel package to use.
|
| services.wstunnel.clients.<name>.package | The wstunnel package to use.
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| services.tarsnap.archives.<name>.maxbwRateDown | Download bandwidth rate limit in bytes.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.stash.settings.preview_segments | Number of segments in a preview file
|
| services.stash.settings.sound_on_preview | Enable sound on mouseover previews
|
| services.nextcloud.settings.mail_smtpdebug | Enable SMTP class debugging.
loglevel will likely need to be adjusted too.
See docs.
|
| services.fedimintd.<name>.nginx.path_ws | Path to host the API on and forward to the daemon's api port
|
| services.bonsaid.settings.*.delay_duration | Nanoseconds to wait after the previous state change before performing this transition
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.resource | The resource to which access should be allowed.
|
| services.prometheus.exporters.fritz.settings.devices.*.host_info | Enable extended host info for this device. Warning: This will heavily increase scrape time.
|
| services.vdirsyncer.jobs.<name>.config.pairs | vdirsyncer pair configurations
|
| services.borgbackup.jobs.<name>.appendFailedSuffix | Append a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
|
| systemd.targets.<name>.aliases | Aliases of that unit.
|
| systemd.sockets.<name>.aliases | Aliases of that unit.
|
| services.radicle.httpd.nginx.locations.<name>.root | Root directory for requests.
|
| services.monica.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.matomo.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.gancio.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| systemd.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| networking.ipips.<name>.dev | The underlying network device on which the tunnel resides.
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.fedimintd.<name>.nginx.config.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| services.fedimintd.<name>.nginx.config.acmeRoot | Directory for the ACME challenge, which is public
|
| services.geoclue2.appConfig.<name>.isSystem | Whether the application is a system component or not.
|
| services.geoclue2.appConfig.<name>.users | List of UIDs of all users for which this application is allowed location
info access, Defaults to an empty string to allow it for all users.
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.firewalld.zones.<name>.sourcePorts | Source ports to allow in the zone.
|
| services.synapse-auto-compressor.settings.chunk_size | The number of state groups to work on at once
|
| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|
| services.filebeat.settings.output.elasticsearch.hosts | The list of Elasticsearch nodes to connect to
|
| users.users.<name>.description | A short description of the user account, typically the
user's full name
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.dokuwiki.sites.<name>.extraConfigs | Path(s) to additional configuration files that are then linked to the 'conf' directory.
|
| services.fedimintd.<name>.nginx.path_ui | Path to host the built-in UI on and forward to the daemon's api port
|
| services.firewalld.zones.<name>.sources | Source addresses, address ranges, MAC addresses or ipsets to bind.
|
| services.borgbackup.jobs.<name>.extraArgs | Additional arguments for all borg calls the
service has
|
| services.tahoe.introducers.<name>.tub.port | The port on which the introducer will listen.
|
| services.livekit.settings.rtc.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.snapper.configs.<name>.ALLOW_GROUPS | List of groups allowed to operate with the config
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| systemd.user.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| power.ups.upsmon.monitor.<name>.powerValue | Number of power supplies that the UPS feeds on this system
|
| services.mollysocket.settings.allowed_uuids | UUIDs of Signal accounts that may use this server
|