| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| systemd.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| virtualisation.xen.store.settings.perms.enable | Whether to enable the node permission system.
|
| systemd.targets.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.sockets.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.sockets.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.targets.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| services.openafsServer.roles.backup.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.wstunnel.clients.<name>.remoteToLocal | Listen on remote and forwards traffic from local
|
| services.blockbook-frontend.<name>.debug | Debug mode, return more verbose errors, reload templates on each request.
|
| services.nvme-rs.settings.thresholds.error_threshold | Error count warning threshold
|
| services.swapspace.settings.cache_elasticity | Percentage of cache space considered to be "free"
|
| virtualisation.xen.store.settings.quota.maxEntity | Entity limit for transactions.
|
| services.slskd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.movim.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.slskd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.ghostunnel.servers.<name>.key | Path to certificate private key (PEM with private key)
|
| services.davis.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.davis.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fedimintd.<name>.nginx.config.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.grafana.settings.users.auto_assign_org | Set to true to automatically add new users to the main organization (id 1)
|
| services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| documentation.man.mandoc.settings.output.toc | Whether to enable printing a table of contents near the beginning of the HTML output
of mandoc(1) if an input file contains at least two
non-standard sections
.
|
| services.znc.confOptions.networks.<name>.extraConf | Extra config for the network
|
| services.system76-scheduler.settings.processScheduler.refreshInterval | Process list poll interval, in seconds
|
| services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints | List of receivers that should be deleted.
|
| services.warpgate.settings.http.sni_certificates.*.key | Path to private key.
|
| services.matrix-synapse.settings.listeners.*.bind_addresses | IP addresses to bind the listener to.
|
| services.jibri.xmppEnvironments.<name>.call.login.username | User part of the JID for the recorder.
|
| services.bitcoind.<name>.prune | Reduce storage requirements by enabling pruning (deleting) of old
blocks
|
| networking.sits.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.openafsServer.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.openafsClient.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| services.v4l2-relayd.instances.<name>.input.width | The width to read from input-stream.
|
| services.fedimintd.<name>.nginx.config.quic | Whether to enable the QUIC transport protocol
|
| services.wordpress.sites.<name>.plugins | Path(s) to respective plugin(s) which are copied from the 'plugins' directory.
These plugins need to be packaged before use, see example.
|
| services.grafana.settings.users.default_language | This setting configures the default UI language, which must be a supported IETF language tag, such as en-US.
|
| fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| services.nginx.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.ghostunnel.servers.<name>.cert | Path to certificate (PEM with certificate chain)
|
| services.httpd.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.caddy.virtualHosts.<name>.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.fedimintd.<name>.p2p.openFirewall | Opens port in firewall for fedimintd's p2p port (both TCP and UDP)
|
| services.httpd.virtualHosts.<name>.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.id | A unique identifier for this authentication token
|
| services.grafana.settings.security.admin_password | Default admin password
|
| services.snapserver.streams.<name>.codec | Default audio compression method.
|
| services.vdirsyncer.jobs.<name>.config.pairs | vdirsyncer pair configurations
|
| programs.neovim.runtime.<name>.text | Text of the file.
|
| systemd.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.k3s.manifests.<name>.content | Content of the manifest file
|
| services.grafana.settings.users.viewers_can_edit | Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to
|
| services.parsedmarc.settings.elasticsearch.password | The password to use when connecting to Elasticsearch,
if required
|
| services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| services.snipe-it.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.fedimintd.<name>.bitcoin.network | Bitcoin network to participate in.
|
| services.github-runners.<name>.noDefaultLabels | Disables adding the default labels
|
| systemd.user.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.user.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| services.monica.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.matomo.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.tinc.networks.<name>.interfaceType | The type of virtual interface used for the network connection.
|
| services.httpd.virtualHosts.<name>.locations | Declarative location config
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.gancio.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| hardware.tuxedo-drivers.settings.charging-priority | These options manage the trade-off between battery charging and CPU performance when the USB-C power supply cannot provide sufficient power for both simultaneously:
charge_battery prioritizes battery charging (driver default)performance prioritizes maximum CPU performance
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file | File name in the rsa folder for which this passphrase
should be used.
|
| services.opkssh.providers.<name>.lifetime | Token lifetime
|
| services.easytier.instances.<name>.enable | Enable the instance.
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.tinc.networks.<name>.chroot | Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security
|
| systemd.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.ytdl-sub.instances.<name>.schedule | How often to run ytdl-sub
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| hardware.tuxedo-drivers.settings.charging-profile | The maximum charge level to help reduce battery wear:
high_capacity charges to 100% (driver default)balanced charges to 90%stationary charges to 80% (maximum lifespan)
Note: Regardless of the configured charging profile, the operating system will always report the battery as being charged to 100%.
|
| services.searx.faviconsSettings | Favicons settings for SearXNG.
|
| services.jitsi-videobridge.xmppConfigs.<name>.mucNickname | Videobridges use the same XMPP account and need to be distinguished by the
nickname (aka resource part of the JID)
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| services.tarsnap.archives.<name>.excludes | Exclude files and directories matching these patterns.
|
| services.tahoe.introducers.<name>.tub.port | The port on which the introducer will listen.
|
| networking.ipips.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.tarsnap.archives.<name>.lowmem | Reduce memory consumption by not caching small files
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.mosquitto.bridges.<name>.topics | Topic patterns to be shared between the two brokers
|
| services.borgbackup.jobs.<name>.extraInitArgs | Additional arguments for borg init
|
| services.nsd.zones.<name>.dnssecPolicy.algorithm | Which algorithm to use for DNSSEC
|
| services.blockbook-frontend.<name>.enable | Whether to enable blockbook-frontend application.
|
| services.klipper.firmwares.<name>.package | Path to the built firmware package.
|
| systemd.services.<name>.environment | Environment variables passed to the service's processes.
|
| services.postfix.masterConfig.<name>.maxproc | The maximum number of processes to spawn for this service
|
| services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|