| services.gitlab-runner.services.<name>.executor | Select executor, eg. shell, docker, etc
|
| services.adguardhome.settings.schema_version | Schema version for the configuration
|
| services.wyoming.piper.servers.<name>.zeroconf.enable | Whether to enable zeroconf discovery.
|
| services.sanoid.datasets.<name>.autoprune | Whether to automatically prune old snapshots.
|
| services.fedimintd.<name>.nginx.config.listen | Listen addresses and ports for this virtual host
|
| services.nylon.<name>.nrConnections | The number of allowed simultaneous connections to the daemon, default 10.
|
| services.rshim.device | Specify the device name to attach
|
| services.prefect.workerPools.<name>.installPolicy | install policy for the worker (always, if-not-present, never, prompt)
|
| services.displayManager.dms-greeter.compositor.name | The Wayland compositor to run the greeter in
|
| services.snapserver.settings.http.bind_to_address | Address to listen on for snapclient connections.
|
| services.grafana.settings.server.static_root_path | Root path for static assets.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| services.swapspace.settings.upper_freelimit | Upper free-space threshold: if the percentage of free space exceeds this number, swapspace will attempt to free up swapspace
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| services.parsedmarc.settings.general.save_aggregate | Save aggregate report data to Elasticsearch and/or Splunk.
|
| virtualisation.xen.store.settings.quota.maxEntity | Entity limit for transactions.
|
| systemd.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.orangefs.server.fileSystems.<name>.rootHandle | File system root ID.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.nice | Niceness.
|
| virtualisation.qemu.drives.*.name | A name for the drive
|
| services.anubis.instances.<name>.policy.extraBots | Additional bot rules appended to the policy
|
| services.drupal.sites.<name>.virtualHost.locations | Declarative location config
|
| services.gitlab-runner.services.<name>.dockerPullPolicy | Default pull-policy for Docker images
|
| services.fcgiwrap.instances.<name>.socket.mode | Mode to be set on the UNIX socket
|
| services.nbd.server.exports.<name>.allowAddresses | IPs and subnets that are authorized to connect for this device
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.biboumi.settings.policy_directory | A directory that should contain the policy files,
used to customize Botan’s behaviour
when negotiating the TLS connections with the IRC servers.
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| services.restic.backups.<name>.repository | repository to backup to.
|
| services.firewalld.zones.<name>.forwardPorts.*.to-port | |
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from | The start of the port range, inclusive.
|
| services.i2pd.proto.http.hostname | Expected hostname for WebUI.
|
| services.radicle.httpd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.root | Root directory for requests.
|
| services.movim.h2o.serverName | Server name to be used for this virtual host
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.parsedmarc.settings.elasticsearch.password | The password to use when connecting to Elasticsearch,
if required
|
| services.namecoind.rpc.key | Key file for securing RPC connections.
|
| services.grafana.provision.datasources.settings.datasources.*.url | Url of the datasource.
|
| services.minidlna.settings.notify_interval | The interval between announces (in seconds)
|
| services.grafana.settings.users.default_language | This setting configures the default UI language, which must be a supported IETF language tag, such as en-US.
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.easytier.instances.<name>.extraArgs | Extra args append to the easytier command-line.
|
| security.auditd.plugins.<name>.path | This is the absolute path to the plugin executable.
|
| services.tuned.settings.recommend_command | Whether to enable recommend functionality.
|
| services.quickwit.settings.grpc_listen_port | The port to listen on for gRPC traffic.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.nvme-rs.settings.thresholds.error_threshold | Error count warning threshold
|
| services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file | File name in the pkcs12 folder for which this
passphrase should be used.
|
| services.borgbackup.jobs.<name>.privateTmp | Set the PrivateTmp option for
the systemd-service
|
| boot.initrd.systemd.contents.<name>.text | Text of the file.
|
| services.bookstack.nginx.locations.<name>.root | Root directory for requests.
|
| services.printing.cups-pdf.instances.<name>.enable | Whether to enable this cups-pdf instance.
|
| services.cjdns.ETHInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| services.grafana.settings.users.viewers_can_edit | Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.prio | CPU scheduler priority.
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.system76-scheduler.settings.processScheduler.refreshInterval | Process list poll interval, in seconds
|
| services.warpgate.settings.http.sni_certificates.*.key | Path to private key.
|
| services.restic.backups.<name>.initialize | Create the repository if it doesn't exist.
|
| services.minidlna.settings.enable_subtitles | Enable subtitle support on unknown clients.
|
| services.jibri.xmppEnvironments.<name>.control.login.username | User part of the JID.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups | A list of gateway groups (sites) which can reach the resource and may be used to connect to it.
|
| networking.fooOverUDP.<name>.local.dev | Network device to bind to.
|
| services.ghostunnel.servers.<name>.allowAll | If true, allow all clients, do not check client cert subject.
|
| services.dovecot2.mailboxes.<name>.auto | Whether to automatically create or create and subscribe to the mailbox or not.
|
| services.blockbook-frontend.<name>.sync | Synchronizes until tip, if together with zeromq, keeps index synchronized.
|
| systemd.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.neo4j.ssl.policies.<name>.trustedDir | Path to directory of X.509 certificates in PEM format for
trusted parties
|
| systemd.user.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.user.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| networking.fooOverUDP.<name>.port | Local port of the encapsulation UDP socket.
|
| services.wyoming.piper.servers.<name>.streaming | Whether to enable audio streaming on sentence boundaries.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.drupal.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.slskd.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.movim.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.davis.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.ioPrio | IO scheduler priority.
|
| services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| services.firewalld.zones.<name>.ports.*.protocol | |
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.fedimintd.<name>.nginx.config.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.tinc.networks.<name>.ed25519PrivateKeyFile | Path of the private ed25519 keyfile.
|
| services.jupyterhub.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.jupyterhub.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.dev | The name of the device to add the address to.
|
| security.acme.certs.<name>.extraLegoRunFlags | Additional flags to pass to lego run.
|
| services.headscale.settings.database.postgres.password_file | A file containing the password corresponding to
database.user.
|
| services.bacula-sd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.bacula-fd.director.<name>.monitor | If Monitor is set to no, this director will have
full access to this Storage daemon
|
| services.nebula.networks.<name>.enableReload | Enable automatic config reload on config change
|
| services.matomo.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.monica.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|