| services.firezone.server.settingsSecret.RELEASE_COOKIE | A file containing a unique secret identifier for the Erlang
cluster
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.httpd.virtualHosts.<name>.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| services.kimai.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| security.wrappers.<name>.setuid | Whether to add the setuid bit the wrapper program.
|
| security.wrappers.<name>.setgid | Whether to add the setgid bit the wrapper program.
|
| networking.wlanInterfaces | Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)
|
| services.consul-template.instances.<name>.user | User under which this instance runs.
|
| services.borgbackup.jobs.<name>.dumpCommand | Backup the stdout of this program instead of filesystem paths
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.nice | Niceness.
|
| containers.<name>.enableTun | Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN capability and
enabling access to /dev/net/tun.
|
| services.grafana.settings.database.client_cert_path | The path to the client cert
|
| services.monica.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.awstats.configs.<name>.webService.urlPrefix | The URL prefix under which the awstats pages appear.
|
| services.ghostunnel.servers.<name>.target | Address to forward connections to (can be HOST:PORT or unix:PATH).
|
| services.ghostunnel.servers.<name>.listen | Address and port to listen on (can be HOST:PORT, unix:PATH).
|
| services.kimai.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.nextcloud-spreed-signaling.settings.backend.backendtype | Type of backend configuration
|
| systemd.user.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readBuckets | The organization's buckets which should be allowed to be read
|
| services.mautrix-meta.instances.<name>.enable | Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.
|
| services.tarsnap.archives.<name>.includes | Include only files and directories matching these
patterns (the empty list includes everything)
|
| services.snapserver.settings.tcp-control.bind_to_address | Address to listen on for snapclient connections.
|
| containers.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| services.prosody.virtualHosts.<name>.ssl.extraOptions | Extra SSL configuration options.
|
| services.radicle.httpd.nginx.locations.<name>.root | Root directory for requests.
|
| services.gitea-actions-runner.instances.<name>.url | Base URL of your Gitea/Forgejo instance.
|
| power.ups.ups.<name>.description | Description of the UPS.
|
| services.gitlab-runner.services.<name>.dockerVolumes | Bind-mount a volume and create it
if it doesn't exist prior to mounting.
|
| services.znapzend.zetup.<name>.mbuffer.port | Port to use for mbuffer
|
| services.matrix-tuwunel.settings.global.max_request_size | Max request size in bytes
|
| services.matrix-conduit.settings.global.max_request_size | Max request size in bytes
|
| services.grafana.settings.security.disable_gravatar | Set to true to disable the use of Gravatar for user profile images.
|
| systemd.user.services.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.tor.relay.onionServices.<name>.secretKey | Secret key of the onion service
|
| services.system76-scheduler.settings.cfsProfiles.default.wakeup-granularity | sched_wakeup_granularity_ns.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| security.pam.services.<name>.ttyAudit.enablePattern | For each user matching one of comma-separated
glob patterns, enable TTY auditing
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| services.mainsail.nginx.locations.<name>.index | Adds index directive.
|
| services.pixelfed.nginx.locations.<name>.index | Adds index directive.
|
| services.mainsail.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.pixelfed.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.librenms.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.dolibarr.nginx.locations.<name>.index | Adds index directive.
|
| services.agorakit.nginx.locations.<name>.index | Adds index directive.
|
| services.kanboard.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.fediwall.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.dolibarr.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.librenms.nginx.locations.<name>.index | Adds index directive.
|
| services.agorakit.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.kanboard.nginx.locations.<name>.index | Adds index directive.
|
| services.fediwall.nginx.locations.<name>.index | Adds index directive.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.prio | CPU scheduler priority.
|
| services.matrix-tuwunel.settings.global.trusted_servers | Servers listed here will be used to gather public keys of other servers
(notary trusted key servers)
|
| systemd.user.targets.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.sockets.<name>.upholds | Keeps the specified running while this unit is running
|
| services.omnom.settings.smtp.connection_timeout | Connection timeout duration in seconds.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.operator | Grants all permissions in all organizations.
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.description | The description of this policy
|
| services.firezone.server.provision.accounts.<name>.actors | All actors (users) to provision
|
| virtualisation.xen.store.settings.quota.maxWatchEvents | Maximum number of outstanding watch events per watch.
|
| services.authelia.instances.<name>.package | The authelia package to use.
|
| services.drupal.sites.<name>.virtualHost.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| systemd.timers.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.slices.<name>.startLimitBurst | Configure unit start rate limiting
|
| services.grafana.provision.datasources.settings.datasources.*.jsonData | Extra data for datasource plugins.
|
| services.wstunnel.clients.<name>.customHeaders | Custom HTTP headers to send during the upgrade request.
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| services.grafana.settings.security.allow_embedding | When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses
which will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| services.grafana.provision.datasources.settings.datasources.*.uid | Custom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically.
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.woodpecker-agents.agents.<name>.path | Additional packages that should be added to the agent's PATH
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.ioPrio | IO scheduler priority.
|
| services.nipap.settings.auth.auth_cache_timeout | Seconds to store cached auth entries for.
|
| security.acme.certs.<name>.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys | List of raw public keys to accept for
authentication
|
| services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| services.nvme-rs.settings.email.smtp_password_file | File containing SMTP password
|
| services.swapspace.settings.buffer_elasticity | Percentage of buffer space considered to be "free"
|
| services.snapper.configs.<name>.TIMELINE_CREATE | Defines whether hourly snapshots should be created.
|
| systemd.user.services.<name>.environment | Environment variables passed to the service's processes.
|
| systemd.user.slices.<name>.sliceConfig | Each attribute in this set specifies an option in the
[Slice] section of the unit
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_admin | Enable the built-in web admin for this interface binding.
|
| networking.greTunnels.<name>.dev | The underlying network device on which the tunnel resides.
|
| networking.bridges.<name>.rstp | Whether the bridge interface should enable rstp.
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.snipe-it.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.matrix-conduit.settings.global.database_backend | The database backend for the service
|
| systemd.network.links.<name>.enable | Whether to enable this .link unit
|
| services.omnom.settings.smtp.tls_allow_insecure | Whether to enable Whether to allow insecure TLS..
|
| services.znc.confOptions.networks.<name>.channels | IRC channels to join.
|
| security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|