| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.xserver.cmt.models | Which models to enable cmt for
|
| services.grafana.settings.security.x_xss_protection | Set to true to enable the X-XSS-Protection header,
which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Note: this is the default in Grafana, it's turned off here
since it's recommended to not use this header anymore.
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.ax25.axports.<name>.description | Free format description of this interface.
|
| services.maubot.settings.plugin_directories.trash | The directory where old plugin versions and conflicting plugins should be moved
|
| services.snapserver.settings.tcp-streaming.bind_to_address | Address to listen on for snapclient connections.
|
| systemd.timers.<name>.requisite | Similar to requires
|
| systemd.slices.<name>.requisite | Similar to requires
|
| services.monica.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.firewalld.zones.<name>.sourcePorts.*.protocol | |
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| services.matrix-tuwunel.settings.global.unix_socket_perms | The default permissions (in octal) to create the UNIX socket with.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readBuckets | The organization's buckets which should be allowed to be read
|
| services.woodpecker-agents.agents.<name>.package | The woodpecker-agent package to use.
|
| services.radicle.ci.adapters.native.instances.<name>.enable | Whether to enable this radicle-native-ci instance.
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| systemd.user.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.github-runners.<name>.serviceOverrides | Modify the systemd service
|
| services.gitea-actions-runner.instances.<name>.enable | Whether to enable Gitea Actions Runner instance.
|
| containers.<name>.extraVeths.<name>.hostBridge | Put the host-side of the veth-pair into the named bridge
|
| nix.checkAllErrors | If enabled, checks the nix.conf parsing for any kind of error
|
| services.gerrit.plugins | List of plugins to add to Gerrit
|
| services.system76-scheduler.settings.cfsProfiles.responsive.wakeup-granularity | sched_wakeup_granularity_ns.
|
| services.searx.faviconsSettings | Favicons settings for SearXNG.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".socket_dir | Path to the postgres socket directory
|
| services.gitlab-runner.services.<name>.dockerAllowedImages | Whitelist allowed images.
|
| services.etebase-server.settings.allowed_hosts.allowed_host1 | The main host that is allowed access.
|
| services.anuko-time-tracker.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.wyoming.faster-whisper.servers.<name>.language | The language used to to parse words and sentences.
|
| security.pam.services.<name>.setEnvironment | Whether the service should set the environment variables
listed in environment.sessionVariables
using pam_env.so.
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| systemd.network.links.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.parsedmarc.provision.localMail.hostname | The hostname to use when configuring Postfix
|
| services.fluidd.nginx.serverName | Name of this virtual host
|
| services.gancio.nginx.serverName | Name of this virtual host
|
| services.akkoma.nginx.serverName | Name of this virtual host
|
| services.matomo.nginx.serverName | Name of this virtual host
|
| services.monica.nginx.serverName | Name of this virtual host
|
| services.drupal.sites.<name>.virtualHost.listenAddresses | Listen addresses for this virtual host
|
| services.mediagoblin.settings.mediagoblin.email_debug_mode | Disable email debug mode to start sending outgoing mails
|
| services.sanoid.datasets.<name>.processChildrenOnly | Whether to only snapshot child datasets if recursing.
|
| services.spiped.config.<name>.disableKeepalives | Disable transport layer keep-alives.
|
| systemd.network.netdevs.<name>.extraConfig | Extra configuration append to unit
|
| services.firewalld.zones.<name>.ingressPriority | Priority for inbound traffic
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.operator | Grants all permissions in all organizations.
|
| services.dendrite.settings.mscs.database.connection_string | Database for exerimental MSC's.
|
| systemd.network.netdevs.<name>.tapConfig | Each attribute in this set specifies an option in the
[Tap] section of the unit
|
| systemd.network.netdevs.<name>.tunConfig | Each attribute in this set specifies an option in the
[Tun] section of the unit
|
| services.zabbixWeb.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.nginx.virtualHosts.<name>.listenAddresses | Listen addresses for this virtual host
|
| services.keepalived.vrrpInstances.<name>.useVmac | Use VRRP Virtual MAC.
|
| services.armagetronad.servers.<name>.host | Host to listen on
|
| services.armagetronad.servers.<name>.port | Port to listen on
|
| services.wstunnel.clients.<name>.upgradePathPrefix | Use a specific HTTP path prefix that will show up in the upgrade
request to the wstunnel server
|
| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| systemd.services.<name>.confinement.binSh | The program to make available as /bin/sh inside
the chroot
|
| services.keepalived.vrrpScripts.<name>.extraConfig | Extra lines to be added verbatim to the vrrp_script section.
|
| services.fcgiwrap.instances.<name>.process.prefork | Number of processes to prefork.
|
| services.outline.smtp.username | Username to authenticate with.
|
| services.warpgate.settings.ssh.inactivity_timeout | How long can user be inactive until Warpgate terminates the connection.
|
| services.nextcloud.settings.mail_from_address | FROM address that overrides the built-in sharing-noreply and lostpassword-noreply FROM addresses
|
| systemd.sockets.<name>.listenStreams | For each item in this list, a ListenStream
option in the [Socket] section will be created.
|
| services.kanidm.provision.systems.oauth2.<name>.imageFile | Application image to display in the WebUI
|
| systemd.services.<name>.notSocketActivated | If set, a changed unit is never assumed to be
socket-activated on configuration switch, even if
it might have associated socket units
|
| services.libeufin.bank.settings.libeufin-bank.SUGGESTED_WITHDRAWAL_EXCHANGE | Exchange that is suggested to wallets when withdrawing
|
| services.jirafeau.nginxConfig.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.jirafeau.nginxConfig.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.invoiceplane.sites.<name>.stateDir | This directory is used for uploads of attachments and cache
|
| systemd.user.sockets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.targets.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| services.gitlab-runner.services.<name>.debugTraceDisabled | When set to true Runner will disable the possibility of
using the CI_DEBUG_TRACE feature.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df | Whether to copy the DF bit to the outer IPv4 header in tunnel mode
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_client | Enable the built-in web client for this interface binding.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writeBuckets | The organization's buckets which should be allowed to be written
|
| services.orangefs.server.fileSystems.<name>.extraStorageHints | Extra config for <StorageHints> section.
|
| containers.<name>.extraVeths.<name>.hostAddress | The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
|
| services.fedimintd.<name>.nginx.config.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.livekit.ingress.settings.rtc_config.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| systemd.user.targets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.sockets.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| services.woodpecker-agents.agents.<name>.extraGroups | Additional groups for the systemd service.
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| hardware.sane.brscan5.netDevices.<name>.model | The model of the network device.
|
| networking.macvlans.<name>.mode | The mode of the macvlan device.
|
| services.warpgate.settings.ssh.keepalive_interval | If nothing is received from the client for this amount of time, server will send a keepalive message.
|
| services.bookstack.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| security.agnos.settings.dns_listen_addr | Address for agnos to listen on
|
| services.nextcloud.settings.skeletondirectory | The directory where the skeleton files are located
|
| services.jibri.xmppEnvironments.<name>.call.login.domain | The domain part of the JID for the recorder.
|
| services.fedimintd.<name>.nginx.config.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| boot.specialFileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.invoiceplane.sites.<name>.cron.enable | Enable cron service which periodically runs Invoiceplane tasks
|
| virtualisation.containers.storage.settings | storage.conf configuration
|
| services.mpdscribble.endpoints.<name>.url | The url endpoint where the scrobble API is listening.
|
| services.grafana.provision.datasources.settings.datasources.*.secureJsonData | Datasource specific secure configuration
|