| boot.initrd.luks.devices.<name>.fallbackToPassword | Whether to fallback to interactive passphrase prompt if the keyfile
cannot be found
|
| services.artalk.user | Artalk user name.
|
| services.sogo.vhostName | Name of the nginx vhost
|
| services.zammad.user | Name of the Zammad user.
|
| services.prometheus.scrapeConfigs.*.job_name | The job name assigned to scraped metrics by default.
|
| console.useXkbConfig | If set, configure the virtual console keymap from the xserver
keyboard settings.
|
| services.monero.rpc.user | User name for RPC connections.
|
| services.simplesamlphp.<name>.authSources | Auth sources options used by SimpleSAMLphp.
|
| services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret | Value of the NTLM secret, which is the NT Hash of the actual secret,
that is, MD4(UTF-16LE(secret))
|
| image.repart.partitions.<name>.repartConfig | Specify the repart options for a partiton as a structural setting
|
| services.tarsnap.archives | Tarsnap archive configurations
|
| systemd.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.strongswan-swanctl.swanctl.secrets.private.<name>.secret | Value of decryption passphrase for private key.
|
| services.taskserver.fqdn | The fully qualified domain name of this server, which is also used
as the common name in the certificates.
|
| services.jellyfin.forceEncodingConfig | Whether to overwrite Jellyfin's encoding.xml configuration file on each service start
|
| services.hostapd.radios.<name>.wifi5.capabilities | VHT (Very High Throughput) capabilities given as a list of flags
|
| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| services.stash.settings.notifications_enabled | If we should send notifications to the desktop
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.xonotic.settings.sv_termsofservice_url | URL for the Terms of Service for playing on your server.
|
| services.scrutiny.settings.web.influxdb.tls.insecure_skip_verify | Whether to enable skipping TLS verification when connecting to InfluxDB.
|
| services.agorakit.nginx | With this option, you can customize the nginx virtualHost settings.
|
| services.librenms.nginx | With this option, you can customize the nginx virtualHost settings.
|
| security.apparmor.policies.<name>.profile | The profile file contents
|
| services.kanidm.provision.systems.oauth2.<name>.removeOrphanedClaimMaps | Whether claim maps not specified here but present in kanidm should be removed from kanidm.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.murmur.registerName | Public server registration name, and also the name of the
Root channel
|
| services.grav.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.gitea.dump.file | Filename to be used for the dump
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding | Pads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality
|
| services.cloudflared.tunnels.<name>.originRequest.noTLSVerify | Disables TLS verification of the certificate presented by your origin
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.keepalived.vrrpInstances.<name>.interface | Interface for inside_network, bound by vrrp.
|
| services.archisteamfarm.bots.<name>.enabled | Whether to enable the bot on startup.
|
| services.buffyboard.settings.quirks.fbdev_force_refresh | If true and using the framebuffer backend, this triggers a display refresh after every draw operation
|
| fileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets | Maximum number of packets processed before CHILD_SA gets closed
|
| services.system76-scheduler.assignments.<name>.nice | Niceness.
|
| programs.openvpn3.netcfg.settings.systemd_resolved | Whether to use systemd-resolved integration
|
| services.stash.settings.preview_exclude_start | Duration of end of video to exclude when generating previews
|
| services.mysql.galeraCluster.localName | The unique name that identifies this particular node within the cluster
|
| services.matrix-continuwuity.settings.global.unix_socket_path | Listen on a UNIX socket at the specified path
|
| services.rke2.nodeName | Node name.
|
| services.synapse-auto-compressor.settings.chunks_to_compress | chunks_to_compress chunks of size chunk_size will be compressed
|
| systemd.targets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.sockets.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| services.bookstack.hostname | The hostname to serve BookStack on.
|
| services.discourse.hostname | The hostname to serve Discourse on.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.gitlab-runner.services.<name>.requestConcurrency | Limit number of concurrent requests for new jobs from GitLab.
|
| services.pgadmin.emailServer.username | SMTP server username for email delivery
|
| services.artalk.allowModify | allow Artalk store the settings to config file persistently
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.templates.description | The ntfy.sh message description template.
|
| systemd.shutdown | Definition of systemd shutdown executables
|
| services.armagetronad.servers.<name>.openFirewall | Set to true to open the configured UDP port for Armagetron Advanced.
|
| services.blockbook-frontend.<name>.messageQueueBinding | Message Queue Binding address:port.
|
| services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| boot.initrd.systemd.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.system76-scheduler.assignments.<name>.prio | CPU scheduler priority.
|
| systemd.user.targets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.user.sockets.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.pantalaimon-headless.instances.<name>.ssl | Whether or not SSL verification should be enabled for outgoing
connections to the homeserver.
|
| services.bcg.automaticRenameKitNodes | Automatically rename kit's nodes.
|
| services.namecoind.generate | Whether to generate (mine) Namecoins.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| programs.tsmClient.servers.<name>.genPasswd | Whether to enable automatic client password generation
|
| services.jibri.xmppEnvironments.<name>.control.login.passwordFile | File containing the password for the user.
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.hostapd.radios.<name>.wifi4.capabilities | HT (High Throughput) capabilities given as a list of flags
|
| services.hostapd.radios.<name>.wifi6.operatingChannelWidth | Determines the operating channel width for HE.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| networking.nftables.tables.<name>.content | The table content.
|
| services.postgresqlWalReceiver.receivers.<name>.connection | Specifies parameters used to connect to the server, as a connection string
|
| networking.wg-quick.interfaces.<name>.dns | The IP addresses of DNS servers to configure.
|
| services.system76-scheduler.assignments.<name>.ioPrio | IO scheduler priority.
|
| services.anuko-time-tracker.nginx.serverName | Name of this virtual host
|
| services.sftpgo.user | User account name under which SFTPGo runs.
|
| services.wstunnel.clients.<name>.tlsVerifyCertificate | Whether to verify the TLS certificate of the server
|
| networking.jool.nat64.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.matrix-synapse.settings.tls_private_key_path | PEM encoded private key for TLS
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.discourse.admin.username | The admin user username.
|
| programs.rush.global | The global statement defines global settings.
|
| services.hostapd.radios.<name>.wifi7.operatingChannelWidth | Determines the operating channel width for EHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.hostapd.radios.<name>.wifi5.operatingChannelWidth | Determines the operating channel width for VHT.
- "20or40": 20 or 40 MHz operating channel width
- "80": 80 MHz channel width
- "160": 160 MHz channel width
- "80+80": 80+80 MHz channel width
|
| services.cloudflared.tunnels.<name>.originRequest.proxyPort | cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP
|
| services.cloudflared.tunnels.<name>.originRequest.httpHostHeader | Sets the HTTP Host header on requests sent to the local service.
|
| services.nezha-agent.settings.skip_connection_count | Do not monitor the number of connections.
|
| services.mpdscribble.endpoints.<name>.passwordFile | File containing the password, either as MD5SUM or cleartext.
|
| services.bluemap.maps | Settings for files in maps/
|
| boot.specialFileSystems.<name>.depends | List of paths that should be mounted before this one
|
| boot.specialFileSystems.<name>.options | Options used to mount the file system
|
| services.chhoto-url.settings.allow_capital_letters | Whether to allow capital letters in slugs.
|
| services.grafana.settings.security.csrf_trusted_origins | List of additional allowed URLs to pass by the CSRF check
|
| services.bookstack.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.cloudflared.tunnels.<name>.originRequest.tlsTimeout | Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
|