| environment.etc.<name>.user | User name of file owner
|
| services.znapzend.zetup.<name>.destinations.<name>.label | Label for this destination
|
| systemd.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| services.httpd.virtualHosts.<name>.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails | List of emails to allow access to this vhost, or null to allow all.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| hardware.alsa.cardAliases.<name>.id | The ID of the sound card
|
| networking.nameservers | The list of nameservers
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| services.postfix.settings.master.<name>.command | A program name specifying a Postfix service/daemon process
|
| systemd.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.autorandr.profiles.<name>.config.<name>.enable | Whether to enable the output.
|
| services.autorandr.profiles.<name>.config.<name>.rotate | Output rotate configuration.
|
| services.hostapd.radios.<name>.networks.<name>.macAllow | Specifies the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| services.i2pd.inTunnels.<name>.inbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| networking.vswitches | This option allows you to define Open vSwitches that connect
physical networks together
|
| services.i2pd.outTunnels.<name>.type | Tunnel type.
|
| services.rspamd.locals.<name>.text | Text of the file.
|
| networking.vswitches.<name>.supportedOpenFlowVersions | Supported versions to enable on this switch.
|
| services.geth.<name>.network | The network to connect to
|
| security.acme.certs.<name>.validMinDays | Minimum remaining validity before renewal in days.
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| services.borgbackup.jobs.<name>.startAt | When or how often the backup should run
|
| systemd.user.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| programs.ssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| services.tahoe.nodes.<name>.tub.port | The port on which the tub will listen
|
| services.tahoe.nodes.<name>.web.port | The port on which the Web server will listen
|
| users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| users.extraUsers.<name>.subUidRanges.*.count | Count of subordinate user ids
|
| services.gvpe.nodename | GVPE node name
|
| containers.<name>.bindMounts.<name>.hostPath | Location of the host path to be mounted.
|
| services.i2pd.inTunnels.<name>.keys | Keyset used for tunnel identity.
|
| services.phpfpm.pools.<name>.group | Group account under which this pool runs.
|
| services.wyoming.piper.servers.<name>.voice | Name of the voice model to use
|
| services.cgit.<name>.extraConfig | These lines go to the end of cgitrc verbatim.
|
| systemd.services.<name>.preStop | Shell commands executed to stop the service.
|
| services.nginx.virtualHosts.<name>.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.nginx.virtualHosts.<name>.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.i2pd.outTunnels.<name>.inbound.length | Guaranteed minimum hops for ‹name› tunnels.
|
| services.geth.<name>.metrics.port | Port number of Go Ethereum metrics service.
|
| services.geth.<name>.http.address | Listen address of Go Ethereum HTTP API.
|
| systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.pppd.peers.<name>.config | pppd configuration for this peer, see the pppd(8) man page.
|
| systemd.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.nylon.<name>.logging | Enable logging, default is no logging.
|
| users.users.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.rsync.jobs.<name>.sources | Source directories.
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| systemd.user.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| networking.supplicant.<name>.userControlled.enable | Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module | Optional PKCS#11 module name.
|
| services.prosody.virtualHosts.<name>.domain | Domain name
|
| systemd.user.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.openvpn.servers | Each attribute of this option defines a systemd service that
runs an OpenVPN instance
|
| services.ax25.axports.<name>.tty | Location of hardware kiss tnc for this interface.
|
| services.i2pd.outTunnels.<name>.keys | Keyset used for tunnel identity.
|
| power.ups.ups.<name>.directives | List of configuration directives for this UPS.
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.geth.<name>.authrpc.port | Port number of Go Ethereum Auth RPC API.
|
| services.tts.servers.<name>.useCuda | Whether to offload computation onto a CUDA compatible GPU.
|
| environment.etc.<name>.group | Group name of file owner
|
| services.tinc.networks.<name>.hostSettings.<name>.settings | Configuration for this host
|
| systemd.services.<name>.wants | Start the specified units when this unit is started.
|
| services.bacula-sd.autochanger.<name>.changerDevice | The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource
|
| services.k3s.autoDeployCharts.<name>.package | The packaged Helm chart
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| systemd.timers.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.slices.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.services.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.sockets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.targets.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.stash.settings.stash_boxes.*.name | The name of the Stash Box
|
| services.autosuspend.checks.<name>.class | Name of the class implementing the check
|
| users.users.<name>.description | A short description of the user account, typically the
user's full name
|
| systemd.user.services.<name>.preStop | Shell commands executed to stop the service.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.root | Root directory for requests.
|
| services.autorandr.profiles.<name>.config.<name>.scale.method | Output scaling method.
|
| services.webhook.hooks.<name>.id | The ID of your hook
|
| services.firewalld.services.<name>.destination.ipv4 | IPv4 destination.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| systemd.user.sockets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.user.targets.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| users.mysql.pam.userColumn | The name of the column that contains a unix login name.
|
| services.drupal.sites.<name>.virtualHost.locations.<name>.proxyPass | Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
|
| services.librespeed.frontend.servers.*.name | Name shown in the server list.
|
| programs.dms-shell.plugins.<name>.src | Source of the plugin package or path
|
| services.drupal.sites.<name>.filesDir | The location of the Drupal files directory.
|
| power.ups.users.<name>.instcmds | Let the user initiate specific instant commands
|