| services.dokuwiki.sites.<name>.acl.*.page | Page or namespace to restrict
|
| services.drupal.sites.<name>.configSyncDir | The location of the Drupal config sync directory.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| systemd.user.services.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| services.iodine.clients.<name>.relay | DNS server to use as an intermediate relay to the iodined server
|
| security.pam.services.<name>.pamMount | Enable PAM mount (pam_mount) system to mount filesystems on user login.
|
| services.kimai.sites.<name>.database.user | Database user.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.joinType | Determines how multiple values are joined to create the claim value
|
| services.bitcoind.<name>.dbCache | Override the default database cache size in MiB.
|
| services.pgbackrest.stanzas.<name>.jobs.<name>.schedule | When or how often the backup should run
|
| services.i2pd.inTunnels.<name>.inbound.quantity | Number of simultaneous ‹name› tunnels.
|
| security.pam.services.<name>.p11Auth | If set, keys listed in
~/.ssh/authorized_keys and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
|
| services.ndppd.proxies.<name>.rules | This is a rule that the target address is to match against
|
| services.sympa.settingsFile.<name>.text | Text of the file.
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets | The subnets which this tinc daemon will serve
|
| systemd.user.paths.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| services.bacula-sd.director.<name>.tls | TLS Options for the Director in this Configuration.
|
| services.bacula-fd.director.<name>.tls | TLS Options for the Director in this Configuration.
|
| services.jupyter.kernels.<name>.argv | Command and arguments to start the kernel.
|
| services.bepasty.servers.<name>.bind | Bind address to be used for this server.
|
| services.netbird.clients.<name>.port | Port the NetBird client listens on.
|
| services.netbird.tunnels.<name>.port | Port the NetBird client listens on.
|
| services.keyd.keyboards.<name>.ids | Device identifiers, as shown by keyd(1).
|
| services.udp-over-tcp.tcp2udp.<name>.fwmark | If given, sets the SO_MARK option on the TCP socket.
|
| services.udp-over-tcp.udp2tcp.<name>.fwmark | If given, sets the SO_MARK option on the TCP socket.
|
| services.znapzend.zetup.<name>.destinations.<name>.dataset | Dataset name to send snapshots to.
|
| services.rspamd.locals.<name>.enable | Whether this file locals should be generated
|
| services.kimai.sites.<name>.database.host | Database host address.
|
| services.kimai.sites.<name>.database.port | Database host port.
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.hostapd.radios.<name>.networks.<name>.macAllowFile | Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| services.openvpn.servers.<name>.authUserPass.username | The username to store inside the credentials file.
|
| services.bacula-sd.autochanger.<name>.changerDevice | The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource
|
| services.ax25.axports.<name>.window | Default window size for this interface.
|
| services.uhub.<name>.plugins.*.plugin | Path to plugin file.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| systemd.user.paths.<name>.wants | Start the specified units when this unit is started.
|
| services.xserver.xkb.extraLayouts.<name>.typesFile | The path to the xkb types file
|
| services.autorandr.profiles.<name>.config.<name>.position | Output position
|
| ec2.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| systemd.services.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| nix.registry.<name>.from | The flake reference to be rewritten
|
| services.redis.servers.<name>.user | User account under which this instance of redis-server runs.
If left as the default value this user will automatically be
created on system activation, otherwise you are responsible for
ensuring the user exists before the redis service starts.
|
| services.h2o.hosts.<name>.settings | Attrset to be transformed into YAML for host config
|
| services.geth.<name>.websocket.apis | APIs to enable over WebSocket
|
| services.nebula.networks.<name>.cert | Path to the host certificate.
|
| security.acme.certs.<name>.s3Bucket | S3 bucket name to use for HTTP-01 based challenges
|
| services.hostapd.radios.<name>.noScan | Disables scan for overlapping BSSs in HT40+/- mode
|
| services.i2pd.inTunnels.<name>.accessList | I2P nodes that are allowed to connect to this service.
|
| services.drupal.sites.<name>.modulesDir | The location for users to install Drupal modules.
|
| services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| services.public-inbox.inboxes.<name>.url | URL where this inbox can be accessed over HTTP.
|
| services.tor.relay.onionServices.<name>.map | See torrc manual.
|
| services.fedimintd.<name>.api.url | Public URL of the API address of the reverse proxy/tls terminator
|
| services.drupal.sites.<name>.poolConfig | Options for the Drupal PHP pool
|
| services.fedimintd.<name>.p2p.port | Port to bind on for p2p connections from peers (both TCP and UDP)
|
| services.fedimintd.<name>.p2p.bind | Address to bind on for p2p connections from peers (both TCP and UDP)
|
| services.i2pd.outTunnels.<name>.inbound.quantity | Number of simultaneous ‹name› tunnels.
|
| systemd.user.services.<name>.startAt | Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7)
|
| systemd.paths.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| services.rke2.autoDeployCharts.<name>.package | The packaged Helm chart
|
| services.openssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| services.ax25.axports.<name>.paclen | Default maximum packet size for this interface.
|
| services.ax25.axports.<name>.enable | Whether to enable Enables the axport interface.
|
| power.ups.users.<name>.actions | Allow the user to do certain things with upsd
|
| services.ndppd.proxies.<name>.interface | Listen for any Neighbor Solicitation messages on this interface,
and respond to them according to a set of rules
|
| services.h2o.hosts.<name>.tls.identity.*.key-file | Path to key file
|
| services.autosuspend.wakeups.<name>.class | Name of the class implementing the check
|
| services.drupal.sites.<name>.phpOptions | Options for PHP's php.ini file for this Drupal site.
|
| services.geth.<name>.metrics.address | Listen address of Go Ethereum metrics service.
|
| services.nginx.proxyCachePath.<name>.enable | Whether to enable this proxy cache path entry.
|
| services.rsync.jobs.<name>.settings | Settings that should be passed to rsync via long options
|
| users.users.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| services.autorandr.profiles.<name>.config.<name>.scale | Output scale configuration
|
| services.tahoe.nodes.<name>.client.shares.total | The number of shares required to store a file.
|
| services.quicktun.<name>.localPort | Local UDP port.
|
| services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.bacula-sd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.bacula-fd.director.<name>.tls.key | The path of a PEM encoded TLS private key
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.quicktun.<name>.privateKeyFile | Path to file containing local secret key in binary or hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.httpd.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.asusd.auraConfigs.<name>.source | Path of the source file.
|
| services.caddy.virtualHosts.<name>.hostName | Canonical hostname for the server.
|
| services.redis.servers.<name>.unixSocket | The path to the socket to bind to.
|
| services.rss2email.feeds.<name>.url | The URL at which to fetch the feed.
|
| services.k3s.autoDeployCharts.<name>.repo | The repo of the Helm chart
|
| services.tahoe.nodes.<name>.storage.enable | Whether to enable storage service.
|
| services.wyoming.piper.servers.<name>.uri | URI to bind the wyoming server to.
|
| services.openafsClient.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.nginx.proxyCachePath.<name>.keysZoneSize | Set size to shared memory zone.
|
| services.openafsServer.cellServDB.<name>.*.ip | IP Address of a database server
|
| services.kimai.sites.<name>.settings | Structural Kimai's local.yaml configuration
|
| services.geth.<name>.authrpc.address | Listen address of Go Ethereum Auth RPC API.
|
| services.phpfpm.pools.<name>.phpPackage | The PHP package to use for running this PHP-FPM pool.
|
| services.restic.backups.<name>.runCheck | Whether to run the check command with the provided checkOpts options.
|
| services.fedimintd.<name>.api.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|