| systemd.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| services.quicktun.<name>.tunMode | Whether to operate in tun (IP) or tap (Ethernet) mode.
|
| security.auditd.plugins.<name>.path | This is the absolute path to the plugin executable.
|
| services.nginx.proxyCachePath.<name>.maxSize | Set maximum cache size
|
| services.redis.servers.<name>.slaveOf.ip | IP of the Redis master
|
| systemd.services.<name>.aliases | Aliases of that unit.
|
| systemd.user.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| boot.initrd.luks.devices.<name>.gpgCard.publicKey | Path to the Public Key.
|
| networking.fooOverUDP.<name>.local.dev | Network device to bind to.
|
| services.bind.zones.<name>.extraConfig | Extra zone config to be appended at the end of the zone section.
|
| systemd.user.services.<name>.preStart | Shell commands executed before the service's main process
is started.
|
| services.inadyn.settings.custom.<name>.ddns-server | DDNS server name.
|
| systemd.user.services.<name>.path | Packages added to the service's PATH
environment variable
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| services.authelia.instances.<name>.group | The name of the group for this authelia instance.
|
| power.ups.upsmon.monitor.<name>.powerValue | Number of power supplies that the UPS feeds on this system
|
| networking.sits.<name>.remote | The address of the remote endpoint to forward traffic over.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.autorandr.profiles.<name>.config.<name>.scale | Output scale configuration
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses | The external address where the host can be reached
|
| services.ndppd.proxies.<name>.interface | Listen for any Neighbor Solicitation messages on this interface,
and respond to them according to a set of rules
|
| services.h2o.hosts.<name>.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| services.tinc.networks.<name>.hostSettings.<name>.addresses.*.port | The port where the host can be reached
|
| security.acme.certs.<name>.extraLegoRunFlags | Additional flags to pass to lego run.
|
| services.geth.<name>.authrpc.vhosts | List of virtual hostnames from which to accept requests.
|
| services.hans.clients.<name>.server | IP address of server running hans
|
| services.drupal.sites.<name>.themesDir | The location for users to install Drupal themes.
|
| services.nsd.zones.<name>.minRefreshSecs | Limit refresh time for secondary zones.
|
| services.spiped.config.<name>.maxConns | Limit on the number of simultaneous connections allowed.
|
| systemd.targets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.sockets.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| services.tahoe.nodes.<name>.sftpd.enable | Whether to enable SFTP service.
|
| services.i2pd.inTunnels.<name>.inbound.quantity | Number of simultaneous ‹name› tunnels.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.joinType | Determines how multiple values are joined to create the claim value
|
| boot.specialFileSystems.<name>.fsType | Type of the file system
|
| systemd.timers.<name>.timerConfig | Each attribute in this set specifies an option in the
[Timer] section of the unit
|
| services.hostapd.radios.<name>.networks.<name>.macAllowFile | Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| security.pam.services.<name>.rootOK | If set, root doesn't need to authenticate (e.g. for the
useradd service).
|
| security.pam.services.<name>.showMotd | Whether to show the message of the day.
|
| networking.jool.siit | Definitions of SIIT instances of Jool
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| networking.ipips.<name>.local | The address of the local endpoint which the remote
side should send packets to.
|
| services.nsd.zones.<name>.maxRetrySecs | Limit retry time for secondary zones
|
| services.nginx.virtualHosts.<name>.http3 | Whether to enable the HTTP/3 protocol
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| systemd.user.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.hostapd.radios.<name>.networks.<name>.macAcl | Station MAC address -based authentication
|
| services.inadyn.settings.custom.<name>.hostname | Hostname alias(es).
|
| services.inadyn.settings.custom.<name>.username | Username for this DDNS provider.
|
| services.cgit.<name>.nginx.location | Location to serve cgit under.
|
| services.rspamd.locals.<name>.source | Path of the source file.
|
| services.rauc.slots.<name>.*.settings | Settings for this slot.
|
| services.spiped.config.<name>.target | Address to which spiped should connect.
|
| services.bitcoind.<name>.dbCache | Override the default database cache size in MiB.
|
| services.bind.zones.<name>.allowQuery | List of address ranges allowed to query this zone
|
| services.h2o.hosts.<name>.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| services.homebridge.settings.platforms.*.name | Name of the platform
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.index | Adds DirectoryIndex directive
|
| services.wordpress.sites.<name>.virtualHost.locations.<name>.alias | Alias directory for requests
|
| services.geth.<name>.metrics.enable | Whether to enable Go Ethereum prometheus metrics.
|
| services.redis.servers.<name>.slaveOf | IP and port to which this redis instance acts as a slave.
|
| systemd.user.services.<name>.script | Shell commands executed as the service's main process.
|
| services.ax25.axports.<name>.window | Default window size for this interface.
|
| services.uhub.<name>.plugins.*.plugin | Path to plugin file.
|
| services.i2pd.outTunnels.<name>.inbound.quantity | Number of simultaneous ‹name› tunnels.
|
| environment.etc.<name>.gid | GID of created file
|
| environment.etc.<name>.uid | UID of created file
|
| services.tahoe.nodes.<name>.sftpd.port | The port on which the SFTP server will listen
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.blockbook-frontend.<name>.dataDir | Location of blockbook-frontend-‹name› data directory.
|
| security.pam.services.<name>.oathAuth | If set, the OATH Toolkit will be used.
|
| services.nbd.server.exports.<name>.path | File or block device to export.
|
| services.blockbook-frontend.<name>.group | The group as which to run blockbook-frontend-‹name›.
|
| services.borgbackup.jobs.<name>.dateFormat | Arguments passed to date
to create a timestamp suffix for the archive name.
|
| services.redis.servers.<name>.port | The TCP port to accept connections
|
| systemd.user.slices.<name>.sliceConfig | Each attribute in this set specifies an option in the
[Slice] section of the unit
|
| services.neo4j.ssl.policies.<name>.privateKey | The name of private PKCS #8 key file for this policy to be found
in the baseDirectory, or the absolute path to
the key file
|
| security.wrappers.<name>.enable | Whether to enable the wrapper.
|
| services.quicktun.<name>.localPort | Local UDP port.
|
| systemd.user.targets.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.sockets.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.slices.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.timers.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.netbird.clients.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| services.netbird.tunnels.<name>.suffixedName | A systemd service name to use (without .service suffix).
|
| systemd.network.links.<name>.enable | Whether to enable this .link unit
|
| systemd.user.services.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| services.nix-store-gcs-proxy.<name>.address | The address of the proxy.
|
| services.autorandr.profiles.<name>.config.<name>.transform | Refer to
xrandr(1)
for the documentation of the transform matrix.
|
| services.openvpn.servers.<name>.authUserPass.username | The username to store inside the credentials file.
|
| services.drupal.sites.<name>.package | The drupal package to use.
|
| services.geth.<name>.authrpc.enable | Whether to enable Go Ethereum Auth RPC API.
|
| systemd.user.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|