| services.reposilite.useACMEHost | Host of an existing Let's Encrypt certificate to use for SSL
|
| security.acme.certs.<name>.group | Group running the ACME client.
|
| security.acme.certs | Attribute set of certificates to get signed and renewed
|
| security.acme.defaults | Default values inheritable by all configured certs
|
| services.prometheus.exporters.node-cert.group | Group under which the node-cert exporter shall be run.
|
| security.acme.certs.<name>.csr | Path to a certificate signing request to apply when fetching the certificate.
|
| services.molly-brown.certPath | Path to TLS certificate
|
| security.acme.certs.<name>.csrKey | Path to the private key to the matching certificate signing request.
|
| security.acme.certs.<name>.keyType | Key type to use for private keys
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| security.acme.certs.<name>.domain | Domain to fetch certificate for (defaults to the entry name).
|
| security.acme.certs.<name>.validMinDays | Minimum remaining validity before renewal in days.
|
| security.acme.certs.<name>.s3Bucket | S3 bucket name to use for HTTP-01 based challenges
|
| security.acme.certs.<name>.server | ACME Directory Resource URI
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| security.acme.certs.<name>.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| security.acme.certs.<name>.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| security.acme.certs.<name>.extraLegoRunFlags | Additional flags to pass to lego run.
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| security.acme.certs.<name>.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| security.acme.certs.<name>.dnsProvider | DNS Challenge provider
|
| security.acme.certs.<name>.extraDomainNames | A list of extra domain names, which are included in the one certificate to be issued.
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| security.acme.certs.<name>.directory | Directory where certificate and other state is stored.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| security.acme.certs.<name>.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| security.acme.defaults.group | Group running the ACME client.
|
| security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| security.acme.certs.<name>.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| security.agnos.group | Group to run Agnos as
|
| security.pam.ussh.group | If set, then the authenticating user must be a member of this group
to use this module.
|
| users.users.<name>.group | The user's primary group.
|
| services.etcd.certFile | Cert file to use for clients
|
| power.ups.upsmon.group | Group for the default nutmon user
|
| services.coturn.cert | Certificate file in PEM format.
|
| services.ocis.group | The group to run oCIS under
|
| services.qui.group | Group to run qui as.
|
| services.znc.group | Group to own the ZNC process.
|
| services.node-red.group | Group under which Node-RED runs
|
| security.wrappers.<name>.group | The group of the wrapper program.
|
| services.h2o.group | Group running H2O services
|
| services.bee.group | Group the bee binary should execute under.
|
| services.mpd.group | Group account under which MPD runs.
|
| services.vdr.group | Group under which the VDRvdr service runs.
|
| programs.nncp.group | The group under which NNCP files shall be owned
|
| services.ente.api.group | Group under which museum runs
|
| services.nats.group | Group under which NATS runs.
|
| services.ombi.group | Group under which Ombi runs.
|
| services.plex.group | Group under which Plex runs.
|
| users.extraUsers.<name>.group | The user's primary group.
|
| services.caddy.group | Group under which caddy runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the Caddy service starts.
|
| services.ergo.group | The group as which to run the Ergo node.
|
| services.kubo.group | Group under which the Kubo daemon runs
|
| services.loki.group | Group under which the Loki service runs.
|
| services.unit.group | Group account under which unit runs.
|
| services.nscd.group | User group under which nscd runs.
|
| services.tcsd.group | Group account under which tcsd runs.
|
| services.bird-lg.group | Group to run the service.
|
| services.maddy.group | Group account under which maddy runs.
If left as the default value this group will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the group exists before the maddy service starts.
|
| services.guix.group | The group of the Guix build user pool.
|
| services.exim.group | Group to use when no root privileges are required.
|
| services.nifi.group | Group account where Apache NiFi runs.
|
| hardware.i2c.group | Grant access to i2c devices (/dev/i2c-*) to users in this group.
|
| services.db-rest.group | Group under which db-rest runs.
|
| services.hitch.group | The group to run as
|
| services.prosody.ssl.cert | Path to the certificate file.
|
| services.ntfy-sh.group | Primary group of ntfy-sh user.
|
| services.ytdl-sub.group | Group under which ytdl-sub runs.
|
| services.gitea.group | Group under which gitea runs.
|
| services.davis.group | Group davis runs as.
|
| services.komga.group | Group under which Komga runs.
|
| services.dspam.group | Group for the dspam daemon.
|
| services.amule.group | Group under which amule runs
|
| services.seatd.group | Group to own the seatd socket
|
| services.nexus.group | Group which runs Nexus3.
|
| services.slskd.group | Group under which slskd runs.
|
| services.omnom.group | The Omnom service group.
|
| services.mlmmj.group | mailinglist local group
|
| services.stash.group | Group under which Stash runs.
|
| services.memos.group | The group to run Memos as.
If changing the default value, you are responsible of creating the corresponding group with users.groups.
|
| services.cyrus-imap.group | Cyrus IMAP group name
|
| services.patroni.group | The group for the service
|
| services.sonarr.group | Group account under which Sonarr runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the Sonarr service starts.
|
| services.hound.group | Group the hound daemon should execute under.
|
| services.bosun.group | Group account under which bosun runs.
|
| services.legit.group | Group account under which legit runs.
|
| services.nginx.group | Group account under which nginx runs.
|
| services.movim.group | Group running Movim service
|
| services.rqbit.group | Group account under which rqbit runs.
|
| services.uwsgi.group | Group account under which uWSGI runs.
|
| services.snipe-it.group | Group snipe-it runs as.
|
| services.murmur.group | The name of an existing group to use to run the service
|
| hardware.cpu.amd.sev.group | Group to assign to the SEV device.
|
| services.felix.group | Group account under which Apache Felix runs.
|
| services.httpd.group | Group under which httpd children processes run.
|