The name of the host in the network as well as the configuration for that host

Extra lines to add to the tinc service configuration file

The name of the host in the network as well as the configuration for that host

Legacy RSA public key of the host in PEM format, including start and end markers

The subnets which this tinc daemon will serve

Configuration for this host

Indicates the priority over identical Subnets owned by different nodes

The external address where the host can be reached

The port where the host can be reached

The subnet of this host

The prefix length of the subnet

The external IP address or hostname where the host can be reached.

The name of the node which is used as an identifier when communicating with the remote nodes in the mesh

The amount of debugging information to add to the log. 0 means little logging while 5 is the most logging. man tincd for more details.

Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security

The tinc_pre package to use.

The ip address to bind to (both listen on and send packets from).

Configuration of the Tinc daemon for this network

Path of the private RSA keyfile.

The ip address to listen on for incoming connections.

The type of virtual interface used for the network connection.

Path of the private ed25519 keyfile.

SSID to be used in IEEE 802.11 management frames.

IP address to listen on.

Members of this group can access the control socket for this interface.

Whether the SSID is to be interpreted using UTF-8 encoding.

Specifies the MAC addresses to deny if macAcl is set to "deny" or "radius"

Levels (minimum value for logged events): 0 = verbose debugging 1 = debugging 2 = informational messages 3 = notification 4 = warning

Additional TLS/SSL-related configuration options

Specifies the MAC addresses to allow if macAcl is set to "allow" or "radius"

Specifies the BSSID for this BSS

Station MAC address -based authentication

Isolate traffic between stations (clients) and prevent them from communicating with each other.

Specifies a file containing the MAC addresses to deny if macAcl is set to "deny" or "radius"

Name of the UKI

Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"

This defines a BSS, colloquially known as a WiFi network

Extra configuration options to put at the end of this BSS's defintion in the hostapd.conf for the associated interface

IP address on which nebula lighthouse should serve DNS. 'localhost' is a good default to ensure the service does not listen on public interfaces; use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.

The name of the user account

Set the host address for this virtual host

The name of the network interface to match against.

All of these scripts will be executed in lexicographical order before hostapd is started, right after the bss segment was generated and may dynamically append bss options to the generated configuration file

The name of the group

Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID

The name of this nylon instance.

The name of the system used in the system.build.toplevel derivation

The name of the user account

Name of the zone.

Server name to be used for this virtual host

Name of the PPP peer.

TLS options for virtual host

Name of the tun device

Path to the certificate authority certificate.

The name of the group

Path or reference to the host key.

Path to the host certificate.

ACME options for virtual host.

HTTP options for virtual host

Name of the homebridge UI platform

Override the default TLS port for this virtual host.

If set, all sae password entries that have a non-wildcard MAC associated to them will additionally be used to populate the MAC allow list

Whether this node is a relay.

Etcd unique node name.

Override the default HTTP port for this virtual host.

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

Enable or disable this network.

Enables HTTP/3 over QUIC on the UDP port for TLS

The endpoint name.

Directory for the ACME challenge, which is public

List of IPs of relays that this node should allow traffic from.

Selects the authentication mode for this AP.

• "none": Don't configure any authentication

Port number to listen on.

IRC server port.

Sets the password(s) for WPA-PSK

The endpoint name.

Sets the password for WPA-PSK

Whether to use SSL to connect to the IRC server.

If this attribute is given with non-zero length, it will set the password identifier for this entry

The name of this systemd unit, including its extension

If this attribute is given, SAE-PK will be enabled for this connection

If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff), the entry is available for any station (client) to use

The nebula package to use.

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

Sets the password for WPA-PSK that will be converted to the pre-shared key

Name of the PAM service.

Username for JSON-RPC connections.

Name i2pd appears in UPnP forwardings list.

Sets allowed passwords for WPA3-SAE

The name of this systemd unit, including its extension

The name of this systemd unit, including its extension

If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.

The name of this systemd unit, including its extension

When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).

IRC server address.

Name of the worker

Sets the password for WPA3-SAE

Primary name for use (as a suffix) in:

• systemd service name,
• hardened user name and group,
• systemd *Directory= names,
• desktop application identification,