| options/nixos/services.parsedmarc.provision.grafana.datasource | Whether the automatically provisioned Elasticsearch
instance should be added as a grafana datasource
|
| options/home-manager/accounts.email.accounts.<name>.lieer.notmuchSetupWarning | Warn if Notmuch is not also enabled for this account
|
| options/nixos/services.grafana.settings.analytics.check_for_updates | When set to false, disables checking for new versions of Grafana from Grafana's GitHub repository
|
| options/nixos/networking.getaddrinfo.reload | Determines whether a process should detect changes to the configuration file since it was last read
|
| options/nixos/services.prometheus.exporters.frr.disabledCollectors | Collectors to disable which are enabled by default.
|
| options/nixos/networking.interfaces.<name>.useDHCP | Whether this interface should be configured with DHCP
|
| options/nixos/networking.firewall.logRefusedUnicastsOnly | If networking.firewall.logRefusedPackets
and this option are enabled, then only log packets
specifically directed at this machine, i.e., not broadcasts
or multicasts.
|
| options/nixos/services.jellyfin.forceEncodingConfig | Whether to overwrite Jellyfin's encoding.xml configuration file on each service start
|
| options/nixos/virtualisation.spiceUSBRedirection.enable | Install the SPICE USB redirection helper with setuid
privileges
|
| options/home-manager/accounts.email.accounts.<name>.mujmap.notmuchSetupWarning | Warn if Notmuch is not also enabled for this account
|
| options/nixos/hardware.nvidia-container-toolkit.mount-nvidia-docker-1-directories | Mount nvidia-docker-1 directories on containers: /usr/local/nvidia/lib and
/usr/local/nvidia/lib64.
|
| options/home-manager/accounts.contact.accounts.<name>.vdirsyncer.conflictResolution | What to do in case of a conflict between the storages
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.verifyFingerprint | Optional
|
| options/nixos/services.prometheus.exporters.node.disabledCollectors | Collectors to disable which are enabled by default.
|
| options/nixos/services.nextcloud-spreed-signaling.configureNginx | Whether to set up and configure an nginx virtual host according to upstream's recommendations
|
| options/home-manager/programs.delta.enableJujutsuIntegration | Whether to enable jujutsu integration for delta
|
| options/nixos/services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_id | Path to file that contains Client ID.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas | Enable per-CPU CHILD_SAs
|
| options/darwin/services.prometheus.exporters.node.disabledCollectors | Collectors to disable from the list of collectors that are enabled by default.
|
| options/nixos/services.jellyfin.transcoding.hardwareEncodingCodecs | Which codecs to enable for hardware encoding. h264 is always enabled.
|
| options/home-manager/programs.atuin.forceOverwriteSettings | When enabled, force overwriting of the Atuin configuration file
($XDG_CONFIG_HOME/atuin/config.toml)
|
| options/nixos/programs.singularity.enableFakeroot | Whether to enable the --fakeroot support of Singularity/Apptainer
|
| options/nixos/networking.tempAddresses | Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces._name_.tempAddress
|
| options/nixos/security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| options/nixos/services.prometheus.exporters.opnsense.disabledExporter | Collectors to enable or disable
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.conflictResolution | What to do in case of a conflict between the storages
|
| options/nixos/environment.memoryAllocator.provider | The system-wide memory allocator
|
| options/nixos/services.prometheus.pushgateway.persistMetrics | Whether to persist metrics to a file
|
| options/nixos/services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| options/nixos/services.prometheus.exporters.wireguard.singleSubnetPerField | By default, all allowed IPs and subnets are comma-separated in the
allowed_ips field
|
| options/nixos/hardware.nvidia.modesetting.enable | Whether to enable kernel modesetting when using the NVIDIA proprietary driver
|
| options/nixos/virtualisation.podman.autoPrune.enable | Whether to periodically prune Podman resources
|
| options/nixos/virtualisation.docker.autoPrune.enable | Whether to periodically prune Docker resources
|
| options/home-manager/programs.rclone.remotes.<name>.mounts.<name>.options | An attribute set of option values passed to rclone mount
|
| options/nixos/virtualisation.graphics | Whether to run QEMU with a graphics window, or in nographic mode
|
| options/darwin/homebrew.caskArgs.internet_plugindir | Target location for Internet Plugins
|
| options/nixos/programs.starship.transientPrompt.enable | Whether to enable Starship's transient prompt
feature in fish shells
|
| options/nixos/virtualisation.docker.enableOnBoot | When enabled dockerd is started on boot
|
| options/nixos/services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| options/nixos/hardware.wirelessRegulatoryDatabase | Whether to enable loading the wireless regulatory database at boot.
|
| options/nixos/services.prometheus.exporters.chrony.disabledCollectors | Collectors to disable which are enabled by default
|
| options/nixos/virtualisation.oci-containers.containers.<name>.workdir | Override the default working directory for the container.
|
| options/home-manager/programs.diff-highlight.enableGitIntegration | Whether to enable git integration for diff-highlight
|
| options/nixos/virtualisation.nixStore9pCache | Type of 9p cache to use when mounting host nix store. "none" provides
no caching. "loose" enables Linux's local VFS cache. "fscache" uses Linux's
fscache subsystem
|
| options/nixos/fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| options/nixos/networking.wireless.athUserRegulatoryDomain | If enabled, sets the ATH_USER_REGD kernel config switch to true to
disable the enforcement of EEPROM regulatory restrictions for ath
drivers
|
| options/nixos/system.copySystemConfiguration | If enabled, copies the NixOS configuration file
(usually /etc/nixos/configuration.nix)
and symlinks it from the resulting system
(getting to /run/current-system/configuration.nix)
|
| options/nixos/services.prometheus.alertmanagerGotify.dispatchErrors | When enabled, alerts will be tried to dispatch with an error message regarding faulty templating or missing fields to help debugging.
|
| options/darwin/system.defaults.trackpad.TrackpadFourFingerPinchGesture | Whether to enable four-finger pinch gesture (spread shows the Desktop, pinch shows the Launchpad): 0 to disable, 2 to enable
|
| options/nixos/services.prometheus.alertmanagerGotify.extendedDetails | When enabled, alerts are presented in HTML format and include colorized status (FIR|RES), alert start time, and a link to the generator of the alert.
|
| options/nixos/virtualisation.forwardPorts | When using the SLiRP user networking (default), this option allows to
forward ports to/from the host/guest.
If the NixOS firewall on the virtual machine is enabled, you also
have to open the guest ports to enable the traffic between host and
guest.
Currently QEMU supports only IPv4 forwarding.
|
| options/nixos/swapDevices.*.randomEncryption.enable | Encrypt swap device with a random key
|
| options/nixos/documentation.man.mandoc.cachePath | Change the paths where mandoc makewhatis(8)generates the
manual page index caches. documentation.man.generateCaches
should be enabled to allow cache generation
|
| options/nixos/services.n8n.environment.N8N_VERSION_NOTIFICATIONS_ENABLED | When enabled, n8n sends notifications of new versions and security updates.
|
| options/darwin/system.defaults.trackpad.TrackpadThreeFingerVertSwipeGesture | Whether to enable three-finger vertical swipe gesture (down for Mission Control, up for App Exposé): 0 to disable, 2 to enable
|
| options/home-manager/programs.neovim.plugins.*.runtime.<name>.ignorelinks | When recursive is enabled, adds -ignorelinks flag to lndir
It causes lndir to not treat symbolic links in the source directory specially
|
| options/nixos/services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_secret | Path to file that contains Client Secret.
|
| options/nixos/virtualisation.restrictNetwork | If this option is enabled, the guest will be isolated, i.e. it will
not be able to contact the host and no guest IP packets will be
routed over the host to the outside
|
| options/nixos/networking.networkmanager.enable | Whether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured
|
| options/darwin/homebrew.caskArgs.audio_unit_plugindir | Target location for Audio Unit Plugins
|
| options/nixos/services.postfix.settings.main.smtp_tls_security_level | The client TLS security level.
Use dane with a local DNSSEC validating DNS resolver enabled.
https://www.postfix.org/postconf.5.html#smtp_tls_security_level
|
| options/home-manager/programs.aerospace.launchd.enable | Configure the launchd agent to manage the AeroSpace process
|
| options/nixos/services.borgmatic.configurations.<name>.source_directories | List of source directories and files to backup
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp | Enable IPComp compression before encryption
|
| options/home-manager/programs.zsh.prezto.syntaxHighlighting.highlighters | Set syntax highlighters
|
| options/nixos/system.includeBuildDependencies | Whether to include the build closure of the whole system in
its runtime closure
|
| options/darwin/system.defaults.NSGlobalDomain."com.apple.swipescrolldirection" | Whether to enable "Natural" scrolling direction
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.mediated_by | The name of the connection to mediate this connection through
|
| options/nixos/boot.loader.generic-extlinux-compatible.useGenerationDeviceTree | Whether to generate Device Tree-related directives in the
extlinux configuration
|
| options/nixos/security.apparmor.killUnconfinedConfinables | Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes)
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| options/nixos/services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/nixos/services.prometheus.scrapeConfigs.*.http_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/nixos/virtualisation.libvirtd.shutdownTimeout | Number of seconds we're willing to wait for a guest to shut down
|
| options/home-manager/programs.floorp.profiles.<name>.extensions.exactPermissions | When enabled,
programs.floorp.profiles.<profile>.extensions.settings.<extensionID>.permissions
must specify the exact set of permissions that the
extension will request
|
| options/home-manager/programs.thunderbird.profiles.<name>.accountsOrder | Custom ordering of accounts and local folders in
Thunderbird's folder pane
|
| options/nixos/containers.<name>.ephemeral | Runs container in ephemeral mode with the empty root filesystem at boot
|
| options/home-manager/programs.thunderbird.profiles.<name>.calendarAccountsOrder | Custom ordering of calendar accounts
|
| options/nixos/networking.usePredictableInterfaceNames | Whether to assign predictable names to network interfaces
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| options/nixos/swapDevices.*.randomEncryption | Encrypt swap device with a random key
|
| options/nixos/services.prometheus.scrapeConfigs.*.azure_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/nixos/services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/home-manager/programs.firefox.profiles.<name>.extensions.exactPermissions | When enabled,
programs.firefox.profiles.<profile>.extensions.settings.<extensionID>.permissions
must specify the exact set of permissions that the
extension will request
|
| options/home-manager/programs.ripgrep-all.custom_adapters.*.mimetypes | If not null and --rga-accurate is enabled, mime type matching is used instead of file name matching
|
| options/nixos/virtualisation.useDefaultFilesystems | If enabled, the boot disk of the virtual machine will be
formatted and mounted with the default filesystems for
testing
|
| options/nixos/services.prometheus.scrapeConfigs.*.linode_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/nixos/services.prometheus.scrapeConfigs.*.docker_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/nixos/services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/nixos/services.prometheus.scrapeConfigs.*.consul_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/nixos/services.grafana.settings.analytics.check_for_plugin_updates | When set to false, disables checking for new versions of installed plugins from https://grafana.com
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| options/home-manager/programs.librewolf.profiles.<name>.extensions.exactPermissions | When enabled,
programs.librewolf.profiles.<profile>.extensions.settings.<extensionID>.permissions
must specify the exact set of permissions that the
extension will request
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| options/nixos/virtualisation.oci-containers.containers.<name>.autoStart | When enabled, the container is automatically started on boot
|
| options/nixos/services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.follow_redirects | Configure whether HTTP requests follow HTTP 3xx redirects
|
| options/nixos/services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| options/home-manager/programs.floorp.profiles.<name>.extensions.exhaustivePermissions | When enabled, the user must authorize requested
permissions for all extensions from
programs.floorp.profiles.<profile>.extensions.packages
in
programs.floorp.profiles.<profile>.extensions.settings.<extensionID>.permissions
|
| options/home-manager/programs.firefox.profiles.<name>.extensions.exhaustivePermissions | When enabled, the user must authorize requested
permissions for all extensions from
programs.firefox.profiles.<profile>.extensions.packages
in
programs.firefox.profiles.<profile>.extensions.settings.<extensionID>.permissions
|