| options/darwin/launchd.agents.<name>.serviceConfig.SessionCreate | This key specifies that the job should be spawned into a new security
audit session rather than the default session for the context is belongs
to
|
| options/darwin/services.jankyborders.hidpi | If set to on, the border will be drawn with retina resolution.
|
| options/darwin/homebrew.casks | List of Homebrew casks to install
|
| options/darwin/environment.shells | A list of permissible login shells for user accounts
|
| options/darwin/launchd.daemons.<name>.serviceConfig.StartOnMount | This optional key causes the job to be started every time a filesystem is mounted.
|
| options/darwin/launchd.agents.<name>.serviceConfig.Sockets.<name>.SockProtocol | This optional key specifies the protocol to be passed to socket(2)
|
| options/darwin/services.aerospace.settings.on-window-detected.*."if".app-id | The application ID to match (optional).
|
| options/darwin/system.defaults.universalaccess.mouseDriverCursorSize | Set the size of cursor. 1 for normal, 4 for maximum
|
| options/darwin/nix.settings.substituters | List of binary cache URLs used to obtain pre-built binaries
of Nix packages
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.ThrottleInterval | This key lets one override the default throttling policy imposed on jobs by launchd
|
| options/darwin/services.spotifyd.settings | Configuration for spotifyd, see https://spotifyd.github.io/spotifyd/config/File.html
for supported values.
|
| options/darwin/nix.settings | Configuration for Nix, see
https://nixos.org/manual/nix/stable/#sec-conf-file
for avalaible options
|
| options/darwin/services.redis.package | This option specifies the redis package to use
|
| options/darwin/services.synapse-bt.package | Synapse BitTorrent package to use.
|
| options/darwin/services.gitlab-runner.enable | Whether to enable Gitlab Runner.
|
| options/darwin/system.defaults.dock.mru-spaces | Whether to automatically rearrange spaces based on most recent use
|
| options/darwin/system.defaults.NSGlobalDomain.AppleShowAllExtensions | Whether to show all file extensions in Finder
|
| options/darwin/programs.tmux.tmuxOptions.<name>.enable | Whether this file should be generated
|
| options/darwin/system.defaults.menuExtraClock.FlashDateSeparators | When enabled, the clock indicator (which by default is the colon) will flash on and off each second
|
| options/darwin/services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| options/darwin/nixpkgs.overlays | List of overlays to apply to Nixpkgs
|
| options/darwin/services.khd.khdConfig | Config to use for khdrc.
|
| options/darwin/system.defaults.dock.showAppExposeGestureEnabled | Whether to enable trackpad gestures (three- or four-finger vertical swipe) to show App Exposé
|
| options/darwin/services.sketchybar.enable | Whether to enable sketchybar.
|
| options/darwin/programs.vim.plugins | VAM plugin dictionaries to use for vim_configurable.
|
| options/darwin/networking.fqdnOrHostName | Either the fully qualified domain name (FQDN), or just the host name if
it does not exists
|
| options/darwin/programs.fish.vendor.functions.enable | Whether fish should autoload fish functions provided by other packages.
|
| options/darwin/launchd.agents.<name>.serviceConfig.Sockets.<name>.SockFamily | This optional key can be used to specifically request that "IPv4" or "IPv6" socket(s) be created.
|
| options/darwin/programs.vim.vimOptions.<name>.target | Name of symlink
|
| options/darwin/launchd.user.agents.<name>.environment | Environment variables passed to the service's processes.
|
| options/darwin/programs.ssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| options/darwin/services.karabiner-elements.package | The karabiner-elements package to use.
|
| options/darwin/programs.nix-index.enable | Whether to enable nix-index and its command-not-found helper.
|
| options/darwin/services.synergy.server.address | Address on which to listen for clients.
|
| options/darwin/services.synergy.server.enable | Whether to enable the Synergy server (send keyboard and mouse events).
|
| options/darwin/system.activationScripts.<name>.target | Name of symlink
|
| options/darwin/users.knownUsers | List of users owned and managed by nix-darwin
|
| options/darwin/system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled | Whether to enable smart dash substitution
|
| options/darwin/system.defaults.dock.autohide | Whether to automatically hide and show the dock
|
| options/darwin/system.defaults.NSGlobalDomain.AppleEnableSwipeNavigateWithScrolls | Enables swiping left or right with two fingers to navigate backward or forward
|
| options/nixos/services.matomo.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.livekit.enable | Whether to enable the livekit server.
|
| options/nixos/services.postfix-tlspol.configurePostfix | Whether to configure the required settings to use postfix-tlspol in the local Postfix instance.
|
| options/nixos/services.resilio.apiKey | API key, which enables the developer API.
|
| options/nixos/services.transmission.openRPCPort | Whether to enable opening of the RPC port in the firewall.
|
| options/nixos/services.restic.backups.<name>.extraBackupArgs | Extra arguments passed to restic backup.
|
| options/nixos/services.nginx.virtualHosts.<name>.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| options/nixos/services.oauth2-proxy.tls.httpsAddress | addr:port to listen on for HTTPS clients
|
| options/nixos/services.mailman.serve.enable | Whether to enable automatic nginx and uwsgi setup for mailman-web.
|
| options/nixos/services.pdns-recursor.settings | PowerDNS Recursor settings
|
| options/nixos/services.tinc.networks.<name>.interfaceType | The type of virtual interface used for the network connection.
|
| options/nixos/services.prometheus.alertmanager-ntfy.settings.http.addr | The address to listen on.
|
| options/nixos/services.listmonk.database.settings."app.notify_emails" | Administrator emails for system notifications
|
| options/nixos/services.pdns-recursor.luaConfig | The content Lua configuration file for PowerDNS Recursor
|
| options/nixos/services.redis.servers.<name>.openFirewall | Whether to open ports in the firewall for the server.
|
| options/nixos/services.tor.settings.HSLayer3Nodes | See torrc manual.
|
| options/nixos/services.mainsail.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| options/nixos/services.quicktun.<name>.remoteAddress | IP address or hostname of the remote end (use 0.0.0.0 for a floating/dynamic remote endpoint).
|
| options/nixos/services.public-inbox.inboxes.<name>.watchheader | If specified, public-inbox-watch(1) will only process
mail containing a matching header.
|
| options/nixos/services.pufferpanel.environment | Environment variables to set for the service
|
| options/nixos/services.prometheus.exporters.exportarr-prowlarr.group | Group under which the exportarr-prowlarr exporter shall be run.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.rekey_time | IKE rekeying refreshes key material using a Diffie-Hellman exchange, but
does not re-check associated credentials
|
| options/nixos/services.stalwart.openFirewall | Whether to open TCP firewall ports, which are specified in
services.stalwart.settings.server.listener on all interfaces.
|
| options/nixos/services.pdfding.port | Port on which PdfDing listens
|
| options/nixos/services.mediawiki.httpd.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| options/nixos/services.pretalx.plugins | Pretalx plugins to install into the Python environment.
|
| options/nixos/services.roon-bridge.enable | Whether to enable Roon Bridge.
|
| options/nixos/services.syslogd.enableNetworkInput | Accept logging through UDP
|
| options/nixos/services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config | TLS configuration.
|
| options/nixos/services.logstash.listenAddress | Address on which to start webserver.
|
| options/nixos/services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| options/nixos/services.nsd.ratelimit.whitelistRatelimit | Max qps allowed from whitelisted sources.
0 means unlimited
|
| options/nixos/services.sunshine.enable | Whether to enable Sunshine, a self-hosted game stream host for Moonlight.
|
| options/nixos/services.prometheus.exporters.postgres.port | Port to listen on.
|
| options/nixos/services.pgbouncer.group | The group pgbouncer is run as.
|
| options/nixos/services.rabbitmq.port | Port on which RabbitMQ will listen for AMQP connections.
|
| options/nixos/services.prometheus.exporters.smartctl.listenAddress | Address to listen on.
|
| options/nixos/services.ttyd.socket | UNIX domain socket path to bind.
|
| options/nixos/services.privatebin.dataDir | The place where privatebin stores its state.
|
| options/nixos/services.peertube.listenWeb | The public-facing port that PeerTube will be accessible at (likely 80 or 443 if running behind a reverse proxy)
|
| options/nixos/services.nix-store-gcs-proxy | An attribute set describing an HTTP to GCS proxy that allows us to use GCS
bucket via HTTP protocol.
|
| options/nixos/services.sitespeed-io.package | The sitespeed-io package to use.
|
| options/nixos/services.syncthing.settings.options.localAnnounceEnabled | Whether to send announcements to the local LAN, also use such announcements to find other devices.
|
| options/nixos/services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| options/nixos/services.litestream.enable | Whether to enable litestream.
|
| options/nixos/services.mollysocket.settings.allowed_endpoints | List of UnifiedPush servers
|
| options/nixos/services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization | Optional Authorization header configuration.
|
| options/nixos/services.tinc.networks.<name>.bindToAddress | The ip address to bind to (both listen on and send packets from).
|
| options/nixos/services.pixelfed.nginx.default | Makes this vhost the default.
|
| options/nixos/services.sanoid.interval | Run sanoid at this interval
|
| options/nixos/services.mbpfan.settings.general.low_temp | If temperature is below this, fans will run at minimum speed.
|
| options/nixos/services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| options/nixos/services.prometheus.exporters.smartctl.devices | Paths to the disks that will be monitored
|
| options/nixos/services.oink.domains | List of attribute sets containing configuration for each domain
|
| options/nixos/services.parsedmarc.provision.grafana.datasource | Whether the automatically provisioned Elasticsearch
instance should be added as a grafana datasource
|
| options/nixos/services.redis.servers.<name>.slaveOf.ip | IP of the Redis master
|
| options/nixos/services.nvme-rs.settings.email | Email notification configuration
|
| options/nixos/services.suricata.settings.vars.address-groups.MODBUS_CLIENT | MODBUS_CLIENT variable
|
| options/nixos/services.movim.h2o.tls.identity | Key / certificate pairs for the virtual host.
|
| options/nixos/services.prometheus.scrapeConfigs.*.proxy_url | Optional proxy URL.
|