Default kubeconfig client key file used to connect to kube-apiserver.

Whether to allow invalid certificates when provisioning the target instance

QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed.

The checkout hook script will replace the default checkout routine of the bootstrap.sh script

Timeout before closing CHILD_SA after inactivity

Whether to enable showing a 24-hour clock, instead of a 12-hour clock.

Whether to enable showing the day of the month.

Like services.smartd.defaults.monitored, but for the autodetected devices.

Verify the Unifi controller's certificate.

Collect and save site data.

Path to a file containing the default admin password

Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one"

Definitions of NAT64 instances of Jool

SMTP configuration

PKCE method to use:

• plain: Use plain code verifier
• S256: Use SHA256 hashed code verifier (default, recommended)

If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build

Bar color settings

Configuration written to $XDG_CONFIG_HOME/swaynag/config

Whether to enable showing an analog clock instead of a digital one.

Whether to enable opening of downloaded files.

Path to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider

Toggles lego DNS propagation check, which is used alongside DNS-01 challenge to ensure the DNS entries required are available.

Whether to enable IPv6 Privacy Extensions for interfaces not configured explicitly in networking.interfaces._name_.tempAddress

Enables the use of the ~/.ssh/authorized_keys file

Address or CIDR subnets

StrongSwan default: []

Base directory used for logging.

Address or CIDR subnets

StrongSwan default: []

Show the default mailbox (INBOX)

Default kubeconfig client certificate file used to connect to kube-apiserver.

Default kubeconfig kube-apiserver server address.

These lines go to httpd.conf verbatim

Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json) to the store path of the sources of nixpkgs used to build the nix-darwin system

Whether to enable spring loading (expose) for directories.

Environment variables suffixed by "_FILE" to set for the cert's service for your selected dnsProvider

Apple menu > System Preferences > Sound

Make a feedback sound when the system volume changed

Path to a custom home page

The configuration of each Fail2ban “jail”

Object store configuration

This option activates an additional oneshot systemd service to ensure that the mullvad daemon will start and block traffic before any network configuration will be applied

The job name assigned to scraped metrics by default.

Object store configuration

Object store configuration

If false (the default), the desktop picture/wallpaper will be reset to the configured parameters on every system configuration change

List of keybindings to disable from default Spectrwm configuration.

By default, pam_mysql keeps the connection to the MySQL database until the session is closed

Configuration for ZNC, see https://wiki.znc.in/Configuration for details

Whether to enable Homebrew to upgrade outdated formulae and Mac App Store apps during nix-darwin system activation

Authentication to perform locally.

• The default pubkey uses public key authentication using a private key associated to a usable certificate.
• psk uses pre-shared key authentication.
• The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
• while the IKEv2 specific eap keyword defines EAP authentication.
• For xauth, a specific backend name may be appended, separated by a dash

Repeat a key when it is held down (false) or display the accented character selector (true)

Whether to enable "Natural" scrolling direction

Overrides for the default database_opts when using a non-default postgres connection URL.

Environment variables for configuring the rke2 service/agent

Filebeat modules provide a quick way to get started processing common log formats

Enable bluemap's built-in webserver

URL path to download test on this server

URL path to upload test on this server

Whether to consider the network online when any interface is online, as opposed to all of them

Allow users to register themselves

An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on

List of accepted local users

The user to log in into NUT server

An explicit address that NetBird will serve *.netbird.cloud. (usually) entries on

Whether to enable to cleanup Nix store when the Home Manager expire service runs

The default search engine used in the Private Browsing.

Policy for warnings and action based on battery levels

Whether battery percentage based policy should be used

What is the maximum timeout (in seconds) that will be set for job when using this Runner. 0 (default) simply means don't limit.

This optional key specifies whether listen(2) or connect(2) should be called on the created file descriptor

Whether to disable quarantining of downloads

Default 2FA method for new users and fallback for preferred but disabled methods.

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

A file containing the Discourse API key used to add posts and messages from mail

Hostname of the XMPP server to connect to

If set the URL specified in bitcoin.rpc.url will get the content of this file added as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com

Adds custom rules to the IPv4 scope table

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Default action whether to block or allow application internet access.

The internet hostname of this mail system

The error-policy setting applies to all app-layer parsers

ActivityPub public key

Allow the installation and updating of apps from the Nextcloud appstore

The KeePassXC groups used for storing and fetching of credentials

Target location for Color Pickers

Once this list is populated, only applications listed here are considered for receiving a border

Send certificate request payloads to offer trusted root CA certificates to the peer

Match windows where wm name contains string.

Action to perform for this CHILD_SA on DPD timeout

Certificate revocation policy for CRL or OCSP revocation.

• A strict revocation policy fails if no revocation information is available, i.e. the certificate is not known to be unrevoked.
• ifuri fails only if a CRL/OCSP URI is available, but certificate revocation checking fails, i.e. there should be revocation information available, but it could not be obtained.
• The default revocation policy relaxed fails only if a certificate is revoked, i.e. it is explicitly known that it is bad

Effect to show files when clicked. fan: fan-out effect, grid: box, list: list

Path to xen.efi. pkgs.xen is patched to install the xen.efi file on $boot/boot/xen.efi, but an unpatched Xen build may install it somewhere else, such as $out/boot/efi/efi/nixos/xen.efi

URL path to IP lookup on this server

Fish code composing the body of the starship_transient_prompt_func function

Override default settings of the speedtest web client

These lines go to httpd.conf verbatim

The address group variables for suricata, if not defined the default value of suricata (see example) will be used

Authentication settings

An attribute set of option values passed to rclone mount

List of peer public keys to allow incoming peering connections from

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

Set to 'Dark' to enable dark mode

Whether to enable placement of new tabs at the end of the tab bar.