| options/nixos/services.borgbackup.repos.<name>.allowSubRepos | Allow clients to create repositories in subdirectories of the
specified path
|
| options/nixos/services.tor.torsocks.allowInbound | Set Torsocks to accept inbound connections
|
| options/nixos/services.sabnzbd.allowConfigWrite | By default we create the sabnzbd configuration read-only,
which keeps the nixos configuration as the single source
of truth
|
| options/nixos/networking.firewall.allowPing | Whether to respond to incoming ICMPv4 echo requests
("pings")
|
| options/darwin/security.sandbox.profiles.<name>.allowNetworking | Whether to allow network access inside the sandbox.
|
| options/nixos/services.pgmanage.allowCustomConnections | This tells pgmanage whether or not to allow anyone to use a custom
connection from the login screen.
|
| options/nixos/services.avahi.allowInterfaces | List of network interfaces that should be used by the avahi-daemon
|
| options/nixos/services.taskchampion-sync-server.allowClientIds | Client IDs to allow (can be repeated; if not specified, all clients are allowed)
|
| options/nixos/services.hedgedoc.settings.allowOrigin | List of domains to whitelist.
|
| options/darwin/security.sandbox.profiles.<name>.allowLocalNetworking | Whether to allow localhost network access inside the sandbox.
|
| options/nixos/services.cassandra.allowClients | Enables or disables the native transport server (CQL binary protocol)
|
| options/nixos/services.nsd.zones.<name>.allowNotify | Listed primary servers are allowed to notify this secondary server
|
| options/nixos/services.upower.allowRiskyCriticalPowerAction | Enable the risky critical power actions "Suspend" and "Ignore".
|
| options/darwin/system.defaults.dock.slow-motion-allowed | Allow for slow-motion minimize effect while holding Shift key
|
| options/nixos/security.duosec.allowTcpForwarding | By default, when SSH forwarding, enabling Duo Security will
disable TCP forwarding
|
| options/darwin/networking.applicationFirewall.allowSigned | Whether to allow built-in software to receive incoming connections.
|
| options/darwin/networking.applicationFirewall.allowSignedApp | Whether to allow downloaded signed software to receive incoming connections.
|
| options/nixos/services.adguardhome.allowDHCP | Allows AdGuard Home to open raw sockets (CAP_NET_RAW), which is
required for the integrated DHCP server
|
| options/nixos/services.logrotate.allowNetworking | Whether to enable network access for logrotate.
|
| options/nixos/services.kubernetes.apiserver.allowPrivileged | Whether to allow privileged containers on Kubernetes.
|
| options/nixos/services.sourcehut.settings."builds.sr.ht".allow-free | Whether to enable nonpaying users to submit builds.
|
| options/nixos/services.sourcehut.settings."lists.sr.ht".allow-new-lists | Whether to enable creation of new lists.
|
| options/nixos/networking.dhcpcd.allowInterfaces | Enable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| options/nixos/services.esphome.allowedDevices | A list of device nodes to which esphome has access to
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowCN | Allow client if common name appears in the list.
|
| options/nixos/services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowOU | Allow client if organizational unit name appears in the list.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowAll | If true, allow all clients, do not check client cert subject.
|
| options/nixos/services.hedgedoc.settings.allowGravatar | Whether to enable Libravatar as
profile picture source on your instance
|
| options/nixos/services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails | List of emails to allow access to this vhost, or null to allow all.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowURI | Allow client if URI subject alternative name appears in the list.
|
| options/nixos/security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| options/nixos/services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| options/nixos/services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_email_domains | List of email domains to allow access to this vhost, or null to allow all.
|
| options/nixos/networking.wireless.allowAuxiliaryImperativeNetworks | Whether to allow configuring networks "imperatively" (e.g. via
wpa_supplicant_gui) and declaratively via
networking.wireless.networks.
|
| options/nixos/services.pulseaudio.tcp.anonymousClients.allowAll | Whether to enable all anonymous clients to stream to the server.
|
| options/nixos/services.pdfding.allowedHosts | Domains where PdfDing is allowed to run
|
| options/nixos/services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| options/nixos/services.chhoto-url.settings.allow_capital_letters | Whether to allow capital letters in slugs.
|
| options/nixos/services.polipo.allowedClients | List of IP addresses or network addresses that may connect to Polipo.
|
| options/nixos/services.matrix-conduit.settings.global.allow_check_for_updates | Whether to allow Conduit to automatically contact
https://conduit.rs hourly to check for important Conduit news
|
| options/nixos/services.etebase-server.settings.allowed_hosts.allowed_host1 | The main host that is allowed access.
|
| options/nixos/services.nylon.<name>.allowedIPRanges | Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges:
[ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
|
| options/nixos/security.allowSimultaneousMultithreading | Whether to allow SMT/hyperthreading
|
| options/nixos/containers.<name>.allowedDevices | A list of device nodes to which the containers has access to.
|
| options/nixos/services.cockpit.allowed-origins | List of allowed origins
|
| options/nixos/services.bacula-fd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| options/nixos/services.bacula-sd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| options/nixos/services.bacula-dir.tls.allowedCN | Common name attribute of allowed peer certificates
|
| options/nixos/boot.initrd.network.ifstate.allowIfstateToDrasticlyIncreaseInitrdSize | IfState in initrd drastically increases the size of initrd, your boot partition may be too small and/or you may have significantly fewer generations
|
| options/nixos/services.vsftpd.userlistDeny | Specifies whether userlistFile is a list of user
names to allow or deny access
|
| options/nixos/containers.<name>.allowedDevices.*.node | Path to device node
|
| packages/nixpkgs/kiro-fhs | Wrapped variant of kiro which launches in a FHS compatible environment, should allow for easy usage of extensions without nix-specific modifications |
| options/nixos/services.grafana.settings.security.allow_embedding | When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses
which will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>
|
| options/nixos/services.distccd.allowedClients | Client IPs which are allowed to connect to distccd in CIDR notation
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| options/nixos/services.komodo-periphery.allowedIps | IP addresses or subnets allowed to call the periphery API
|
| options/nixos/services.prosody.muc.*.allowners_muc | Add module allowners, any user in chat is able to
kick other
|
| options/nixos/services.morty.ipv6 | Allow IPv6 HTTP requests?
|
| options/nixos/networking.firewall.allowedUDPPorts | List of open UDP ports.
|
| options/nixos/networking.firewall.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| options/nixos/services.omnom.settings.smtp.tls_allow_insecure | Whether to enable Whether to allow insecure TLS..
|
| options/nixos/services.nextcloud-spreed-signaling.settings.backend.allowall | Allow any hostname as backend endpoint
|
| options/nixos/services.firezone.gui-client.allowedUsers | All listed users will become part of the firezone-client group so
they can control the tunnel service
|
| options/nixos/services.jitsi-meet.prosody.allowners_muc | Add module allowners, any user in chat is able to
kick other
|
| options/nixos/services.nifi.proxyPort | Allow requests from a specific port.
|
| options/nixos/services.nifi.proxyHost | Allow requests from a specific host.
|
| packages/nixpkgs/node-hp-scan-to | Allow to send scan from device to computer for some HP All-in-One Printers |
| options/nixos/services.nextcloud-spreed-signaling.settings.stats.allowed_ips | List of IP addresses that are allowed to access the debug, stats and metrics endpoints
|
| options/nixos/networking.firewall.allowedUDPPortRanges | Range of open UDP ports.
|
| options/nixos/services.neo4j.readOnly | Only allow read operations from this Neo4j instance.
|
| options/nixos/networking.firewall.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| options/nixos/programs.nix-required-mounts.allowedPatterns | The hook config, describing which paths to mount for which system features
|
| options/nixos/services.taskserver.allowedClientIDs | A list of regular expressions that are matched against the reported
client id (such as task 2.3.0)
|
| options/nixos/services.matrix-continuwuity.settings.global.allow_announcements_check | If enabled, continuwuity will send a simple GET request periodically to
https://continuwuity.org/.well-known/continuwuity/announcements for any new announcements made.
|
| packages/nixpkgs/smlfut | Allow SML programs to call Futhark programs |
| options/nixos/services.doh-server.settings.ecs_allow_non_global_ip | By default, non global IP addresses are never forwarded to upstream servers
|
| options/nixos/services.factorio.allowedPlayers | If non-empty, only these player names are allowed to connect
|
| options/nixos/services.grafana.settings.users.allow_org_create | Set to false to prohibit users from creating new organizations.
|
| options/nixos/services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| options/nixos/services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| options/nixos/power.ups.users.<name>.actions | Allow the user to do certain things with upsd
|
| options/nixos/services.pihole-ftl.lists | Deny (or allow) domain lists to use
|
| options/nixos/services.homepage-dashboard.allowedHosts | Hosts that homepage-dashboard will be running under
|
| options/nixos/services.headscale.settings.oidc.allowed_users | Users allowed to authenticate even if not in allowedDomains.
|
| options/nixos/containers.<name>.allowedDevices.*.modifier | Device node access modifier
|
| options/nixos/services.crab-hole.settings.blocklist.allow_list | List of allowlists
|
| options/nixos/services.grafana.settings.users.allow_sign_up | Set to false to prohibit users from being able to sign up / create user accounts
|
| options/nixos/services.ttyd.checkOrigin | Whether to allow a websocket connection from a different origin.
|
| options/nixos/programs.nix-required-mounts.allowedPatterns.<name>.paths | A list of glob patterns, indicating which paths to expose to the sandbox
|
| options/nixos/services.nixseparatedebuginfod.allowOldNix | Do not fail evaluation when services.nixseparatedebuginfod.nixPackage is older than nix 2.18.
|
| options/darwin/networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP addresses associated with this peer.
|
| options/nixos/services.headscale.settings.oidc.allowed_domains | Allowed principal domains. if an authenticated user's domain
is not in this list authentication request will be rejected.
|
| options/nixos/services.matrix-conduit.settings.global.allow_federation | Whether this server federates with other servers.
|
| options/nixos/services.matrix-tuwunel.settings.global.allow_federation | Whether this server federates with other servers.
|
| options/nixos/programs.fuse.userAllowOther | Allow non-root users to specify the allow_other or allow_root mount
options, see mount.fuse3(8).
|
| options/nixos/services.matrix-conduit.settings.global.allow_registration | Whether new users can register on this server.
|
| options/nixos/services.mollysocket.settings.allowed_endpoints | List of UnifiedPush servers
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.macAllow | Specifies the MAC addresses to allow if macAcl is set to "allow" or "radius"
|