| options/nixos/services.gitlab-runner.services.<name>.postBuildScript | Runner-specific command script executed after code is pulled
and just after build executes.
|
| options/darwin/services.gitlab-runner.services.<name>.postBuildScript | Runner-specific command script executed after code is pulled
and just after build executes.
|
| options/home-manager/services.podman.containers.<name>.autoStart | Whether to start the container on boot (requires user lingering).
|
| options/nixos/users.users.<name>.description | A short description of the user account, typically the
user's full name
|
| options/nixos/services.easytier.instances.<name>.enable | Enable the instance.
|
| options/nixos/services.opkssh.providers.<name>.lifetime | Token lifetime
|
| options/nixos/services.netbird.clients.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/nixos/services.netbird.tunnels.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/nixos/services.ttyd.username | Username for basic http authentication.
|
| options/nixos/services.kimai.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| options/nixos/services.gitlab-runner.services.<name>.dockerExtraHosts | Add a custom host-to-IP mapping.
|
| options/darwin/services.gitlab-runner.services.<name>.dockerExtraHosts | Add a custom host-to-IP mapping.
|
| options/nixos/services.klipper.firmwares.<name>.package | Path to the built firmware package.
|
| options/nixos/services.mautrix-meta.instances.<name>.dataDir | Path to the directory with database, registration, and other data for the bridge service
|
| options/nixos/security.pam.services.<name>.ttyAudit.enablePattern | For each user matching one of comma-separated
glob patterns, enable TTY auditing
|
| options/nixos/services.redis.servers.<name>.maxclients | Set the max number of connected clients at the same time.
|
| options/home-manager/services.kanshi.profiles.<name>.outputs.*.status | Enables or disables the specified output.
|
| options/nixos/services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| options/darwin/services.gitlab-runner.services.<name>.executor | Select executor, eg. shell, docker, etc
|
| options/nixos/systemd.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| options/nixos/services.nginx.virtualHosts.<name>.reuseport | Create an individual listening socket
|
| options/home-manager/programs.bat.syntaxes.<name>.src | Path to the syntax folder.
|
| options/nixos/services.drupal.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| options/nixos/services.openbao.settings.listener.<name>.type | The listener type to enable.
|
| options/nixos/services.public-inbox.settings.coderepo.<name>.dir | Path to a git repository
|
| options/nixos/services.wordpress.sites.<name>.virtualHost.hostName | Canonical hostname for the server.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id | IKE identity to expect for authentication round
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| options/nixos/services.awstats.configs.<name>.webService.urlPrefix | The URL prefix under which the awstats pages appear.
|
| options/nixos/services.kimai.sites.<name>.database.createLocally | Create the database and database user locally.
|
| options/nixos/services.openafsServer.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| options/nixos/services.openafsClient.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| options/nixos/services.errbot.instances.<name>.identity | Errbot identity configuration
|
| options/home-manager/services.xsuspender.rules.<name>.resumeEvery | Resume interval in seconds.
|
| options/home-manager/programs.ssh.matchBlocks.<name>.port | Specifies port number to connect on remote host.
|
| options/nixos/systemd.targets.<name>.aliases | Aliases of that unit.
|
| options/nixos/systemd.sockets.<name>.aliases | Aliases of that unit.
|
| options/nixos/services.github-runners.<name>.extraPackages | Extra packages to add to PATH of the service to make them available to workflows.
|
| options/darwin/services.github-runners.<name>.extraPackages | Extra packages to add to PATH of the service to make them available to workflows.
|
| options/nixos/services.kanata.keyboards.<name>.devices | Paths to keyboard devices
|
| options/nixos/services.httpd.virtualHosts.<name>.documentRoot | The path of Apache's document root directory
|
| options/home-manager/programs.fish.binds.<name>.enable | Whether to enable enable the bind
|
| options/nixos/services.wstunnel.servers.<name>.restrictTo | Accepted traffic will be forwarded only to this service.
|
| options/nixos/services.keepalived.vrrpScripts.<name>.fall | Required number of failures for KO transition.
|
| options/nixos/services.keepalived.vrrpScripts.<name>.rise | Required number of successes for OK transition.
|
| options/nixos/services.spiped.config.<name>.weakHandshake | Use fast/weak handshaking: This reduces the CPU time spent
in the initial connection setup, at the expense of losing
perfect forward secrecy.
|
| options/nixos/systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| options/nixos/systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| options/nixos/systemd.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| options/nixos/services.radicle.httpd.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.radicle.httpd.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.postfix.settings.master.<name>.wakeup | Automatically wake up the service after the specified number of
seconds
|
| options/nixos/services.dokuwiki.sites.<name>.settings | Structural DokuWiki configuration
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id | Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
|
| options/nixos/services.gitlab-runner.services.<name>.executor | Select executor, eg. shell, docker, etc
|
| options/nixos/security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|
| options/nixos/services.snapserver.streams.<name>.query | Key-value pairs that convey additional parameters about a stream.
|
| options/nixos/services.klipper.firmwares.<name>.configFile | Path to firmware config which is generated using klipper-genconf
|
| options/home-manager/programs.firefox.profiles.<name>.containers.<name>.icon | Container icon.
|
| options/home-manager/services.xsuspender.rules.<name>.execResume | Before resuming, execute this shell script
|
| options/nixos/services.prosody.virtualHosts.<name>.ssl.extraOptions | Extra SSL configuration options.
|
| options/nixos/networking.ipips.<name>.dev | The underlying network device on which the tunnel resides.
|
| options/nixos/services.firewalld.zones.<name>.forwardPorts.*.port | |
| options/nixos/systemd.user.services.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| options/nixos/services.gitlab-runner.services.<name>.dockerPullPolicy | Default pull-policy for Docker images
|
| options/nixos/services.bcg.mqtt.username | MQTT server access username.
|
| options/nixos/services.authelia.instances.<name>.enable | Whether to enable Authelia instance.
|
| options/nixos/services.autorandr.profiles.<name>.config | Per output profile configuration.
|
| options/nixos/services.sanoid.templates.<name>.autosnap | Whether to automatically take snapshots.
|
| options/nixos/users.users.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| options/nixos/services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.to | The end of the port range, inclusive.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| options/nixos/services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| options/darwin/services.gitlab-runner.services.<name>.runUntagged | Register to run untagged builds; defaults to
true when tagList is empty.
|
| options/nixos/systemd.timers.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| options/nixos/systemd.slices.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| options/nixos/systemd.slices.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| options/nixos/systemd.timers.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| options/nixos/systemd.user.timers.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/nixos/systemd.user.slices.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/home-manager/programs.autorandr.profiles.<name>.config.<name>.primary | Whether output should be marked as primary
|
| options/home-manager/services.restic.backups.<name>.dynamicFilesFrom | A script that produces a list of files to back up
|
| options/nixos/services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| options/nixos/systemd.user.services.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| options/nixos/services.fediwall.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.dolibarr.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.kanboard.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.librenms.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.agorakit.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.kanboard.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.fediwall.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.dolibarr.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.librenms.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.agorakit.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.sabnzbd.settings.servers.<name>.enable | Enable this server by default
|
| options/nixos/services.pixelfed.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.pixelfed.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.mainsail.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.mainsail.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.blockbook-frontend.<name>.cssDir | Location of the dir with main.css CSS file
|