| options/home-manager/programs.firefox.profiles.<name>.containers.<name>.color | Container color.
|
| options/nixos/programs.neovim.runtime.<name>.text | Text of the file.
|
| options/home-manager/programs.sftpman.mounts.<name>.port | The port to connect to.
|
| options/home-manager/programs.sftpman.mounts.<name>.host | The host to connect to.
|
| options/home-manager/programs.sftpman.mounts.<name>.user | The username to authenticate with.
|
| options/home-manager/accounts.email.accounts.<name>.gpg | GPG configuration.
|
| options/nixos/services.openafsServer.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| options/nixos/services.openafsClient.cellServDB.*.dnsname | DNS full-qualified domain name of a database server
|
| options/nixos/containers.<name>.bindMounts.<name>.hostPath | Location of the host path to be mounted.
|
| options/nixos/services.postfix.masterConfig.<name>.maxproc | The maximum number of processes to spawn for this service
|
| options/home-manager/services.unison.pairs.<name>.commandOptions | Additional command line options as a dictionary to pass to the
unison program
|
| options/home-manager/services.pizauth.accounts.<name>.clientSecret | The OAuth2 client secret.
|
| options/nixos/services.firewalld.zones.<name>.forward | Whether to enable intra-zone forwarding
|
| options/nixos/services.vmalert.instances.<name>.rules | A list of the given alerting or recording rules against configured "datasource.url" compatible with
Prometheus HTTP API for vmalert to execute
|
| options/home-manager/programs.autorandr.profiles.<name>.config.<name>.extraConfig | Extra lines to append to this profile's config.
|
| options/darwin/launchd.daemons.<name>.serviceConfig.Sockets.<name>.SockPassive | This optional key specifies whether listen(2) or connect(2) should be called on the created file
descriptor
|
| options/nixos/boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| options/nixos/security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| options/nixos/services.ytdl-sub.instances.<name>.schedule | How often to run ytdl-sub
|
| options/nixos/services.fediwall.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.dolibarr.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.kanboard.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.librenms.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.agorakit.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.kanboard.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.fediwall.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.dolibarr.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.librenms.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.agorakit.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.pixelfed.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/nixos/services.pixelfed.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.mainsail.nginx.locations.<name>.index | Adds index directive.
|
| options/nixos/services.mainsail.nginx.locations.<name>.alias | Alias directory for requests.
|
| options/home-manager/xdg.desktopEntries.<name>.comment | Tooltip for the entry.
|
| options/nixos/services.borgbackup.jobs.<name>.extraInitArgs | Additional arguments for borg init
|
| options/nixos/services.mosquitto.bridges.<name>.topics | Topic patterns to be shared between the two brokers
|
| options/home-manager/services.pizauth.accounts.<name>.extraConfig | Additional configuration that will be added to the account configuration
|
| options/nixos/services.bitcoind.<name>.prune | Reduce storage requirements by enabling pruning (deleting) of old
blocks
|
| options/nixos/services.github-runners.<name>.nodeRuntimes | List of Node.js runtimes the runner should support.
|
| options/darwin/services.github-runners.<name>.nodeRuntimes | List of Node.js runtimes the runner should support.
|
| options/home-manager/programs.obsidian.vaults.<name>.settings.cssSnippets.*.enable | Whether to enable the snippet.
|
| options/home-manager/programs.obsidian.vaults.<name>.settings.cssSnippets.*.source | Path of the source file.
|
| options/home-manager/programs.hexchat.channels.<name>.nickname | Primary nickname.
|
| options/nixos/services.nebula.networks.<name>.staticHostMap | The static host map defines a set of hosts with fixed IP addresses on the internet (or any network)
|
| options/nixos/virtualisation.qemu.drives.*.name | A name for the drive
|
| options/darwin/launchd.daemons.<name>.command | Command executed as the service's main process.
|
| options/nixos/services.tahoe.nodes.<name>.client.introducer | The furl for a Tahoe introducer node
|
| options/home-manager/services.muchsync.remotes.<name>.remote.importNew | Whether to begin the synchronisation by running
notmuch new on the remote side.
|
| options/nixos/users.mysql.pam.userColumn | The name of the column that contains a unix login name.
|
| options/nixos/services.snapserver.streams.<name>.codec | Default audio compression method.
|
| options/nixos/services.borgbackup.jobs.<name>.prune.prefix | Only consider archive names starting with this prefix for pruning
|
| options/nixos/systemd.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/nixos/systemd.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/nixos/services.gitlab-runner.services.<name>.preBuildScript | Runner-specific command script executed after code is pulled,
just before build executes.
|
| options/darwin/services.gitlab-runner.services.<name>.preBuildScript | Runner-specific command script executed after code is pulled,
just before build executes.
|
| options/nixos/services.rshim.device | Specify the device name to attach
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.channels | List of channels that should be grouped together into this group
|
| options/nixos/services.httpd.virtualHosts.<name>.locations | Declarative location config
|
| options/nixos/services.tinc.networks.<name>.interfaceType | The type of virtual interface used for the network connection.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.file | File name in the ecdsa folder for which this
passphrase should be used.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.file | File name in the pkcs8 folder for which this
passphrase should be used.
|
| options/home-manager/launchd.agents.<name>.config.TimeOut | The recommended idle time out (in seconds) to pass to the job
|
| options/nixos/systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode | The file access mode to use when creating this file or directory.
|
| options/nixos/services.headscale.settings.dns.nameservers.global | List of nameservers to pass to Tailscale clients.
|
| options/nixos/security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| options/nixos/services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| options/darwin/programs.vim.vimOptions.<name>.source | Path of the source file.
|
| options/nixos/services.kmonad.keyboards.<name>.defcfg.compose.key | The (optional) compose key to use.
|
| options/nixos/services.fedimintd.<name>.bitcoin.network | Bitcoin network to participate in.
|
| options/nixos/services.mpdscribble.endpoints.<name>.username | Username for the scrobble service.
|
| options/home-manager/services.mpdscribble.endpoints.<name>.username | Username for the scrobble service.
|
| options/home-manager/accounts.contact.accounts.<name>.remote.userName | User name for authentication.
|
| options/nixos/services.postfix.masterConfig.<name>.private | Whether the service's sockets and storage directory is restricted to
be only available via the mail system
|
| options/nixos/services.restic.backups.<name>.dynamicFilesFrom | A script that produces a list of files to back up
|
| options/nixos/services.kanata.keyboards.<name>.extraDefCfg | Configuration of defcfg other than linux-dev (generated
from the devices option) and
linux-continue-if-no-devs-found (hardcoded to be yes)
|
| options/nixos/services.keyd.keyboards.<name>.extraConfig | Extra configuration that is appended to the end of the file.
Do not write ids section here, use a separate option for it
|
| options/nixos/services.jibri.xmppEnvironments.<name>.control.muc.nickname | The nickname for this Jibri instance in the MUC.
|
| options/nixos/services.tarsnap.archives.<name>.excludes | Exclude files and directories matching these patterns.
|
| options/nixos/services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| options/nixos/users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| options/nixos/users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| options/nixos/services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| options/nixos/systemd.user.targets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/nixos/systemd.user.sockets.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| options/home-manager/programs.obsidian.vaults.<name>.settings.appearance | Settings to write to appearance.json.
|
| options/nixos/services.geoclue2.appConfig.<name>.isAllowed | Whether the application will be allowed access to location information.
|
| options/home-manager/services.podman.containers.<name>.autoStart | Whether to start the container on boot (requires user lingering).
|
| options/nixos/services.rke2.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| options/nixos/services.znc.confOptions.networks.<name>.channels | IRC channels to join.
|
| options/nixos/services.movim.h2o.serverName | Server name to be used for this virtual host
|
| options/nixos/services.netbird.clients.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/nixos/services.netbird.tunnels.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/nixos/services.fluidd.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/nixos/services.gancio.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/nixos/services.akkoma.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/nixos/services.fedimintd.<name>.nginx.config.extraConfig | These lines go to the end of the vhost verbatim.
|
| options/nixos/services.matomo.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/nixos/services.monica.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/home-manager/programs.smug.projects.<name>.stop | Commands to execute after the tmux-session is destroyed.
|