| options/home-manager/xdg.desktopEntries | Desktop Entries allow applications to be shown in your desktop environment's app launcher
|
| options/nixos/services.veilid.settings.core.protected_store.allow_insecure_fallback | If we can't use system-provided secure storage, should we proceed anyway?
|
| options/nixos/hardware.brillo.enable | Whether to enable brillo in userspace
|
| options/nixos/services.cloud-init.xfs.enable | Allow the cloud-init service to operate xfs filesystem.
|
| options/nixos/services.matrix-tuwunel.settings.global.allow_encryption | Whether new encrypted rooms can be created
|
| options/nixos/services.matrix-conduit.settings.global.allow_encryption | Whether new encrypted rooms can be created
|
| options/nixos/services._3proxy.services.*.auth | Authentication type
|
| options/nixos/services.taskserver.disallowedClientIDs | A list of regular expressions that are matched against the reported
client id (such as task 2.3.0)
|
| options/nixos/services.deluge.openFilesLimit | Number of files to allow deluged to open.
|
| options/nixos/services.cloud-init.ext4.enable | Allow the cloud-init service to operate ext4 filesystem.
|
| options/nixos/services.mollysocket.settings.allowed_uuids | UUIDs of Signal accounts that may use this server
|
| options/nixos/services.foundationdb.tls.allowedPeers | "Peer verification string"
|
| options/nixos/programs.nix-required-mounts.allowedPatterns.<name>.onFeatures | Which requiredSystemFeatures should trigger relaxation of the sandbox
|
| options/nixos/services.peertube.dataDirs | Allow access to custom data locations.
|
| options/nixos/services.matrix-tuwunel.settings.global.allow_registration | Whether new users can register on this server
|
| packages/nixpkgs/vscode-fhs | Wrapped variant of vscode which launches in a FHS compatible environment, should allow for easy usage of extensions without nix-specific modifications |
| options/nixos/services.tt-rss.auth.autoCreate | Allow authentication modules to auto-create users in tt-rss internal
database when authenticated successfully.
|
| options/nixos/services.xserver.enableTCP | Whether to allow the X server to accept TCP connections.
|
| options/nixos/networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| options/nixos/services.knot.enableXDP | Extends the systemd unit with permissions to allow for the use of
the eXpress Data Path (XDP).
Make sure to read up on functional limitations
when running in XDP mode.
|
| options/nixos/services.ttyd.writeable | Allow clients to write to the TTY.
|
| options/darwin/system.startup.chime | Whether to enable the startup chime
|
| options/nixos/networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| options/nixos/services.cloud-init.btrfs.enable | Allow the cloud-init service to operate btrfs filesystem.
|
| options/nixos/services.saned.enable | Enable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| packages/nixpkgs/code-cursor-fhs | Wrapped variant of cursor which launches in a FHS compatible environment, should allow for easy usage of extensions without nix-specific modifications |
| packages/nixpkgs/iotools | Set of simple command line tools which allow access to
hardware device registers |
| options/nixos/security.sudo.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| options/nixos/services.chisel-server.socks5 | Allow clients access to internal SOCKS5 proxy
|
| options/nixos/services.prometheus.scrapeConfigs.*.consul_sd_configs.*.allow_stale | Allow stale Consul results
(see https://www.consul.io/api/index.html#consistency-modes)
|
| options/nixos/services.ethercalc.host | Address to listen on (use 0.0.0.0 to allow access from any address).
|
| options/nixos/services.diod.authRequired | Allow clients to connect without authentication, i.e. without a valid MUNGE credential.
|
| options/nixos/security.sudo-rs.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| options/nixos/services.avahi.publish.enable | Whether to allow publishing in general.
|
| options/nixos/virtualisation.libvirtd.allowedBridges | List of bridge devices that can be used by qemu:///session
|
| options/nixos/networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| options/nixos/networking.firewall.interfaces.<name>.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| options/nixos/services.prosody.modules.mam | Store messages in an archive and allow users to access it
|
| options/darwin/system.defaults.finder.QuitMenuItem | Whether to allow quitting of the Finder
|
| options/nixos/services.pulseaudio.tcp.anonymousClients.allowedIpRanges | A list of IP subnets that are allowed to stream to the server.
|
| options/nixos/networking.wireguard.interfaces.<name>.allowedIPsAsRoutes | Determines whether to add allowed IPs as routes or not.
|
| options/nixos/services.chisel-server.reverse | Allow clients reverse port forwarding
|
| options/nixos/services.gnome.rygel.enable | Whether to enable Rygel UPnP Mediaserver
|
| options/home-manager/programs.anyrun.config.margin | Add a margin around the window to allow for CSS shadow styling.
|
| options/nixos/services.matrix-continuwuity.settings.global.allow_federation | Whether this server federates with other servers.
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.macAllowFile | Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| options/nixos/services.kanidm.unixSettings.pam_allowed_login_groups | Kanidm groups that are allowed to login using PAM.
|
| options/nixos/services.stash.settings.dangerous_allow_public_without_auth | Learn more at https://docs.stashapp.cc/networking/authentication-required-when-accessing-stash-from-the-internet/
|
| options/nixos/services.sabnzbd.settings.servers.<name>.ssl_verify | Level of TLS verification
|
| options/nixos/services.prosody.modules.vcard | Allow users to set vCards
|
| options/nixos/services.matrix-continuwuity.settings.global.allow_encryption | Whether new encrypted rooms can be created
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.macAcl | Station MAC address -based authentication
|
| options/nixos/services.matrix-continuwuity.settings.global.allow_registration | Whether new users can register on this server
|
| options/nixos/boot.loader.limine.enableEditor | Whether to allow editing the boot entries before booting them
|
| options/home-manager/programs.gh.settings.aliases | Aliases that allow you to create nicknames for gh commands.
|
| options/nixos/services.kanidm.unix.settings.kanidm.pam_allowed_login_groups | Kanidm groups that are allowed to login using PAM.
|
| options/nixos/security.doas.extraRules.*.runAs | Which user or group the specified command is allowed to run as
|
| options/nixos/services.mediagoblin.settings.mediagoblin.allow_registration | Whether to enable user self registration
|
| options/nixos/services.invidious.port | The port Invidious should listen on
|
| options/nixos/security.loginDefs.chfnRestrict | Use chfn SUID to allow non-root users to change their account GECOS information.
|
| options/nixos/security.duosec.failmode | On service or configuration errors that prevent Duo
authentication, fail "safe" (allow access) or "secure" (deny
access)
|
| options/nixos/boot.initrd.systemd.root | Controls how systemd will interpret the root FS in initrd
|
| options/nixos/services.prosody.extraConfig | Additional prosody configuration
The generated file is processed by envsubst to allow secrets to be passed securely via environment variables.
|
| options/nixos/services.prosody.modules.roster | Allow users to have a roster
|
| options/nixos/security.sudo.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.allowedIPs | List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed
|
| options/nixos/services.cloud-init.network.enable | Allow the cloud-init service to configure network interfaces
through systemd-networkd.
|
| options/nixos/services.ntp.restrictSource | The restriction flags to be set on source
|
| options/nixos/programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| options/nixos/security.sudo-rs.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| options/nixos/services.nsd.zones.<name>.provideXFR | Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED
address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
|
| options/home-manager/fonts.fontconfig.enable | Whether to enable fontconfig configuration
|
| options/nixos/boot.loader.systemd-boot.editor | Whether to allow editing the kernel command-line before
boot
|
| options/nixos/hardware.acpilight.enable | Enable acpilight
|
| options/nixos/boot.initrd.network.ssh.ignoreEmptyHostKeys | Allow leaving config.boot.initrd.network.ssh.hostKeys empty,
to deploy ssh host keys out of band.
|
| options/nixos/services.oink.settings.ttl | The TTL ("Time to Live") value to set for your DNS records
|
| options/nixos/xdg.portal.extraPortals | List of additional portals to add to path
|
| options/nixos/services.firewalld.zones.<name>.ports | Ports to allow in the zone.
|
| options/nixos/services.syncplay.salt | Salt to allow room operator passwords generated by this server
instance to still work when the server is restarted
|
| options/nixos/services.postgrey.retryWindow | Allow N days for the first retry
|
| options/nixos/services.prosody.modules.smacks | Allow a client to resume a disconnected session, and prevent message loss
|
| options/nixos/services.unifi.openFirewall | Whether or not to open the minimum required ports on the firewall
|
| options/nixos/services.paisa.mutableSettings | Allow changes made on the web interface to persist between service
restarts.
|
| options/nixos/services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| options/nixos/services.quicktun.<name>.remoteFloat | Whether to allow the remote address and port to change when properly encrypted packets are received.
|
| options/nixos/services.nsd.ipTransparent | Allow binding to non local addresses.
|
| options/nixos/services.chrony.makestep.enable | Allow chronyd to step the system clock if the error is larger than
the specified threshold.
|
| options/nixos/services.thermald.ignoreCpuidCheck | Whether to ignore the cpuid check to allow running on unsupported platforms
|
| options/nixos/services.znc.mutable | Indicates whether to allow the contents of the
dataDir directory to be changed by the user at
run-time
|
| options/nixos/services.nebula.networks.<name>.relays | List of IPs of relays that this node should allow traffic from.
|
| options/nixos/services.pgmanage.loginGroup | This tells pgmanage to only allow users in a certain PostgreSQL group to
login to pgmanage
|
| options/home-manager/xdg.portal.extraPortals | List of additional portals that should be added to the environment
|
| options/nixos/services.kubo.localDiscovery | Whether to enable local discovery for the Kubo daemon
|
| options/nixos/services._3proxy.services.*.acl.*.rule | ACL rule
|
| options/nixos/services.bitlbee.authMode | The following authentication modes are available:
Open -- Accept connections from anyone, use NickServ for user authentication
|
| options/nixos/services.apcupsd.enable | Whether to enable the APC UPS daemon. apcupsd monitors your UPS and
permits orderly shutdown of your computer in the event of a power
failure
|
| options/nixos/services.displayManager.gdm.wayland | Allow GDM to run on Wayland instead of Xserver.
|
| options/nixos/hardware.graphics.enable | Whether to enable hardware accelerated graphics drivers
|
| options/nixos/services.geoclue2.appConfig.<name>.users | List of UIDs of all users for which this application is allowed location
info access, Defaults to an empty string to allow it for all users.
|