| options/home-manager/launchd.agents.<name>.config.EnableTransactions | This flag instructs launchd that the job promises to use vproc_transaction_begin(3) and
vproc_transaction_end(3) to track outstanding transactions that need to be reconciled before the
process can safely terminate
|
| options/nixos/networking.firewall.interfaces.<name>.allowedUDPPorts | List of open UDP ports.
|
| options/nixos/services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| options/nixos/services.keepalived.vrrpInstances.<name>.interface | Interface for inside_network, bound by vrrp.
|
| options/nixos/services.archisteamfarm.bots.<name>.enabled | Whether to enable the bot on startup.
|
| options/nixos/services.librenms.hostname | The hostname to serve LibreNMS on.
|
| options/nixos/services.matrix-synapse.workers.<name>.worker_log_config | The file for log configuration
|
| options/nixos/services.anubis.instances.<name>.settings.DIFFICULTY | The difficulty required for clients to solve the challenge
|
| options/nixos/services.grav.pool | Name of existing phpfpm pool that is used to run web-application
|
| options/darwin/launchd.agents.<name>.serviceConfig.ThrottleInterval | This key lets one override the default throttling policy imposed on jobs by launchd
|
| options/home-manager/accounts.calendar.accounts.<name>.primaryCollection | The primary collection of the account
|
| options/nixos/services.limesurvey.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/darwin/launchd.daemons.<name>.serviceConfig.QueueDirectories | Much like the WatchPaths option, this key will watch the paths for modifications
|
| options/nixos/services.gitea.dump.file | Filename to be used for the dump
|
| options/nixos/services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/darwin/services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| options/nixos/services.simplesamlphp.<name>.settings | Configuration options used by SimpleSAMLphp
|
| options/home-manager/programs.kitty.autoThemeFiles.noPreference | Theme name for no-preference color scheme.
|
| options/home-manager/services.podman.containers.<name>.environmentFile | Paths to files containing container environment variables.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytes | Number of bytes processed before initiating CHILD_SA rekeying
|
| options/nixos/services.borgbackup.repos.<name>.authorizedKeys | Public SSH keys that are given full write access to this repository
|
| options/nixos/services.artalk.group | Artalk group name.
|
| options/nixos/services.zammad.group | Name of the Zammad group.
|
| options/home-manager/services.xsuspender.rules.<name>.downclockOnBattery | Limit CPU consumption for this factor when on battery power
|
| options/nixos/services.prometheus.exporters.imap-mailstat.accounts.<name>.mailaddress | Your email address (at the moment used as login name)
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.tcpKeepAlive | The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
|
| options/nixos/services.k3s.autoDeployCharts.<name>.extraFieldDefinitions | Extra HelmChart field definitions that are merged with the rest of the HelmChart
custom resource
|
| options/nixos/services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| options/nixos/services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| options/nixos/security.tpm2.tssUser | Name of the tpm device-owner and service user, set if applyUdevRules is
set.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action | Action to perform after a CHILD_SA gets closed by the peer.
- The default of
none does not take any action,
trap installs a trap policy for the CHILD_SA.start tries to re-create the CHILD_SA.
close_action does not provide any guarantee that the
CHILD_SA is kept alive
|
| options/home-manager/accounts.email.accounts.<name>.offlineimap.extraConfig.account | Extra configuration options to add to the account section.
|
| options/nixos/services.system76-scheduler.assignments.<name>.prio | CPU scheduler priority.
|
| options/darwin/launchd.daemons.<name>.serviceConfig.HardResourceLimits.NumberOfFiles | The maximum number of open files for this process
|
| options/darwin/launchd.daemons.<name>.serviceConfig.SoftResourceLimits.NumberOfFiles | The maximum number of open files for this process
|
| options/nixos/services.consul-template.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| options/nixos/networking.firewall.interfaces.<name>.allowedTCPPorts | List of TCP ports on which incoming connections are
accepted.
|
| options/nixos/services.hostapd.radios.<name>.wifi5.capabilities | VHT (Very High Throughput) capabilities given as a list of flags
|
| options/home-manager/programs.quickshell.configs | A set of configs to include in the quickshell config directory
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer
|
| options/nixos/systemd.network.networks.<name>.dhcpPrefixDelegationConfig | Each attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit
|
| options/nixos/services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| options/nixos/services.armagetronad.servers.<name>.openFirewall | Set to true to open the configured UDP port for Armagetron Advanced.
|
| options/nixos/services.namecoind.extraNodes | List of additional peer IP addresses to connect to.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth | Authentication to expect from remote
|
| options/home-manager/accounts.contact.accounts.<name>.vdirsyncer.clientIdCommand | A command that prints the OAuth credentials to standard
output
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_in | Netfilter mark applied to packets after the inbound IPsec SA processed
them
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret | Value of the PPK
|
| options/nixos/boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type | The type of operation to perform on the file
|
| options/nixos/services.namecoind.rpc.address | IP address the RPC server will bind to.
|
| options/nixos/services.vmalert.instances.<name>.settings."datasource.url" | Datasource compatible with Prometheus HTTP API.
|
| options/darwin/homebrew.casks | List of Homebrew casks to install
|
| options/nixos/containers.<name>.restartIfChanged | Whether the container should be restarted during a NixOS
configuration switch if its definition has changed.
|
| options/nixos/services.pantalaimon-headless.instances.<name>.ssl | Whether or not SSL verification should be enabled for outgoing
connections to the homeserver.
|
| options/nixos/services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| options/nixos/services.system76-scheduler.assignments.<name>.ioPrio | IO scheduler priority.
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| options/nixos/services.limesurvey.nginx.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/nixos/services.limesurvey.httpd.virtualHost.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| options/nixos/containers.<name>.allowedDevices.*.node | Path to device node
|
| options/nixos/containers.<name>.interfaces | The list of interfaces to be moved into the container.
|
| options/nixos/services.anubis.instances.<name>.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| options/nixos/networking.wireguard.interfaces.<name>.mtu | Set the maximum transmission unit in bytes for the wireguard
interface
|
| options/nixos/networking.interfaces.<name>.ipv4.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (24).
|
| options/nixos/networking.interfaces.<name>.ipv6.routes.*.prefixLength | Subnet mask of the network, specified as the number of
bits in the prefix (64).
|
| options/nixos/services.prometheus.exporters.unbound.user | User name under which the unbound exporter shall be run.
|
| options/nixos/services.prometheus.exporters.klipper.user | User name under which the klipper exporter shall be run.
|
| options/nixos/services.prometheus.exporters.dnsmasq.user | User name under which the dnsmasq exporter shall be run.
|
| options/nixos/services.prometheus.exporters.systemd.user | User name under which the systemd exporter shall be run.
|
| options/nixos/services.prometheus.exporters.libvirt.user | User name under which the libvirt exporter shall be run.
|
| options/nixos/services.prometheus.exporters.varnish.user | User name under which the varnish exporter shall be run.
|
| options/nixos/services.prometheus.exporters.apcupsd.user | User name under which the apcupsd exporter shall be run.
|
| options/nixos/services.prometheus.exporters.process.user | User name under which the process exporter shall be run.
|
| options/nixos/services.prometheus.exporters.dovecot.user | User name under which the dovecot exporter shall be run.
|
| options/nixos/services.prometheus.exporters.sabnzbd.user | User name under which the sabnzbd exporter shall be run.
|
| options/nixos/services.prometheus.exporters.postfix.user | User name under which the postfix exporter shall be run.
|
| options/nixos/services.prometheus.exporters.bitcoin.user | User name under which the bitcoin exporter shall be run.
|
| options/nixos/services.prometheus.exporters.mongodb.user | User name under which the mongodb exporter shall be run.
|
| options/nixos/services.prometheus.exporters.ecoflow.user | User name under which the ecoflow exporter shall be run.
|
| options/nixos/networking.interfaces.<name>.ipv4.routes | List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
|
| options/nixos/services.anubis.instances.<name>.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| options/home-manager/launchd.agents.<name>.config.HardResourceLimits.NumberOfProcesses | The maximum number of simultaneous processes for this user id
|
| options/home-manager/launchd.agents.<name>.config.SoftResourceLimits.NumberOfProcesses | The maximum number of simultaneous processes for this user id
|
| options/nixos/networking.vswitches.<name>.controllers | Specify the controller targets
|
| options/nixos/services.sftpgo.group | Group name under which SFTPGo runs.
|
| options/nixos/services.mediawiki.httpd.virtualHost.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.noTLSVerify | Disables TLS verification of the certificate presented by your origin
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.partialSync | What should happen if synchronization in one direction
is impossible due to one storage being read-only
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.private.<name>.secret | Value of decryption passphrase for private key.
|
| options/nixos/networking.ipips.<name>.encapsulation.limit | For an IPv6-based tunnel, the maximum number of nested
encapsulation to allow. 0 means no nesting, "none" unlimited.
|
| options/nixos/services.mpdscribble.endpoints.<name>.passwordFile | File containing the password, either as MD5SUM or cleartext.
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| options/home-manager/services.mpdscribble.endpoints.<name>.passwordFile | File containing the password, either as MD5SUM or cleartext.
|
| options/home-manager/accounts.email.accounts.<name>.notmuch.neomutt.virtualMailboxes.*.query | Notmuch query
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret | Value of the EAP/XAuth secret
|
| options/nixos/services.wstunnel.clients.<name>.tlsVerifyCertificate | Whether to verify the TLS certificate of the server
|
| options/nixos/systemd.network.networks.<name>.hierarchyTokenBucketClassConfig | Each attribute in this set specifies an option in the
[HierarchyTokenBucketClass] section of the unit
|
| options/home-manager/accounts.email.accounts.<name>.getmail.destinationCommand | Specify a command delivering the incoming mail to your maildir.
|
| options/nixos/containers.<name>.forwardPorts | List of forwarded ports from host to container
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas | Enable per-CPU CHILD_SAs
|