| options/nixos/services.nebula.networks.<name>.lighthouse.dns.host | IP address on which nebula lighthouse should serve DNS.
'localhost' is a good default to ensure the service does not listen on public interfaces;
use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.
|
| options/darwin/launchd.agents.<name>.serviceConfig.SoftResourceLimits | Resource limits to be imposed on the job
|
| options/darwin/launchd.agents.<name>.serviceConfig.HardResourceLimits | Resource limits to be imposed on the job
|
| options/nixos/services.prometheus.exporters.postfix.group | Group under which the postfix exporter shall be run
|
| options/nixos/services.mastodon.activeRecordEncryptionDeterministicKeyFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| options/nixos/services.munin-node.extraPlugins | Additional Munin plugins to activate
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.SoftResourceLimits | Resource limits to be imposed on the job
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.HardResourceLimits | Resource limits to be imposed on the job
|
| options/home-manager/xsession.windowManager.i3.config.floating.modifier | Modifier key or keys that can be used to drag floating windows.
|
| options/darwin/system.defaults.NSGlobalDomain.InitialKeyRepeat | Apple menu > System Preferences > Keyboard
If you press and hold certain keyboard keys when in a text area, the key’s character begins to repeat
|
| options/nixos/services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| options/darwin/launchd.daemons.<name>.serviceConfig.HardResourceLimits | Resource limits to be imposed on the job
|
| options/darwin/launchd.daemons.<name>.serviceConfig.SoftResourceLimits | Resource limits to be imposed on the job
|
| options/nixos/services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| options/nixos/services.openssh.authorizedKeysCommandUser | Specifies the user under whose account the AuthorizedKeysCommand
is run
|
| options/nixos/services.gitlab.workhorse.config | Configuration options to add to Workhorse's configuration
file
|
| options/home-manager/programs.firefoxpwa.profiles.<name>.sites | Attribute set of site options for this profile
|
| options/nixos/services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| options/home-manager/launchd.agents.<name>.config.KeepAlive | This optional key is used to control whether your job is to be kept continuously running or to let
demand and conditions control the invocation
|
| options/nixos/services.libretranslate.enableApiKeys | Whether to enable the API keys database.
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowEmailFile | Path to the file with your personal ecoflow app login email address
|
| options/home-manager/accounts.contact.accounts.<name>.vdirsyncer.metadata | Metadata keys that should be synchronized when vdirsyncer
metasync is executed.
|
| options/nixos/services.sssd.sshAuthorizedKeysIntegration | Whether to make sshd look up authorized keys from SSS
|
| options/nixos/services.livekit.ingress.settings.rtc_config.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowAccessKeyFile | Path to the file with your personal api access string from the Ecoflow development website https://developer-eu.ecoflow.com
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowSecretKeyFile | Path to the file with your personal api secret string from the Ecoflow development website https://developer-eu.ecoflow.com
|
| options/nixos/services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| options/nixos/security.pam.sshAgentAuth.authorizedKeysFiles | A list of paths to files in OpenSSH's authorized_keys format, containing
the keys that will be trusted by the pam_ssh_agent_auth module
|
| options/nixos/boot.zfs.requestEncryptionCredentials | If true on import encryption keys or passwords for all encrypted datasets
are requested
|
| options/nixos/boot.loader.systemd-boot.sortKey | The sort key used for the NixOS bootloader entries
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.metadata | Metadata keys that should be synchronized when vdirsyncer
metasync is executed.
|
| options/home-manager/programs.thunderbird.profiles.<name>.withExternalGnupg | Allow using external GPG keys with GPGME.
|
| options/nixos/services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| options/nixos/services.prometheus.alertmanager-ntfy.settings.ntfy.notification.topic | Note: when using ntfy.sh and other public instances
it is recommended to set this option to an empty string and set the actual topic via
services.prometheus.alertmanager-ntfy.extraConfigFiles since
the topic in ntfy.sh is essentially a password
|
| options/nixos/services.guix.substituters.authorizedKeys | A list of signing keys for each substitute server to be authorized as
a source of substitutes
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowPasswordFile | Path to the file with your personal ecoflow app login email password
|
| options/home-manager/launchd.agents.<name>.config.Sockets | This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job
|
| options/nixos/services.taskserver.organisations | An attribute set where the keys name the organisation and the values
are a set of lists of users and
groups.
|
| options/darwin/launchd.agents.<name>.serviceConfig.KeepAlive | This optional key is used to control whether your job is to be kept continuously running or to let
demand and conditions control the invocation
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.KeepAlive | This optional key is used to control whether your job is to be kept continuously running or to let
demand and conditions control the invocation
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects | Allow localhost redirects
|
| options/nixos/services.discourse.siteSettings | Discourse site settings
|
| options/darwin/launchd.daemons.<name>.serviceConfig.KeepAlive | This optional key is used to control whether your job is to be kept continuously running or to let
demand and conditions control the invocation
|
| options/nixos/security.agnos.settings.accounts.*.private_key_path | Path of the PEM-encoded private key for this account
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| options/nixos/services.nextcloud.config.objectstore.s3.sseCKeyFile | If provided this is the full path to a file that contains the key
to enable [server-side encryption with customer-provided keys][1]
(SSE-C)
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.availability | The availability of the endpoint to connect to
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowDevicesFile | File must contain one line, example: R3300000,R3400000,NC430000,...
|
| options/home-manager/targets.darwin.defaults."com.googlecode.iterm2".AlternateMouseScroll | Whether to enable arrow keys when scrolling in alternate screen mode.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth | Authentication to perform locally.
- The default
pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.- The IKEv1 specific
xauth is used for XAuth or Hybrid
authentication,
- while the IKEv2 specific
eap keyword defines EAP
authentication.
- For
xauth, a specific backend name may be appended,
separated by a dash
|
| options/nixos/services.prometheus.exporters.collectd.collectdBinary.authFile | File mapping user names to pre-shared keys (passwords).
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.Sockets | This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job
|
| options/darwin/launchd.agents.<name>.serviceConfig.Sockets | This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| options/nixos/services.prometheus.exporters.pve.environmentFile | Path to the service's environment file
|
| options/darwin/launchd.daemons.<name>.serviceConfig.Sockets | This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| options/nixos/virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| options/nixos/services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.port | The port to scrape metrics from
|
| options/nixos/services.prometheus.scrapeConfigs.*.gce_sd_configs.*.port | The port to scrape metrics from
|
| options/nixos/services.arsenik.long_hold_timeout | Slightly higher value for typing keys, to prevent unexpected hold effect.
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowDevicesPrettyNamesFile | File must contain one line, example: {"R3300000":"Delta 2","R3400000":"Delta Pro",...}
The key/value map of custom names for your devices
|
| options/nixos/users.users.<name>.password | Specifies the (clear text) password for the user
|
| options/nixos/services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| options/nixos/services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|
| options/nixos/users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| options/nixos/services.stash.settings.dangerous_allow_public_without_auth | Learn more at https://docs.stashapp.cc/networking/authentication-required-when-accessing-stash-from-the-internet/
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| options/nixos/services.prometheus.exporters.idrac.configurationPath | Path to the service's config file
|
| options/nixos/services.prometheus.scrapeConfigs.*.azure_sd_configs.*.port | The port to scrape metrics from
|
| options/nixos/services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.role_arn | AWS Role ARN, an alternative to using AWS API keys.
|
| options/nixos/services.akkoma.config.":web_push_encryption" | Web Push Notifications configuration
|
| options/nixos/services.wgautomesh.settings.upnp_forward_external_port | Public port number to try to redirect to this machine's Wireguard
daemon using UPnP IGD.
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.port | The port to scrape metrics from
|
| options/nixos/services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.port | The port to scrape metrics from
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth | Authentication to expect from remote
|
| options/nixos/services.stash.settings.security_tripwire_accessed_from_public_internet | Learn more at https://docs.stashapp.cc/networking/authentication-required-when-accessing-stash-from-the-internet/
|
| options/nixos/services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.role_arn | AWS Role ARN, an alternative to using AWS API keys.
|
| options/nixos/services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.secret_key | The AWS API keys
|
| options/nixos/services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.access_key | The AWS API keys
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals | ESP proposals to offer for the CHILD_SA
|
| packages/nixpkgs/ssh-tpm-agent | SSH agent with support for TPM sealed keys for public key authentication |
| packages/nixpkgs/ssh-copy-id | Tool to copy SSH public keys to a remote machine |
| packages/nixpkgs/bzrtp | Opensource implementation of ZRTP keys exchange protocol |
| packages/nixpkgs/xcape | Utility to configure modifier keys to act as other keys |
| packages/nixpkgs/ssh-to-age | Convert ssh private keys in ed25519 format to age keys |
| packages/nixpkgs/kssd | K-mer substring space decomposition |
| packages/nixpkgs/cask-server | Public server and API to interface with Cask features |
| packages/nixpkgs/repseek | Tool to retrieve approximate repeats from large DNA sequences |
| packages/nixpkgs/tut | TUI for Mastodon with vim inspired keys |
| packages/nixpkgs/i2pd-tools | Toolsuite to work with keys and eepsites |
| packages/nixpkgs/libsForQt5.ktrip | Public transport trip planner |
| packages/nixpkgs/b4 | Helper utility to work with patches made available via a public-inbox archive |
| packages/nixpkgs/key-rack | View and edit your apps’ keys |
| packages/nixpkgs/hpe-ltfs | HPE's implementation of the open-source tape filesystem standard ltfs |
| packages/nixpkgs/rana | Nostr public key mining tool |
| packages/nixpkgs/gandi-cli | Command-line interface to the public Gandi.net API |