| options/nixos/services.warpgate.settings.sso_providers.*.label | SSO provider name displayed on login page.
|
| options/nixos/programs.kubeswitch.commandName | The name of the command to use
|
| options/home-manager/programs.kubeswitch.commandName | The name of the command to use
|
| options/nixos/users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| options/nixos/services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.username | HTTP username
|
| options/nixos/users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowURI | Allow client if URI subject alternative name appears in the list.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.allowDNS | Allow client if DNS subject alternative name appears in the list.
|
| options/nixos/services.mqtt2influxdb.points.*.measurement | Name of the measurement
|
| options/home-manager/programs.librewolf.profiles.<name>.extensions.exhaustivePermissions | When enabled, the user must authorize requested
permissions for all extensions from
programs.librewolf.profiles.<profile>.extensions.packages
in
programs.librewolf.profiles.<profile>.extensions.settings.<extensionID>.permissions
|
| options/nixos/virtualisation.oci-containers.containers.<name>.environmentFiles | Environment files for this container.
|
| options/nixos/virtualisation.sharedDirectories.<name>.securityModel | The security model to use for this share:
passthrough: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)mapped-xattr: some of the file attributes like uid, gid, mode bits and link target are stored as file attributesmapped-file: the attributes are stored in the hidden .virtfs_metadata directory
|
| options/nixos/image.repart.verityStore.partitionIds.store | Specify the attribute name of the store partition.
|
| options/home-manager/programs.zed-editor.extensions | A list of the extensions Zed should install on startup
|
| options/home-manager/programs.claude-code.commands | Custom commands for Claude Code
|
| options/home-manager/programs.zsh.prezto.tmux.defaultSessionName | Set the default session name.
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds | Periodically re-execute the wg utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes
|
| options/nixos/services.mautrix-telegram.environmentFile | File containing environment variables to be passed to the mautrix-telegram service,
in which secret tokens can be specified securely by defining values for e.g.
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN,
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN,
MAUTRIX_TELEGRAM_TELEGRAM_API_ID,
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH and optionally
MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN
|
| options/nixos/services.prometheus.exporters.exportarr-prowlarr.user | User name under which the exportarr-prowlarr exporter shall be run.
|
| options/home-manager/programs.wezterm.colorSchemes | Attribute set of additional color schemes to be written to
$XDG_CONFIG_HOME/wezterm/colors, where each key is
taken as the name of the corresponding color scheme
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.username | username is required if using Identity V2 API
|
| options/nixos/services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| options/nixos/services.postgresql.ensureUsers.*.ensureClauses.inherit | Grants the user created inherit permissions
|
| options/nixos/hardware.trackpoint.device | The device name of the trackpoint
|
| options/home-manager/programs.gnome-terminal.profile | A set of Gnome Terminal profiles
|
| options/nixos/services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| options/nixos/services.nipap.settings.auth.default_backend | Name of auth backend to use by default.
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds | When the dynamic endpoint refresh that is configured via
dynamicEndpointRefreshSeconds exits (likely due to a failure),
restart that service after this many seconds
|
| options/nixos/services.matrix-appservice-irc.settings.homeserver.domain | The 'domain' part for user IDs on this home server
|
| options/nixos/nixpkgs.flake.source | The path to the nixpkgs sources used to build the system
|
| options/nixos/virtualisation.oci-containers.containers.<name>.podman.sdnotify | Determines how podman should notify systemd that the unit is ready
|
| options/nixos/virtualisation.oci-containers.containers.<name>.imageStream | Path to a script that streams the desired image on standard output
|
| options/nixos/services.prometheus.exporters.modemmanager.user | User name under which the modemmanager exporter shall be run.
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| options/home-manager/programs.offlineimap.extraConfig.mbnames | Extra configuration options added to the
mbnames section.
|
| options/nixos/security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| options/home-manager/programs.git.includes.*.contentSuffix | Nix store name for the git configuration text file,
when generating the configuration text from nix options.
|
| options/darwin/nixpkgs.flake.source | The path to the nixpkgs sources used to build the system
|
| options/nixos/services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.username | HTTP username
|
| options/nixos/services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.username | HTTP username
|
| options/nixos/services.xserver.desktopManager.gnome.flashback.customSessions.*.wmLabel | The name of the window manager to show in the session chooser.
|
| options/nixos/hardware.display.edid.modelines | Attribute set of XFree86 Modelines automatically converted
and exposed as edid/<name>.bin files in initrd
|
| options/home-manager/programs.element-desktop.profiles | Extra profiles for Element
|
| options/home-manager/programs.powerline-go.pathAliases | Pairs of full-path and corresponding desired short name
|
| options/nixos/services.bitwarden-directory-connector-cli.sync.groupNameAttribute | Attribute for a name of group.
|
| options/nixos/networking.networkmanager.ensureProfiles.profiles.<name>.connection.type | The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.
|
| options/home-manager/programs.gemini-cli.context | An attribute set of context files to create in ~/.gemini/
|
| options/nixos/virtualisation.oci-containers.containers.<name>.capabilities | Capabilities to configure for the container
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_name | At most one of domain_id and domain_name must be provided if using username
with Identity V3
|
| options/nixos/services.postgresql.ensureUsers.*.ensureClauses.createdb | Grants the user, created by the ensureUser attr, createdb permissions
|
| options/nixos/services.influxdb2.provision.initialSetup.organization | Primary organization name
|
| options/home-manager/programs.quickshell.configs | A set of configs to include in the quickshell config directory
|
| options/home-manager/programs.radicle.uri.web-rad.browser | Name of the XDG Desktop Entry for your browser
|
| options/nixos/users.mysql.pam.statusColumn | The name of the column or an SQL expression that indicates the status of
the user
|
| options/nixos/networking.networkmanager.ensureProfiles.profiles | Declaratively define NetworkManager profiles
|
| options/nixos/services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|
| options/home-manager/programs.kitty.autoThemeFiles.noPreference | Theme name for no-preference color scheme.
|
| options/nixos/services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces | Optional namespace discovery
|
| options/nixos/services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| options/nixos/virtualisation.oci-containers.containers.<name>.ports | Network ports to publish from the container to the outer host
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.user | Unifi service user name.
|
| options/nixos/networking.ucarp.downscript | Command to run after become backup, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| options/nixos/networking.nat.externalInterface | The name of the external network interface.
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_name | The project_id and project_name fields are optional for the Identity V2 API
|
| options/nixos/services.pgbouncer.settings.pgbouncer.listen_addr | Specifies a list (comma-separated) of addresses where to listen for TCP connections
|
| options/nixos/services.postgresql.ensureUsers.*.ensureClauses.bypassrls | Grants the user, created by the ensureUser attr, replication permissions
|
| options/nixos/boot.loader.systemd-boot.windows | Make Windows bootable from systemd-boot
|
| options/nixos/boot.loader.grub.configurationName | GRUB entry name instead of default.
|
| options/nixos/image.repart.verityStore.partitionIds.store-verity | Specify the attribute name of the store's dm-verity hash partition.
|
| options/darwin/services.aerospace.settings.workspace-to-monitor-force-assignment | Map workspaces to specific monitors
|
| options/nixos/services.postgresql.ensureUsers.*.ensureClauses.superuser | Grants the user, created by the ensureUser attr, superuser permissions
|
| options/home-manager/programs.quickshell.activeConfig | The name of the config to use
|
| options/home-manager/programs.rclone.requiresUnit | The name of a systemd user service that must complete before the rclone
configuration file is written
|
| options/nixos/users.ldap.bind.distinguishedName | The distinguished name to bind to the LDAP server with
|
| options/nixos/services.prometheus.exporters.wireguard.wireguardConfig | Path to the Wireguard Config to
add the peer's name to the stats of a peer
|
| options/nixos/services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.username | HTTP username
|
| options/nixos/programs.msmtp.accounts | Named accounts and their respective configurations
|
| options/darwin/system.defaults.finder._FXSortFoldersFirstOnDesktop | Keep folders on top when sorting by name on the desktop
|
| options/nixos/services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".database | Name of the database
|
| options/nixos/services.prometheus.exporters.mqtt.zigbee2MqttAvailability | Whether to enable Normalize sensor name for device availability metric added by Zigbee2MQTT..
|
| options/home-manager/accounts.email.accounts.<name>.mujmap.settings.tags.directory_separator | Directory separator for mapping notmuch tags to maildirs.
|
| options/nixos/security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| options/nixos/programs.pay-respects.runtimeRules | List of rules to be added to /etc/xdg/pay-respects/rules.
pay-respects will read the contents of these generated rules to recommend command corrections
|
| options/nixos/boot.loader.grub.fsIdentifier | Determines how GRUB will identify devices when generating the
configuration file
|
| options/nixos/services.veilid.settings.core.network.routing_table.bootstrap | Host name of existing well-known Veilid bootstrap servers for the network to connect to.
|
| options/home-manager/accounts.email.accounts.<name>.lieer.settings.ignore_remote_labels | Set Gmail labels to ignore when syncing from remote labels to
local tags (before translations).
|
| options/nixos/services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.username | HTTP username
|
| options/nixos/services.prometheus.exporters.pgbouncer.connectionEnvFile | File that must contain the environment variable
PGBOUNCER_EXPORTER_CONNECTION_STRING which is set to the connection
string used by pgbouncer
|
| options/nixos/boot.loader.grub.mirroredBoots.*.efiBootloaderId | The id of the bootloader to store in efi nvram
|
| options/home-manager/accounts.email.accounts.<name>.lieer.settings.ignore_empty_history | Work around a Gmail API quirk where an empty change history
is sometimes returned
|
| options/nixos/services.postgresql.ensureUsers.*.ensureClauses.createrole | Grants the user, created by the ensureUser attr, createrole permissions
|
| options/nixos/services.postgresql.ensureUsers.*.ensureClauses.replication | Grants the user, created by the ensureUser attr, replication permissions
|
| options/nixos/hardware.nvidia.prime.offload.offloadCmdMainProgram | Specifies the CLI name of the hardware.nvidia.prime.offload.enableOffloadCmd
convenience script for offloading programs to an nvidia device.
|
| options/nixos/system.nixos.label | NixOS version name to be used in the names of generated
outputs and boot labels
|
| options/nixos/services.filesender.settings.log_facilities | Defines where FileSender logging is sent
|
| options/nixos/boot.initrd.compressor | The compressor to use on the initrd image
|
| options/nixos/networking.dhcpcd.denyInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| options/home-manager/accounts.email.accounts.<name>.lieer.settings.remove_local_messages | Remove local messages that have been deleted on the remote.
|
| options/nixos/services.prometheus.exporters.pgbouncer.connectionString | Connection string for accessing pgBouncer
|