| options/nixos/services.firezone.server.provision.accounts.<name>.policies.<name>.group | The group which should be allowed access to the given resource.
|
| options/nixos/services.prometheus.exporters.exportarr-prowlarr.group | Group under which the exportarr-prowlarr exporter shall be run.
|
| options/nixos/services.prometheus.exporters.node-cert.excludePaths | List of paths to exclute from searching for SSL certificates.
|
| options/nixos/services.prometheus.exporters.node-cert.listenAddress | Address to listen on.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups | Some email providers (Gmail) have a different directory hierarchy for
synchronized email messages
|
| options/nixos/services.postfix.setgidGroup | How to call postfix setgid group (for postdrop)
|
| options/nixos/services.prometheus.exporters.node-cert.openFirewall | Open port in firewall for incoming connections.
|
| options/nixos/services.certmgr.metricsPort | The port for the Prometheus HTTP endpoint.
|
| options/nixos/services.prometheus.exporters.node-cert.includeGlobs | List files matching a pattern to include
|
| options/nixos/services.prometheus.exporters.node-cert.excludeGlobs | List files matching a pattern to include
|
| options/nixos/services.kubernetes.kubelet.kubeconfig.certFile | Kubelet client certificate file used to connect to kube-apiserver.
|
| options/nixos/services.prometheus.exporters.modemmanager.group | Group under which the modemmanager exporter shall be run.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| options/home-manager/programs.git-credential-keepassxc.groups | The KeePassXC groups used for storing and fetching of credentials
|
| options/nixos/services.quassel.dataDir | The directory holding configuration files, the SQlite database and the SSL Cert.
|
| options/nixos/services.prometheus.exporters.node-cert.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.node-cert.openFirewall is true.
|
| options/darwin/users.groups.<name>.members | The group's members.
|
| options/nixos/services.bitwarden-directory-connector-cli.sync.groupPath | Group directory, relative to root.
|
| options/nixos/services.certmgr.defaultRemote | The default CA host:port to use.
|
| options/nixos/services.kubernetes.scheduler.kubeconfig.certFile | Kubernetes scheduler client certificate file used to connect to kube-apiserver.
|
| options/nixos/hardware.hackrf.enable | Enables hackrf udev rules and ensures 'plugdev' group exists
|
| options/darwin/services.github-runners.<name>.user | User under which to run the service
|
| options/nixos/services.certmgr.svcManager | This specifies the service manager to use for restarting or reloading services
|
| options/nixos/services.prometheus.exporters.node-cert.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.node-cert.openFirewall
is true
|
| options/nixos/services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| options/home-manager/targets.darwin.defaults."com.apple.dock".expose-group-apps | Whether to enable grouping of windows by application in Mission Control.
|
| options/nixos/services.hitch.frontend | The port and interface of the listen endpoint in the
form [HOST]:PORT[+CERT].
|
| options/nixos/services.certmgr.metricsAddress | The address for the Prometheus HTTP endpoint.
|
| options/nixos/services.certmgr.renewInterval | How often to check certificate expirations and how often to update the cert_next_expires metric.
|
| options/nixos/security.agnos.settings.accounts.*.certificates | Certificates for agnos to issue or renew.
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.channels.<name>.name | The unique name for THIS channel in THIS group
|
| options/nixos/services.pgmanage.loginGroup | This tells pgmanage to only allow users in a certain PostgreSQL group to
login to pgmanage
|
| options/nixos/services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.suricata.settings.vars.port-groups | The port group variables for suricata.
|
| options/nixos/services.hardware.lcd.server.usbGroup | The group to use for settings permissions
|
| options/nixos/services.nsd.zones.<name>.zoneStats | When set to something distinct to null NSD is able to collect
statistics per zone
|
| options/home-manager/programs.mbsync.groups | Definition of groups.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| options/nixos/hardware.ckb-next.gid | Limit access to the ckb daemon to a particular group.
|
| options/nixos/services.prometheus.remoteWrite.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/boot.initrd.systemd.groups | Groups to include in initrd.
|
| options/nixos/services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| options/nixos/services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| options/nixos/services.icingaweb2.groupBackends | groups.ini contents
|
| options/nixos/services.dendrite.tlsKey | The path to the TLS key.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
|
| options/nixos/services.galene.groupsDir | Web server directory.
|
| options/nixos/services.kubernetes.controllerManager.kubeconfig.certFile | Kubernetes controller manager client certificate file used to connect to kube-apiserver.
|
| options/nixos/services.prometheus.scrapeConfigs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.name | The name of this group for this account
|
| options/nixos/services.dendrite.tlsCert | The path to the TLS certificate.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
|
| options/nixos/services.jibri.ignoreCert | Whether to enable the flag "--ignore-certificate-errors" for the Chromium browser opened by Jibri
|
| options/nixos/services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| options/darwin/services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| options/nixos/users.extraGroups.<name>.gid | The group GID
|
| options/nixos/services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| options/nixos/services.bitwarden-directory-connector-cli.sync.groupNameAttribute | Attribute for a name of group.
|
| options/nixos/security.agnos.settings.accounts.*.certificates.*.domains | Domains the certificate represents
|
| options/nixos/programs.wireshark.enable | Whether to add Wireshark to the global environment and create a 'wireshark'
group
|
| options/nixos/services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| options/nixos/security.isolate.cgRoot | Control group which subgroups are placed under
|
| options/nixos/security.sudo.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| options/nixos/users.extraGroups.<name>.name | The name of the group
|
| options/nixos/security.sudo-rs.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| options/nixos/users.mutableUsers | If set to true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands
|
| options/nixos/security.sudo.keepTerminfo | Whether to preserve the TERMINFO and TERMINFO_DIRS
environment variables, for root and the wheel group.
|
| options/darwin/security.sudo.keepTerminfo | Whether to preserve the TERMINFO and TERMINFO_DIRS
environment variables, for root and the admin group.
|
| options/nixos/services.ircdHybrid.certificate | IRCD server SSL certificate
|
| options/nixos/services.agate.certificatesDir | Root of the certificate directory.
|
| options/nixos/services.minio.certificatesDir | The directory where TLS certificates are stored.
|
| options/nixos/programs.wireshark.dumpcap.enable | Whether to allow users in the 'wireshark' group to capture network traffic
|
| options/nixos/programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| options/nixos/services.oauth2-proxy.tls.certificate | Path to certificate file.
|
| options/nixos/services.quassel.certificateFile | Path to the certificate used for SSL connections with clients.
|
| options/nixos/users.users.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| options/nixos/services.suricata.settings.vars.address-groups | The address group variables for suricata, if not defined the
default value of suricata (see example) will be used
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| options/nixos/users.users.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| options/nixos/services.prometheus.exporters.dovecot.socketPath | Path under which the stats socket is placed
|
| options/nixos/services.below.cgroupFilterOut | A regexp matching the full paths of cgroups whose data shouldn't be collected
|
| options/nixos/users.users.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| options/nixos/security.sudo.defaultOptions | Options used for the default rules, granting root and the
wheel group permission to run any command as any user.
|
| options/nixos/services.grafana.settings.database.client_cert_path | The path to the client cert
|
| options/nixos/services.maddy.tls.certificates.*.keyPath | Path to the private key used for TLS.
|
| options/nixos/services.onlyoffice.securityNonceFile | File holding nginx configuration that sets the nonce used to create secret links
|
| options/nixos/services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| options/nixos/security.sudo-rs.defaultOptions | Options used for the default rules, granting root and the
wheel group permission to run any command as any user.
|
| options/home-manager/programs.ssh.matchBlocks.<name>.certificateFile | Specifies files from which the user certificate is read.
|
| options/nixos/services.maddy.tls.certificates | A list of attribute sets containing paths to TLS certificates and
keys
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| options/home-manager/accounts.email.certificatesFile | Path to default file containing certificate authorities that
should be used to validate the connection authenticity
|
| options/nixos/security.loginDefs.settings.GID_MIN | Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
|
| options/nixos/security.loginDefs.settings.GID_MAX | Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
|
| options/nixos/services.grafana.settings.server.cert_key | Path to the certificate key file (if protocol is set to https or h2).
|
| options/nixos/services.infinoted.certificateFile | Server certificate to use for TLS
|
| options/nixos/services.namecoind.rpc.certificate | Certificate file for securing RPC connections.
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.channels | List of channels that should be grouped together into this group
|
| options/nixos/services.bitwarden-directory-connector-cli.sync.groupFilter | LDAP filter for groups.
|
| options/nixos/services.ananicy.extraCgroups | Cgroups to write in 'nixCgroups.cgroups'
|