| options/nixos/security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| options/nixos/systemd.network.networks.<name>.stochasticFairnessQueueingConfig | Each attribute in this set specifies an option in the
[StochasticFairnessQueueing] section of the unit
|
| options/nixos/users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| options/nixos/services.sourcehut.settings."sr.ht".service-key | An absolute file path (which should be outside the Nix-store)
to a key used for encrypting session cookies
|
| options/nixos/security.pam.ussh.authorizedPrincipalsFile | Path to a list of principals; if the user presents a certificate with
one of these principals, then they will be authorized
|
| options/nixos/services.coder.database.username | Username for accessing the database.
|
| options/darwin/launchd.agents.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| options/nixos/virtualisation.credentials.<name>.mechanism | The mechanism used to pass the credential to the VM.
|
| options/nixos/services.angrr.settings.temporary-root-policies.<name>.filter.arguments | Extra command-line arguments pass to the external filter program.
|
| options/home-manager/accounts.email.accounts.<name>.thunderbird.perIdentitySettings | Extra settings to add to each identity of this Thunderbird
account configuration
|
| options/nixos/services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| options/nixos/services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails | List of emails to allow access to this vhost, or null to allow all.
|
| options/home-manager/accounts.calendar.accounts.<name>.pimsync.extraLocalStorageDirectives | Extra directives that should be added under this accounts local storage directive
|
| options/nixos/hardware.nvidia-container-toolkit.enable-hooks | List of hooks to enable when generating the CDI specification
|
| options/nixos/services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit | See torrc manual.
|
| options/nixos/documentation.man.mandoc.settings.output.style | Path to the file used for an external style-sheet
|
| options/nixos/networking.firewall.checkReversePath | Performs a reverse path filter test on a packet
|
| options/nixos/services.gotosocial.environmentFile | File path containing environment variables for configuring the GoToSocial service
in the format of an EnvironmentFile as described by systemd.exec(5)
|
| options/nixos/services.thanos.downsample.objstore.config | Object store configuration
|
| options/nixos/services.prometheus.exporters.postfix.logfilePath | Path where Postfix writes log entries
|
| options/nixos/services.zabbixWeb.nginx.virtualHost.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| options/nixos/services.icingaweb2.modules.monitoring.transports.<name>.type | Type of this transport
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.connectTimeout | Timeout for establishing a new TCP connection to your origin server
|
| options/nixos/services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| options/nixos/security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| options/nixos/services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in)
|
| options/home-manager/services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from
the parent directory (the directory it’s located in)
|
| options/home-manager/programs.vicinae.extensions | List of Vicinae extensions to install
|
| options/nixos/boot.iscsi-initiator.target | Name of the iSCSI target to boot from.
|
| options/nixos/services.ircdHybrid.serverName | IRCD server name.
|
| options/nixos/services.dnsdist.enable | Whether to enable dnsdist domain name server.
|
| options/nixos/services.unbound.enable | Whether to enable Unbound domain name server.
|
| options/nixos/services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| options/nixos/services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| options/nixos/services.prometheus.exporters.mysqld.configFile | Path to the services config file
|
| options/nixos/services.logrotate.checkConfig | Whether the config should be checked at build time
|
| options/nixos/services.nextcloud-spreed-signaling.settings.https.key | Path to the private key used for the HTTPS listener
|
| options/home-manager/programs.firefox.profiles.<name>.bookmarks.meta.maintainers | List of maintainers of each module
|
| options/home-manager/programs.thunderbird.profiles.<name>.search.engines | Attribute set of search engine configurations
|
| options/darwin/launchd.daemons.<name>.serviceConfig.HardResourceLimits.NumberOfProcesses | The maximum number of simultaneous processes for this user id
|
| options/darwin/launchd.daemons.<name>.serviceConfig.SoftResourceLimits.NumberOfProcesses | The maximum number of simultaneous processes for this user id
|
| options/nixos/services.elasticsearch.cluster_name | Elasticsearch name that identifies your cluster for auto-discovery.
|
| options/darwin/launchd.agents.<name>.serviceConfig.Disabled | This optional key is used as a hint to launchctl(1) that it should not submit this job to launchd when
loading a job or jobs
|
| options/nixos/services.mailman.ldap.attrMap.username | LDAP-attribute that corresponds to the username-attribute in mailman.
|
| options/nixos/services.icingaweb2.modules.monitoring.transports.<name>.host | Host for the api or remote transport
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| options/home-manager/programs.borgmatic.backups.<name>.consistency.checks.*.frequency | Frequency of this type of check
|
| options/nixos/security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| options/nixos/specialisation.<name>.configuration | Arbitrary NixOS configuration
|
| options/nixos/services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.HardResourceLimits.NumberOfProcesses | The maximum number of simultaneous processes for this user id
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.SoftResourceLimits.NumberOfProcesses | The maximum number of simultaneous processes for this user id
|
| options/nixos/services.etebase-server.settings.global.secret_file | The path to a file containing the secret
used as django's SECRET_KEY.
|
| options/nixos/documentation.man.mandoc.manPath | Change the paths included in the MANPATH environment variable,
i. e. the directories where man(1)
looks for section-specific directories of man pages
|
| options/nixos/services.prometheus.pushgateway.web.route-prefix | Prefix for the internal routes of web endpoints
|
| options/nixos/services.prometheus.exporters.mysqld.telemetryPath | Path under which to expose metrics.
|
| options/nixos/services.prometheus.exporters.mikrotik.configFile | Path to a mikrotik exporter configuration file
|
| options/home-manager/services.linux-wallpaperengine.assetsPath | Path to the assets directory.
|
| options/nixos/services.archisteamfarm.ipcPasswordFile | Path to a file containing the password
|
| options/nixos/services.k3s.autoDeployCharts | Auto deploying Helm charts that are installed by the k3s Helm controller
|
| options/nixos/services.firezone.server.provision.accounts.<name>.features.rest_api | Whether to enable the rest_api feature for this account.
|
| options/nixos/services.firezone.server.provision.accounts.<name>.features.idp_sync | Whether to enable the idp_sync feature for this account.
|
| options/nixos/services.icingaweb2.modules.monitoring.transports.<name>.port | Port to connect to for the api or remote transport
|
| options/nixos/users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| options/nixos/services.radicle.ci.adapters.native.instances.<name>.settings.base_url | Base URL for build logs (mandatory for access from CI broker page).
|
| options/nixos/services.agorakit.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.dolibarr.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/services.kanboard.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/services.fediwall.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/services.librenms.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.librenms.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/services.fediwall.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.kanboard.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.dolibarr.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.agorakit.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/services.pixelfed.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/services.mainsail.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/services.pixelfed.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.mainsail.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.namecoind.rpc.password | Password for RPC connections.
|
| options/nixos/services.icingaweb2.modules.monitoring.backends.<name>.disabled | Disable this backend
|
| options/nixos/services.gitlab.databaseUsername | GitLab database user.
|
| options/home-manager/accounts.calendar.accounts.<name>.pimsync.extraRemoteStorageDirectives | Extra directives that should be added under this accounts remote storage directive
|
| options/nixos/networking.bonds.<name>.xmit_hash_policy | DEPRECATED, use driverOptions
|
| options/nixos/services.opentelemetry-collector.configFile | Specify a path to a configuration file that Opentelemetry Collector should use.
|
| options/nixos/services.prometheus.exporters.borgmatic.configFile | The path to the borgmatic config file
|
| options/nixos/virtualisation.podman.networkSocket.tls.cacert | Path to CA certificate to use for client authentication.
|
| options/darwin/launchd.agents.<name>.serviceConfig.StartCalendarInterval | This optional key causes the job to be started every calendar interval as specified
|
| options/darwin/networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | Interval in seconds to send keepalive packets
|
| options/nixos/services.forgejo.dump.file | Filename to be used for the dump
|
| options/nixos/services.prosody.muc.*.domain | Domain name of the MUC
|
| options/nixos/services.rss-bridge.pool | Name of phpfpm pool that is used to run web-application
|
| options/nixos/services.mjpg-streamer.user | mjpg-streamer user name.
|
| options/darwin/launchd.daemons.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| options/nixos/services.prometheus.exporters.imap-mailstat.accounts.<name>.password | |
| options/nixos/services.postgresql.ensureUsers.*.ensureClauses.login | Grants the user, created by the ensureUser attr, login permissions
|
| options/nixos/programs.singularity.enableExternalLocalStateDir | Whether to use top-level directories as LOCALSTATEDIR
instead of the store path ones
|
| options/nixos/services.homepage-dashboard.environmentFile | The path to an environment file that contains environment variables to pass
to the homepage-dashboard service, for the purpose of passing secrets to
the service
|
| options/nixos/services.bitwarden-directory-connector-cli.secrets.ldap | Path to file that contains LDAP password for user in {option}`ldap.username
|