| options/nixos/services.kerberos_server.settings.realms.<name>.acl.*.access | The changes the principal is allowed to make.
The "all" permission does not imply the "get-keys" permission
|
| options/nixos/services.prometheus.scrapeConfigs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| options/nixos/services.opentelemetry-collector.validateConfigFile | Whether to enable Validate configuration file.
|
| options/nixos/services.magnetico.web.credentialsFile | The path to the file holding the credentials to access the web
interface
|
| options/nixos/services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql | A list of SQL statements to execute once after making a connection.
|
| options/nixos/services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| options/nixos/services.outline.slackIntegration.verificationTokenFile | File path containing the verification token.
|
| options/nixos/services.prometheus.exporters.scaphandre.telemetryPath | Path under which to expose metrics.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay | Interval to check the liveness of a peer actively using IKEv2
INFORMATIONAL exchanges or IKEv1 R_U_THERE messages
|
| options/nixos/services.xserver.displayManager.session | List of sessions supported with the command used to start each
session
|
| options/nixos/services.bookstack.mail.fromName | Mail "from" name.
|
| options/nixos/services.corosync.clusterName | Name of the corosync cluster.
|
| options/nixos/services.prefect.databaseName | database name for postgres only
|
| options/nixos/services.tomcat.virtualHosts | List consisting of a virtual host name and a list of web applications to deploy on each virtual host
|
| options/nixos/services.netbird.enable | Enables backward-compatible NetBird client service
|
| options/nixos/services.samba-wsdd.workgroup | Set workgroup name (default WORKGROUP).
|
| options/nixos/services.smokeping.linkStyle | DNS name for the urls generated in the cgi.
|
| options/home-manager/programs.floorp.profiles.<name>.extensions.exhaustivePermissions | When enabled, the user must authorize requested
permissions for all extensions from
programs.floorp.profiles.<profile>.extensions.packages
in
programs.floorp.profiles.<profile>.extensions.settings.<extensionID>.permissions
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| options/nixos/services.outline.discordAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/services.vsmartcard-vpcd.hostname | Hostname of a waiting vpicc server vpcd will be connecting to
|
| options/home-manager/xsession.windowManager.i3.config.fonts.names | List of font names list used for window titles
|
| options/nixos/users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowPasswordFile | Path to the file with your personal ecoflow app login email password
|
| options/nixos/security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.if_id_in | XFRM interface ID set on inbound policies/SA, can be overridden by child
config, see there for details
|
| options/nixos/virtualisation.fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| options/nixos/services.autorandr.matchEdid | Match displays based on edid instead of name
|
| options/nixos/services.factorio.stateDirName | Name of the directory under /var/lib holding the server's data
|
| options/nixos/services.misskey.settings.db.db | The database name.
|
| options/nixos/services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| options/nixos/services.shairport-sync.user | User account name under which to run shairport-sync
|
| options/home-manager/services.autorandr.matchEdid | Match displays based on edid instead of name.
|
| options/nixos/services.xserver.videoDriver | The name of the video driver for your graphics card
|
| options/home-manager/programs.qutebrowser.searchEngines | Search engines that can be used via the address bar
|
| options/nixos/services.prometheus.globalConfig.query_log_file | Path to the file prometheus should write its query log to.
|
| options/nixos/networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds | Periodically refresh the endpoint hostname or address for all peers
|
| options/nixos/services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| options/nixos/services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| options/nixos/services.prometheus.exporters.sql.configuration.jobs.<name>.interval | How often to run this job, specified in
Go duration format.
|
| options/nixos/virtualisation.xen.store.settings.xenstored.accessLog.file | Path to the Xen Store access log file.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| options/home-manager/programs.firefox.profiles.<name>.extensions.exhaustivePermissions | When enabled, the user must authorize requested
permissions for all extensions from
programs.firefox.profiles.<profile>.extensions.packages
in
programs.firefox.profiles.<profile>.extensions.settings.<extensionID>.permissions
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| options/nixos/services.borgmatic.configurations.<name>.repositories.*.label | Label to the repository
|
| options/nixos/services.influxdb2.provision.organizations.<name>.description | Optional description for the organization.
|
| options/nixos/services.athens.storage.s3.bucket | Bucket name for the S3 storage backend.
|
| options/nixos/programs.regreet.theme.package | The package that provides the theme given in the name option.
|
| options/nixos/services.ncps.cache.storage.s3.bucket | The name of the S3 bucket.
|
| options/home-manager/programs.lazygit.shellWrapperName | Name of the shell wrapper to be called.
|
| options/nixos/services.usbrelayd.clientName | Name, your client connects as.
|
| options/nixos/services.limesurvey.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| options/nixos/services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| options/home-manager/wayland.windowManager.sway.config.bars.*.fonts.names | List of font names list used for window titles
|
| options/nixos/services.bird-lg.frontend.servers | Server name prefixes.
|
| options/nixos/services.jigasi.defaultJvbRoomName | Name of the default JVB room that will be joined if no special header is included in SIP invite.
|
| options/nixos/services.gnome.at-spi2-core.enable | Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform
|
| options/nixos/services.factorio.saveName | The name of the savegame that will be used by the server
|
| options/nixos/services.freshrss.virtualHost | Name of the caddy/nginx virtualhost to use and setup.
|
| options/nixos/services.prosody.httpFileShare.domain | Domain name for a http_file_share service.
|
| options/nixos/services.mattermost.siteName | Name of this Mattermost site.
|
| options/nixos/services.miredo.interfaceName | Name of the network tunneling interface.
|
| options/nixos/swapDevices.*.encrypted.label | Label of the unlocked encrypted device
|
| options/nixos/services.tlsrpt.reportd.settings.sendmail_script | Path to a sendmail-compatible executable for delivery reports.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.if_id_out | XFRM interface ID set on outbound policies/SA, can be overridden by child
config, see there for details
|
| options/nixos/services.discourse.database.username | Discourse database user.
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| options/nixos/services.prosody.uploadHttp.domain | Domain name for the http-upload service
|
| options/nixos/services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| options/nixos/services.autossh.sessions.*.user | Name of the user the AutoSSH session should run as
|
| options/nixos/services.keyd.keyboards | Configuration for one or more device IDs
|
| options/nixos/services.avahi.nssmdns4 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
|
| options/nixos/services.rspamd.overrides | Overridden configuration files, written into /etc/rspamd/override.d/{name}.
|
| options/nixos/services.outline.storage.region | AWS S3 region name.
|
| options/nixos/services.shairport-sync.group | Group account name under which to run shairport-sync
|
| options/home-manager/programs.ncmpcpp.settings | Attribute set from name of a setting to its value
|
| options/home-manager/programs.gnome-shell.theme.package | Package providing a GNOME Shell theme in
$out/share/themes/${name}/gnome-shell.
|
| options/darwin/services.autossh.sessions.*.user | Name of the user the AutoSSH session should run as
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| options/nixos/services.nextjs-ollama-llm-ui.hostname | The hostname under which the Ollama UI interface should be accessible
|
| options/nixos/services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| options/home-manager/xsession.windowManager.i3.config.bars.*.fonts.names | List of font names list used for window titles
|
| options/nixos/environment.profileRelativeSessionVariables | Attribute set of environment variable used in the global
environment
|
| options/nixos/services.prometheus.exporters.snmp.configurationPath | Path to a snmp exporter configuration file
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.ppk_required | Whether a Postquantum Preshared Key (PPK) is required for this connection
|
| options/nixos/services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.paths | Paths can point to a single service, or the root of a tree of services.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote_port | Remote UDP port for IKE communication
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.aggressive | Enables Aggressive Mode instead of Main Mode with Identity
Protection
|
| options/nixos/services.prometheus.exporters.unbound.unbound.certificate | Path to the Unbound control socket certificate
|
| options/nixos/services.prometheus.alertmanager.webExternalUrl | The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy)
|
| options/nixos/services.nextcloud-spreed-signaling.backends | A list of backends from which clients are allowed to connect from
|
| options/nixos/services.airsonic.virtualHost | Name of the nginx virtualhost to use and setup
|
| options/nixos/services.discourse.admin.fullName | The admin user's full name.
|
| options/nixos/services.cloudlog.virtualHost | Name of the nginx virtualhost to use and setup
|
| options/nixos/services.guacamole-server.host | The host name or IP address the server should listen to.
|
| options/nixos/services.consul.interface.bind | The name of the interface to pull the bind_addr from.
|
| options/nixos/services.wiki-js.stateDirectoryName | Name of the directory in /var/lib.
|
| options/nixos/services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|