| options/nixos/hardware.rtl-sdr.enable | Enables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules
|
| options/nixos/services.couchdb.configFile | Configuration file for persisting runtime changes
|
| options/nixos/systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| options/nixos/services.smokeping.user | User that runs smokeping and (optionally) thttpd
|
| options/nixos/users.users.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| options/nixos/users.allowNoPasswordLogin | Disable checking that at least the root user or a user in the wheel group can log in using
a password or an SSH key
|
| options/nixos/services.prometheus.exporters.unbound.unbound.certificate | Path to the Unbound control socket certificate
|
| options/nixos/services.timekpr.adminUsers | All listed users will become part of the timekpr group so they can manage timekpr settings without requiring sudo.
|
| options/nixos/services.grafana.settings.server.socket_gid | GID where the socket should be set when protocol=socket
|
| options/nixos/services.portunus.enable | Whether to enable Portunus, a self-contained user/group management and authentication service for LDAP.
|
| options/nixos/services.suricata.settings.vars.address-groups.DNP3_SERVER | DNP3_SERVER variable.
|
| options/nixos/services.suricata.settings.vars.address-groups.DNP3_CLIENT | DNP3_CLIENT variable.
|
| options/nixos/services.nomad.enableDocker | Enable Docker support
|
| options/nixos/services.kubernetes.apiserver.extraSANs | Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert.
|
| options/nixos/services.mailman.ldap.superUserGroup | Group where a user must be a member of to gain superuser rights.
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| options/nixos/services.suricata.settings.vars.address-groups.ENIP_SERVER | ENIP_SERVER variable.
|
| options/nixos/services.suricata.settings.vars.address-groups.ENIP_CLIENT | ENIP_CLIENT variable.
|
| options/nixos/virtualisation.incus.enable | Whether to enable incusd, a daemon that manages containers and virtual machines
|
| options/nixos/services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/programs.flashrom.enable | Installs flashrom and configures udev rules for programmers
used by flashrom
|
| options/nixos/programs.gphoto2.enable | Whether to configure system to use gphoto2
|
| options/nixos/hardware.openrazer.users | Usernames to be added to the "openrazer" group, so that they
can start and interact with the OpenRazer userspace daemon.
|
| options/nixos/services.nextcloud-spreed-signaling.settings.https.certificate | Path to the certificate used for the HTTPS listener
|
| options/nixos/services.suricata.settings.vars.address-groups.DC_SERVERS | DC_SERVERS variable.
|
| options/nixos/services.cloudflared.tunnels.<name>.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| options/nixos/services.suricata.settings.vars.address-groups.AIM_SERVERS | AIM_SERVERS variable.
|
| options/nixos/services.suricata.settings.vars.address-groups.SQL_SERVERS | SQL_SERVERS variable.
|
| options/nixos/services.suricata.settings.vars.address-groups.DNS_SERVERS | DNS_SERVERS variable.
|
| options/nixos/services.neo4j.directories.certificates | Directory for storing certificates to be used by Neo4j for
TLS connections
|
| options/nixos/services.warpgate.settings.http.sni_certificates | Certificates for additional domains.
|
| options/nixos/services.suricata.settings.vars.address-groups.HTTP_SERVERS | HTTP_SERVERS variable.
|
| options/nixos/services.suricata.settings.vars.address-groups.SMTP_SERVERS | SMTP_SERVERS variable.
|
| options/nixos/services.hologram-server.roleAttr | Which LDAP group attribute to search for authorized role ARNs
|
| options/nixos/programs.mouse-actions.enable | Whether to install and set up mouse-actions and it's udev rules
|
| options/nixos/services.aria2.enable | Whether or not to enable the headless Aria2 daemon service
|
| options/nixos/networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| options/nixos/boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| options/nixos/security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| options/nixos/services.dokuwiki.sites.<name>.acl.*.actor | User or group to restrict
|
| options/nixos/services.warpgate.settings.http.sni_certificates.*.key | Path to private key.
|
| options/nixos/services.suricata.settings.vars.address-groups.MODBUS_SERVER | MODBUS_SERVER variable.
|
| options/nixos/services.suricata.settings.vars.address-groups.MODBUS_CLIENT | MODBUS_CLIENT variable
|
| options/nixos/services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.temporal.dataDir | Data directory for Temporal
|
| options/nixos/services.quickwit.dataDir | Data directory for Quickwit
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| options/nixos/services.parsedmarc.settings.elasticsearch.cert_path | The path to a TLS certificate bundle used to verify
the server's certificate.
|
| options/nixos/services.traefik.supplementaryGroups | Additional groups under which Traefik runs
|
| options/nixos/nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| options/darwin/nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| options/nixos/services.suricata.settings.vars.address-groups.EXTERNAL_NET | EXTERNAL_NET variable.
|
| options/nixos/users.extraUsers.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| options/nixos/services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| options/nixos/hardware.acpilight.enable | Enable acpilight
|
| options/nixos/services.privoxy.inspectHttps | Whether to configure Privoxy to inspect HTTPS requests, meaning all
encrypted traffic will be filtered as well
|
| options/nixos/programs.corectrl.enable | Whether to enable CoreCtrl, a tool to overclock amd graphics cards and processors
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot | Optional slot number of the token that stores the certificate.
|
| options/nixos/services.dependency-track.oidc.teamSynchronization | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| options/nixos/services.suricata.settings.vars.address-groups.TELNET_SERVERS | TELNET_SERVERS variable.
|
| options/nixos/hardware.sheep_net.enable | Enables sheep_net udev rules, ensures 'sheep_net' group exists, and adds
sheep-net to boot.kernelModules and boot.extraModulePackages
|
| options/nixos/networking.networkmanager.enable | Whether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured
|
| options/nixos/virtualisation.podman.dockerSocket.enable | Make the Podman socket available in place of the Docker socket, so
Docker tools can find the Podman socket
|
| options/nixos/programs.mosh.withUtempter | Whether to enable libutempter for mosh
|
| options/nixos/programs.tmux.withUtempter | Whether to enable libutempter for tmux
|
| options/nixos/programs.feedbackd.enable | Whether to enable the feedbackd D-BUS service and udev rules
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module | Optional PKCS#11 module name.
|
| options/nixos/services.fastnetmon-advanced.hostgroups | Hostgroups to declaratively load into FastNetMon Advanced
|
| options/nixos/networking.wireless.networks.<name>.priority | By default, all networks will get same priority group (0)
|
| options/nixos/hardware.kryoflux.enable | Enables kryoflux udev rules, ensures 'floppy' group exists
|
| options/nixos/services.grafana.provision.alerting.rules.settings.groups | List of rule groups to import or update.
|
| options/nixos/services.netbird.tunnels.<name>.bin.suffix | A system group name for this client instance.
|
| options/nixos/services.netbird.clients.<name>.bin.suffix | A system group name for this client instance.
|
| options/nixos/services.mx-puppet-discord.enable | Whether to enable mx-puppet-discord is a discord puppeting bridge for matrix
|
| options/nixos/services.terraria.enable | If enabled, starts a Terraria server
|
| options/nixos/services.dovecot2.createMailUser | Whether to enable automatically creating the user
given in services.dovecot.user and the group
given in services.dovecot.group.
|
| options/nixos/services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| options/nixos/services.kubernetes.apiserver.kubeletClientCaFile | Path to a cert file for connecting to kubelet.
|
| options/nixos/services.hardware.lcd.server.usbPermissions | Set group-write permissions on a USB device
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| options/nixos/services.bitwarden-directory-connector-cli.sync.groups | Whether to sync ldap groups into BitWarden.
|
| options/home-manager/programs.hexchat.channels.<name>.loginMethod | The login method
|
| options/nixos/programs.idescriptor.users | Users to be added to the idevice group.
|
| options/nixos/hardware.keyboard.uhk.enable | Whether to enable non-root access to the firmware of UHK keyboards
|
| options/nixos/services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/programs.soundmodem.enable | Whether to add Soundmodem to the global environment and configure a
wrapper for 'soundmodemconfig' for users in the 'soundmodem' group.
|
| options/nixos/services.netbird.clients.<name>.name | Primary name for use (as a suffix) in:
- systemd service name,
- hardened user name and group,
- systemd
*Directory= names,
- desktop application identification,
|
| options/nixos/services.netbird.tunnels.<name>.name | Primary name for use (as a suffix) in:
- systemd service name,
- hardened user name and group,
- systemd
*Directory= names,
- desktop application identification,
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.channels.<name>.extraConfig | Extra configuration lines to add to THIS channel's
configuration.
|
| options/nixos/services.beszel.agent.smartmon.enable | Include services.beszel.agent.smartmon.package in the Beszel agent path for disk monitoring and add the agent to the disk group.
|
| options/nixos/programs.benchexec.users | Users that intend to use BenchExec
|
| options/nixos/services.dependency-track.settings."alpine.oidc.team.synchronization" | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| options/nixos/hardware.libjaylink.enable | Whether to enable udev rules for devices supported by libjaylink
|
| options/nixos/services.sourcehut.settings."hg.sr.ht".changegroup-script | A changegroup script which is installed in every mercurial repo
|
| options/nixos/services.borgbackup.jobs.<name>.user | The user borg is run as
|