| system.defaults.dock.persistent-apps.*.file | A file to be added to the dock.
|
| system.defaults.dock.persistent-others.*.file | A file to be added to the dock.
|
| system.profile | Profile to use for the system.
|
| programs.ssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.yabai.config | Key/Value pairs to pass to yabai's 'config' domain, via the configuration file.
|
| services.sketchybar.config | Contents of sketchybar's configuration file
|
| services.ofborg.configFile | Configuration file to use for ofborg
|
| services.spacebar.config | Key/Value pairs to pass to spacebar's 'config' domain, via the configuration file.
|
| nix.gc.options | Options given to nix-collect-garbage when the
garbage collector is run automatically.
|
| nix.extraOptions | Additional text appended to nix.conf.
|
| services.synergy.server.configFile | The Synergy server configuration file.
|
| homebrew.global.lockfiles | Whether to enable Homebrew to generate lockfiles when you manually invoke
brew bundle [install]
|
| security.sandbox.profiles | Definition of sandbox profiles.
|
| programs.zsh.histFile | Change history file.
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| fonts.packages | List of fonts to install into /Library/Fonts/Nix Fonts.
|
| environment.profiles | A list of profiles used to setup the global environment.
|
| homebrew.global.brewfile | Whether to enable Homebrew to automatically use the Brewfile that this module generates in
the Nix store, when you manually invoke brew bundle
|
| services.kwm.kwmConfig | Config to use for kwmrc.
|
| services.khd.khdConfig | Config to use for khdrc.
|
| services.hercules-ci-agent.settings.clusterJoinTokenPath | Location of the cluster-join-token.key file
|
| system.defaults.screencapture.target | Target to which screencapture should save screenshot to
|
| services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| launchd.agents.<name>.serviceConfig.Disabled | This optional key is used as a hint to launchctl(1) that it should not submit this job to launchd when
loading a job or jobs
|
| launchd.user.agents.<name>.serviceConfig.Disabled | This optional key is used as a hint to launchctl(1) that it should not submit this job to launchd when
loading a job or jobs
|
| launchd.daemons.<name>.serviceConfig.Disabled | This optional key is used as a hint to launchctl(1) that it should not submit this job to launchd when
loading a job or jobs
|
| services.skhd.skhdConfig | Config to use for skhdrc.
|
| security.sandbox.profiles.<name>.closure | List of store paths to make accessible.
|
| services.postgresql.recoveryConfig | Contents of the recovery.conf file.
|
| nix.daemonIOLowPriority | Whether the Nix daemon process should considered to be low priority when
doing file system I/O.
|
| homebrew.caskArgs.appdir | Target location for Applications
|
| launchd.agents.<name>.path | Packages added to the service's PATH
environment variable
|
| system.patches | Set of patches to apply to /.
This can modify everything so use with caution.
Useful for safely changing system files
|
| programs.tmux.extraConfig | Extra configuration to add to tmux.conf.
|
| security.sudo.extraConfig | Extra configuration text appended to sudoers.
|
| launchd.agents.<name>.serviceConfig.Sockets | This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job
|
| services.telegraf.environmentFiles | File to load as environment file
|
| launchd.user.agents.<name>.serviceConfig.Sockets | This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job
|
| services.redis.extraConfig | Additional text to be appended to redis.conf.
|
| launchd.user.agents.<name>.path | Packages added to the service's PATH
environment variable
|
| launchd.daemons.<name>.serviceConfig.Sockets | This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job
|
| programs.ssh.extraConfig | Extra configuration text loaded in ssh_config
|
| security.sandbox.profiles.<name>.allowSystemPaths | Whether to allow read access to FHS paths like /etc and /var.
|
| environment.etc | Set of files that have to be linked in /etc.
|
| services.yabai.extraConfig | Extra arbitrary configuration to append to the configuration file
|
| security.sandbox.profiles.<name>.readablePaths | List of paths that should be read-only inside the sandbox.
|
| launchd.daemons.<name>.path | Packages added to the service's PATH
environment variable
|
| homebrew.caskArgs.fontdir | Target location for Fonts
|
| security.sandbox.profiles.<name>.writablePaths | List of paths that should be read/write inside the sandbox.
|
| programs.vim.vimOptions.<name>.text | Text of the file.
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.redis.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| security.pki.caCertificateBlacklist | A list of blacklisted CA certificate names that won't be imported from
the Mozilla Trust Store into
/etc/ssl/certs/ca-certificates.crt
|
| nix.settings | Configuration for Nix, see
https://nixos.org/manual/nix/stable/#sec-conf-file
for avalaible options
|
| programs.tmux.tmuxOptions.<name>.text | Text of the file.
|
| services.chunkwm.extraConfig | Additional commands for chunkwmrc.
|
| environment.etc.<name>.text | Text of the file.
|
| programs.vim.vimOptions.<name>.source | Path of the source file.
|
| security.sandbox.profiles.<name>.allowNetworking | Whether to allow network access inside the sandbox.
|
| programs.tmux.tmuxOptions.<name>.source | Path of the source file.
|
| environment.pathsToLink | List of directories to be symlinked in /run/current-system/sw.
|
| services.openssh.extraConfig | Extra configuration text loaded in sshd_config
|
| programs.vim.vimOptions.<name>.enable | Whether this file should be generated
|
| security.sandbox.profiles.<name>.allowLocalNetworking | Whether to allow localhost network access inside the sandbox.
|
| services.spacebar.extraConfig | Extra arbitrary configuration to append to the configuration file.
|
| environment.etc.<name>.source | Path of the source file.
|
| nix.buildMachines.*.sshKey | The path to the SSH private key with which to authenticate on
the build machine
|
| programs.tmux.tmuxOptions.<name>.enable | Whether this file should be generated
|
| environment.etc.<name>.enable | Whether this file should be generated
|
| nix.buildMachines.*.publicHostKey | The (base64-encoded) public host key of this builder
|
| environment.launchAgents | Set of files that have to be linked in /Library/LaunchAgents.
|
| homebrew.caskArgs.servicedir | Target location for Services
|
| nix.enable | Whether to enable Nix
|
| system.activationScripts.<name>.text | Text of the file.
|
| environment.userLaunchAgents | Set of files that have to be linked in ~/Library/LaunchAgents.
|
| environment.launchDaemons | Set of files that have to be linked in /Library/LaunchDaemons.
|
| environment.launchAgents.<name>.text | Text of the file.
|
| services.dnscrypt-proxy.settings | Attrset that is converted and passed as TOML config file
|
| services.postgresql.checkConfig | Check the syntax of the configuration file at compile time
|
| homebrew.caskArgs.prefpanedir | Target location for Preference Panes
|
| homebrew.caskArgs.qlplugindir | Target location for QuickLook Plugins
|
| system.activationScripts.<name>.source | Path of the source file.
|
| environment.userLaunchAgents.<name>.text | Text of the file.
|
| environment.launchDaemons.<name>.text | Text of the file.
|
| services.hercules-ci-agent.settings | These settings are written to the agent.toml file
|
| environment.launchAgents.<name>.source | Path of the source file.
|
| system.activationScripts.<name>.enable | Whether this file should be generated
|
| launchd.agents | Definition of per-user launchd agents
|
| services.offlineimap.extraConfig | Additional text to be appended to offlineimaprc.
|
| security.pam.services.sudo_local.text | Contents of /etc/pam.d/sudo_local
|
| launchd.user.agents | Definition of per-user launchd agents
|
| services.buildkite-agents.<name>.extraConfig | Extra lines to be added verbatim to the configuration file.
|
| services.postgresql.initialScript | A file containing SQL statements to execute on first startup.
|
| environment.userLaunchAgents.<name>.source | Path of the source file.
|
| launchd.agents.<name>.serviceConfig.LimitLoadToHosts | This configuration file only applies to the hosts listed with this key
|
| launchd.daemons | Definition of launchd daemons
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| environment.launchAgents.<name>.enable | Whether this file should be generated
|
| environment.launchDaemons.<name>.source | Path of the source file.
|
| services.cachix-agent.credentialsFile | Required file that needs to contain:
export CACHIX_AGENT_TOKEN=...
|
| launchd.agents.<name>.serviceConfig.LimitLoadFromHosts | This configuration file only applies to hosts NOT listed with this key
|
| launchd.agents.<name>.serviceConfig.LowPriorityIO | This optional key specifies whether the kernel should consider this daemon to be low priority when
doing file system I/O.
|
| launchd.user.agents.<name>.serviceConfig.LimitLoadToHosts | This configuration file only applies to the hosts listed with this key
|
| launchd.agents.<name>.serviceConfig.StandardInPath | This optional key specifies what file should be used for data being supplied to stdin when using
stdio(3).
|
| environment.userLaunchAgents.<name>.enable | Whether this file should be generated
|
| launchd.daemons.<name>.serviceConfig.LimitLoadToHosts | This configuration file only applies to the hosts listed with this key
|
| launchd.agents.<name>.serviceConfig.StandardOutPath | This optional key specifies what file should be used for data being sent to stdout when using stdio(3).
|
| environment.launchDaemons.<name>.enable | Whether this file should be generated
|
| launchd.user.agents.<name>.serviceConfig.LimitLoadFromHosts | This configuration file only applies to hosts NOT listed with this key
|
| launchd.user.agents.<name>.serviceConfig.LowPriorityIO | This optional key specifies whether the kernel should consider this daemon to be low priority when
doing file system I/O.
|
| system.defaults.finder.AppleShowAllExtensions | Whether to always show file extensions
|
| security.pki.certificateFiles | A list of files containing trusted root certificates in PEM
format
|
| launchd.user.agents.<name>.serviceConfig.StandardInPath | This optional key specifies what file should be used for data being supplied to stdin when using
stdio(3).
|
| launchd.daemons.<name>.serviceConfig.LimitLoadFromHosts | This configuration file only applies to hosts NOT listed with this key
|
| launchd.daemons.<name>.serviceConfig.LowPriorityIO | This optional key specifies whether the kernel should consider this daemon to be low priority when
doing file system I/O.
|
| launchd.user.agents.<name>.serviceConfig.StandardOutPath | This optional key specifies what file should be used for data being sent to stdout when using stdio(3).
|
| security.pam.services.sudo_local.enable | Whether to enable managing /etc/pam.d/sudo_local with nix-darwin.
|
| launchd.daemons.<name>.serviceConfig.StandardInPath | This optional key specifies what file should be used for data being supplied to stdin when using
stdio(3).
|
| launchd.agents.<name>.serviceConfig.StandardErrorPath | This optional key specifies what file should be used for data being sent to stderr when using stdio(3).
|
| launchd.daemons.<name>.serviceConfig.StandardOutPath | This optional key specifies what file should be used for data being sent to stdout when using stdio(3).
|
| launchd.agents.<name>.serviceConfig.LimitLoadToSessionType | This configuration file only applies to sessions of the type specified
|
| homebrew.caskArgs.dictionarydir | Target location for Dictionaries
|
| homebrew.caskArgs.mdimporterdir | Target location for Spotlight Plugins
|
| services.buildkite-agents.<name>.privateSshKeyPath | OpenSSH private key
A run-time path to the key file, which is supposed to be provisioned
outside of Nix store.
|
| launchd.user.agents.<name>.serviceConfig.StandardErrorPath | This optional key specifies what file should be used for data being sent to stderr when using stdio(3).
|
| launchd.agents.<name>.serviceConfig.HardResourceLimits.Core | The largest size (in bytes) core file that may be created.
|
| launchd.agents.<name>.serviceConfig.SoftResourceLimits.Core | The largest size (in bytes) core file that may be created.
|
| launchd.user.agents.<name>.serviceConfig.LimitLoadToSessionType | This configuration file only applies to sessions of the type specified
|
| launchd.daemons.<name>.serviceConfig.StandardErrorPath | This optional key specifies what file should be used for data being sent to stderr when using stdio(3).
|
| homebrew.caskArgs.vst_plugindir | Target location for VST Plugins
|
| environment.systemPackages | The set of packages that appear in
/run/current-system/sw
|
| launchd.daemons.<name>.serviceConfig.LimitLoadToSessionType | This configuration file only applies to sessions of the type specified
|
| launchd.agents.<name>.serviceConfig.SoftResourceLimits.FileSize | The largest size (in bytes) file that may be created.
|
| launchd.agents.<name>.serviceConfig.HardResourceLimits.FileSize | The largest size (in bytes) file that may be created.
|
| launchd.user.agents.<name>.serviceConfig.SoftResourceLimits.Core | The largest size (in bytes) core file that may be created.
|
| launchd.user.agents.<name>.serviceConfig.HardResourceLimits.Core | The largest size (in bytes) core file that may be created.
|
| launchd.daemons.<name>.serviceConfig.HardResourceLimits.Core | The largest size (in bytes) core file that may be created.
|
| launchd.daemons.<name>.serviceConfig.SoftResourceLimits.Core | The largest size (in bytes) core file that may be created.
|
| system.defaults.NSGlobalDomain.AppleShowAllExtensions | Whether to show all file extensions in Finder
|
| launchd.user.agents.<name>.serviceConfig.HardResourceLimits.FileSize | The largest size (in bytes) file that may be created.
|
| launchd.user.agents.<name>.serviceConfig.SoftResourceLimits.FileSize | The largest size (in bytes) file that may be created.
|
| launchd.daemons.<name>.serviceConfig.HardResourceLimits.FileSize | The largest size (in bytes) file that may be created.
|
| launchd.daemons.<name>.serviceConfig.SoftResourceLimits.FileSize | The largest size (in bytes) file that may be created.
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Path to file containing this interface's private key.
|
| services.hercules-ci-agent.settings.secretsJsonPath | Path to a JSON file containing secrets for effects
|
| launchd.agents.<name>.serviceConfig.Sockets.<name>.SockPassive | This optional key specifies whether listen(2) or connect(2) should be called on the created file
descriptor
|
| homebrew.caskArgs.colorpickerdir | Target location for Color Pickers
|
| launchd.user.agents.<name>.serviceConfig.Sockets.<name>.SockPassive | This optional key specifies whether listen(2) or connect(2) should be called on the created file
descriptor
|
| system.defaults.finder.FXEnableExtensionChangeWarning | Whether to show warnings when change the file extension of files
|
| services.hercules-ci-agent.settings.binaryCachesPath | Path to a JSON file containing binary cache secret keys
|
| homebrew.caskArgs.vst3_plugindir | Target location for VST3 Plugins
|
| launchd.daemons.<name>.serviceConfig.Sockets.<name>.SockPassive | This optional key specifies whether listen(2) or connect(2) should be called on the created file
descriptor
|
| environment.defaultPackages | Set of default packages that aren't strictly necessary
for a running system, entries can be removed for a more
minimal NixOS installation
|
| environment.extraOutputsToInstall | Entries listed here will be appended to the meta.outputsToInstall attribute for each package in environment.systemPackages, and the files from the corresponding derivation outputs symlinked into /run/current-system/sw
|
| homebrew.caskArgs.screen_saverdir | Target location for Screen Savers
|
| homebrew.caskArgs.input_methoddir | Target location for Input Methods
|
| system.defaults.dock.persistent-others.*.folder.displayas | How to display the folder before clicked. stack: Stack of file previews. folder: A folder icon
|
| launchd.agents.<name>.serviceConfig.LowPriorityBackgroundIO | This optional key specifies whether the kernel should consider this daemon to be low priority when
doing file system I/O when the process is throttled with the Darwin-background classification.
|
| system.defaults.screencapture.show-thumbnail | Show thumbnail after screencapture before writing to file
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | Optional, path to file containing the pre-shared key for this peer.
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| launchd.user.agents.<name>.serviceConfig.LowPriorityBackgroundIO | This optional key specifies whether the kernel should consider this daemon to be low priority when
doing file system I/O when the process is throttled with the Darwin-background classification.
|
| launchd.daemons.<name>.serviceConfig.LowPriorityBackgroundIO | This optional key specifies whether the kernel should consider this daemon to be low priority when
doing file system I/O when the process is throttled with the Darwin-background classification.
|
| services.buildkite-agents.<name>.hooks.environment | The environment hook will run before all other commands, and can be used
to set up secrets, data, etc
|
| launchd.agents.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| launchd.user.agents.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| launchd.daemons.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration
|
| homebrew.caskArgs.internet_plugindir | Target location for Internet Plugins
|
| homebrew.caskArgs.audio_unit_plugindir | Target location for Audio Unit Plugins
|