| networking.wg-quick.interfaces.<name>.postUp | List of commands to run after interface setup.
|
| services.gitlab-runner.services.<name>.registrationFlags | Extra command-line flags passed to
gitlab-runner register
|
| environment.launchAgents.<name>.enable | Whether this file should be generated
|
| security.sandbox.profiles.<name>.allowSystemPaths | Whether to allow read access to FHS paths like /etc and /var.
|
| launchd.agents.<name>.serviceConfig.StartCalendarInterval | This optional key causes the job to be started every calendar interval as specified
|
| networking.wg-quick.interfaces.<name>.preDown | List of commands to run before interface shutdown.
|
| environment.userLaunchAgents.<name>.source | Path of the source file.
|
| networking.wg-quick.interfaces.<name>.peers | List of peers associated with this interface.
|
| launchd.daemons.<name>.serviceConfig.EnvironmentVariables | This optional key is used to specify additional environment variables to be set before running the
job.
|
| launchd.daemons.<name>.serviceConfig.EnableTransactions | This flag instructs launchd that the job promises to use vproc_transaction_begin(3) and
vproc_transaction_end(3) to track outstanding transactions that need to be reconciled before the
process can safely terminate
|
| security.sandbox.profiles.<name>.readablePaths | List of paths that should be read-only inside the sandbox.
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| environment.launchDaemons.<name>.source | Path of the source file.
|
| launchd.daemons.<name>.serviceConfig.SoftResourceLimits.NumberOfProcesses | The maximum number of simultaneous processes for this user id
|
| launchd.daemons.<name>.serviceConfig.HardResourceLimits.NumberOfProcesses | The maximum number of simultaneous processes for this user id
|
| networking.computerName | The user-friendly name for the system, set in System Preferences > Sharing > Computer Name
|
| security.sandbox.profiles.<name>.writablePaths | List of paths that should be read/write inside the sandbox.
|
| networking.wg-quick.interfaces.<name>.postDown | List of commands to run after interface shutdown
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| launchd.daemons.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| launchd.daemons.<name>.serviceConfig.StartCalendarInterval | This optional key causes the job to be started every calendar interval as specified
|
| environment.userLaunchAgents.<name>.enable | Whether this file should be generated
|
| environment.launchDaemons.<name>.enable | Whether this file should be generated
|
| services.aerospace.settings.enable-normalization-opposite-orientation-for-nested-containers | Containers that nest into each other must have opposite orientations.
|
| services.gitlab-runner.services.<name>.environmentVariables | Custom environment variables injected to build environment
|
| networking.wg-quick.interfaces.<name>.listenPort | Port to listen on, randomly selected if not specified.
|
| services.buildkite-agents | Attribute set of buildkite agents
|
| networking.wg-quick.interfaces.<name>.address | List of IP addresses for this interface.
|
| services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration
|
| programs.ssh.knownHosts | The set of system-wide known SSH hosts
|
| networking.wg-quick.interfaces.<name>.table | Controls the routing table to which routes are added
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The public key for this peer.
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Path to file containing this interface's private key.
|
| security.sandbox.profiles.<name>.allowNetworking | Whether to allow network access inside the sandbox.
|
| services.github-runners | Multiple GitHub Runners
|
| networking.wg-quick.interfaces.<name>.peers.*.allowedIPs | List of IP addresses associated with this peer.
|
| networking.wg-quick.interfaces.<name>.autostart | Whether to bring up this interface automatically during boot.
|
| system.startup.chime | Whether to enable the startup chime
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | IP and port to connect to this peer at.
|
| security.sandbox.profiles.<name>.allowLocalNetworking | Whether to allow localhost network access inside the sandbox.
|
| networking.fqdn | The fully qualified domain name (FQDN) of this host
|
| networking.localHostName | The local hostname, or local network name, is displayed beneath the computer's name at the
top of the Sharing preferences pane
|
| networking.fqdnOrHostName | Either the fully qualified domain name (FQDN), or just the host name if
it does not exists
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| homebrew.taps | List of Homebrew formula repositories to tap
|
| homebrew.brews | List of Homebrew formulae to install
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | Optional, path to file containing the pre-shared key for this peer.
|
| services.gitlab-runner.sentryDSN | Data Source Name for tracking of all system level errors to Sentry.
|
| homebrew.casks | List of Homebrew casks to install
|
| services.synergy.client.screenName | Use the given name instead of the hostname to identify
ourselves to the server.
|
| services.synergy.server.screenName | Use the given name instead of the hostname to identify
this screen in the configuration.
|
| services.autossh.sessions.*.user | Name of the user the AutoSSH session should run as
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| security.pam.services.sudo_local.touchIdAuth | Whether to enable Touch ID with sudo
|
| networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | Interval in seconds to send keepalive packets
|
| security.pam.services.sudo_local.watchIdAuth | Use Apple Watch for sudo authentication, for devices without Touch ID or
laptops with lids closed, consider using this
|
| services.postgresql.identMap | Defines the mapping from system users to database users
|
| system.defaults.NSGlobalDomain.AppleMetricUnits | Whether to use the metric system
|
| system.defaults.NSGlobalDomain.AppleICUForce24HourTime | Whether to use 24-hour or 12-hour time
|
| nixpkgs.flake.source | The path to the nixpkgs sources used to build the system
|
| services.postgresql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| system.defaults.NSGlobalDomain.AppleTemperatureUnit | Whether to use Celsius or Fahrenheit
|
| system.defaults.finder._FXSortFoldersFirst | Keep folders on top when sorting by name
|
| system.defaults.NSGlobalDomain.AppleMeasurementUnits | Whether to use centimeters (metric) or inches (US, UK) as the measurement unit
|
| system.defaults.finder._FXSortFoldersFirstOnDesktop | Keep folders on top when sorting by name on the desktop
|
| system.defaults.loginwindow.SHOWFULLNAME | Apple menu > System Preferences > Users and Groups > Login Options
Displays login window as a name and password field instead of a list of users
|