| system.profile | Profile to use for the system.
|
| security.sandbox.profiles | Definition of sandbox profiles.
|
| environment.profiles | A list of profiles used to setup the global environment.
|
| security.sandbox.profiles.<name>.closure | List of store paths to make accessible.
|
| services.postgresql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| security.sandbox.profiles.<name>.allowSystemPaths | Whether to allow read access to FHS paths like /etc and /var.
|
| security.sandbox.profiles.<name>.readablePaths | List of paths that should be read-only inside the sandbox.
|
| security.sandbox.profiles.<name>.writablePaths | List of paths that should be read/write inside the sandbox.
|
| security.sandbox.profiles.<name>.allowNetworking | Whether to allow network access inside the sandbox.
|
| security.sandbox.profiles.<name>.allowLocalNetworking | Whether to allow localhost network access inside the sandbox.
|
| services.postgresql.ensureUsers.*.ensurePermissions | Permissions to ensure for the user, specified as an attribute set
|
| services.postgresql.dataDir | The data directory for PostgreSQL
|
| environment.systemPackages | The set of packages that appear in
/run/current-system/sw
|