| system.profile | Profile to use for the system.
|
| security.sandbox.profiles | Definition of sandbox profiles.
|
| environment.profiles | A list of profiles used to setup the global environment.
|
| security.sandbox.profiles.<name>.closure | List of store paths to make accessible.
|
| security.sandbox.profiles.<name>.allowSystemPaths | Whether to allow read access to FHS paths like /etc and /var.
|
| security.sandbox.profiles.<name>.readablePaths | List of paths that should be read-only inside the sandbox.
|
| security.sandbox.profiles.<name>.writablePaths | List of paths that should be read/write inside the sandbox.
|
| security.sandbox.profiles.<name>.allowNetworking | Whether to allow network access inside the sandbox.
|
| programs.direnv.settings | Direnv configuration
|
| security.sandbox.profiles.<name>.allowLocalNetworking | Whether to allow localhost network access inside the sandbox.
|
| services.hercules-ci-agent.settings | These settings are written to the agent.toml file
|
| nix.settings | Configuration for Nix, see
https://nixos.org/manual/nix/stable/#sec-conf-file
for avalaible options
|
| nix.settings.max-jobs | This option defines the maximum number of jobs that Nix will try to
build in parallel
|
| nix.settings.cores | This option defines the maximum number of concurrent tasks during
one build
|
| nix.settings.extra-sandbox-paths | Directories from the host filesystem to be included
in the sandbox.
|
| nix.settings.sandbox | If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build
|
| nix.settings.require-sigs | If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
nix.settings.trusted-public-keys
|
| nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| nix.settings.allowed-users | A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon
|
| services.spotifyd.settings | Configuration for spotifyd, see https://spotifyd.github.io/spotifyd/config/File.html
for supported values.
|
| nix.settings.trusted-public-keys | List of public keys used to sign binary caches
|
| services.aerospace.settings | AeroSpace configuration, see
|
| services.dnscrypt-proxy.settings | Attrset that is converted and passed as TOML config file
|
| nix.settings.auto-optimise-store | If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy
|
| services.aerospace.settings.start-at-login | Do not start AeroSpace at login. (Managed by launchd instead)
|
| nix.settings.substituters | List of binary cache URLs used to obtain pre-built binaries
of Nix packages
|
| services.hercules-ci-agent.settings.apiBaseUrl | API base URL that the agent will connect to
|
| services.aerospace.settings.key-mapping.preset | Keymapping preset.
|
| services.postgresql.settings | PostgreSQL configuration
|
| services.aerospace.settings.on-focus-changed | Commands to run every time focused window or workspace changes.
|
| services.aerospace.settings.after-login-command | Do not use AeroSpace to run commands after login. (Managed by launchd instead)
|
| services.hercules-ci-agent.settings.labels | A key-value map of user data
|
| services.aerospace.settings.on-window-detected.*."if" | Conditions for detecting a window.
|
| services.hercules-ci-agent.settings.baseDirectory | State directory (secrets, work directory, etc) for agent
|
| services.hercules-ci-agent.settings.secretsJsonPath | Path to a JSON file containing secrets for effects
|
| services.aerospace.settings.on-window-detected | Commands to run every time a new window is detected with optional conditions.
|
| nix.settings.trusted-substituters | List of binary cache URLs that non-root users can use (in
addition to those specified using
nix.settings.substituters) by passing
--option binary-caches to Nix commands.
|
| services.aerospace.settings.on-window-detected.*.run | Commands to execute when the conditions match (required).
|
| services.hercules-ci-agent.settings.workDirectory | The directory in which temporary subdirectories are created for task state
|
| services.hercules-ci-agent.settings.binaryCachesPath | Path to a JSON file containing binary cache secret keys
|
| services.aerospace.settings.after-startup-command | Add commands that run after AeroSpace startup
|
| services.aerospace.settings.on-window-detected.*."if".app-id | The application ID to match (optional).
|
| services.aerospace.settings.accordion-padding | Padding between windows in an accordion container.
|
| services.aerospace.settings.exec-on-workspace-change | Commands to run every time workspace changes.
|
| services.hercules-ci-agent.settings.clusterJoinTokenPath | Location of the cluster-join-token.key file
|
| services.aerospace.settings.on-focused-monitor-changed | Commands to run every time focused monitor changes.
|
| environment.systemPackages | The set of packages that appear in
/run/current-system/sw
|
| services.aerospace.settings.default-root-container-layout | Default layout for the root container.
|
| services.aerospace.settings.on-window-detected.*."if".workspace | The workspace name to match (optional).
|
| services.hercules-ci-agent.settings.staticSecretsDirectory | This is the default directory to look for statically configured secrets like cluster-join-token.key
|
| services.aerospace.settings.on-window-detected.*."if".app-name-regex-substring | Regex substring to match the app name (optional).
|
| services.aerospace.settings.on-window-detected.*.check-further-callbacks | Whether to check further callbacks after this rule (optional).
|
| services.hercules-ci-agent.settings.concurrentTasks | Number of tasks to perform simultaneously
|
| nix.enable | Whether to enable Nix
|
| services.aerospace.settings.on-window-detected.*."if".window-title-regex-substring | Substring to match in the window title (optional).
|
| services.aerospace.settings.on-window-detected.*."if".during-aerospace-startup | Whether to match during aerospace startup (optional).
|
| services.aerospace.settings.default-root-container-orientation | Default orientation for the root container.
|
| services.aerospace.settings.workspace-to-monitor-force-assignment | Map workspaces to specific monitors
|
| services.aerospace.settings.enable-normalization-flatten-containers | Containers that have only one child are "flattened".
|
| system.startup.chime | Whether to enable the startup chime
|
| services.aerospace.settings.enable-normalization-opposite-orientation-for-nested-containers | Containers that nest into each other must have opposite orientations.
|
| system.defaults.NSGlobalDomain.AppleMetricUnits | Whether to use the metric system
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| system.defaults.NSGlobalDomain.AppleICUForce24HourTime | Whether to use 24-hour or 12-hour time
|
| security.pam.services.sudo_local.touchIdAuth | Whether to enable Touch ID with sudo
|
| security.pam.services.sudo_local.watchIdAuth | Use Apple Watch for sudo authentication, for devices without Touch ID or
laptops with lids closed, consider using this
|
| system.defaults.NSGlobalDomain.AppleTemperatureUnit | Whether to use Celsius or Fahrenheit
|
| system.defaults.NSGlobalDomain.AppleMeasurementUnits | Whether to use centimeters (metric) or inches (US, UK) as the measurement unit
|