The actual command passed to the dsmc executable to start the backup.

Command to pass to --stdin-from-command

Which command the service runs

Command to run when this transition is taken

The recyclarr command to run (e.g., sync).

Absolute path to programs.sqlite

What to run.

Command-line flags passed to the update daemon

Whether interactive shells should show which Nix package (if any) provides a missing command

The name of the command to use

The command that should be executed when the hook is triggered.

Defines new command keys.

A program name specifying a Postfix service/daemon process

Program to run for sound output.

A program name specifying a Postfix service/daemon process

Adapter command to run.

Unix command socket that can be used to pass commands to Suricata

Enable unix-command socket.

Filename for unix-command socket.

Program to run for audio input.

Disable executing the command from dashboard.

Extra syncoid arguments for this command.

Whether to add the configured common arguments to this command.

Syncoid commands to run.

The commands for which the rule should apply.

The commands for which the rule should apply.

Options for the 'help' command

Options for the 'info' command

Options for the 'stop' command

Options for the 'repo-ls' command

Options for the 'repo-get' command

Options for the 'check' command

Options for the 'start' command

Options for the 'server' command

Options for the 'backup' command

Options for the 'verify' command

Options for the 'expire' command

Options for the 'server-ping' command

Options for the 'version' command

Options for the 'restore' command

Whether to enable the at daemon, a command scheduler.

Options for the 'archive-get' command

SSH private key file to use to login to the remote system

Options for the 'archive-push' command

Options for the 'annotate' command

Options for the 'stanza-delete' command

Options for the 'stanza-create' command

Whether to enable uvcvideo dynamic controls

Options for the 'stanza-upgrade' command

Source ZFS dataset

The file systems to be mounted

Target ZFS dataset

The swap devices and swap files

Systemd configuration specific to this syncoid service.

Symlink vi to nvim binary.

Whether to enable the sudo command, which allows non-root users to execute commands as root.

Whether to enable the doas command, which allows non-root users to execute commands as root.

Symlink vim to nvim binary.

Advanced options to pass to zfs send

Advanced options to pass to zfs recv

Whether to enable a memory-safe implementation of the sudo command, which allows non-root users to execute commands as root .

Interfaces for which to start wpa_supplicant

The guix package to use

Extra command-line flags passed to alloy run

Set the login uid of the process (/proc/self/loginuid) for auditing purposes

The log level. i2pd defaults to "info" but that generates copious amounts of log messages

Whether to enable the transfer of child datasets.

Whether to enable make sudo an alias to run0..

If enabled, NixOS will periodically update the database of files used by the locate command.

Permissions granted for the services.syncoid.user user for local source datasets

An optional command to prepend to the microsocks command (such as proxychains, or a VPN exclude command).

Arguments that must be provided to the command

List of packages containing uvcvideo dynamic controls rules

Additional command-line arguments to pass to xss-lock.

If set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one

Any additional flags passed to nixos-rebuild

Whether to enable the SFTP subsystem in the SSH daemon

Permissions granted for the services.syncoid.user user for local target datasets

The root URL that you want to host Snipe-IT on

If set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one

List of rules to be added to /etc/xdg/pay-respects/rules. pay-respects will read the contents of these generated rules to recommend command corrections

Additional command-line arguments to pass to hoogle server

Whether to enable periodic dumps via the built-in dump command.

Arguments to add to every syncoid command, unless disabled for that command

Parameters added to the kernel command line.

The root URL that you want to host monica on

Port to use for mbuffer

Whether to use sign the limine binary with sbctl.

When to perform a flexget run

This option defines the PAM services

Key bindings for actkbd

A list of extra command-line flags to pass to dnsproxy

Whether snapraid touch should be run before snapraid sync.

Additional command-line arguments to pass to redshift.

The root URL that you want to host agorakit on

A list of NTLM/NTLMv2 authenticating HTTP proxies

The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication

The public key data for the host

Generate with nix-shell -p znc --command "znc --makepass"

Whether to install the cdemu GUI (gCDEmu).

Whether users of the wheel group must provide a password to run commands or edit files with please and pleaseedit respectively.

The root URL that you want to host BookStack on

Command-line options for rtkit-daemon.

Whether to enable the actkbd key mapping daemon

Additional command-line arguments to pass to imwheel.

IR camera device to depend on

A list of options (--keep-* et al.) for 'restic forget --prune', to automatically prune old snapshots

Whether to enable the physlock screen locking mechanism

Whether to enable npm global config.

Group that users must be in to use cdemu.

Type of the file system

Signal to send to the command on session close.

Extra flags passed to the robustirc-bridge command

Make your The Lounge instance public

Whether to install info pages and the info command

Additional command-line arguments to pass to named.

List of additional command line parameters for knotd

Extra flags passed to the ntpd command.

Extra flags to pass to the k3s command.

The public key data for the host

Specifies the initial hashed password for the user, i.e. the hashed password assigned if the user does not already exist

Install criu along with necessary kernel options.

Extra flags to pass to the rke2 command.

cdemu for members of programs.cdemu.group.

Whether to enable the fcron daemon.

List of command line parameters for lldpd

Specifies the initial hashed password for the user, i.e. the hashed password assigned if the user does not already exist

Additional command-line arguments to pass to xautolock.

The command to execute in case the host shall be suspended

The file systems to be mounted

Extra command-line arguments pass to angrr.

Extra arguments to pass on invocation, see man 4 u9fs

A list of files containing trusted root certificates in PEM format

Extra command line arguments to be passed to the PCSC daemon.

Extra command-line arguments to pass to the rumno daemon.

Extra command line arguments passed to osrm-routed

Enables U2F PAM (pam-u2f) module

Determines how GRUB will identify devices when generating the configuration file

The path to the public key file for the host

Whether to enable QDMR - a GUI application and command line tool for programming DMR radios.

Whether to enable Jottacloud Command-line Tool.

Extra command line arguments.

Extra flags to pass to command

Don't start gpg-agent if it is not running

Extra config options for systemd-oomd

Extra command line options to use.

Additional hwdb files

Whether to enable recommend functionality.

Maximum number of returned keys in keys command. keys is a dangerous command

List of fully qualified URLs that Athens will proxy that the go command can use a checksum verifier.

Specify a list of additional command line flags, which get escaped and are then passed to Loki.

Whether to install NixOS's own documentation.

• This includes man pages like configuration.nix(5) if documentation.man.enable is set.
• This includes the HTML manual and the nixos-help command if documentation.doc.enable is set.

Group which users must be in to use ydotool.

A list of extra command line arguments to pass to gpsd

Extra command line arguments for deCONZ, see https://github.com/dresden-elektronik/deconz-rest-plugin/wiki/deCONZ-command-line-parameters.

Additional command line arguments to pass to the sftpgo daemon.

Definitions of SIIT instances of Jool

List of urls of debuginfod servers for tools like gdb and valgrind to use

Extra flags passed to the chronyd command.

Whether to enable zoxide, a smarter cd command that learns your habits.

Command-line options passed to jottad.

Extra flags to pass to updatedb.

If enabled, pam_gnupg will attempt to automatically unlock the user's GPG keys with the login password via gpg-agent

If the device does not currently contain a filesystem (as determined by blkid), then automatically format it with the filesystem type specified in fsType

Whether to install Light backlight control command and udev rules granting access to members of the "video" group.

Extra command line arguments to pass to echoip

Whenever to configure tmux system-wide.

Specify a list of additional command line flags, which get escaped and are then passed to Mimir.

Additional udev rules

Extra command line arguments to pass to whoami

A set of NixOS system configurations to be run as lightweight containers

Definitions of NAT64 instances of Jool

A list of command-line flags to pass to doh-proxy

The path to the public key file for the host

Whether to enable sendRaw feature which adds the options -w to the zfs send command

Extra command line parameters for nix-serve.

This option enables Podman, a daemonless container engine for developing, managing, and running OCI Containers on your Linux System

Create an alias mapping docker to podman.

Extra command line options.

Extra options passed to the go-camo command.

Extra command-line arguments to pass to daemon.

Extra command-line arguments to pass to caller.

Will regularly ensure that the given CUPS printers are configured as declared here

The extra command-line options to pass to docker daemon.

Whether to enable thefuck, an app which corrects your previous console command.

Whether to enable please, a Sudo clone which allows a users to execute a command or edit a file as another user .

Extra command-line options to pass to slurmrestd.

Command-line arguments to pass to public-inbox-mda(1).

Enables the daemon for lorri, a nix-shell replacement for project development

Extra flags passed to the uptermd command.

If non-empty, only these player names are allowed to connect

Virtual GPUs to be used in Qemu

Parameters added to the Memtest86+ command line

By default pam-u2f module reads the keys from $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set)

This option enables docker, a daemon that manages linux containers

Event handlers.

List of arguments to be passed to guix gc

Use a fixed port for rpc.statd

Whether to enable ydotoold system service and ydotool for members of programs.ydotool.group. .

Extra command-line arguments to pass to glances

Extra command line arguments.

Command-line arguments to pass to public-inbox-httpd(1).

Command-line arguments to pass to public-inbox-imapd(1).

Command-line arguments to pass to public-inbox-nntpd(1).

Require pg_receivewal to use an existing replication slot (see Section 26.2.6 of the PostgreSQL manual)

This option enables lxd, a daemon that manages containers

Specifies the hashed password for the user

Extra args to pass to vlagent

Extra args to pass to vmagent

Additional command line parameters

Whether to enable the BOINC distributed computing client

Specifies additional command line argument to pass to bloop java process.

Additional parameters passed to syslogd.

Whether to enable the RDNSS daemon (rdnssd), which configures DNS servers in /etc/resolv.conf from RDNSS advertisements sent by IPv6 routers.

If set, mpd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection.

Extra command line options for zenohd.

Specifies the hashed password for the user

Whether to start the OpenSSH agent when you log in

Extra command line arguments to pass to atftp.

Include information such as the command to be executed in the Duo Push message.

Path to a json file containing users and folders to load (or update) on startup

Additional command-line arguments for the systemd service

Enable a remote shell server which Neo4j Shell clients can log in to

PostgreSQL WAL receivers

Command line arguments passed to launch Sway

Sockets to listen for clients on

Percent of the array that should be checked by snapraid scrub.

The command the user is allowed to run

A list of extra arguments to pass to the pg_receivewal command.

Command to start the display manager.

The path to the TLS key.

  nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"

Configuration for foot terminal emulator

Type of the file system

Whether to enable IBM Storage Protect (Tivoli Storage Manager, TSM) client command line applications with a client system-options file "dsm.sys" .

The user tuwunel is run as

Whether to enable Easy and fast file sharing from the command-line.

Specifies extra command line arguments to pass to mealie (Gunicorn).

Extra command line options to pass to Quickwit.

These are arguments passed to the webhook command in the systemd service

Whether core dumps should be processed by systemd-coredump

Whether to enable incusd, a daemon that manages containers and virtual machines

This option enables libvirtd, a daemon that manages virtual machines

Whether the nix-channel command and state files are made available on the machine

If set, root doesn't need to authenticate (e.g. for the useradd service).

Whether to set the path to xauth for X11-forwarded connections

Extra command line options for the JVM running Kafka.

Extra flags passed to the systemd-nspawn command

Compression algorithm. lzo has good compression, but is slow. lz4 has bad compression, but is fast. zstd is both good compression and fast, but requires newer kernel

The path to the TLS certificate.

  nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"

Set a router bandwidth limit integer in KBps

Whether to enable pay-respects, an app which corrects your previous console command.

Specifies startup command line arguments to pass to JACK server.

Which command ttyd runs.

Extra command-line arguments to pass to mycelium

Extra command line arguments.

Additional command line arguments to pass to VDR.

Additional command line arguments to pass to htpdate.

Whether to run fsck on journaling filesystems such as ext3.

Additional command line arguments to pass to Jenkins.

The group tuwunel is run as

Extra command line options to pass to MTR exporter.

Run specified command or script after the tunnel device has been opened.

Whether to enable the Router Advertisement Daemon (radvd), which provides link-local advertisements of IPv6 router addresses and prefixes using the Neighbor Discovery Protocol (NDP)

Additional parameters passed to rsyslogd.

Whether to enable this .link unit

The URI of the NixOS channel to use for automatic upgrades

Extra command lines argument that are passed to synapse and workers.

Additional command line arguments to pass to Cage.

Command and arguments to start the kernel.

udev rules to include in the initrd only

Extra command line flags to pass to HDFS ZooKeeper failover controller

Additional command line parameters

Extra command-line options passed to the smartd daemon on startup.

(See man 8 smartd.)

List of packages containing udev rules

Specify a list of additional command line flags, which get escaped and are then passed to Loki.

Whether to make /var/spool/at{jobs,spool} writeable by everyone (and sticky)

Any extra command-line flags to pass to the Gotenberg service.

Additional command-line arguments passed verbatim to udhcpc if boot.initrd.network.enable and boot.initrd.network.udhcpc.enable are enabled.

Extra command line options

Install systemtap along with necessary kernel options.

Additional command-line arguments for the systemd service

Additional command line arguments to pass on logrotate invocation

A list of extra command line arguments to pass to thinkfan

NZBGet configuration, passed via command line using switch -o

Extra command-line arguments to be passed to earlyoom

Which user or group the specified command is allowed to run as

Options used for the default rules, granting root and the wheel group permission to run any command as any user.

Additional command line parameters

Controls how systemd will interpret the root FS in initrd

This option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access)

Extra command line arguments to pass to hledger-web.

Extra flags to pass to oa_ded

Whether to enable rpcbind, an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command. rpcbind is a replacement for portmap.

Must be set to a unique identifier, preferably a UUID according to RFC 4122

Must be set to a unique identifier, preferably a UUID according to RFC 4122

Must be set to a unique identifier, preferably a UUID according to RFC 4122

Whether to enable compressed feature which adds the options -Lce to the zfs send command

Specifies additional command line arguments to pass to Go

Options used for the default rules, granting root and the wheel group permission to run any command as any user.

Extra command-line arguments to pass to systemd-repart

CLI access password

Under which user/group the specified command is allowed to run

Whether to enable support for Linux MD RAID arrays

Whether to run the check command with the provided checkOpts options.

Specify a list of additional command line flags.

Arguments to pass to xbanish command

vmalert configuration, passed via command line flags

Additional command line parameters.

This specifies the service manager to use for restarting or reloading services

The (base64-encoded) public host key of this builder

Basic Auth password file for a vhost

Under which user/group the specified command is allowed to run

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Extra flags passed to the syncthing command in the service definition.

Whether users of the wheel group must provide a password to run commands as super user via run0.

Whether to allow editing the kernel command-line before boot

Extra command line flags to pass to HDFS JournalNode

Extra flags to pass to tailscale set.

Additional command line flags to pass to the minetest executable.

Basic Auth password file for a vhost

Extra command line arguments to pass to xandikos.

Whether users of the wheel group must provide a password to run commands as super user via sudo.

Whether users of the wheel group must provide a password to run commands as super user via doas.

Additional command line options to pass to the endlessh daemon.

User accounts for GRUB

TLS key path.

Command line switches for varnishd (run 'varnishd -?' to get list of options)

Attribute set of strings that will prevent switching into a configuration when they change

Whether users of the wheel group must provide a password to run commands as super user via sudo.

Specifies additional command line arguments to pass to Go

Additional command line arguments to pass to the Java run time (as opposed to Jenkins).

Specifies startup command line arguments to pass to Go

Extra flags to pass to the calibre-server command

Extra command-line flags passed to duplicity

Extra scollector command line options

Extra flags to pass to tailscale up

Extra command line arguments to pass to the program.

If set, sshd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection.

The interval at which to run the check and update

Additional command line options to pass to the endlessh-go daemon.

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Additional arguments passed to every lighthouse command.

Configuration for Nix, see https://nixos.org/manual/nix/stable/command-ref/conf-file.html or nix.conf(5) for available options

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Free-form configuration for script_exporter, expressed as a Nix attrset and rendered to YAML.

Migration note: The previous format using script = "sleep 5" is no longer supported

Command to run before sending the snapshot to the destination

Generate your init file from your list of plugins and custom commands

Extra command line options for the JVM running AirSonic

Additional command line parameters

How often to run snapraid sync.

Whether to manage network configuration using systemd-network

Command-line arguments for the server program.

Whether to set NIX_PATH to include nixpkgs=flake:nixpkgs such that <nixpkgs> lookups receive the version of nixpkgs that the system was built with, in concert with nixpkgs.flake.setFlakeRegistry

The credentials to access the web interface, in case authentication is enabled, in the format username:hash

The path to the file holding the credentials to access the web interface

More arguments to pass to the unclutter command

The secret data used to encode the SRS address. to generate, use a command like: for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done

Specifies startup command line arguments to pass to Go

Whether to run the infnoise driver as a daemon to refill /dev/random

Configuration for c2FmZQ-server passed as CLI arguments

Command to run after become master, the interface name, virtual address and optional extra parameters are passed as arguments.

The shell (/bin/sh) command executed to obtain the DHCP DNS server address

By default pam-u2f module sets the application ID to pam://$HOSTNAME

The short hostname of the machine where SLURM control functions are executed (i.e. the name returned by the command "hostname -s", use "tux001" rather than "tux001.my.com").

Update the locate database at this interval

Command line options to use when invoking gzip

Command line arguments passed to Gunicorn server.

Extra command line arguments for Yggdrasil Jumper.

Command to run after sending the snapshot to the destination

Shell commands to run after borg init.

Whether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure

How often to run snapraid scrub.

Set group-write permissions on a USB device

Whether to enable the base wrapper to execute extra session commands and prepend a dbus-run-session to the sway command.

Command that buildkite-agent 3 will execute when it spawns a shell.

Extra command line arguments provided when the smtpd process is started.

Extra flags to pass to tailscaled.

Arguments to pass to the command

Enable ReGreet, a clean and customizable greeter for greetd

Command to start the display manager.

Shell commands to run after borg prune.

A list of extra command line arguments to pass to the hbbr process.

The amount of debugging information to add to the log. 0 means little logging while 5 is the most logging. man tincd for more details.

Whether to manage network configuration using systemd-network

Specify the bypass parameters for Zapret binary

Listener IP addresses of relay server

Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks

Extra command line flags to pass to HDFS DataNode

Extra command line flags to pass to HDFS NameNode

Extra command line arguments to pass to magneticow.

Which paths to backup, in addition to ones specified via dynamicFilesFrom

Whether to enable the Etebase server

Whether X authentication keys should be passed from the calling user to the target user (e.g. for su)

If set, the calling user's SSH agent is used to authenticate against the keys in the calling user's ~/.ssh/authorized_keys

Any additional flags passed to clear-docker-cache.

The user borg is run as

Extra command line arguments passed to kanata.

Path to the file containing the KSK public key

Kubernetes proxy extra command line options.

The string that will be used for the NH_FLAKE environment variable.

NH_FLAKE is used by nh as the default flake for performing actions, such as nh os switch

Additional command line arguments to pass to Asterisk.

Command line arguments passed to the imaginary executable, stripped of the prefix -

Extra command line parameters to be passed to the adguardhome binary.

Extra command line options for pvfs2-client.

Extra command line options for the Zookeeper launcher.

Whether to enable pay-respects' LLM integration

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Options passed through to the full repair command.

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Create the password with: echo -n 'thisismypassword' | nix run nixpkgs#libargon2 -- "$(head -c 20 /dev/random | base64)" -e

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Path to the file containing the ZSK public key

User account under which triggerhappy runs.

Basic Auth password file for a vhost

A list of extra command line arguments to pass to the hbbs process.

Command to run before snapshots are taken on the source dataset, e.g. for database locking/flushing

Extra command-line arguments to pass to systemd-networkd-wait-online

Additional arguments for all borg calls the service has

The size for mbuffer

The user borg serve is run as

An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs

Number of seconds it would take for a command to be considered long-running.

Additional arguments passed to the lighthouse beacon command.

Command and arguments to start the kernel.

Extra command-line arguments to pass to Cert Spotter

Roles that are allowed to access the JMX (e.g. nodetool) BEWARE: The passwords will be stored world readable in the nix store

Extra command line arguments to pass to strelaysrv.

A set of shell script fragments that are executed when a NixOS system configuration is activated

Additional command line parameters

List of network interfaces that should be ignored by the avahi-daemon

Specifies Unix ODBC drivers to be registered in /etc/odbcinst.ini

More arguments to pass to the unclutter-xfixes command.

Basic Auth password file for a vhost

Whether to use mbuffer.

Shell commands to run just before exit

List of extra arguments to be passed to goatcounter cli

List of paths to bcachefs filesystems to regularly call bcachefs scrub on

The channel to operate on

Run borg init if the specified repo does not exist

Extra command line options for Java.

Command line for the cron job

Shell commands to run after borg create

Basic Auth password file for a vhost

The group borg serve is run as

Extra CLI arguments passed to cockroach start

List of network interfaces that should be used by the avahi-daemon

Must be set to a unique identifier, preferably a UUID according to RFC 4122

Basic Auth password file for a vhost

Command to run after snapshots are taken on the source dataset, e.g. for database unlocking

Whether to enable emergency mode, which is an sulogin shell started on the console if mounting a filesystem fails

The driver hostapd will use. nl80211 is used with all Linux mac80211 drivers. none is used if building a standalone RADIUS server that does not control any wireless/wired driver

Arguments passed to date to create a timestamp suffix for the archive name.

Additional command line arguments to pass to Pixiecore

Extra command line arguments to pass to wstunnel

Extra command line arguments to pass to wstunnel

Basic Auth password file for a vhost

Command to run after become backup, the interface name, virtual address and optional extra parameters are passed as arguments.

By default pam-u2f module sets the origin to pam://$HOSTNAME

Extra command line options for the OpenSearch launcher.

Kubernetes kubelet extra command line options.

Additional arguments for borg init

Parameters passed to --listen command

Whether to enable the triggerhappy hotkey daemon.

Print global archive statistics upon completion

Arguments to pass to the command

Arguments to the thanos rule command

Command line arguments passed to the compiler (ghc) invocation when xmonad.config is set.

The name-string specifies an external program to be called that will automatically change volumes as required by Bacula

Heisenbridge is configured over the command line

Controls whether to issue the BLKDISCARD I/O control command on the space taken up by any added partitions or on the space in between them

Extra args append to the easytier command-line.

Path to audio file in WAV format to play when voice command recording has ended.

Prune a repository by deleting all archives not matching any of the specified retention options

Command line arguments to add when executing wpa_supplicant.

This will only be used when systemd is used in stage 1.

List of packages containing udev rules that will be copied to stage 1

The user continuwuity is run as.

A set of shell script fragments that are executed by a systemd user service when a NixOS system configuration is activated

Maximum estimated error threshold for the rtcautotrim command

Additional arguments for borg prune

A list of device nodes to which esphome has access to

Location of the ppd driver file for the printer. lpinfo -m shows a list of supported models.

The network definitions to automatically connect to when wpa_supplicant is running

Command called before the interface is taken down.

Arguments to the thanos query command

A script that produces a list of files to back up

Extra arguments to pass to the networkd-dispatcher command.

Extra command line arguments to pass to magneticod.

Arguments to the thanos store command

Basic Auth password file for a vhost

Extra command line options to pass to bitcoind

Extra flags passed to the transmission command in the service definition.

Command called after the interface is taken down.

The group continuwuity is run as.

Basic Auth password file for a vhost

Send the XCLIENT command to the receiving server, for forwarding client addresses and connection information if the receiving server supports this feature.

Whether to periodically prune gitlab runner's Docker resources

Whether to use the option defaults from the configuration generated by cross-seed gen-config

Whether to propagate the legacy options under services.znc.confOptions.* to the znc config

Extra config files to include

Runner-specific command script executed after code is pulled, just before build executes.

Additional arguments for borg create

Path of the Neo4j home directory

How to reach the printer. lpinfo -v shows a list of supported device URIs and schemes.

List of paths to btrfs filesystems to regularly call btrfs scrub on

Flags to pass to the zfs-auto-snapshot command

Command line arguments passed to the xmonad binary.

Exclude paths matching any of the given patterns

Runner-specific command script executed after code is pulled and just after build executes.

Literal contents to append to the end of triggerhappy configuration file.

Key bindings for triggerhappy.

Command line arguments to pass to wstunnel

Command line arguments to pass to wstunnel

List of packages containing systemd-tmpfiles rules

The permissions of the wrapper program

Issue the reloadxml command to FreeSWITCH when configuration directory changes (instead of restart)

(Path of) Script command to execute followed by args, i.e. cmd [args]...

Command to restart the homebridge UI service

Extra command-line arguments to pass to systemd-networkd-wait-online

The default logging directory

The script to use when manually locking the computer with xautolock -locknow.

Extra command line flags to pass to the service

Additional arguments for borg compact

Extra command line options for the JVM running languagetool

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Arguments to the thanos sidecar command

Command line options for pg_dumpall

Basic Auth password file for a vhost

Additional arguments passed to the lighthouse validator command.

Arguments to the thanos compact command

Arguments to the thanos receive command

Kubernetes scheduler extra command line options.

vmalert configuration, passed via command line flags

Kubernetes apiserver extra command line options.

Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json) to the store path of the sources of nixpkgs used to build the NixOS system

Command to run when a virus is found

Set the interval how often full repairs are run, i.e. nodetool repair --full is executed

Extra command line flags to pass to HDFS JournalNode

Command of pluggable transport.

Basic Auth password file for a vhost

PCI ID of graphics card

Whether to enable manual usage of the rsnapshot command with this module.

Whether to enable destroying snapshots one by one instead of using one long argument list

Override the default pause command

Runner-specific command script executed before code is pulled.

Additional command line arguments to pass to Squeezelite.

Extra command line arguments to be passed to the deepcool-digital-linux daemon.

Fail the whole backup job if any borg command returns a warning (exit code 1), for example because a file changed during backup.

Extra command-line arguments pass to to the compsitor.

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Create the database and database user locally, and run installation

When opening a new LUKS device try reusing last successful passphrase

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Command line options for pg_dump

Sets the environment variable $HELOHOST which is used by the SMTP protocol module to set the parameter given to the HELO command

This option can be used to store some or all of the options given to the commandline client

Runner-specific command script executed after code is pulled.

Sets PPD options for the printer. lpoptions [-p printername] -l shows supported PPD options for the given printer.

Extra options to pass to VictoriaLogs

The settings to use for dsnet

Xen Command Line parameters passed to Domain 0 at boot time

JSON file containing secret keys

Append a .failed suffix to the archive name, which is only removed if borg create has a zero exit status.

The package that provides the system-wide resolvconf command

The name of the TPM command transmission interface (TCTI) library to use.

Extra command-line options passed to the daemon

Add conduwuit command to PATH for administration

Some NixOS packages provide debug symbols

Use the IMAP IDLE command to process messages as they arrive.

Tarsnap archive configurations

File containing the gossip secret, a shared secret key to use for gossip encryption

This file can be used to store some or all of the options given to the commandline client

The configuration of each Fail2ban “jail”

Configuration for ZNC, see https://wiki.znc.in/Configuration for details

The interfaces wpa_supplicant will use

Whether to enable Jool, an Open Source implementation of IPv4/IPv6 translation on Linux

(Extra) system-wide /**/bin paths for Apptainer/Singularity to find command-line utilities in.

"/run/wrappers/bin" is included by default to make utilities with SUID bit set available to Apptainer/Singularity

Private key file as generated by wg genkey.

Xen Command Line parameters passed to Domain 0 at boot time.

Any additional flags passed to podman system prune.

Any additional flags passed to docker system prune.

Extra command line options to pass to Blockbook

TLS certificate path.

TLS ceritficate path.

The cache allows tarsnap to identify previously stored data blocks, reducing archival time and bandwidth usage

Specifies the initial password for the user, i.e. the password assigned if the user does not already exist

Extra command line options for Java.

Whether to enable the dummy "startx" pseudo-display manager, which allows users to start X manually via the startx command from a virtual terminal.

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Basic Auth password file for a vhost

Arguments to the thanos query-frontend command

Known homeservers

Type of the file system

Specifies the initial password for the user, i.e. the password assigned if the user does not already exist

Extra command line options for the elasticsearch launcher.

Basic Auth password file for a vhost

Enable running shellcheck on the generated scripts for this unit

Compression method to use

Base64 private key generated by wg genkey

Only execute the administrator Sieve scripts for the mailbox configured with services.dovecot2.imapsieve.mailbox..name when the message originates from the indicated mailbox

Include/exclude paths matching the given patterns

Basic Auth password file for a vhost

Path to a file containing the public key of the local Rosenpass peer

Path to a file containing the secret key of the local Rosenpass peer

Whether to enable use lowmemRecurse on systems where you have too many datasets, so a recursive listing of attributes to find backup plans exhausts the memory available to znapzend: instead, go the slower way to first list all impacted dataset names, and then query their configs one by one .

Whether to create symlinks to the system generations under /boot

Basic Auth password file for a vhost

Basic Auth password file for a vhost

This option allows you to define APs for one or multiple physical radios

This setting configures the name of a mailbox for which administrator scripts are configured

Arguments to the thanos downsample command

Basic Auth password file for a vhost

Options passed through to the incremental repair command.

Whether to enable using zfsGetType if your zfs get supports a -t argument for filtering by dataset type at all AND lists properties for snapshots by default when recursing, so that there is too much data to process while searching for backup plans

This option specifies disk mount options to be passed to the mount -o command

Borg command to use for archive creation

Enable running shellcheck on the generated scripts for this unit

Whether to enable Starship's transient prompt feature in fish shells

The shell (/bin/sh) command executed once the proxy starts

Extra command line arguments passed to libvirtd on startup.

An absolute file path (which should be outside the Nix-store) to an OpenPGP private key

curator action.yaml file contents, alternatively use curator-cli which takes a simple action command

Contains the builder command used to populate an image, honoring all options except the -c <path-to-default-configuration> argument

Kubernetes controller manager extra command line options.

Arguments to be passed to AutoSSH and retransmitted to SSH process

The output console devices to pass to the kernel command line via the console parameter, the primary console is the last item of this list

Basic Auth password file for a vhost

The permissions of the wrapper program

If the device does not currently contain a filesystem (as determined by blkid), then automatically format it with the filesystem type specified in fsType

Whether to enable the "sx" pseudo-display manager, which allows users to start manually via the "sx" command from a vt shell

Extra options to pass to VictoriaTraces

Basic Auth password file for a vhost

A command which prints the passphrase to stdout

Basic Auth password file for a vhost

Public SSH keys that are given full write access to this repository

Private key file as generated by wg genkey.

Automatically generate a private key with wg genkey, at the privateKeyFile location.

Environment files for this instance

Whenever to use precomputated tables for ElGamal. i2pd defaults to false to save 64M of memory (and looses some performance)

This option enables docker in a rootless mode, a daemon that manages linux containers

List of sessions supported with the command used to start each session

Configure the type of alert (and other) logging you would like

Environment file to be passed to the systemd service

Environment file to be passed to the systemd service

Whether users must authenticate when using the web UI or command-line tool

The keyfile which associates this machine with your tarsnap account

The path to the signing private key file, used to sign requests and events.

  nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"

Basic Auth password file for a vhost

Base64 private key generated by wg genkey

A unique ID that links the agent to Pareto Cloud

An absolute file path (which should be outside the Nix-store) to a base64-encoded Ed25519 key for signing webhook payloads

Extra command line options to pass to alertmanager-irc-relay.

Extra options to pass to VictoriaMetrics

Set the interval how often incremental repairs are run, i.e. nodetool repair is executed

Drive(s) to get temperature from

Can also use command substitution to automatically grab all matching drives; such as all scsi (sas) drives

Whether to run shellcheck on the generated scripts for systemd units

Extra command-line flags passed to gitlab-runner register

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Extra command line flags to pass to the service

ChronyServerAddress of the chrony server side command port. (Not enabled by default.) Defaults to the local unix socket.

Command transports to define

Whether to wrap the interpreter in a shell script

This option configures the cash denomination for the coins that the exchange offers

Configuration for yggdrasil, as a structured Nix attribute set

If provided this is the full path to a file that contains the key to enable [server-side encryption with customer-provided keys][1] (SSE-C)

Point DOCKER_HOST to rootless Docker instance for normal users by default.

File pointing to preshared key as generated by wg genpsk

PWM filepath(s) to control fan speed (under /sys), followed by initial and fan-stop PWM values Can also use command substitution to ensure the correct hwmonX is selected on every boot

Basic Auth password file for a vhost

The command to execute for scheduling a wake up of the system

Automatically generate a private key with wg genkey, at the privateKeyFile location.

Extra command-line arguments pass to the external filter program.

Base64 preshared key generated by wg genpsk

Extra command line options to pass to alertmanager-webhook-logger.

Networking-related command-line options that should be passed to qemu

The address Anubis' metrics server listens to

Basic Auth password file for a vhost

energy_performance_preference when on plugged in

energy_performance_preference when on battery

Extra config to be appended to the interface config

Command line to run a Wayland compositor, defaults to labwc --startup if not specified

File pointing to preshared key as generated by wg genpsk

The specified name-string must be the generic SCSI device name of the autochanger that corresponds to the normal read/write Archive Device specified in the Device resource

Specifies parameters used to connect to the server, as a connection string

Base64 preshared key generated by wg genpsk

Extra options for podman run.

Compress the btrfs send stream before transferring it from/to remote locations using a compression command.

Extra options for podman that go before the run argument.

ZSH_AUTOSUGGEST_STRATEGY is an array that specifies how suggestions should be generated

Flush the WAL data to disk immediately after it has been received

Environment variables to set for the service

Securely pass environment variables to changedetection-io

Configuration from which XMonad gets compiled

The full path to a file that contains the hash of the user's password

The full path to a file that contains the hash of the user's password

The password for this entry, read from the given file when starting hostapd

The password for this entry

Additionally enable the recommended set of pairwise ciphers

Make commandtransports.ini of the monitoring module mutable (e.g. via the web interface).

Commandline flags to add to sftp-server.

Extra arguments to pass to the server commandline.

Kernel commandline arguments

Commands to run after new certificates go live

Extra commandline options to pass to Restic REST server.

A list of commandline-switches forwarded to a riemann-tool

Let the user initiate specific instant commands

Extra commandline options when launching Prometheus.

Commands to run after new certificates go live

Extra arguments to pass to the server commandline.

Shell commands to be executed just before systemd is started.

Additional options given to netbird-signal as commandline arguments.

Extra arguments to pass to the server commandline.

Shell commands executed before the service's nginx is started.

Extra arguments to pass to the server commandline.

Shell commands to be executed immediately before LVM discovery.

Extra commandline options to pass to the frr exporter.

Extra commandline options to pass to the lnd exporter.

Extra commandline options to pass to the zfs exporter.

Extra commandline options to pass to the pve exporter.

Extra commandline options to pass to the sql exporter.

Extra commandline options to pass to the nut exporter.

Extra commandline options to pass to the kea exporter.

Use the script from the update-resolv-conf package to automatically update resolv.conf with the DNS information provided by openvpn

Additional GRUB commands inserted in the configuration file just before the menu entries.

Extra lines to be added verbatim to the journalwatch/config configuration file

Extra commandline options to pass to the mail exporter.

Extra commandline options to pass to the nats exporter.

Extra commandline options to pass to the snmp exporter.

Extra commandline options to pass to the ping exporter.

Extra commandline options to pass to the bind exporter.

Extra commandline options to pass to the node exporter.

Extra commandline options to pass to the mqtt exporter.

Extra commandline options to pass to the ipmi exporter.

Extra commandline options to pass to the knot exporter.

Extra commandline options to pass to the ebpf exporter.

Extra commandline options to pass to the flow exporter.

Extra commandline options to pass to the json exporter.

Extra commandline options to pass to the bird exporter.

Extra commandline options to pass to the php-fpm exporter.

Shell commands to be executed before the failure prompt is shown.

Extra commandline options to pass to the kafka exporter.

Extra commandline options to pass to the jitsi exporter.

Extra commandline options to pass to the nginx exporter.

Extra commandline options to pass to the fritz exporter.

Extra commandline options to pass to the dmarc exporter.

Extra commandline options to pass to the redis exporter.

Extra commandline options to pass to the v2ray exporter.

Extra commandline options to pass to the idrac exporter.

Additional commands to apply in ifup script

Additional options given to netbird-mgmt as commandline arguments.

Extra commandline options to pass to the node-cert exporter.

Extra commandline options when launching Prometheus.

Commands to manipulate the Open vSwitch database

Extra commandline options to pass to the chrony exporter.

Extra commandline options to pass to the tibber exporter.

Extra commandline options to pass to the statsd exporter.

Extra commandline options to pass to the shelly exporter.

Extra commandline options to pass to the fastly exporter.

Extra commandline options to pass to the deluge exporter.

Extra commandline options to pass to the script exporter.

Extra commandline options to pass to the rspamd exporter.

Extra commandline options to pass to the domain exporter.

Extra commandline options to pass to the pihole exporter.

Extra commandline options to pass to the mysqld exporter.

Extra commandline options to pass to the restic exporter.

Shell commands executed to stop the service.

Extra commandline options when launching the Pushgateway.

Extra commandline options to pass to the nvidia-gpu exporter.

Extra commandline options to pass to the rtl_433 exporter.

Extra commandline options to pass to the libvirt exporter.

Extra commandline options to pass to the unbound exporter.

Extra commandline options to pass to the process exporter.

Extra commandline options to pass to the varnish exporter.

Extra commandline options to pass to the postfix exporter.

Extra commandline options to pass to the mongodb exporter.

Extra commandline options to pass to the apcupsd exporter.

Extra commandline options to pass to the systemd exporter.

Extra commandline options to pass to the sabnzbd exporter.

Extra commandline options to pass to the dnsmasq exporter.

Extra commandline options to pass to the ecoflow exporter.

Extra commandline options to pass to the klipper exporter.

Extra commandline options to pass to the bitcoin exporter.

Extra commandline options to pass to the dovecot exporter.

SSH private key file to use to login to the remote system

Call to an HTTPS client, that accepts the URL on the commandline and the request body from stdin.

Commands to run after JACK is started.

Shell commands to be executed immediately after the stage 1 filesystems have been mounted.

Extra commandline options to pass to the py-air-control exporter.

Extra commandline options to pass to the mailman3 exporter.

Extra commandline options to pass to the fritzbox exporter.

Extra commandline options to pass to the postgres exporter.

Extra commandline options to pass to the collectd exporter.

Extra commandline options to pass to the mikrotik exporter.

Extra commandline options to pass to the influxdb exporter.

Extra commandline options to pass to the graphite exporter.

Extra commandline options to pass to the smartctl exporter.

Extra commandline options to pass to the keylight exporter.

Extra commandline options to pass to the blackbox exporter.

Extra commandline options to pass to the opnsense exporter.

Extra commandline options to pass to the unpoller exporter.

Extra commandline options to pass to the nginxlog exporter.

Path to lesskey configuration file.

configFile takes precedence over commands, clearDefaultCommands, lineEditingKeys, and envVariables.

Whether to enable lazygit, a simple terminal UI for git commands.

Shell commands executed after the service's main process has exited.

Shell commands executed just before the window or desktop manager is started

Extra commandline options when launching the Alertmanager.

Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.

Shell commands to be executed before udev is started to create device nodes.

Shell commands to be executed immediately after attempting to resume.

Shell commands executed before the service's main process is started.

Extra commandline options to pass to the imap-mailstat exporter.

The list of the email addresses of the listmasters (users authorized to perform global server commands).

Shell commands executed to stop the service.

Shell commands executed as the service's main process.

Extra commandline options when launching Prometheus.

Extra commandline arguments for hddfancontrol

Extra commandline options to pass to the borgmatic exporter.

Extra commandline options to pass to the wireguard exporter.

Extra commandline options to pass to the smokeping exporter.

Extra commandline options to pass to the tailscale exporter.

Extra commandline options to pass to the nextcloud exporter.

Extra commandline options to pass to the rasdaemon exporter.

Extra commandline options to pass to the surfboard exporter.

Whether to enable the incron daemon

The username to log in as on the remote host

Shell commands executed after the service's main process is started.

Shell commands executed when the service's main process is reloaded.

Extra commandline options to pass to the junos-czerwonk exporter.

Set commandline parameters to pass to matterircd

Shell commands executed before the oh-my-zsh is loaded

Additional global flags to pass to all lego commands.

Shell commands executed after the service's main process has exited.

Extra commandline options to pass to the scaphandre exporter.

Extra commandline options to pass to the storagebox exporter.

Extra commandline options to pass to the buildkite-agent exporter.

Shell commands to execute on an ac_adapter.* event.

Additional bash commands to be run at the script that prepares the GRUB menu entries.

Shell commands executed before the service's main process is started.

Shell commands executed as the service's main process.

Extra commandline options to pass to the exportarr-bazarr exporter.

Extra commandline options to pass to the exportarr-sonarr exporter.

Extra commandline options to pass to the exportarr-lidarr exporter.

Extra commandline options to pass to the exportarr-radarr exporter.

Shell commands to execute on a button/lid.* event.

Shell commands executed when the instance is starting.

Shell commands executed after the service's main process is started.

Shell commands executed when the service's main process is reloaded.

Shell commands to be executed after stage 1 of the boot has initialised the network.

Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.

Extra commands to run on the default confDir derivation.

Extra commandline options to pass to the exportarr-readarr exporter.

Extra commandline options to pass to the artifactory exporter.

Whether to enable Webhook, a server written in Go that allows you to create HTTP endpoints (hooks), which execute configured commands for any person or service that knows the URL .

Commands to execute before the config file check

The default realm to be used for the users when no explicit origin/realm relationship was found in the database, or if the TURN server is not using any database (just the commands-line settings and the userdb file)

Shell commands executed when the instance is shutting down.

The Go package used by Athens at runtime

Extra commandline options to pass to the exportarr-prowlarr exporter.

Whether to enable knot-resolver (version 5) domain name server

Shell commands to execute on a button/power.* event.

Alias and RID pairs to shorten git clone commands for repositories.

Additional commands to run to setup loopback device.

Whether to provide a slurm.conf file

Extra commandline options to pass to the modemmanager exporter.

Commandline arguments to pass to the image's entrypoint.

Shell commands to execute when the event is triggered.

Additional global flags to pass to all lego commands.

Shell commands executed just before dwl is started.

Additional shell commands inserted in the bootloader installer script after generating menu entries.

Commands that should be run right after we have mounted our LUKS device.

Name or GUID of extra ZFS pools that you wish to import during boot

Whether to restrict RPC to view only commands.

Shell commands executed before powertop is started.

Extra iscsi commands to run in the initrd.

Commands executed after the system resumes from suspend-to-RAM.

Additional shell commands executed as part of the nat initialisation script

Commands executed when the machine powers up

Shell commands executed just before Sway is started

Shell commands to be executed at the end of the network-setup systemd service

Shell commands to run before the backup

Commands executed when the machine powers down

Whether to enable notifications when long-running terminal commands complete.

Clear all default commands

The bare JID of the gateway administrator

Whether to enable notification sounds when long-running terminal commands complete.

Commands that should be run right before we try to mount our LUKS device

Additional shell commands executed as part of the nat teardown script

This section lists the processes to run before any SERVICES are spawned

Shell commands executed when the Virtual Network Adapter(s) is/are starting.

If set to true, you are free to add new users and groups to the system with the ordinary useradd and groupadd commands

Client IPs which are allowed to connect to distccd in CIDR notation

Extra commands to run in the package that contains fallback executables in case not other executable is found

The 32-bit host ID of the machine, formatted as 8 hexadecimal characters

Shell commands executed when the Virtual Network Adapter(s) is/are shutting down.

An attrset of events and commands to run upon each event

Commands called at the start of the interface setup.

Commands called after the interface setup.

Whether to enable the firezone gateway

Extra deletion commands to be run on every firewall start, reload and after stopping the firewall.

Additional shell commands inserted in the bootloader installer script after generating menu entries

Whether to enable protontricks, a simple wrapper for running Winetricks commands for Proton-enabled games.

Shell commands executed on specified operational states.

Allows administration via an XMPP client that supports ad-hoc commands

Additional shell commands executed as part of the firewall initialisation script

Additional shell commands executed as part of the firewall shutdown script

Specifies the user under whose account the AuthorizedKeysCommand is run

List of binary cache URLs that non-root users can use (in addition to those specified using nix.settings.substituters) by passing --option binary-caches to Nix commands.

Whether to enable keys to run shell commands.

Whether to stop reaction when reloading the firewall

Shell commands executed just after the X server has started

The program to make available as /bin/sh inside the chroot

Determines whether certain commands are confirmed.

Shell commands executed just before i3 is started.

Shell commands to be added to the system-wide xinitrc script.

Whether to enable systemd hardening.

Shell commands executed just before dwm is started.

Commands called at the start of the interface setup.

Shell commands executed after powertop is started

Commands called at the end of the interface setup.

Extra runtime packages to be installed in the Podman wrapper

Commands called before shutting down the interface.

Commands called after shutting down the interface.

If you do not enable one of the rpc or httprpc plugins you need to expose an RPC mount through scgi using this option

Whether or no to prepend sudo to wg commands.

Shell commands executed just before wmderland is started.

Specifies the (clear text) password for the user

Specifies the (clear text) password for the user

Whether the users will be able to use the ad-hoc commands that lets them configure their realname and username.