| services.syncoid.commands | Syncoid commands to run.
|
| programs.less.commands | Defines new command keys.
|
| security.sudo.extraRules.*.commands | The commands for which the rule should apply.
|
| security.sudo-rs.extraRules.*.commands | The commands for which the rule should apply.
|
| services.syncoid.commands.<name>.sshKey | SSH private key file to use to login to the remote system
|
| services.syncoid.commands.<name>.extraArgs | Extra syncoid arguments for this command.
|
| services.syncoid.commands.<name>.source | Source ZFS dataset
|
| services.syncoid.commands.<name>.target | Target ZFS dataset
|
| services.syncoid.commands.<name>.service | Systemd configuration specific to this syncoid service.
|
| services.syncoid.commands.<name>.useCommonArgs | Whether to add the configured common arguments to this command.
|
| services.syncoid.commands.<name>.sendOptions | Advanced options to pass to zfs send
|
| services.syncoid.commands.<name>.recvOptions | Advanced options to pass to zfs recv
|
| services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.pgbackrest.commands.help | Options for the 'help' command
|
| services.pgbackrest.commands.info | Options for the 'info' command
|
| services.pgbackrest.commands.stop | Options for the 'stop' command
|
| services.pgbackrest.commands.repo-ls | Options for the 'repo-ls' command
|
| services.pgbackrest.commands.repo-get | Options for the 'repo-get' command
|
| services.pgbackrest.commands.check | Options for the 'check' command
|
| services.pgbackrest.commands.start | Options for the 'start' command
|
| services.pgbackrest.commands.server | Options for the 'server' command
|
| services.pgbackrest.commands.backup | Options for the 'backup' command
|
| services.pgbackrest.commands.verify | Options for the 'verify' command
|
| services.pgbackrest.commands.expire | Options for the 'expire' command
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.pgbackrest.commands.server-ping | Options for the 'server-ping' command
|
| services.pgbackrest.commands.version | Options for the 'version' command
|
| services.pgbackrest.commands.restore | Options for the 'restore' command
|
| services.pgbackrest.commands.archive-get | Options for the 'archive-get' command
|
| services.pgbackrest.commands.archive-push | Options for the 'archive-push' command
|
| services.pgbackrest.commands.annotate | Options for the 'annotate' command
|
| services.pgbackrest.commands.stanza-delete | Options for the 'stanza-delete' command
|
| services.pgbackrest.commands.stanza-create | Options for the 'stanza-create' command
|
| services.pgbackrest.commands.stanza-upgrade | Options for the 'stanza-upgrade' command
|
| programs.nh.flake | The string that will be used for the NH_FLAKE environment variable.
NH_FLAKE is used by nh as the default flake for performing actions, such as
nh os switch
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| power.ups.users.<name>.instcmds | Let the user initiate specific instant commands
|
| security.acme.defaults.postRun | Commands to run after new certificates go live
|
| boot.postBootCommands | Shell commands to be executed just before systemd is started.
|
| services.nginx.preStart | Shell commands executed before the service's nginx is started.
|
| boot.initrd.preLVMCommands | Shell commands to be executed immediately before LVM discovery.
|
| services.openvpn.servers.<name>.updateResolvConf | Use the script from the update-resolv-conf package to automatically
update resolv.conf with the DNS information provided by openvpn
|
| boot.loader.grub.extraConfig | Additional GRUB commands inserted in the configuration file
just before the menu entries.
|
| security.sudo.enable | Whether to enable the sudo command, which
allows non-root users to execute commands as root.
|
| security.doas.enable | Whether to enable the doas command, which allows
non-root users to execute commands as root.
|
| boot.initrd.preFailCommands | Shell commands to be executed before the failure prompt is shown.
|
| services.gvpe.customIFSetup | Additional commands to apply in ifup script
|
| networking.vswitches.<name>.extraOvsctlCmds | Commands to manipulate the Open vSwitch database
|
| security.sudo-rs.enable | Whether to enable a memory-safe implementation of the sudo command,
which allows non-root users to execute commands as root
.
|
| systemd.services.<name>.preStop | Shell commands executed to stop the service.
|
| services.syncoid.sshKey | SSH private key file to use to login to the remote system
|
| services.jack.jackd.session | Commands to run after JACK is started.
|
| boot.initrd.postMountCommands | Shell commands to be executed immediately after the stage 1
filesystems have been mounted.
|
| programs.less.configFile | Path to lesskey configuration file.
configFile takes precedence over commands,
clearDefaultCommands, lineEditingKeys, and
envVariables.
|
| programs.lazygit.enable | Whether to enable lazygit, a simple terminal UI for git commands.
|
| systemd.services.<name>.postStop | Shell commands executed after the service's main process
has exited.
|
| services.xserver.displayManager.sessionCommands | Shell commands executed just before the window or desktop manager is
started
|
| boot.loader.grub.extraPerEntryConfig | Additional GRUB commands inserted in the configuration file
at the start of each NixOS menu entry.
|
| boot.initrd.preDeviceCommands | Shell commands to be executed before udev is started to create
device nodes.
|
| boot.initrd.postResumeCommands | Shell commands to be executed immediately after attempting to resume.
|
| systemd.services.<name>.preStart | Shell commands executed before the service's main process
is started.
|
| services.sympa.listMasters | The list of the email addresses of the listmasters
(users authorized to perform global server commands).
|
| systemd.user.services.<name>.preStop | Shell commands executed to stop the service.
|
| systemd.services.<name>.script | Shell commands executed as the service's main process.
|
| services.incron.enable | Whether to enable the incron daemon
|
| nix.buildMachines.*.sshUser | The username to log in as on the remote host
|
| systemd.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| programs.zsh.ohMyZsh.preLoaded | Shell commands executed before the oh-my-zsh is loaded
|
| services.openssh.allowSFTP | Whether to enable the SFTP subsystem in the SSH daemon
|
| security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| systemd.user.services.<name>.postStop | Shell commands executed after the service's main process
has exited.
|
| services.acpid.acEventCommands | Shell commands to execute on an ac_adapter.* event.
|
| boot.loader.grub.extraPrepareConfig | Additional bash commands to be run at the script that
prepares the GRUB menu entries.
|
| systemd.user.services.<name>.preStart | Shell commands executed before the service's main process
is started.
|
| systemd.user.services.<name>.script | Shell commands executed as the service's main process.
|
| security.doas.extraRules.*.cmd | The command the user is allowed to run
|
| services.acpid.lidEventCommands | Shell commands to execute on a button/lid.* event.
|
| services.openvpn.servers.<name>.up | Shell commands executed when the instance is starting.
|
| systemd.user.services.<name>.postStart | Shell commands executed after the service's main process
is started.
|
| systemd.user.services.<name>.reload | Shell commands executed when the service's main process
is reloaded.
|
| services.jupyter.command | Which command the service runs
|
| boot.initrd.network.postCommands | Shell commands to be executed after stage 1 of the
boot has initialised the network.
|
| boot.initrd.postDeviceCommands | Shell commands to be executed immediately after stage 1 of the
boot has loaded kernel modules and created device nodes in
/dev.
|
| services.xrdp.extraConfDirCommands | Extra commands to run on the default confDir derivation.
|
| services.webhook.enable | Whether to enable Webhook, a server written in Go that allows you to create HTTP endpoints (hooks),
which execute configured commands for any person or service that knows the URL
.
|
| services.bird.preCheckConfig | Commands to execute before the config file check
|
| services.coturn.realm | The default realm to be used for the users when no explicit
origin/realm relationship was found in the database, or if the TURN
server is not using any database (just the commands-line settings
and the userdb file)
|
| services.openvpn.servers.<name>.down | Shell commands executed when the instance is shutting down.
|
| services.athens.goBinary | The Go package used by Athens at runtime
|
| services.atd.allowEveryone | Whether to make /var/spool/at{jobs,spool}
writeable by everyone (and sticky)
|
| services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| services.acpid.powerEventCommands | Shell commands to execute on a button/power.* event.
|
| services.radicle.httpd.aliases | Alias and RID pairs to shorten git clone commands for repositories.
|
| services.jack.loopback.session | Additional commands to run to setup loopback device.
|
| services.slurm.enableStools | Whether to provide a slurm.conf file
|
| services.acpid.handlers.<name>.action | Shell commands to execute when the event is triggered.
|
| security.acme.defaults.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| programs.dwl.extraSessionCommands | Shell commands executed just before dwl is started.
|
| security.run0.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via run0.
|
| security.sudo.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| boot.loader.grub.extraInstallCommands | Additional shell commands inserted in the bootloader installer
script after generating menu entries.
|
| security.doas.wheelNeedsPassword | Whether users of the wheel group must provide a password to
run commands as super user via doas.
|
| security.sudo-rs.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| boot.initrd.luks.devices.<name>.postOpenCommands | Commands that should be run right after we have mounted our LUKS device.
|
| boot.zfs.extraPools | Name or GUID of extra ZFS pools that you wish to import during boot
|
| services.monero.rpc.restricted | Whether to restrict RPC to view only commands.
|
| powerManagement.powertop.preStart | Shell commands executed before powertop is started.
|
| programs.neovim.configure | Generate your init file from your list of plugins and custom commands
|
| nixpkgs.flake.setNixPath | Whether to set NIX_PATH to include nixpkgs=flake:nixpkgs such that <nixpkgs>
lookups receive the version of nixpkgs that the system was built with, in concert with
nixpkgs.flake.setFlakeRegistry
|
| boot.iscsi-initiator.extraIscsiCommands | Extra iscsi commands to run in the initrd.
|
| powerManagement.resumeCommands | Commands executed after the system resumes from suspend-to-RAM.
|
| networking.nat.extraCommands | Additional shell commands executed as part of the nat
initialisation script
|
| services.borgbackup.jobs.<name>.postInit | Shell commands to run after borg init.
|
| powerManagement.powerUpCommands | Commands executed when the machine powers up
|
| programs.sway.extraSessionCommands | Shell commands executed just before Sway is started
|
| networking.localCommands | Shell commands to be executed at the end of the
network-setup systemd service
|
| programs.sway.wrapperFeatures.base | Whether to enable the base wrapper to execute extra session commands and prepend a
dbus-run-session to the sway command.
|
| services.borgbackup.jobs.<name>.preHook | Shell commands to run before the backup
|
| powerManagement.powerDownCommands | Commands executed when the machine powers down
|
| security.please.wheelNeedsPassword | Whether users of the wheel group must provide a password to run
commands or edit files with please and
pleaseedit respectively.
|
| programs.bash.undistractMe.enable | Whether to enable notifications when long-running terminal commands complete.
|
| programs.less.clearDefaultCommands | Clear all default commands
|
| services.biboumi.settings.admin | The bare JID of the gateway administrator
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| programs.bash.undistractMe.playSound | Whether to enable notification sounds when long-running terminal commands complete.
|
| boot.initrd.luks.devices.<name>.preOpenCommands | Commands that should be run right before we try to mount our LUKS device
|
| networking.nat.extraStopCommands | Additional shell commands executed as part of the nat
teardown script
|
| security.pam.services.<name>.setLoginUid | Set the login uid of the process
(/proc/self/loginuid) for auditing
purposes
|
| services.cyrus-imap.cyrusSettings.START | This section lists the processes to run before any SERVICES are spawned
|
| services.softether.vpnclient.up | Shell commands executed when the Virtual Network Adapter(s) is/are starting.
|
| users.mutableUsers | If set to true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands
|
| services.distccd.allowedClients | Client IPs which are allowed to connect to distccd in CIDR notation
|
| services.envfs.extraFallbackPathCommands | Extra commands to run in the package that contains fallback executables in case not other executable is found
|
| services.borgbackup.jobs.<name>.postHook | Shell commands to run just before exit
|
| networking.hostId | The 32-bit host ID of the machine, formatted as 8 hexadecimal characters
|
| services.softether.vpnclient.down | Shell commands executed when the Virtual Network Adapter(s) is/are shutting down.
|
| services.borgbackup.jobs.<name>.postCreate | Shell commands to run after borg create
|
| services.xscreensaver.hooks | An attrset of events and commands to run upon each event
|
| networking.wg-quick.interfaces.<name>.preUp | Commands called at the start of the interface setup.
|
| systemd.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| networking.wg-quick.interfaces.<name>.postUp | Commands called after the interface setup.
|
| services.firezone.gateway.enable | Whether to enable the firezone gateway
|
| systemd.user.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| networking.nftables.extraDeletions | Extra deletion commands to be run on every firewall start, reload
and after stopping the firewall.
|
| boot.loader.systemd-boot.extraInstallCommands | Additional shell commands inserted in the bootloader installer
script after generating menu entries
|
| programs.steam.protontricks.enable | Whether to enable protontricks, a simple wrapper for running Winetricks commands for Proton-enabled games.
|
| services.networkd-dispatcher.rules.<name>.script | Shell commands executed on specified operational states.
|
| services.prosody.modules.admin_adhoc | Allows administration via an XMPP client that supports ad-hoc commands
|
| nixpkgs.flake.setFlakeRegistry | Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json) to the
store path of the sources of nixpkgs used to build the NixOS system
|
| networking.firewall.extraCommands | Additional shell commands executed as part of the firewall
initialisation script
|
| networking.firewall.extraStopCommands | Additional shell commands executed as part of the firewall
shutdown script
|
| services.openssh.authorizedKeysCommandUser | Specifies the user under whose account the AuthorizedKeysCommand
is run
|
| nix.settings.trusted-substituters | List of binary cache URLs that non-root users can use (in
addition to those specified using
nix.settings.substituters) by passing
--option binary-caches to Nix commands.
|
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| services.dsnet.settings | The settings to use for dsnet
|
| services.reaction.stopForFirewall | Whether to stop reaction when reloading the firewall
|
| services.xserver.displayManager.setupCommands | Shell commands executed just after the X server has started
|
| systemd.services.<name>.confinement.binSh | The program to make available as /bin/sh inside
the chroot
|
| services.taskserver.confirmation | Determines whether certain commands are confirmed.
|
| services.xserver.windowManager.i3.extraSessionCommands | Shell commands executed just before i3 is started.
|
| services.xserver.displayManager.startx.extraCommands | Shell commands to be added to the system-wide xinitrc script.
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| services.xserver.windowManager.dwm.extraSessionCommands | Shell commands executed just before dwm is started.
|
| networking.wireguard.interfaces.<name>.preSetup | Commands called at the start of the interface setup.
|
| powerManagement.powertop.postStart | Shell commands executed after powertop is started
|
| networking.wireguard.interfaces.<name>.postSetup | Commands called at the end of the interface setup.
|
| services.suricata.settings.unix-command | Unix command socket that can be used to pass commands to Suricata
|
| virtualisation.podman.extraRuntimes | Extra runtime packages to be installed in the Podman wrapper
|
| programs.starship.transientPrompt.enable | Whether to enable Starship's transient prompt
feature in fish shells
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| networking.wireguard.interfaces.<name>.postShutdown | Commands called after shutting down the interface.
|
| services.xserver.displayManager.sx.enable | Whether to enable the "sx" pseudo-display manager, which allows users
to start manually via the "sx" command from a vt shell
|
| services.rutorrent.nginx.exposeInsecureRPC2mount | If you do not enable one of the rpc or httprpc plugins you need to expose an RPC mount through scgi using this option
|
| services.prometheus.exporters.wireguard.prependSudo | Whether or no to prepend sudo to wg commands.
|
| services.xserver.windowManager.wmderland.extraSessionCommands | Shell commands executed just before wmderland is started.
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.biboumi.settings.realname_customization | Whether the users will be able to use
the ad-hoc commands that lets them configure
their realname and username.
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|