| hardware.display.edid.linuxhw | Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID
Attribute names will be mapped to EDID filenames <NAME>.bin
|
| programs.regreet.font.package | The package that provides the font given in the name option.
|
| virtualisation.oci-containers.containers.<name>.login.registry | Registry where to login to.
|
| virtualisation.oci-containers.containers.<name>.autoRemoveOnStop | Automatically remove the container when it is stopped or killed
|
| hardware.nvidia-container-toolkit.disable-hooks | List of hooks to disable when generating the CDI specification
|
| virtualisation.oci-containers.containers.<name>.networks | Networks to attach the container to
|
| boot.zfs.extraPools | Name or GUID of extra ZFS pools that you wish to import during boot
|
| services.postgresql.ensureUsers.*.ensureClauses.createdb | Grants the user, created by the ensureUser attr, createdb permissions
|
| services.veilid.settings.core.network.routing_table.bootstrap | Host name of existing well-known Veilid bootstrap servers for the network to connect to.
|
| virtualisation.oci-containers.containers.<name>.extraOptions | Extra options for podman run.
|
| services.pgbouncer.settings.pgbouncer.listen_addr | Specifies a list (comma-separated) of addresses where to listen for TCP connections
|
| containers.<name>.allowedDevices.*.modifier | Device node access modifier
|
| services.prometheus.exporters.unpoller.controllers.*.user | Unifi service user name.
|
| programs.regreet.theme.package | The package that provides the theme given in the name option.
|
| systemd.automounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| virtualisation.oci-containers.containers.<name>.preRunExtraOptions | Extra options for podman that go before the run argument.
|
| services.bitwarden-directory-connector-cli.sync.groupNameAttribute | Attribute for a name of group.
|
| networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| networking.hostName | The name of the machine
|
| virtualisation.fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds | Periodically refresh the endpoint hostname or address for all peers
|
| services.matrix-synapse.settings.trusted_key_servers.*.server_name | Hostname of the trusted server.
|
| services.mqtt2influxdb.points.*.measurement | Name of the measurement
|
| services.postgresql.ensureUsers.*.ensureClauses.bypassrls | Grants the user, created by the ensureUser attr, replication permissions
|
| virtualisation.oci-containers.containers.<name>.log-driver | Logging driver for the container
|
| virtualisation.oci-containers.containers.<name>.volumes | List of volumes to attach to this container
|
| services.influxdb2.provision.initialSetup.organization | Primary organization name
|
| services.biboumi.settings.realname_customization | Whether the users will be able to use
the ad-hoc commands that lets them configure
their realname and username.
|
| services.postgresql.ensureUsers.*.ensureClauses.superuser | Grants the user, created by the ensureUser attr, superuser permissions
|
| virtualisation.oci-containers.containers.<name>.privileged | Give extended privileges to the container
|
| virtualisation.oci-containers.containers.<name>.entrypoint | Override the default entrypoint of the image.
|
| image.repart.verityStore.partitionIds.esp | Specify the attribute name of the ESP.
|
| services.prometheus.exporters.mqtt.zigbee2MqttAvailability | Whether to enable Normalize sensor name for device availability metric added by Zigbee2MQTT..
|
| systemd.network.config.routeTables | Defines route table names as an attrset of name to number
|
| programs.regreet.iconTheme.package | The package that provides the icon theme given in the name option.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".database | Name of the database
|
| containers.<name>.ephemeral | Runs container in ephemeral mode with the empty root filesystem at boot
|
| virtualisation.oci-containers.containers.<name>.podman.sdnotify | Determines how podman should notify systemd that the unit is ready
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.type | The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.
|
| virtualisation.oci-containers.containers.<name>.environment | Environment variables to set for this container.
|
| containers.<name>.privateUsers | Whether to give the container its own private UIDs/GIDs space (user namespacing)
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds | Periodically re-execute the wg utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes
|
| users.mysql.pam.statusColumn | The name of the column or an SQL expression that indicates the status of
the user
|
| virtualisation.oci-containers.containers.<name>.imageStream | Path to a script that streams the desired image on standard output
|
| image.repart.verityStore.partitionIds.store | Specify the attribute name of the store partition.
|
| services.prometheus.exporters.pgbouncer.connectionString | Connection string for accessing pgBouncer
|
| networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| containers | A set of NixOS system configurations to be run as lightweight
containers
|
| services.postgresql.ensureUsers.*.ensureClauses.createrole | Grants the user, created by the ensureUser attr, createrole permissions
|
| nixpkgs.flake.source | The path to the nixpkgs sources used to build the system
|
| networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds | When the dynamic endpoint refresh that is configured via
dynamicEndpointRefreshSeconds exits (likely due to a failure),
restart that service after this many seconds
|
| swapDevices.*.encrypted.label | Label of the unlocked encrypted device
|
| programs.regreet.cursorTheme.package | The package that provides the cursor theme given in the name option.
|
| users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| services.postgresql.ensureUsers.*.ensureClauses.replication | Grants the user, created by the ensureUser attr, replication permissions
|
| virtualisation.sharedDirectories.<name>.securityModel | The security model to use for this share:
passthrough: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)mapped-xattr: some of the file attributes like uid, gid, mode bits and link target are stored as file attributesmapped-file: the attributes are stored in the hidden .virtfs_metadata directory
|
| containers.<name>.networkNamespace | Takes the path to a file representing a kernel network namespace that the container
shall run in
|
| virtualisation.oci-containers.containers.<name>.ports | Network ports to publish from the container to the outer host
|
| services.filesender.settings.log_facilities | Defines where FileSender logging is sent
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| virtualisation.oci-containers.containers.<name>.capabilities | Capabilities to configure for the container
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_name | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| hardware.firmware | List of packages containing firmware files
|
| hardware.display.edid.modelines | Attribute set of XFree86 Modelines automatically converted
and exposed as edid/<name>.bin files in initrd
|
| boot.loader.systemd-boot.windows | Make Windows bootable from systemd-boot
|
| programs.kubeswitch.commandName | The name of the command to use
|
| containers.<name>.additionalCapabilities | Grant additional capabilities to the container
|
| hardware.trackpoint.device | The device name of the trackpoint
|
| system.nixos.label | NixOS version name to be used in the names of generated
outputs and boot labels
|
| image.repart.verityStore.partitionIds.store-verity | Specify the attribute name of the store's dm-verity hash partition.
|
| boot.loader.grub.fsIdentifier | Determines how GRUB will identify devices when generating the
configuration file
|
| programs.msmtp.accounts | Named accounts and their respective configurations
|
| boot.loader.grub.configurationName | GRUB entry name instead of default.
|
| users.ldap.bind.distinguishedName | The distinguished name to bind to the LDAP server with
|
| security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| networking.ucarp.downscript | Command to run after become backup, the interface name, virtual address
and optional extra parameters are passed as arguments.
|
| networking.nat.externalInterface | The name of the external network interface.
|
| networking.networkmanager.ensureProfiles.profiles | Declaratively define NetworkManager profiles
|
| specialisation.<name>.configuration | Arbitrary NixOS configuration
|
| programs.pay-respects.runtimeRules | List of rules to be added to /etc/xdg/pay-respects/rules.
pay-respects will read the contents of these generated rules to recommend command corrections
|
| hardware.nvidia.prime.offload.offloadCmdMainProgram | Specifies the CLI name of the hardware.nvidia.prime.offload.enableOffloadCmd
convenience script for offloading programs to an nvidia device.
|
| boot.loader.grub.mirroredBoots.*.efiBootloaderId | The id of the bootloader to store in efi nvram
|
| boot.initrd.compressor | The compressor to use on the initrd image
|
| networking.dhcpcd.denyInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| security.tpm2.tctiEnvironment.tabrmdConf | Configuration part of the tabrmd TCTI, like the D-Bus bus name
|
| networking.dhcpcd.allowInterfaces | Enable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| security.tpm2.tctiEnvironment.interface | The name of the TPM command transmission interface (TCTI) library to
use.
|
| hardware.printers.ensurePrinters | Will regularly ensure that the given CUPS printers are configured as declared here
|
| boot.loader.systemd-boot.sortKey | The sort key used for the NixOS bootloader entries
|
| hardware.block.defaultSchedulerExclude | Device name pattern to exclude from default scheduler assignment
through config.hardware.block.defaultScheduler and
config.hardware.block.defaultSchedulerRotational
|
| virtualisation.libvirtd.nss.enableGuest | This option enables the newer libvirt_guest NSS module
|
| documentation.man.mandoc.settings.output.man | A template for linked manuals (usually via the Xr macro) in HTML
output
|
| virtualisation.rosetta.mountTag | The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software
|
| documentation.man.mandoc.settings.output.paper | This option is for generating PostScript and PDF output
|
| virtualisation.xen.store.settings.perms.enableWatch | Whether to enable the watch permission system
|
| system.replaceDependencies.replacements | List of packages to override without doing a full rebuild
|
| hardware.block.scheduler | Assign block I/O scheduler by device name pattern
|
| security.apparmor.killUnconfinedConfinables | Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes)
|
| networking.networkmanager.unmanaged | List of interfaces that will not be managed by NetworkManager
|