| programs.pay-respects.runtimeRules | List of rules to be added to /etc/xdg/pay-respects/rules.
pay-respects will read the contents of these generated rules to recommend command corrections
|
| services.matrix-synapse.settings.trusted_key_servers.*.server_name | Hostname of the trusted server.
|
| services.prometheus.exporters.unpoller.controllers.*.user | Unifi service user name.
|
| networking.networkmanager.ensureProfiles.profiles | Declaratively define NetworkManager profiles
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.server_name | ServerName extension to indicate the name of the server.
http://tools.ietf.org/html/rfc4366#section-3.1
|
| services.postgresql.ensureUsers.*.ensureClauses.createdb | Grants the user, created by the ensureUser attr, createdb permissions
|
| services.biboumi.settings.realname_customization | Whether the users will be able to use
the ad-hoc commands that lets them configure
their realname and username.
|
| boot.loader.grub.mirroredBoots.*.efiBootloaderId | The id of the bootloader to store in efi nvram
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| boot.initrd.compressor | The compressor to use on the initrd image
|
| services.bitwarden-directory-connector-cli.sync.groupNameAttribute | Attribute for a name of group.
|
| specialisation.<name>.configuration | Arbitrary NixOS configuration
|
| services.mautrix-telegram.environmentFile | File containing environment variables to be passed to the mautrix-telegram service,
in which secret tokens can be specified securely by defining values for e.g.
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN,
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN,
MAUTRIX_TELEGRAM_TELEGRAM_API_ID,
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH and optionally
MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN
|
| services.mqtt2influxdb.points.*.measurement | Name of the measurement
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.exporters.wireguard.wireguardConfig | Path to the Wireguard Config to
add the peer's name to the stats of a peer
|
| services.influxdb2.provision.initialSetup.organization | Primary organization name
|
| services.prometheus.exporters.mqtt.zigbee2MqttAvailability | Whether to enable Normalize sensor name for device availability metric added by Zigbee2MQTT..
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".database | Name of the database
|
| services.postgresql.ensureUsers.*.ensureClauses.bypassrls | Grants the user, created by the ensureUser attr, replication permissions
|
| services.postgresql.ensureUsers.*.ensureClauses.superuser | Grants the user, created by the ensureUser attr, superuser permissions
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.exporters.pgbouncer.connectionEnvFile | File that must contain the environment variable
PGBOUNCER_EXPORTER_CONNECTION_STRING which is set to the connection
string used by pgbouncer
|
| networking.dhcpcd.denyInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| security.tpm2.tctiEnvironment.tabrmdConf | Configuration part of the tabrmd TCTI, like the D-Bus bus name
|
| boot.loader.systemd-boot.sortKey | The sort key used for the NixOS bootloader entries
|
| networking.dhcpcd.allowInterfaces | Enable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.prometheus.exporters.pgbouncer.connectionString | Connection string for accessing pgBouncer
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.username | username is required if using Identity V2 API
|
| hardware.printers.ensurePrinters | Will regularly ensure that the given CUPS printers are configured as declared here
|
| security.tpm2.tctiEnvironment.interface | The name of the TPM command transmission interface (TCTI) library to
use.
|
| services.postgresql.ensureUsers.*.ensureClauses.createrole | Grants the user, created by the ensureUser attr, createrole permissions
|
| services.postgresql.ensureUsers.*.ensureClauses.replication | Grants the user, created by the ensureUser attr, replication permissions
|
| hardware.block.defaultSchedulerExclude | Device name pattern to exclude from default scheduler assignment
through config.hardware.block.defaultScheduler and
config.hardware.block.defaultSchedulerRotational
|
| services.filesender.settings.log_facilities | Defines where FileSender logging is sent
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_name | At most one of domain_id and domain_name must be provided if using username
with Identity V3
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.username | HTTP username
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces | Optional namespace discovery
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_name | The project_id and project_name fields are optional for the Identity V2 API
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.username | HTTP username
|
| documentation.man.mandoc.settings.output.man | A template for linked manuals (usually via the Xr macro) in HTML
output
|
| virtualisation.libvirtd.nss.enableGuest | This option enables the newer libvirt_guest NSS module
|
| virtualisation.rosetta.mountTag | The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.username | HTTP username
|
| documentation.man.mandoc.settings.output.paper | This option is for generating PostScript and PDF output
|
| virtualisation.xen.store.settings.perms.enableWatch | Whether to enable the watch permission system
|
| hardware.block.scheduler | Assign block I/O scheduler by device name pattern
|
| system.replaceDependencies.replacements | List of packages to override without doing a full rebuild
|
| security.apparmor.killUnconfinedConfinables | Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes)
|
| networking.networkmanager.unmanaged | List of interfaces that will not be managed by NetworkManager
|
| virtualisation.sharedDirectories | An attributes set of directories that will be shared with the
virtual machine using VirtFS (9P filesystem over VirtIO)
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchIface | interface name of the NetworkManager connection
|
| networking.networkmanager.insertNameservers | A list of name servers that should be inserted before
the ones configured in NetworkManager or received by DHCP.
|
| networking.networkmanager.appendNameservers | A list of name servers that should be appended
to the ones configured in NetworkManager or received by DHCP.
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchId | connection id used by NetworkManager
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting | name of the setting section for which secrets are requested
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_name | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|