| services.nextcloud.settings.skeletondirectory | The directory where the skeleton files are located
|
| virtualisation.podman.dockerSocket.enable | Make the Podman socket available in place of the Docker socket, so
Docker tools can find the Podman socket
|
| networking.networkmanager.enable | Whether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured
|
| services.bitwarden-directory-connector-cli.sync.removeDisabled | Remove users from bitwarden groups if no longer in the ldap group.
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| virtualisation.docker.rootless.setSocketVariable | Point DOCKER_HOST to rootless Docker instance for
normal users by default.
|
| services.firezone.server.smtp.configureManually | Outbound email configuration is mandatory for Firezone and supports
many different delivery adapters
|
| system.stateVersion | This option defines the first version of NixOS you have installed on this particular machine,
and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions
|
| services.bitwarden-directory-connector-cli.sync.userEmailAttribute | Attribute for a users email.
|
| services.matrix-conduit.settings.global.allow_registration | Whether new users can register on this server.
|
| services.earlyoom.enableNotifications | Send notifications about killed processes via the system d-bus
|
| services.bitwarden-directory-connector-cli.sync.emailPrefixAttribute | The attribute that contains the users username.
|
| services.matrix-synapse.settings.enable_registration | Enable registration for new users.
|
| security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| services.vaultwarden.config | The configuration of vaultwarden is done through environment variables,
therefore it is recommended to use upper snake case (e.g. DISABLE_2FA_REMEMBER)
|
| services.bitwarden-directory-connector-cli.sync.overwriteExisting | Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details.
|
| services.vaultwarden.environmentFile | Additional environment file or files as defined in systemd.exec(5)
|
| services.authelia.instances.<name>.settings.default_2fa_method | Default 2FA method for new users and fallback for preferred but disabled methods.
|
| services.smartd.notifications.systembus-notify.enable | Whenever to send systembus-notify notifications
|
| virtualisation.lxc.unprivilegedContainers | Whether to enable support for unprivileged users to launch containers.
|
| services.bacula-sd.autochanger.<name>.changerCommand | The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula
|
| services.biboumi.settings.realname_customization | Whether the users will be able to use
the ad-hoc commands that lets them configure
their realname and username.
|
| services.transmission.downloadDirPermissions | If not null, is used as the permissions
set by system.activationScripts.transmission-daemon
on the directories services.transmission.settings.download-dir,
services.transmission.settings.incomplete-dir.
and services.transmission.settings.watch-dir
|
| services.pgbouncer.settings.pgbouncer.max_user_connections | Do not allow more than this many server connections per user (regardless of database)
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|