| services.autorandr.matchEdid | Match displays based on edid instead of name
|
| systemd.network.links.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| systemd.network.netdevs.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| systemd.network.networks.<name>.matchConfig | Each attribute in this set specifies an option in the
[Match] section of the unit
|
| services.journalwatch.filterBlocks.*.match | Syntax: field = value
Specifies the log entry field this block should apply to
|
| nix.registry.<name>.exact | Whether the from reference needs to match exactly
|
| boot.binfmt.registrations.<name>.matchCredentials | Whether to launch with the credentials and security
token of the binary, not the interpreter (e.g. setuid
bit)
|
| services.thinkfan.fans.*.query | The query string used to match one or more fans: can be
a fullpath to the temperature file (single fan) or a fullpath
to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
|
| boot.loader.limine.panicOnChecksumMismatch | Whether or not checksum validation failure should be a fatal
error at boot time.
|
| users.users.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchIface | interface name of the NetworkManager connection
|
| services.thinkfan.sensors.*.query | The query string used to match one or more sensors: can be
a fullpath to the temperature file (single sensor) or a fullpath
to a driver directory (multiple sensors).
When multiple sensors match, the query can be restricted using the
name or indices options.
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchUuid | UUID of the connection profile
UUIDs are assigned once on connection creation and should never change as long as the connection still applies to the same network.
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchId | connection id used by NetworkManager
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchType | NetworkManager connection type
The NetworkManager configuration settings reference roughly corresponds to connection types
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting | name of the setting section for which secrets are requested
|
| users.extraUsers.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.nghttpx.frontends.*.params.sni-fwd | When performing a match to select a backend server, SNI host
name received from the client is used instead of the request
host
|
| networking.nat.dmzHost | The local IP address to which all traffic that does not match any
forwarding rule is forwarded.
|
| services.system76-scheduler.assignments.<name>.matchers | Process matchers.
|
| services.actkbd.bindings.*.keys | List of keycodes to match.
|
| systemd.network.networks.<name>.name | The name of the network interface to match against.
|
| services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.journalwatch.filterBlocks.*.filters | The filters to apply on all messages which satisfy match
|
| services.actkbd.bindings.*.events | List of events to match.
|
| services.ndppd.proxies.<name>.rules | This is a rule that the target address is to match against
|
| services.thinkfan.fans.*.indices | A list of fans to pick in case multiple fans match the query.
|
| programs.captive-browser.dhcp-dns | The shell (/bin/sh) command executed to obtain the DHCP
DNS server address
|
| services.firewalld.zones.<name>.target | Action for packets that doesn't match any rules.
|
| nixpkgs.buildPlatform | Specifies the platform on which NixOS should be built
|
| services.oauth2-proxy.cookie.domain | Optional cookie domains to force cookies to (ie: .yourcompany.com)
|
| services.gemstash.settings | Configuration for Gemstash
|
| services.misskey.settings.url | The final user-facing URL
|
| services.spice-autorandr.enable | Whether to enable spice-autorandr service that will automatically resize display to match SPICE client window size.
|
| services.mx-puppet-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| services.libreswan.policies | A set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
|
| programs.zsh.autosuggestions.strategy | ZSH_AUTOSUGGEST_STRATEGY is an array that specifies how suggestions should be generated
|
| services.prometheus.remoteRead.*.required_matchers | An optional list of equality matchers which have to be
present in a selector to query the remote read endpoint.
|
| services.mautrix-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.thinkfan.sensors.*.indices | A list of sensors to pick in case multiple sensors match the query.
|
| services.multipath.devices.*.product | Regular expression to match the product name
|
| services.openafsClient.packages.module | OpenAFS kernel module package
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.matchers | Process matchers.
|
| services.graphite.carbon.blacklist | Any metrics received which match one of the expressions will be dropped.
|
| services.graphite.carbon.whitelist | Only metrics received which match one of the expressions will be persisted.
|
| services.ndppd.proxies.<name>.rules.<name>.network | This is the target address is to match against
|
| services.multipath.devices.*.revision | Regular expression to match the product revision
|
| virtualisation.oci-containers.containers.<name>.imageFile | Path to an image file to load before running the image
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| services.openafsClient.packages.programs | OpenAFS programs package
|
| services.usbguard.implicitPolicyTarget | How to treat USB devices that don't match any rule in the policy
|
| services.mautrix-signal.settings | config.yaml configuration as a Nix attribute set
|
| services.mautrix-telegram.settings | config.yaml configuration as a Nix attribute set
|
| services.slskd.settings.filters.search.request | Incoming search requests which match this filter are ignored.
|
| security.pam.services.<name>.kwallet.enable | If enabled, pam_wallet will attempt to automatically unlock the
user's default KDE wallet upon login
|
| services.ndppd.proxies.<name>.rules.<name>.method | static: Immediately answer any Neighbor Solicitation Messages
(if they match the IP rule).
iface: Forward the Neighbor Solicitation Message through the specified
interface and only respond if a matching Neighbor Advertisement
Message is received.
auto: Same as iface, but instead of manually specifying the outgoing
interface, check for a matching route in /proc/net/ipv6_route.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.background.matchers | Process matchers.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.matchers | Process matchers.
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.triggerhappy.bindings.*.event | Event to match.
|
| services.prometheus.exporters.rtl_433.ids.*.id | ID to match.
|
| services.cyrus-imap.imapdSettings.lmtpsocket | Unix socket that lmtpd listens on, used by deliver(8)
|
| services.grafana.settings.users.home_page | Path to a custom home page
|
| services.syncthing.settings | Extra configuration options for Syncthing
|
| services.triggerhappy.bindings.*.keys | List of keys to match
|
| services.mautrix-whatsapp.settings | config.yaml configuration as a Nix attribute set
|
| services.prometheus.exporters.rtl_433.ids.*.name | Name to match.
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| services.kanidm.provision.systems.oauth2.<name>.originUrl | The redirect URL of the service
|
| system.forbiddenDependenciesRegexes | POSIX Extended Regular Expressions that match store paths that
should not appear in the system closure, with the exception of system.extraDependencies, which is not checked.
|
| boot.binfmt.registrations.<name>.magicOrExtension | The magic number or extension to match on.
|
| nixpkgs.pkgs | If set, the pkgs argument to all NixOS modules is the value of
this option, extended with nixpkgs.overlays, if
that is also set
|
| services.angrr.settings.temporary-root-policies.<name>.path-regex | Regex pattern to match the GC root path.
|
| services.prometheus.exporters.postfix.group | Group under which the postfix exporter shall be run
|
| services.prometheus.exporters.rtl_433.ids.*.location | Location to match.
|
| services.prometheus.exporters.rtl_433.channels.*.name | Name to match.
|
| hardware.display.edid.linuxhw | Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID
Attribute names will be mapped to EDID filenames <NAME>.bin
|
| services.dendrite.settings.sync_api.search.language | The language most likely to be used on the server - used when indexing, to
ensure the returned results match expectations
|
| services.prometheus.exporters.rtl_433.channels.*.channel | Channel to match.
|
| services.prometheus.exporters.rtl_433.channels.*.location | Location to match.
|
| services.nghttpx.backends.*.params.redirect-if-not-tls | If true, a backend match requires the frontend connection be
TLS encrypted
|
| boot.initrd.availableKernelModules | The set of kernel modules in the initial ramdisk used during the
boot process
|
| services.grafana.settings.server.enforce_domain | Redirect to correct domain if the host header does not match the domain
|
| services.matrix-synapse.settings.dynamic_thumbnails | Whether to generate new thumbnails on the fly to precisely match
the resolution requested by the client
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_addrs | Local address(es) to use for IKE communication
|
| virtualisation.oci-containers.containers.<name>.ports | Network ports to publish from the container to the outer host
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out | Netfilter mark and mask for output traffic
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa | Whether to set mark_in on the inbound SA
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_in | Netfilter mark applied to packets after the inbound IPsec SA processed
them
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out | Whether to install outbound FWD IPsec policies or not
|
| services.journalwatch.filterBlocks | filterBlocks can be defined to blacklist journal messages which are not errors
|
| hardware.block.scheduler | Assign block I/O scheduler by device name pattern
|
| networking.dhcpcd.allowInterfaces | Enable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.docuum.keep | Prevents deletion of images for which repository:tag matches the specified regex.
|
| systemd.network.networks.<name>.DHCP | Whether to enable DHCP on the interfaces matched.
|