| security.googleOsLogin.enable | Whether to enable Google OS Login
|
| programs.dconf.profiles | Attrset of dconf profiles
|
| services.mpd.credentials.*.permissions | List of permissions that are granted with this password
|
| security.wrappers.<name>.permissions | The permissions of the wrapper program
|
| programs.schroot.profiles | Custom configuration profiles for schroot.
|
| services.g810-led.profile | Keyboard profile to apply at boot time
|
| services.hledger-web.allow | User's access level for changing data.
- view: view only permission.
- add: view and add permissions.
- edit: view, add, and edit permissions.
- sandstorm: permissions from the
X-Sandstorm-Permissions request header.
|
| services.mail.sendmailSetuidWrapper.permissions | The permissions of the wrapper program
|
| services.postfix-tlspol.settings.server.socket-permissions | Permissions to the UNIX socket, if configured.
Due to hardening on the systemd unit the socket can never be created world readable/writable.
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| programs.schroot.profiles.<name>.fstab | A file in the format described in fstab(5), used to mount filesystems inside the chroot
|
| security.acme.defaults.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| security.tpm2.fapi.profileName | Name of the default cryptographic profile chosen from the profile_dir directory.
|
| services.tuned.profiles | Profiles for TuneD
|
| services.oauth2-proxy.profileURL | Profile access endpoint.
|
| services.angrr.settings.profile-policies | Profile GC root policies.
|
| services.disnix.profiles | Names of the Disnix profiles to expose in the system's PATH
|
| programs.schroot.profiles.<name>.copyfiles | A list of files to copy into the chroot from the host system.
|
| services.autorandr.profiles.<name>.hooks | Profile hook scripts.
|
| services.autorandr.profiles.<name>.config | Per output profile configuration.
|
| security.tpm2.fapi.profileDir | Directory that contains all cryptographic profiles known to FAPI.
|
| security.apparmor.policies.<name>.profile | The profile file contents
|
| services.angrr.settings.profile-policies.<name>.keep-since | Retention period for the GC roots in this profile.
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| programs.wshowkeys.enable | Whether to enable wshowkeys (displays keypresses on screen on supported Wayland
compositors)
|
| services.angrr.settings.profile-policies.<name>.keep-latest-n | Keep the latest N GC roots in this profile.
|
| security.loginDefs.settings.TTYPERM | The terminal permissions: the login tty will be owned by the TTYGROUP group,
and the permissions will be set to TTYPERM
|
| services.autorandr.profiles | Autorandr profiles specification.
|
| services.tuned.ppdSettings.profiles | Map of PPD profiles to native TuneD profiles.
|
| environment.profiles | A list of profiles used to setup the global environment.
|
| services.asusd.profileConfig.text | Text of the file.
|
| services.asusd.profileConfig | The content of /etc/asusd/profile.ron
|
| services.syncoid.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| programs.schroot.profiles.<name>.nssdatabases | System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
|
| services.prometheus.remoteWrite.*.sigv4.profile | The named AWS profile used to authenticate.
|
| security.loginDefs.settings.TTYGROUP | The terminal permissions: the login tty will be owned by the TTYGROUP group,
and the permissions will be set to TTYPERM
|
| hardware.tuxedo-drivers.settings.charging-profile | The maximum charge level to help reduce battery wear:
high_capacity charges to 100% (driver default)balanced charges to 90%stationary charges to 80% (maximum lifespan)
Note: Regardless of the configured charging profile, the operating system will always report the battery as being charged to 100%.
|
| services.power-profiles-daemon.enable | Whether to enable power-profiles-daemon, a DBus daemon that allows
changing system behavior based upon user-selected power profiles.
|
| services.power-profiles-daemon.package | The power-profiles-daemon package to use.
|
| services.nextcloud.settings."profile.enabled" | Makes user-profiles globally available under nextcloud.tld/u/user.name
|
| services.qbittorrent.profileDir | the path passed to qbittorrent via --profile.
|
| services.crowdsec.localConfig.profiles | A list of profiles to enable
|
| services.asusd.profileConfig.source | Path of the source file.
|
| services.angrr.settings.profile-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.syncoid.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.autorandr.profiles.<name>.config.<name>.dpi | Output DPI configuration.
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.autorandr.profiles.<name>.config.<name>.mode | Output resolution.
|
| services.autorandr.profiles.<name>.config.<name>.rate | Output framerate.
|
| services.autorandr.profiles.<name>.config.<name>.scale.y | Vertical scaling factor/pixels.
|
| services.autorandr.profiles.<name>.config.<name>.scale.x | Horizontal scaling factor/pixels.
|
| services.autorandr.profiles.<name>.config.<name>.crtc | Output video display controller.
|
| environment.profileRelativeEnvVars | Attribute set of environment variable
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| services.autorandr.profiles.<name>.config.<name>.gamma | Output gamma configuration.
|
| services.angrr.settings.profile-policies.<name>.keep-current-system | Whether to keep the current system generation
|
| services.autorandr.profiles.<name>.config.<name>.enable | Whether to enable the output.
|
| services.autorandr.profiles.<name>.config.<name>.rotate | Output rotate configuration.
|
| services.autorandr.profiles.<name>.config.<name>.scale.method | Output scaling method.
|
| users.users.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.nice | Niceness.
|
| services.autorandr.profiles.<name>.hooks.preswitch | Preswitch hook executed before mode switch.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.prio | CPU scheduler priority.
|
| services.autorandr.profiles.<name>.config.<name>.primary | Whether output should be marked as primary
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.ioPrio | IO scheduler priority.
|
| services.autorandr.profiles.<name>.hooks.predetect | Predetect hook executed before autorandr attempts to run xrandr.
|
| services.autorandr.profiles.<name>.config.<name>.scale | Output scale configuration
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.class | CPU scheduler class.
|
| services.libinput.mouse.accelProfile | Sets the pointer acceleration profile to the given profile
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.ioClass | IO scheduler class.
|
| services.autorandr.profiles.<name>.config.<name>.position | Output position
|
| services.mysql.ensureUsers.*.ensurePermissions | Permissions to ensure for the user, specified as attribute set
|
| services.autorandr.profiles.<name>.hooks.postswitch | Postswitch hook executed after mode switch.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.matchers | Process matchers.
|
| services.hardware.lcd.server.usbPermissions | Set group-write permissions on a USB device
|
| services.memos.dataDir | Specifies the directory where Memos will store its data.
|
| networking.networkmanager.ensureProfiles.profiles | Declaratively define NetworkManager profiles
|
| services.mpd.dataDir | The directory where MPD stores its state, tag cache, playlists etc
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| users.extraUsers.<name>.createHome | Whether to create the home directory and ensure ownership as well as
permissions to match the user.
|
| services.autorandr.profiles.<name>.config.<name>.transform | Refer to
xrandr(1)
for the documentation of the transform matrix.
|
| services.libinput.touchpad.accelProfile | Sets the pointer acceleration profile to the given profile
|
| services.cfssl.dataDir | The work directory for CFSSL.
If left as the default value this directory will automatically be
created before the CFSSL server starts, otherwise you are
responsible for ensuring the directory exists with appropriate
ownership and permissions.
|
| services.caddy.logDir | Directory for storing Caddy access logs.
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise the sysadmin is responsible for
ensuring the directory exists with appropriate ownership and permissions.
|
| services.evremap.settings.phys | The physical device name to listen on
|
| services.autorandr.profiles.<name>.fingerprint | Output name to EDID mapping
|
| services.nomad.settings | Configuration for Nomad
|
| services.mysql.dataDir | The data directory for MySQL.
If left as the default value of /var/lib/mysql this directory will automatically be created before the MySQL
server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
|
| services.knot.enableXDP | Extends the systemd unit with permissions to allow for the use of
the eXpress Data Path (XDP).
Make sure to read up on functional limitations
when running in XDP mode.
|
| services.nats.dataDir | The NATS data directory
|
| services.zwave-js-ui.serialPort | Serial port for the Z-Wave controller
|
| security.sudo.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| services.node-red.userDir | The directory to store all user data, such as flow and credential files and all library data
|
| programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.profile | Named AWS profile used to connect to the API.
|
| services.amule.settings.eMule.IncomingDir | Directory where aMule moves completed downloads
|
| security.sudo-rs.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| services.grafana.settings.server.socket | Path where the socket should be created when protocol=socket
|