Secrets to append to the initrd

A list of files containing the various secrets

Secrets to run PeerTube

A list of files containing the various secrets

A list of paths to NNCP configuration files that should not be in the Nix store

A file containing the secrets for the dynamic DNS provider

A list of files containing the various secrets

File consisting of lines of the form varname=value to define variables for the wireless configuration

A file containing the secret used to encrypt secrets for OTP tokens

yaml file containing all secrets. this needs to be in the same structure as the configuration

A file containing the various secrets

Path of a file with extra environment variables to be loaded from disk

Path to file containing secrets for Pomerium, in systemd EnvironmentFile format

It is recommended you keep your secrets separate from the configuration

Sensitive configuration values such as passwords, API keys, and tokens

Secret files to read into entries in config.php

This is a small wrapper over systemd's LoadCredential

Default location for kubernetes secrets

A file containing the secret used to encrypt variables in the DB

A file containing the secret used to encrypt session keys

Attribute set of filesystem paths

A list of paths to IPSec secret files

File containing the access token for Draupnir's Matrix account to be used in place of services.draupnir.settings.accessToken.

The secret data used to encode the SRS address. to generate, use a command like: for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done

A file containing the secret used to encrypt variables in the DB

Secret keys used for signing and verification.

Path to the file containing the secret keys.

A list of files containing the various secrets

EAP secret section for a specific secret

Configuring authelia's secret files via the secrets attribute set is intended to be convenient and help catch cases where values are required to run at all

A file containing the salt for active record encryption in the DB

NTLM secret section for a specific secret

EAP secret section for a specific secret

Secrets like SECRET_KEY_BASE and BASIC_AUTH_PASSWORD should be passed to the service without adding them to the world-readable Nix store

Path to a JSON file containing secrets for effects

Path to a JSON file containing secrets for effects

A file containing the secret used to encrypt some rails data in the DB

Path to your JWT secret used during identity verificaton.

Private key decryption passphrase for a key in the rsa folder.

JSON file containing secret keys

Postquantum Preshared Key (PPK) section for a specific secret

IKE preshared secret section for a specific secret

Private key decryption passphrase for a key in the ecdsa folder.

Definition for a private key that's stored on a token/smartcard/TPM.

Private key decryption passphrase for a key in the pkcs8 folder.

Path to your HMAC secret used to sign OIDC JWTs.

File name in the rsa folder for which this passphrase should be used.

PKCS#12 decryption passphrase for a container in the pkcs12 folder.

PPK identity the PPK belongs to

Path to the API key to authenticate with a local CrowdSec API

Identity the EAP/XAuth secret belongs to

Optional slot number to access the token.

IKE identity the IKE preshared secret belongs to

File name in the ecdsa folder for which this passphrase should be used.

File name in the pkcs8 folder for which this passphrase should be used.

Private key decryption passphrase for a key in the private folder.

Identity the NTLM secret belongs to

Value of decryption passphrase for RSA key.

A list of secrets to provide to NetworkManager by reading their values from configured files

Path to your session secret

TLS certificates are obtained by modules called "certificate loaders"

Optional PIN required to access the key on the token

File name in the pkcs12 folder for which this passphrase should be used.

Identity the EAP/XAuth secret belongs to

Value of decryption passphrase for ECDSA key.

Value of decryption passphrase for PKCS#8 key.

Path to file that contains LDAP password for user in {option}`ldap.username

Path to your private key file used to encrypt OIDC JWTs.

Optional PKCS#11 module name to access the token.

File name in the private folder for which this passphrase should be used.

Hex-encoded CKA_ID or handle of the private key on the token or TPM, respectively.

Value of decryption passphrase for PKCS#12 container.

Value of the EAP/XAuth secret

Value of the IKE preshared secret

Value of the PPK

Value of decryption passphrase for private key.

Value of the EAP/XAuth secret

File containing the password for Draupnir's Matrix account when used in conjunction with Pantalaimon to be used in place of services.draupnir.settings.pantalaimon.password.

Value of the NTLM secret, which is the NT Hash of the actual secret, that is, MD4(UTF-16LE(secret))

Path to your storage encryption key.

Specify SSH host keys to import into the initrd

name of the setting section for which secrets are requested

A file containing the secret used to encrypt some rails data in a deterministic way in the DB

File containing the secret token when using the Synapse HTTP Antispam module to be used in place of services.draupnir.settings.web.synapseHTTPAntispam.authorization

The nm-file-secret-agent package to use.

key in the setting section for which this entry provides a value

file from which the secret value is read

Options for Bookstack configuration

whether leading and trailing whitespace should be stripped from the files content before being passed to NetworkManager

interface name of the NetworkManager connection

UUID of the connection profile

UUIDs are assigned once on connection creation and should never change as long as the connection still applies to the same network.

connection id used by NetworkManager

NetworkManager connection type

The NetworkManager configuration settings reference roughly corresponds to connection types

Configuration options for cross-seed

Path to file containing environment variables

Settings to configure wiki-js

Environment file as defined in systemd.exec(5)

Path to file that contains Client ID.

A YAML file containing secrets such as database or user passwords

Path to file containing environment variables

The name of a systemd user service that must complete before the rclone configuration file is written

Whether to initialise non‐existent secrets with random values

Credentials envs used to configure Stalwart secrets

Environment variables to pass to the n8n service

Path to file that contains Client Secret.

Credentials envs used to configure Stalwart-Mail secrets

Path to configuration file

Environment variables to set for the service

.env settings for Movim

Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}

evcc configuration as a Nix attribute set

An attribute set of remote configurations

YAML settings for maubot

Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}

Environment file to be passed to the systemd service

Environment file to be passed to the systemd service

A file containing secrets as environment variables

Base directory for custom templates and other options

Extra environment files to pass to all Dawarich services

Additional prosody configuration

The generated file is processed by envsubst to allow secrets to be passed securely via environment variables.

Extra environment files to pass to all mastodon services

Path to the Django secret key

Path to the Django secret key

NNCP configuration, see http://www.nncpgo.org/Configuration.html

Extra environment files to pass to DocuSeal services

Group for hg.sr.ht

Allows loading of public environment variables, these are emitted to the log so it shouldn't contain secrets.

The primary patroni configuration

Group for man.sr.ht

Group for git.sr.ht

Group for hub.sr.ht

.env settings for Pixelfed

Path to a JSON file containing settings that will be merged with the settings option

Group for todo.sr.ht

Group for meta.sr.ht

Environment variables to set for the service

Attribute set of arbitrary config options

Attribute set of arbitrary config options

Attribute set of arbitrary config options

File containing the Flask secret key

Additional configuration for MicroBin, see https://microbin.eu/docs/installation-and-configuration/configuration/ for supported values

A list of paths to extra steps files

Additional configuration for wastebin, see https://github.com/matze/wastebin#usage for supported values

Group for paste.sr.ht

Group for lists.sr.ht

Group for pages.sr.ht

Path to config file to parse and append to settings

This can be used to pass secrets to the systemd service without adding them to the nix store.

Additional configuration for transfer-sh, see https://github.com/dutchcoders/transfer.sh#usage-1 for supported values

LiveKit key file holding one or multiple application secrets

Path to the file containing your secret pleroma configuration.

DO NOT POINT THIS OPTION TO THE NIX STORE, the store being world-readable, it'll compromise all your secrets.

Configuration settings for the generated config file

Renovate's global configuration

Credentials envs used to configure nomad secrets.

A file for storing secrets

Attribute set of arbitrary config options

IMAP authentication configuration for rspamd-trainer

Database url

Group for builds.sr.ht

Static settings set in the config.toml, see https://github.com/knadh/listmonk/blob/master/config.toml.sample for details

Environment file to inject e.g. secrets into the configuration.

Path of a file containing secrets (gpg passphrase, access key...) in the format of EnvironmentFile as described by systemd.exec(5)

Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}

Config files to merge into the settings defined in services.olivetin.settings

The primary synapse configuration

Apply configurations for pianobar via key/value attributes

Attribute set of arbitrary config options

Attribute set of arbitrary config options

Environment file for specifying additional settings such as secrets

Environment variables to set for the service

Attrset that is converted and passed as config file

Environment variables to set for the service

Additional environment variables to provide to authelia

File with environment variables to pass into the runtime environment

Override default chart values via Nix expressions

Path to a file containing sensitive environment as described in {manpage}`systemd.exec(5)

Override default chart values via Nix expressions

Path to file containing environment variables

Generates the conduit.toml configuration file

A list of paths to extra settings files

Allowed users and their secrets

YAML file to merge into the schleuder config at runtime

Your configuration.yaml as a Nix attribute set

Environment file to be passed to the systemd service

File to load as environment file

File to load as environment file

Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}

Files containing additional config environment variables for gotify-server

Path to an environment file loaded for the tsidp service

Extra config files to include

Path to file containing sensitive environment variables

Environment variables made available to Patroni as files content, useful for providing secrets from files.

Environment file to be passed to the systemd service

Environment file to be passed to the systemd service

LiveKit key file holding one or multiple application secrets

Settings serialized into user-data/conf.yml before build

A file including Invidious settings

config.xml configuration as a Nix attribute set

Path to a file containing extra ntfy environment variables in the systemd EnvironmentFile format

Environment file to be passed to the systemd service

Path to environment file

Path to environment file

Files to load environment variables from in addition to services.chhoto-url.settings

Environment file (see systemd.exec(5) "EnvironmentFile=" section for the syntax) passed to the service

File containing env-vars to be substituted into the final config

Settings serialized into config.yml before build

Files to load environment variables from (in addition to services.zipline.settings)

File to load as environment file

This can be used to pass secrets to the systemd service without adding them to the nix store

Environment file to be passed to the systemd service

Environment file to inject e.g. secrets into the configuration

File to load as the environment file

List of paths to files containing environment variables for Sharkey to use at runtime

Environment variables which are loaded from the contents of the specified file paths

Files containing additional environment variables to pass to Stirling PDF

Attribute set containing paths to files to add to the environment of linkwarden

Path to an EnvironmentFile for the monero service as defined in systemd.exec(5)

Extra settings in the form of a set of key-value pairs

Path to an environment-file which may contain secrets.

Path to file containing the secret key base

Environment file as defined in systemd.exec(5)

State directory (secrets, work directory, etc) for agent

State directory (secrets, work directory, etc) for agent

If set the URL specified in bitcoin.rpc.url will get the content of this file added as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com

Additional environment file as defined in systemd.exec(5)

File to load as environment file

Path to an environment file to be loaded

Environment variables which are loaded from the contents of files at a file paths, mainly used for secrets

Files to load environment variables from in addition to services.glitchtip.settings

An environment file as defined in systemd.exec(5)

An environment file as defined in systemd.exec(5)

Known homeservers

File to load environment variables from

File containing environment variables to substitute in the configuration before starting Traccar

Use this option to configure advanced authentication methods like EAP

Environment file as defined in systemd.exec(5)

Shared folder list

Regular configuration options as described in rclone's documentation https://rclone.org/docs/

List of paths files that follows systemd environmentfile structure

The configuration file for OpenVPN.

Path to a file containing extra paperless config options in the systemd EnvironmentFile format

Configuration for the rclone remote being used for backup

Environment file (see systemd.exec(5) "EnvironmentFile=" section for the syntax) passed to the service

File to load environment variables from

Settings to configure backend server

File to load environment variables from

The path to an environment file that contains environment variables to pass to the homepage-dashboard service, for the purpose of passing secrets to the service

File containing environment variables to substitute when copying the configuration out of Nix store to the services.mautrix-discord.dataDir

Environment file as defined in systemd.exec(5)

Path of a file with extra environment variables to be loaded from disk

Path to an environment file loaded for the rmfakecloud service

Path to a file containing extra LubeLogger config options in the systemd EnvironmentFile format

Environment file as defined in systemd.exec(5)

Environment file as defined in systemd.exec(5)

The environment hook will run before all other commands, and can be used to set up secrets, data, etc

This is the default directory to look for statically configured secrets like cluster-join-token.key

This is the default directory to look for statically configured secrets like cluster-join-token.key

The hash algorithm to use for passwords and API keys

File to load environment variables from

Environment file as defined in systemd.exec(5)

File to load as environment file

Custom environment variables injected to build environment

Additional environment file as defined in systemd.exec(5)

Custom environment variables injected to build environment

Config files to merge into the settings defined in services.prometheus.alertmanager-ntfy.settings

File to load as environment file

Files to load as an environment file just before Traefik starts

File containing environment variables to substitute when copying the configuration out of Nix store to the services.mautrix-meta.dataDir

Additional environment file or files as defined in systemd.exec(5)

Environment file as defined in systemd.exec(5)

Configuration for the rclone remote being used for backup

Environment variables which are read by healthchecks (local)_settings.py

File containing additional config environment variables for alertmanager-gotify-bridge

Environment variables which are read by healthchecks (local)_settings.py

Environment variables to set for the service

EnvironmentFile as defined in systemd.exec(5)

Environment file as defined in systemd.exec(5)

The shared secret used to compute passwords for the TURN server

Secret key used as a base to generate further secrets for encrypting and signing data

Environment file as defined in systemd.exec(5)

Secret key for authentication tokens

The read permissions to include for this token

The read permissions to include for this token

The API server addresses

If set, allows registration by anyone who also has the shared secret, even if registration is otherwise disabled

Whether to include the parameters as meta labels

Use a weak secret