| options/nixos/services.onlyoffice.postgresUser | The username OnlyOffice should use to connect to Postgresql
|
| options/home-manager/programs.irssi.networks.<name>.saslExternal | Enable SASL external authentication
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| options/nixos/services.openafsServer.enable | Whether to enable the OpenAFS server
|
| options/home-manager/accounts.calendar.accounts.<name>.remote.userName | User name for authentication.
|
| options/nixos/services.keycloak.database.host | Hostname of the database to connect to
|
| options/nixos/services.kubernetes.kubelet.clientCaFile | Kubernetes apiserver CA file for client authentication.
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_name | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys | List of raw public key candidates to use for
authentication
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| options/nixos/services.slurm.rest.environment.SLURM_JWT | This variable must be set to use JWT token authentication.
|
| options/nixos/services.limesurvey.database.socket | Path to the unix socket file to use for authentication.
|
| options/home-manager/programs.nheko.settings | Attribute set of Nheko preferences (converted to an INI file)
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id | Server side EAP-Identity to expect in the EAP method
|
| options/nixos/boot.initrd.luks.devices.<name>.yubikey.iterationStep | How much the iteration count for PBKDF2 is increased at each successful authentication.
|
| options/nixos/programs._1password-gui.polkitPolicyOwners | A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
|
| options/nixos/security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|
| options/nixos/services.pixelfed.database.createLocally | Whether to enable a local database using UNIX socket authentication.
|
| options/nixos/services.wordpress.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| options/nixos/services.graylog.rootPasswordSha2 | You MUST specify a hash password for the root user (which you only need to initially set up the
system and in case you lose connectivity to your authentication backend)
This password cannot be changed using the API or via the web interface
|
| options/nixos/services.mysql.galeraCluster.clusterPassword | Optional password for securing cluster communications
|
| options/nixos/services.scrutiny.settings.web.influxdb.token | Authentication token for connecting to InfluxDB.
|
| options/nixos/services.chatgpt-retrieval-plugin.bearerTokenPath | Path to the secret bearer token used for the http api authentication.
|
| options/nixos/services.guacamole-client.settings | Configuration written to guacamole.properties.
The Guacamole web application uses one main configuration file called
guacamole.properties
|
| options/home-manager/programs.ssh.matchBlocks.<name>.identitiesOnly | Specifies that ssh should only use the authentication
identity explicitly configured in the
~/.ssh/config files or passed on the
ssh command-line, even if ssh-agent
offers more identities.
|
| options/home-manager/programs.swaylock.enable | Whether to enable swaylock
|
| options/nixos/services.kubernetes.apiserver.tokenAuthFile | Kubernetes apiserver token authentication file
|
| options/nixos/services.kubernetes.apiserver.basicAuthFile | Kubernetes apiserver basic authentication file
|
| options/nixos/services.canaille.settings.CANAILLE.SMTP | SMTP configuration
|
| options/nixos/services.gitlab-runner.services.<name>.runUntagged | Register to run untagged builds; defaults to
true when tagList is empty
|
| options/nixos/networking.wireless.fallbackToWPA2 | Whether to fall back to WPA2 authentication protocols if WPA3 failed
|
| options/home-manager/programs.senpai.config.password-cmd | Alternatively to providing your SASL authentication password
directly in plaintext, you can specify a command to be run to
fetch the password at runtime
|
| options/home-manager/programs.sbt.credentials.*.passwordCommand | The command that provides the password or authentication token for
the repository.
|
| options/nixos/networking.wireless.networks.<name>.psk | The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw with an external
reference to keep it safe.
Mutually exclusive with pskRaw.
|
| options/nixos/services.prometheus.exporters.nut.nutUser | The user to log in into NUT server
|
| options/nixos/services.anuko-time-tracker.settings.email.smtpPasswordFile | Path to file containing the MTA authentication password.
|
| options/nixos/services.grafana.settings.smtp.password | Password used for authentication
|
| options/nixos/services.umami.createPostgresqlDatabase | Whether to automatically create the database for Umami using PostgreSQL
|
| options/nixos/services.gitlab-runner.services.<name>.protected | When set to true Runner will only run on pipelines
triggered on protected branches
|
| options/nixos/services.onlyoffice.postgresPasswordFile | Path to a file that contains the password OnlyOffice should use to connect to Postgresql
|
| options/nixos/services.prometheus.exporters.ipmi.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.unique | Connection uniqueness policy to enforce
|
| options/nixos/services.listmonk.database.settings.smtp.*.tls_type | Type of TLS authentication with the SMTP server
|
| options/nixos/services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| options/home-manager/accounts.email.accounts.<name>.mujmap.settings.username | Username for basic HTTP authentication
|
| options/nixos/services.roundcube.database.passwordFile | Password file for the postgresql connection
|
| options/nixos/services.sourcehut.settings."git.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| options/nixos/services.grafana.settings.server.root_url | This is the full URL used to access Grafana from a web browser
|
| options/nixos/services.mosquitto.listeners.*.omitPasswordAuth | Omits password checking, allowing anyone to log in with any user name unless
other mandatory authentication methods (eg TLS client certificates) are configured.
|
| options/nixos/services.sourcehut.settings."meta.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| options/nixos/services.kerberos_server.enable | Whether to enable the kerberos authentication server.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.eap | EAP secret section for a specific secret
|
| options/home-manager/programs.irssi.networks.<name>.server.ssl.certificateFile | Path to a file containing the certificate used for
client authentication to the server.
|
| options/nixos/services.sourcehut.settings."pages.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| options/nixos/services.dependency-track.settings."alpine.ldap.enabled" | Defines if LDAP will be used for user authentication
|
| options/nixos/services.suwayomi-server.settings.server.basicAuthEnabled | Whether to enable basic access authentication for Suwayomi-Server
|
| options/nixos/services.dependency-track.settings."alpine.oidc.enabled" | Defines if OpenID Connect will be used for user authentication
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ntlm | NTLM secret section for a specific secret
|
| options/nixos/services.outline.oidcAuthentication.scopes | OpenID authentication scopes.
|
| options/nixos/services.outline.oidcAuthentication.clientId | Authentication client identifier.
|
| options/nixos/services.hercules-ci-agent.settings.clusterJoinTokenPath | Location of the cluster-join-token.key file
|
| options/darwin/services.hercules-ci-agent.settings.clusterJoinTokenPath | Location of the cluster-join-token.key file
|
| options/nixos/services.dysnomia.enableAuthentication | Whether to publish privacy-sensitive authentication credentials
|
| options/nixos/services.outline.slackAuthentication.clientId | Authentication key.
|
| options/nixos/virtualisation.podman.networkSocket.tls.cacert | Path to CA certificate to use for client authentication.
|
| options/nixos/services.firefox-syncserver.database.createLocally | Whether to create database and user on the local machine if they do not exist
|
| options/nixos/services.outline.azureAuthentication.clientId | Authentication client identifier.
|
| options/nixos/services.prometheus.remoteRead.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.cloudflare-ddns.credentialsFile | Path to a file containing the Cloudflare API authentication token
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.macAcl | Station MAC address -based authentication
|
| options/nixos/services.prometheus.exporters.pgbouncer.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| options/nixos/services.outline.googleAuthentication.clientId | Authentication client identifier.
|
| options/nixos/services.prometheus.remoteWrite.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.outline.slackAuthentication.secretFile | File path containing the authentication secret.
|
| options/nixos/services.outline.oidcAuthentication.displayName | Display name for OIDC authentication.
|
| options/nixos/services.mattermost.database.fromEnvironment | Use services.mattermost.environmentFile to configure the database instead of writing the database URI
to the Nix store
|
| options/nixos/services.outline.discordAuthentication.clientId | Authentication client identifier.
|
| options/nixos/services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.remoteWrite.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.openssh.settings.AuthorizedPrincipalsFile | Specifies a file that lists principal names that are accepted for certificate authentication
|
| options/nixos/services.outline.oidcAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/services.outline.azureAuthentication.resourceAppId | Authentication application resource ID.
|
| options/nixos/services.prometheus.scrapeConfigs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| options/nixos/services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_id | The project_id and project_name fields are optional for the Identity V2 API
|
| options/nixos/services.outline.azureAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/virtualisation.podman.networkSocket.enable | Make the Podman and Docker compatibility API available over the network
with TLS client certificate authentication
|
| options/nixos/services.outline.googleAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/services.prometheus.scrapeConfigs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| options/nixos/services.magnetico.web.credentialsFile | The path to the file holding the credentials to access the web
interface
|
| options/nixos/services.outline.discordAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_name | The project_id and project_name fields are optional for the Identity V2 API
|
| options/nixos/services.openssh.settings.PasswordAuthentication | Specifies whether password authentication is allowed.
|
| options/nixos/services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| options/nixos/services.prometheus.exporters.artifactory.artiAccessToken | Access token for authentication against JFrog Artifactory API
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| options/nixos/services.prometheus.exporters.artifactory.artiPassword | Password for authentication against JFrog Artifactory API
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|