| options/home-manager/services.polybar.settings | Polybar configuration
|
| options/nixos/services.netbird.tunnels.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| options/nixos/services.netbird.clients.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| options/nixos/services.draupnir.secrets.pantalaimon.password | File containing the password for Draupnir's Matrix account when used in
conjunction with Pantalaimon to be used in place of
services.draupnir.settings.pantalaimon.password.
|
| options/home-manager/programs.openstackclient.publicClouds | Public information about clouds
|
| options/nixos/services.victoriatraces.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization
|
| options/nixos/services.grafana.provision.datasources.settings.prune | When true, provisioned datasources from this file will be deleted
automatically when removed from
services.grafana.provision.datasources.settings.datasources.
|
| options/nixos/services.prometheus.exporters.exportarr-prowlarr.apiKeyFile | File containing the api-key.
|
| options/nixos/services.grafana.provision.alerting.muteTimings.settings.apiVersion | Config file version.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cacert | Path to CA bundle file (PEM/X509)
|
| options/nixos/virtualisation.credentials.<name>.source | Source file on the host containing the credential data.
|
| options/nixos/services.woodpecker-agents.agents.<name>.environmentFile | File to load environment variables
from
|
| options/nixos/services.outline.oidcAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/documentation.man.mandoc.settings.output.man | A template for linked manuals (usually via the Xr macro) in HTML
output
|
| options/nixos/services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|
| options/nixos/services.grafana.provision.alerting.policies.settings.apiVersion | Config file version.
|
| options/nixos/virtualisation.libvirtd.qemu.verbatimConfig | Contents written to the qemu configuration file, qemu.conf
|
| options/nixos/services.matrix-appservice-irc.settings.ircService.mediaProxy.signingKeyPath | Path to the signing key file for authenticated media.
|
| options/home-manager/services.muchsync.remotes.<name>.local.checkForModifiedFiles | Check for locally modified files
|
| options/nixos/services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| options/nixos/services.nextcloud-spreed-signaling.backends.<name>.secretFile | The path to the file containing the value for backends.<name>.secret
|
| options/nixos/services.prometheus.exporters.kafka.environmentFile | File containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowAccessKeyFile | Path to the file with your personal api access string from the Ecoflow development website https://developer-eu.ecoflow.com
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowSecretKeyFile | Path to the file with your personal api secret string from the Ecoflow development website https://developer-eu.ecoflow.com
|
| options/nixos/services.displayManager.dms-greeter.compositor.customConfig | Custom compositor configuration to use for the greeter session
|
| options/nixos/services.grafana.provision.datasources.settings.apiVersion | Config file version.
|
| options/nixos/services.matrix-appservice-discord.environmentFile | File containing environment variables to be passed to the matrix-appservice-discord service,
in which secret tokens can be specified securely by defining values for
APPSERVICE_DISCORD_AUTH_CLIENT_I_D and
APPSERVICE_DISCORD_AUTH_BOT_TOKEN.
|
| options/nixos/services.prometheus.exporters.fastly.environmentFile | An environment file containg at least the FASTLY_API_TOKEN= environment
variable.
|
| options/nixos/services.outline.azureAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/services.slskd.settings.remote_file_management | Whether to enable modification of share contents through the web ui.
|
| options/nixos/security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| options/nixos/security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| options/home-manager/programs.khal.locale.default_timezone | Default for new events or if khal does not understand the timezone
in an ical file
|
| options/nixos/services.meilisearch.masterKeyEnvironmentFile | Path to file which contains the master key
|
| options/nixos/services.jellyfin.forceEncodingConfig | Whether to overwrite Jellyfin's encoding.xml configuration file on each service start
|
| options/nixos/services.grafana.provision.alerting.contactPoints.settings.apiVersion | Config file version.
|
| options/nixos/services.prometheus.exporters.collectd.collectdBinary.authFile | File mapping user names to pre-shared keys (passwords).
|
| options/nixos/boot.initrd.availableKernelModules | The set of kernel modules in the initial ramdisk used during the
boot process
|
| options/nixos/networking.resolvconf.dnsExtensionMechanism | Enable the edns0 option in resolv.conf
|
| options/home-manager/services.muchsync.remotes.<name>.remote.checkForModifiedFiles | Check for modified files on the remote side
|
| options/home-manager/accounts.contact.accounts.<name>.khard.addressbooks | If provided, each item on this list will generate an
entry on khard configuration file as a separate addressbook
(vdir)
|
| options/nixos/services.mautrix-discord.registrationServiceUnit | The registration service that generates the registration file
|
| options/nixos/services.prometheus.exporters.restic.environmentFile | File containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| options/nixos/services.outline.googleAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/services.grafana.provision.alerting.templates.settings.apiVersion | Config file version.
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| options/nixos/services.kubernetes.apiserver.serviceAccountSigningKeyFile | Path to the file that contains the current private key of the service
account token issuer
|
| options/nixos/services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| options/nixos/services.stash.settings.preview_segments | Number of segments in a preview file
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowPasswordFile | Path to the file with your personal ecoflow app login email password
|
| options/nixos/services.victoriametrics.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.veilid.settings.client_api.ipc_directory | IPC directory where file sockets are stored.
|
| options/nixos/services.outline.slackIntegration.verificationTokenFile | File path containing the verification token.
|
| options/nixos/networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| options/darwin/launchd.agents.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| options/nixos/services.kubernetes.controllerManager.serviceAccountKeyFile | Kubernetes controller manager PEM-encoded private RSA key file used to
sign service account tokens
|
| options/nixos/services.outline.discordAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in)
|
| options/home-manager/services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from
the parent directory (the directory it’s located in)
|
| options/nixos/services.opentelemetry-collector.validateConfigFile | Whether to enable Validate configuration file.
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| options/nixos/services.archisteamfarm.settings | The ASF.json file, all the options are documented here
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| options/nixos/services.mastodon.activeRecordEncryptionPrimaryKeyFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| options/nixos/services.akkoma.config.":web_push_encryption".":vapid_details".private_key | base64-encoded private ECDH key
|
| options/nixos/services.mautrix-telegram.environmentFile | File containing environment variables to be passed to the mautrix-telegram service,
in which secret tokens can be specified securely by defining values for e.g.
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN,
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN,
MAUTRIX_TELEGRAM_TELEGRAM_API_ID,
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH and optionally
MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN
|
| options/darwin/launchd.daemons.<name>.serviceConfig.inetdCompatibility.Wait | This flag corresponds to the "wait" or "nowait" option of inetd
|
| options/nixos/services.firezone.server.settingsSecret.COOKIE_ENCRYPTION_SALT | A file containing a unique base64 encoded secret for the
COOKIE_ENCRYPTION_SALT
|
| options/home-manager/programs.aerospace.launchd.enable | Configure the launchd agent to manage the AeroSpace process
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| options/nixos/services.prometheus.exporters.junos-czerwonk.environmentFile | File containing env-vars to be substituted into the exporter's config.
|
| options/nixos/services.kubernetes.apiserver.authorizationPolicy | Kubernetes apiserver authorization policy file
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| options/nixos/services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|
| options/nixos/services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| options/darwin/services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration
|
| options/nixos/services.icingaweb2.authentications | authentication.ini contents
|
| options/nixos/services.prometheus.exporters.tailscale.environmentFile | Environment file containg at least the TAILSCALE_TAILNET,
TAILSCALE_OAUTH_CLIENT_ID, and TAILSCALE_OAUTH_CLIENT_SECRET
environment variables.
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris | List of CRL distribution points (ldap, http, or file URI)
|
| options/nixos/services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowDevicesFile | File must contain one line, example: R3300000,R3400000,NC430000,...
|
| options/nixos/services.nextcloud-spreed-signaling.settings.sessions.hashkeyFile | The path to the file containing the value for sessions.hashkey
|
| options/nixos/services.gitlab.secrets.activeRecordDeterministicKeyFile | A file containing the secret used to encrypt some rails data in a deterministic way
in the DB
|
| options/home-manager/programs.ripgrep-all.custom_adapters.*.mimetypes | If not null and --rga-accurate is enabled, mime type matching is used instead of file name matching
|
| options/home-manager/programs.ripgrep-all.custom_adapters.*.extensions | The file extensions this adapter supports
|
| options/nixos/security.auditd.settings.space_left | If the free space in the filesystem containing log_file drops below this value, the audit daemon takes the action specified by
space_left_action
|
| options/nixos/services.xserver.displayManager.lightdm.greeters.gtk.indicators | List of allowed indicator modules to use for the lightdm gtk
greeter panel
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| options/darwin/homebrew.caskArgs.internet_plugindir | Target location for Internet Plugins
|
| options/nixos/services.prometheus.pushgateway.persistence.interval | The minimum interval at which to write out the persistence file.
null will default to 5m.
|
| options/nixos/services.nextcloud-spreed-signaling.settings.sessions.blockkeyFile | The path to the file containing the value for sessions.blockkey
|
| options/nixos/networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| options/home-manager/targets.darwin.defaults."com.apple.desktopservices".DSDontWriteUSBStores | Disable use of {file}`
|
| options/nixos/services.mautrix-meta.instances.<name>.registrationServiceUnit | The registration service that generates the registration file
|
| options/nixos/services.grafana.provision.dashboards.settings.providers.*.options.path | Path grafana will watch for dashboards
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| options/nixos/services.draupnir.secrets.web.synapseHTTPAntispam.authorization | File containing the secret token when using the Synapse HTTP Antispam module
to be used in place of
services.draupnir.settings.web.synapseHTTPAntispam.authorization
|
| options/nixos/virtualisation.lxd.recommendedSysctlSettings | Enables various settings to avoid common pitfalls when
running containers requiring many file operations
|