| options/nixos/services.fcgiwrap.instances.<name>.socket.address | Socket address
|
| options/nixos/services.zeronsd.servedNetworks.<name>.settings.token | Path to a file containing the API Token for ZeroTier Central.
|
| options/nixos/services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| options/nixos/services.openssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| options/darwin/networking.wg-quick.interfaces.<name>.privateKeyFile | Path to file containing this interface's private key.
|
| options/nixos/services.multipath.devices.*.product | Regular expression to match the product name
|
| options/nixos/services.klipper.firmwares.<name>.klipperFlashPackage | Path to the built klipper-flash package.
|
| options/home-manager/programs.claude-code.rules | Modular rule files for Claude Code
|
| options/home-manager/programs.neomutt.sidebar.shortPath | By default sidebar shows the full path of the mailbox, but
with this enabled only the relative name is shown.
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| options/nixos/services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/home-manager/programs.obsidian.defaultSettings.extraFiles.<name>.source | Path of the source file or directory.
|
| options/nixos/services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| options/nixos/services.authelia.instances.<name>.secrets.jwtSecretFile | Path to your JWT secret used during identity verificaton.
|
| options/nixos/services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| options/home-manager/programs.obsidian.defaultSettings.extraFiles.<name>.target | Path to target relative to the vault's directory.
|
| options/home-manager/programs.vscode.profiles.<name>.keybindings | Keybindings written to Visual Studio Code's
keybindings.json
|
| options/home-manager/accounts.contact.accounts.<name>.vdirsyncer.tokenFile | A file path where access tokens are stored.
|
| options/home-manager/accounts.contact.accounts.<name>.vdirsyncer.verify | Null or path to certificate to verify SSL against
|
| options/nixos/services.vault-agent.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| options/nixos/services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| options/nixos/services.atuin.path | A path to prepend to all the routes of the server.
|
| options/home-manager/accounts.contact.accounts.<name>.vdirsyncer.authCert | Either a path to a certificate with a client certificate and
the key or a list of paths to the files with them.
|
| options/nixos/services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| options/nixos/services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| options/nixos/services.nextcloud-spreed-signaling.backends.<name>.secretFile | The path to the file containing the value for backends.<name>.secret
|
| options/nixos/virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| options/nixos/services.btrbk.instances.<name>.snapshotOnly | Whether to run in snapshot only mode
|
| options/home-manager/accounts.contact.accounts.<name>.vdirsyncer.postHook | Command to call for each item creation and modification
|
| options/home-manager/programs.obsidian.vaults.<name>.settings.cssSnippets.*.source | Path of the source file.
|
| options/nixos/services.dysnomia.containers | An attribute set in which each key represents a container and each value an attribute set providing its configuration properties
|
| options/nixos/services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| options/nixos/services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| options/nixos/services.tlsrpt.reportd.settings.dbname | Path to the sqlite database.
|
| options/nixos/services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| options/nixos/services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| options/nixos/services.printing.cups-pdf.instances.<name>.settings.AnonDirName | path for anonymously created PDF files
|
| options/home-manager/programs.claude-code.commands | Custom commands for Claude Code
|
| options/nixos/services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration with runner registration
tokens
|
| options/nixos/services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.verify | Null or path to certificate to verify SSL against
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.tokenFile | A file path where access tokens are stored.
|
| options/nixos/services.armagetronad.servers.<name>.package | The armagetronad-dedicated package to use
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.authCert | Either a path to a certificate with a client certificate and
the key or a list of paths to the files with them.
|
| options/nixos/services.nginx.virtualHosts.<name>.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| options/nixos/services.fedimintd.<name>.nginx.config.sslCertificate | Path to server SSL certificate.
|
| options/darwin/launchd.agents.<name>.serviceConfig.QueueDirectories | Much like the WatchPaths option, this key will watch the paths for modifications
|
| options/nixos/services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| options/home-manager/accounts.calendar.accounts.<name>.vdirsyncer.postHook | Command to call for each item creation and modification
|
| options/nixos/services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| options/home-manager/programs.irssi.networks.<name>.server.ssl.certificateFile | Path to a file containing the certificate used for
client authentication to the server.
|
| options/nixos/services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| options/nixos/services.fedimintd.<name>.nginx.config.sslCertificateKey | Path to server SSL certificate key.
|
| options/home-manager/services.podman.settings.containers | containers.conf configuration
|
| options/nixos/services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| options/nixos/services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| options/nixos/boot.kernelPatches | A list of additional patches to apply to the kernel
|
| options/nixos/boot.uki.name | Name of the UKI
|
| options/darwin/launchd.daemons.<name>.serviceConfig.QueueDirectories | Much like the WatchPaths option, this key will watch the paths for modifications
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.caPool | Path to the certificate authority (CA) for the certificate of your origin
|
| options/home-manager/programs.gemini-cli.context | An attribute set of context files to create in ~/.gemini/
|
| options/darwin/launchd.user.agents.<name>.serviceConfig.QueueDirectories | Much like the WatchPaths option, this key will watch the paths for modifications
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.basicSecretFile | The basic secret to use for this service
|
| options/nixos/services.authelia.instances.<name>.secrets.sessionSecretFile | Path to your session secret
|
| options/nixos/services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|
| options/home-manager/services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|
| options/darwin/networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | Optional, path to file containing the pre-shared key for this peer.
|
| options/nixos/services.consul-template.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| options/nixos/virtualisation.containers.enable | This option enables the common /etc/containers configuration module.
|
| options/nixos/services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| options/nixos/virtualisation.containers.containersConf.cniPlugins | CNI plugins to install on the system.
|
| options/nixos/services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| options/nixos/services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df | Whether to copy the DF bit to the outer IPv4 header in tunnel mode
|
| options/nixos/virtualisation.containers.containersConf.settings | containers.conf configuration
|
| options/nixos/boot.loader.grub.mirroredBoots.*.path | The path to the boot directory where GRUB will be written
|
| options/home-manager/accounts.email.accounts.<name>.smtp.tls.certificatesFile | Path to file containing certificate authorities that should
be used to validate the connection authenticity
|
| options/home-manager/accounts.email.accounts.<name>.imap.tls.certificatesFile | Path to file containing certificate authorities that should
be used to validate the connection authenticity
|
| options/nixos/users.users.<name>.name | The name of the user account
|
| options/darwin/users.users.<name>.name | The name of the user account
|
| options/nixos/services.angrr.settings.temporary-root-policies.<name>.filter.program | Path to the external filter program.
|
| options/home-manager/xresources.path | Path where Home Manager should link the {file}`
|
| options/nixos/services.udev.path | Packages added to the PATH environment variable when
executing programs from Udev rules.
coreutils, gnu{sed,grep}, util-linux and config.systemd.package are
automatically included.
|
| options/nixos/services.fedimintd.<name>.nginx.config.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| options/nixos/services.angrr.settings.temporary-root-policies.<name>.priority | Priority of this policy
|
| options/nixos/virtualisation.fileSystems.<name>.overlay.workdir | The path to the workdir
|
| options/nixos/services.invoiceplane.sites.<name>.invoiceTemplates | List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| options/home-manager/gtk.font.name | The family name of the font within the package.
|
| options/darwin/services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| options/nixos/services.wyoming.faster-whisper.servers.<name>.model | Name of the voice model to use
|
| options/nixos/systemd.services.<name>.confinement.packages | Additional packages or strings with context to add to the closure of
the chroot
|
| options/nixos/services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| options/nixos/virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| options/nixos/services.archisteamfarm.bots.<name>.passwordFile | Path to a file containing the password
|
| options/nixos/services.radicle.ci.adapters.native.instances.<name>.runtimePackages | Packages added to the adapter's PATH.
|
| options/nixos/services.tftpd.path | Where the tftp server files are stored.
|
| options/nixos/virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| options/nixos/services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes | List of path prefixes to ignore
|
| options/nixos/services.bacula-sd.autochanger.<name>.changerCommand | The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula
|