| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saeAddToMacAllow | If set, all sae password entries that have a non-wildcard MAC associated to
them will additionally be used to populate the MAC allow list
|
| options/nixos/services.prometheus.remoteWrite.*.basic_auth.password | HTTP password
|
| options/nixos/services.prometheus.remoteWrite.*.basic_auth.username | HTTP username
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.preferShortUsername | Use 'name' instead of 'spn' in the preferred_username claim
|
| options/nixos/services.librenms.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.agorakit.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.cachix-watch-store.cachixTokenFile | Required file that needs to contain the cachix auth token.
|
| options/nixos/services.fluidd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.akkoma.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.gancio.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.dolibarr.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.kanboard.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.fediwall.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.matomo.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.tailscaleAuth.package | The tailscale-nginx-auth package to use.
|
| options/nixos/services.mainsail.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.monica.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.pixelfed.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.prometheus.scrapeConfigs.*.azure_sd_configs.*.authentication_method | The authentication method, either OAuth or ManagedIdentity
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris | List of OCSP URIs
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| options/nixos/services.authelia.instances.<name>.settings.log.keep_stdout | Whether to also log to stdout when a file_path is defined.
|
| options/nixos/services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| options/nixos/services.draupnir.secrets.web.synapseHTTPAntispam.authorization | File containing the secret token when using the Synapse HTTP Antispam module
to be used in place of
services.draupnir.settings.web.synapseHTTPAntispam.authorization
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|
| options/nixos/services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| options/nixos/services.freeciv.settings.Guests | Whether to enable guests to login if auth is enabled.
|
| options/nixos/services.radicle.httpd.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.removeOrphanedClaimMaps | Whether claim maps not specified here but present in kanidm should be removed from kanidm.
|
| options/nixos/services.nextcloud.settings.mail_smtpauth | This depends on mail_smtpmode
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret | Value of the EAP/XAuth secret
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id | If this attribute is given with non-zero length, it will set the password identifier
for this entry
|
| options/nixos/services.prometheus.scrapeConfigs.*.basic_auth.username | HTTP username
|
| options/nixos/services.prometheus.scrapeConfigs.*.basic_auth.password | HTTP password
|
| options/nixos/services.anuko-time-tracker.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.nginx.virtualHosts.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile | Sets the password for WPA-PSK
|
| options/nixos/services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| options/nixos/services.bookstack.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.nginx.tailscaleAuth.enable | Whether to enable tailscale.nginx-auth, to authenticate nginx users via tailscale.
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac | If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff),
the entry is available for any station (client) to use
|
| options/nixos/services.authelia.instances.<name>.settings.telemetry.metrics.enabled | Enable Metrics.
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.pk | If this attribute is given, SAE-PK will be enabled for this connection
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.vlanid | If this attribute is given, all clients using this entry will get tagged with the given VLAN ID.
|
| options/home-manager/accounts.email.accounts.<name>.aerc.imapOauth2Params.client_secret | The OAuth2 client secret.
|
| options/home-manager/accounts.email.accounts.<name>.aerc.smtpOauth2Params.client_secret | The OAuth2 client secret.
|
| options/nixos/services.authelia.instances.<name>.settings.telemetry.metrics.address | The address to listen on for metrics
|
| options/nixos/services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_emails | List of emails to allow access to this vhost, or null to allow all.
|
| options/nixos/services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| options/nixos/services.kanboard.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.librenms.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.dolibarr.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.agorakit.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.fediwall.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.mainsail.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.pixelfed.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.jirafeau.nginxConfig.basicAuth | Basic Auth protection for a vhost
|
| packages/nixpkgs/python312Packages.gotrue | Python Client Library for Supabase Auth |
| options/nixos/services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| options/nixos/services.authelia.instances.<name>.environmentVariables | Additional environment variables to provide to authelia
|
| options/nixos/services.zabbixWeb.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords | Sets allowed passwords for WPA3-SAE
|
| options/nixos/services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.auth_token_file | Optional authentication information for token-based authentication:
https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token
It is mutually exclusive with auth_token and other authentication mechanisms.
|
| options/nixos/services.radicle.httpd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.freeciv.settings.Newusers | Whether to enable new users to login if auth is enabled.
|
| options/home-manager/accounts.email.accounts.<name>.aerc.imapOauth2Params.token_endpoint | The OAuth2 token endpoint.
|
| options/home-manager/accounts.email.accounts.<name>.aerc.smtpOauth2Params.token_endpoint | The OAuth2 token endpoint.
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects | Allow localhost redirects
|
| options/nixos/services.anuko-time-tracker.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.mongodb.initialRootPasswordFile | Path to the file containing the password for the root user if auth is enabled.
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id | Client XAuth username used in the XAuth exchange.
|
| options/nixos/services.sabnzbd.settings.misc.inet_exposure | Restrictions for access from non-local IP addresses
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.id | A unique identifier for this authentication token
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| options/nixos/services.bookstack.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.passwordFile | The password for this entry, read from the given file when starting hostapd
|
| options/nixos/services.nginx.tailscaleAuth.virtualHosts | A list of nginx virtual hosts to put behind tailscale.nginx-auth
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| options/nixos/services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.plausible.mail.smtp.passwordFile | The path to the file with the password in case SMTP auth is enabled.
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|
| options/nixos/services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.allAccess | Grants all permissions in the associated organization.
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.tokenFile | The token value
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| options/nixos/services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| options/nixos/services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| options/nixos/services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| options/nixos/services.jirafeau.nginxConfig.basicAuthFile | Basic Auth password file for a vhost
|
| packages/nixpkgs/passh | Sshpass alternative for non-interactive ssh auth |
| options/nixos/services.postgresql.identMap | Defines the mapping from system users to database users
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| options/nixos/services.prometheus.remoteRead.*.basic_auth.password_file | HTTP password file
|
| options/nixos/services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| options/nixos/services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|