| options/nixos/services.warpgate.settings.external_host | Configure the domain name of this Warpgate instance
|
| options/nixos/services.victoriatraces.basicAuthUsername | Basic Auth username used to protect VictoriaTraces instance by authorization
|
| options/nixos/security.apparmor.enable | Whether to enable the AppArmor Mandatory Access Control system
|
| options/nixos/services.pufferpanel.environment | Environment variables to set for the service
|
| options/nixos/services.prometheus.exporters.snmp.environmentFile | EnvironmentFile as defined in systemd.exec(5)
|
| options/nixos/services.prometheus.exporters.php-fpm.environmentFile | Environment file as defined in systemd.exec(5)
|
| options/nixos/services.matrix-continuwuity.settings.global.port | The port(s) continuwuity will be running on
|
| options/nixos/services.victoriatraces.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization
|
| options/nixos/services.public-inbox.settings.publicinbox.nntpserver | NNTP URLs to this public-inbox instance
|
| options/nixos/services.public-inbox.settings.publicinbox.imapserver | IMAP URLs to this public-inbox instance
|
| options/nixos/services.public-inbox.settings.publicinbox.pop3server | POP3 URLs to this public-inbox instance
|
| options/nixos/boot.loader.generic-extlinux-compatible.enable | Whether to generate an extlinux-compatible configuration file
under /boot/extlinux.conf
|
| options/nixos/services.biboumi.settings.xmpp_server_ip | The IP address to connect to the XMPP server on
|
| options/nixos/services.parsedmarc.provision.grafana.datasource | Whether the automatically provisioned Elasticsearch
instance should be added as a grafana datasource
|
| options/darwin/services.jankyborders.active_color | Sets the border color for the focused window (format: 0xAARRGGBB)
|
| options/nixos/programs.captive-browser.browser | The shell (/bin/sh) command executed once the proxy starts
|
| options/nixos/services.victoriametrics.basicAuthUsername | Basic Auth username used to protect VictoriaMetrics instance by authorization
|
| options/nixos/services.prometheus.exporters.deluge.exportPerTorrentMetrics | Enable per-torrent metrics
|
| options/nixos/services.jitsi-videobridge.nat.harvesterAddresses | Addresses of public STUN services to use to automatically find
the public and local addresses of this Jitsi-Videobridge instance
without the need for manual configuration
|
| options/nixos/services.gitea.settings.service.DISABLE_REGISTRATION | By default any user can create an account on this gitea instance
|
| options/nixos/services.prometheus.exporters.postgres.environmentFile | Environment file as defined in systemd.exec(5)
|
| options/nixos/services.parsedmarc.provision.elasticsearch | Whether to set up and use a local instance of Elasticsearch.
|
| options/nixos/services.reposilite.settings.compressionStrategy | Compression algorithm used by this instance of Reposilite.
none reduces usage of CPU & memory, but requires transfering more data.
|
| options/nixos/services.victoriametrics.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization
|
| options/nixos/services.matrix-synapse.settings.turn_shared_secret | The shared secret used to compute passwords for the TURN server
|
| options/nixos/services.prometheus.alertmanager-ntfy.settings.ntfy.baseurl | The base URL of the ntfy.sh instance.
|
| options/nixos/services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".secret_key_base | Secret key used as a base to generate further secrets for encrypting and
signing data
|
| options/nixos/services.redsocks.redsocks.*.redirectCondition | Conditions to make outbound packets go through this redsocks
instance
|
| options/nixos/services.mobilizon.settings.":mobilizon"."Mobilizon.Web.Endpoint".url.host | Your instance's hostname for generating URLs throughout the app
|
| options/nixos/services.prometheus.exporters.ecoflow.ecoflowDevicesFile | File must contain one line, example: R3300000,R3400000,NC430000,...
|
| options/nixos/services.pipewire.wireplumber.extraConfig | Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
supported way to run WirePlumber configured via extraConfig)
|
| options/nixos/services.maubot.settings.server.plugin_base_path | The base path for plugin endpoints
|
| options/nixos/services.matrix-synapse.settings.macaroon_secret_key | Secret key for authentication tokens
|
| options/nixos/virtualisation.docker.rootless.setSocketVariable | Point DOCKER_HOST to rootless Docker instance for
normal users by default.
|
| options/nixos/services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.region | The AWS Region
|
| options/nixos/networking.usePredictableInterfaceNames | Whether to assign predictable names to network interfaces
|
| options/nixos/services.healthchecks.settings.REGISTRATION_OPEN | A boolean that controls whether site visitors can create new accounts
|
| options/nixos/services.transmission.performanceNetParameters | Whether to enable tweaking of kernel parameters
to open many more connections at the same time
|
| options/nixos/services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters | Filters can be used optionally to filter the instance list by other criteria.
|
| options/nixos/services.matrix-conduit.settings.global.database_backend | The database backend for the service
|
| options/nixos/services.prometheus.scrapeConfigs.*.gce_sd_configs.*.filter | Filter can be used optionally to filter the instance list by other
criteria Syntax of this filter string is described here in the filter
query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list.
|
| options/nixos/virtualisation.tpm.provisioning | Script to provision the TPM before control is handed off to the VM.
TPM2TOOLS_TCTI will be provided to configure tpm2-tools to use the
swtpm instance transparently.
TCTI is also provided as a generic value, consumer is expected to
re-export it however it may need (TPM2OPENSSL_TCTI, TPM2_PKCS11_TCTI,
...).
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.readPermissions | The read permissions to include for this token
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|
| options/nixos/services.prometheus.scrapeConfigs.*.honor_labels | Controls how Prometheus handles conflicts between labels
that are already present in scraped data and labels that
Prometheus would attach server-side ("job" and "instance"
labels, manually configured target labels, and labels
generated by service discovery implementations)
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in | XFRM interface ID set on inbound policies/SA
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out | XFRM interface ID set on outbound policies/SA
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out | Netfilter mark and mask for output traffic
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| options/nixos/services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.role | Role of the targets to retrieve
|
| options/nixos/services.prometheus.scrapeConfigs.*.gce_sd_configs.*.tag_separator | The tag separator used to separate concatenated GCE instance network tags
|
| options/nixos/services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.api_server | The API server addresses
|
| options/nixos/services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.region | The AWS region
|
| options/nixos/services.matrix-synapse.settings.registration_shared_secret | If set, allows registration by anyone who also has the shared
secret, even if registration is otherwise disabled
|
| options/nixos/services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|
| options/nixos/services.prometheus.scrapeConfigs.*.gce_sd_configs.*.refresh_interval | Refresh interval to re-read the cloud instance list
|
| options/nixos/services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tag_separator | The string by which Linode Instance tags are joined into the tag label
|
| options/nixos/services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.include_parameters | Whether to include the parameters as meta labels
|
| options/nixos/services.prometheus.scrapeConfigs.*.azure_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.all_tenants | Whether the service discovery should list all instances for all projects
|
| options/nixos/services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.refresh_interval | Refresh interval to re-read the instance list
|
| options/nixos/services.maubot.settings.plugin_databases.postgres_max_conns_per_plugin | Maximum number of connections per plugin instance.
|
| packages/nixpkgs/ks | Command-line secrets manager powered by macOS keychains |
| packages/nixpkgs/bws | Bitwarden Secrets Manager CLI |
| packages/nixpkgs/vault-bin | Tool for managing secrets, this binary includes the UI |
| packages/nixpkgs/kubeseal | Kubernetes controller and tool for one-way encrypted Secrets |
| packages/nixpkgs/sops | Simple and flexible tool for managing secrets |
| packages/nixpkgs/ots | Share end-to-end encrypted secrets with others via a one-time URL |
| packages/nixpkgs/senv | Friends don't let friends leak secrets on their terminal window |
| packages/nixpkgs/vault | Tool for managing secrets |
| packages/nixpkgs/argocd-vault-plugin | Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets |
| packages/nixpkgs/proton-pass-cli | Command-line interface for managing your Proton Pass vaults, items, and secrets |
| packages/nixpkgs/cliqr | Transfer, share data & secrets via console qr codes |
| packages/nixpkgs/ejson | Small library to manage encrypted secrets using asymmetric encryption |
| packages/nixpkgs/decoder | "secrets" decoding for FRITZ!OS devices |
| packages/nixpkgs/summon | CLI that provides on-demand secrets access for common DevOps tools |
| packages/nixpkgs/ragenix | Age-encrypted secrets for NixOS, drop-in replacement for agenix |
| packages/nixpkgs/paper-age | Easy and secure paper backups of secrets |
| packages/nixpkgs/go-secdump | Tool to remotely dump secrets from the Windows registry |
| packages/nixpkgs/nms | A command line tool that recreates the famous data decryption
effect seen in the 1992 movie Sneakers.
|
| packages/nixpkgs/pulumi-esc | Pulumi ESC (Environments, Secrets, and Configuration) for cloud applications and infrastructure |
| packages/nixpkgs/teller | Cloud native secrets management for developers |
| packages/nixpkgs/tilt | Local development tool to manage your developer instance when your team deploys to Kubernetes in production |
| packages/nixpkgs/berglas | Tool for managing secrets on Google Cloud |
| packages/nixpkgs/doppler | Official CLI for interacting with your Doppler Enclave secrets and configuration |
| packages/nixpkgs/chamber | Tool for managing secrets by storing them in AWS SSM Parameter Store |
| packages/nixpkgs/entropy | Tool to scan your codebase for high entropy lines, which are often secrets |
| packages/nixpkgs/tartufo | Tool to search through git repositories for high entropy strings and secrets |
| packages/nixpkgs/jsluice | Tool for extracting URLs, paths, secrets, and other data from JavaScript source code |
| packages/nixpkgs/vault-medusa | Cli tool for importing and exporting Hashicorp Vault secrets |
| packages/nixpkgs/github-to-sops | Tool for managing infrastructure secrets in git repositories using SOPS and GitHub SSH keys |
| packages/nixpkgs/gitleaks | Scan git repos (or files) for secrets |
| packages/nixpkgs/qui | Modern alternative webUI for qBittorrent, with multi-instance support |
| packages/nixpkgs/apkleaks | Scanning APK file for URIs, endpoints and secrets |
| packages/nixpkgs/whispers | Tool to identify hardcoded secrets in static structured text |
| packages/nixpkgs/ggshield | Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations |
| packages/nixpkgs/gnome-keyring | Collection of components in GNOME that store secrets, passwords, keys, certificates and make them available to applications |
| packages/nixpkgs/dismember | Tool to scan memory for secrets |
| packages/nixpkgs/snac2 | Simple, minimalistic ActivityPub instance (2.x, C) |