| services.asusd.profileConfig.text | Text of the file.
|
| systemd.units.<name>.text | Text of this systemd unit.
|
| systemd.user.units.<name>.text | Text of this systemd unit.
|
| services.asusd.animeConfig.text | Text of the file.
|
| services.asusd.asusdConfig.text | Text of the file.
|
| services.rspamd.locals.<name>.text | Text of the file.
|
| services.asusd.fanCurvesConfig.text | Text of the file.
|
| services.asusd.userLedModesConfig.text | Text of the file.
|
| services.asusd.auraConfigs.<name>.text | Text of the file.
|
| programs.neovim.runtime.<name>.text | Text of the file.
|
| environment.etc.<name>.text | Text of the file.
|
| boot.initrd.systemd.contents.<name>.text | Text of the file.
|
| services.murmur.textMsgLength | Max length of text messages
|
| services.sympa.settingsFile.<name>.text | Text of the file.
|
| security.pam.services.<name>.text | Contents of the PAM service file.
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| systemd.shutdownRamfs.contents.<name>.text | Text of the file.
|
| services.filebeat.modules | Filebeat modules provide a quick way to get started
processing common log formats
|
| services.prometheus.scrapeConfigs.*.label_name_length_limit | Per-scrape limit on length of labels name that will be accepted for a sample
|
| services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| services.bacula-sd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-fd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-sd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| services.davis.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.slskd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.movim.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.snipe-it.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.akkoma.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fluidd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.gancio.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.monica.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.matomo.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.kanboard.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.dolibarr.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.librenms.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.agorakit.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fediwall.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.pixelfed.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.mainsail.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.radicle.httpd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.anuko-time-tracker.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bookstack.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.zabbixWeb.nginx.virtualHost.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.jirafeau.nginxConfig.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.airsonic.contextPath | The context path, i.e., the last part of the Airsonic
URL
|
| services.subsonic.contextPath | The context path, i.e., the last part of the Subsonic
URL
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| networking.tempAddresses | Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces._name_.tempAddress
|
| services.nncp.daemon.socketActivation.listenStreams | TCP sockets to bind to
|
| services.murmur.welcometext | Welcome message for connected clients.
|
| services.syncthing.overrideFolders | Whether to delete the folders which are not configured via the
folders option
|
| services.limesurvey.nginx.virtualHost.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.crowdsec.localConfig.contexts | A list of additional contexts to specify
|
| services.tor.settings.WarnPlaintextPorts | See torrc manual.
|
| services.sourcehut.settings."hg.sr.ht".srhtext | Path to the srht mercurial extension
(defaults to where the hgsrht code is)
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| services.sharkey.settings.fulltextSearch.provider | Which provider to use for full text search
|
| services.misskey.reverseProxy.webserver.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.tor.settings.RejectPlaintextPorts | See torrc manual.
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.umurmur.settings.welcometext | Welcome message for connected clients.
|
| nix.extraOptions | Additional text appended to nix.conf.
|
| boot.plymouth.font | Font file made available for displaying text on the splash screen.
|
| services.nextcloud.settings.mail_send_plaintext_only | Email will be sent by default with an HTML and a plain text body
|
| programs.vim.enable | Whether to enable Vi IMproved, an advanced text editor.
|
| programs.nano.enable | Whether to enable nano, a small user-friendly console text editor.
|
| services.ntp.extraConfig | Additional text appended to ntp.conf.
|
| services.dae.config | WARNING: This option will expose store your config unencrypted world-readable in the nix store
|
| security.sudo.extraConfig | Extra configuration text appended to sudoers.
|
| programs.xonsh.config | Extra text added to the end of /etc/xonsh/xonshrc,
the system-wide control file for xonsh.
|
| security.sudo-rs.extraConfig | Extra configuration text appended to sudoers.
|
| services.vault.extraConfig | Extra text appended to vault.hcl.
|
| services.grafana.settings.users.login_hint | Text used as placeholder text on login page for login/username input.
|
| services.davis.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.solanum.motd | Solanum MOTD text
|
| services.snipe-it.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.athens.basicAuthPass | Password for basic auth
|
| boot.loader.grub.splashImage | Background image used for GRUB
|
| programs.ssh.extraConfig | Extra configuration text prepended to ssh_config
|
| security.doas.extraConfig | Extra configuration text appended to doas.conf
|
| services.agate.language | RFC 4646 Language code for text/gemini documents.
|
| services.gitweb.extraConfig | Verbatim configuration text appended to the generated gitweb.conf file.
|
| services.gancio.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.basicAuth | Basic Auth protection for a vhost
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.teeworlds.motd | The server's message of the day text.
|
| services.monero.banlist | Path to a text file containing IPs to block
|
| programs.tsmClient.dsmSysText | This configuration key contains the effective text
of the client system-options file "dsm.sys"
|
| services.syncplay.motdFile | Path to text to display when users join
|
| services.moodle.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| services.weblate.extraConfig | Text to append to settings.py Weblate configuration file.
|
| services.athens.storage.gcp.jsonKey | Base64 encoded GCP service account key
|
| services.athens.githubToken | Creates .netrc file with the given token to be used for GitHub
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| services.syncplay.motd | Text to display when users join
|
| services.athens.storage.s3.token | Token for the S3 storage backend
|
| services.syslogd.extraConfig | Additional text appended to syslog.conf,
i.e. the contents of defaultConfig.
|
| services.xonotic.appendConfig | Literal text to insert at the end of server.cfg.
|
| services.openntpd.extraConfig | Additional text appended to openntpd.conf.
|
| services.jitsi-meet.extraConfig | Text to append to config.js web application config file
|
| services.radicle.httpd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.athens.storage.s3.secret | Secret key for the S3 storage backend
|
| services.charybdis.motd | Charybdis MOTD text
|
| services.librenms.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.agorakit.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.kanboard.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.fediwall.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.pixelfed.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.snmpd.configText | The contents of the snmpd.conf
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| services.terraria.messageOfTheDay | Set the server message of the day text.
|
| services.xonotic.prependConfig | Literal text to insert at the start of server.cfg.
|
| services.rsyslogd.extraConfig | Additional text appended to syslog.conf,
i.e. the contents of defaultConfig.
|
| services.athens.storage.minio.secret | Secret key for the minio storage backend
|
| services.athens.index.mysql.password | Password for the MySQL database
|
| services.lavalink.password | The password for Lavalink's authentication in plain text.
|
| boot.loader.grub.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the account
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.cloudlog.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| services.greetd.useTextGreeter | Whether the greeter uses text-based user interfaces (For example, tuigreet)
|
| services.anuko-time-tracker.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.vault.listenerExtraConfig | Extra text appended to the listener section.
|
| services.postfix.enableSmtp | Whether to enable the smtp service configured in the master.cf
|
| services.bookstack.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.bird-lg.frontend.navbar.allServers | Text of 'All server' button in the navigation bar.
|
| services.sogo.configReplaces | Replacement-filepath mapping for sogo.conf
|
| services.zitadel.settings.TLS.Key | The TLS certificate private key, as a base64-encoded string
|
| services.zabbixWeb.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| services.zitadel.settings.TLS.Cert | The TLS certificate, as a base64-encoded string
|
| services.xonotic.settings.sv_motd | Text displayed when players join the server.
|
| boot.loader.grub.timeoutStyle |
menu shows the menu.countdown uses a text-mode countdown.hidden hides GRUB entirely
|
| services.prometheus.alertmanager.configText | Alertmanager configuration as YAML text
|
| services.mediawiki.extraConfig | Any additional text to be appended to MediaWiki's
LocalSettings.php configuration file
|
| services.nginx.virtualHosts.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.jirafeau.nginxConfig.basicAuth | Basic Auth protection for a vhost
|
| services.postgrey.greylistText | Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient
|
| services.gitwatch.<name>.message | Optional text to use in as commit message; all occurrences of %d will be replaced by formatted date/time
|
| services.athens.index.postgres.password | Password for the Postgres database
|
| services.athens.singleFlight.redis.password | Password for the redis server
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.prometheus.configText | If non-null, this option defines the text that is written to
prometheus.yml
|
| services.suricata.settings.stats | Engine statistics such as packet counters, memory use counters and others can be logged in several ways
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.immich.database.enableVectorChord | Whether to enable the new VectorChord extension for full-text search in Postgres.
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services._3proxy.usersFile | Load users and passwords from this file
|
| services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.vsftpd.userDbPath | Only applies if enableVirtualUsers is true
|
| programs.tsmClient.servers.<name>.inclexcl | Text lines with include.* and exclude.* directives
to be used when sending files to the IBM TSM server,
or an absolute path pointing to a file with such lines.
|
| documentation.doc.enable | Whether to install documentation distributed in packages' /share/doc
|
| services.hylafax.userAccessFile | The hosts.hfaxd
file entry in the spooling area
will be symlinked to the location given here
|
| services.komodo-periphery.passkeys | Passkeys required to access the periphery API
|
| services.athens.storage.azureblob.accountKey | Account key for the Azure Blob storage backend
|
| networking.tcpcrypt.enable | Whether to enable opportunistic TCP encryption
|
| services.limesurvey.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.nitter.preferences.bidiSupport | Support bidirectional text (makes clicking on tweets harder).
|
| services.wordpress.sites.<name>.extraConfig | Any additional text to be appended to the wp-config.php
configuration file
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.karakeep.meilisearch.enable | Enable Meilisearch and configure Karakeep to use it
|
| services.pinnwand.settings.paste_help | Raw HTML help text shown in the header area.
|
| services.misskey.reverseProxy.webserver.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| environment.wordlist.lists | A set with the key names being the environment variable you'd like to
set and the values being a list of paths to text documents containing
lists of words
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dendrite.settings.sync_api.search.enabled | Whether to enable Dendrite's full-text search engine.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.loader.limine.style.graphicalTerminal.foreground | Text foreground color (RRGGBB).
|
| boot.loader.limine.style.graphicalTerminal.background | Text background color (TTRRGGBB)
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.vault.extraSettingsPaths | Configuration files to load besides the immutable one defined by the NixOS module
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mastodon.elasticsearch.host | Elasticsearch host
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| services.postfix.enableSubmission | Whether to enable the `submission` service configured in master.cf
|
| boot.loader.limine.style.graphicalTerminal.brightForeground | Text foreground bright color (RRGGBB).
|
| boot.loader.limine.style.graphicalTerminal.brightBackground | Text background bright color (RRGGBB).
|
| services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| services.athens.singleFlight.redisSentinel.sentinelPassword | Password for the sentinel server
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wyoming.faster-whisper.servers.<name>.initialPrompt | Optional text to provide as a prompt for the first window
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| documentation.man.mandoc.settings.output.indent | Number of blank characters at the left margin for normal text,
default of 5 for mdoc(7) and 7 for
man(7)
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.prometheus.exporters.pve.environmentFile | Path to the service's environment file
|
| services.grafana.provision.alerting.templates.settings.templates.*.template | Alerting with a custom text template
|
| services.prometheus.exporters.idrac.configurationPath | Path to the service's config file
|
| services.prometheus.exporters.mail.configuration.servers | List of servers that should be probed.
Note: if your mailserver has rspamd(8) configured,
it can happen that emails from this exporter are marked as spam
|
| services.jellyfin.transcoding.enableSubtitleExtraction | Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|