| users.users.<name>.password | Specifies the (clear text) password for the user
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| users.mysql.passwordFile | The path to the file containing the password for the user
|
| services.bcg.mqtt.password | MQTT server access password.
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.cntlm.password | Proxy account password
|
| services.ebusd.mqtt.password | The MQTT password.
|
| services.terraria.password | Sets the server password
|
| services.murmur.password | Required password to join server, if specified.
|
| services.honk.passwordFile | Password for admin account
|
| services.bacula-dir.password | Specifies the password that must be supplied for a Director.
|
| services.tt-rss.email.password | SMTP authentication password used when sending outgoing mail.
|
| services.akkoma.initDb.password | Password of the database user to initialise the database with
|
| services.monero.rpc.password | Password for RPC connections.
|
| services.send.redis.passwordFile | The path to the file containing the Redis password
|
| services.ttyd.passwordFile | File containing the password to use for basic http authentication
|
| boot.zfs.passwordTimeout | Timeout in seconds to wait for password entry for decrypt at boot
|
| services.yandex-disk.password | Your yandex.com password
|
| services.jupyter.password | Password to use with notebook
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| services.coturn.cli-password | CLI access password
|
| services.munge.password | The path to a daemon's secret key.
|
| services.ncps.cache.redis.password | Redis password for authentication (for Redis ACL).
|
| services.lavalink.password | The password for Lavalink's authentication in plain text.
|
| services.icecast.admin.password | Password used for all administration functions.
|
| boot.loader.grub.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the account
|
| services.omnom.passwordFile | File containing the password for the SMTP user.
|
| services.tt-rss.database.password | The database user's password.
|
| services.anki-sync-server.users.*.password | Password accepted by anki-sync-server for the associated username.
WARNING: This option is not secure
|
| services.syncplay.passwordFile | Path to the file that contains the server password
|
| services.biboumi.settings.password | The password used to authenticate the XMPP component to your XMPP server
|
| services.teeworlds.password | Password to connect to the server.
|
| services.wakapi.passwordSalt | The password salt to use for Wakapi.
|
| services.nntp-proxy.users.<name>.passwordHash | SHA-512 password hash (can be generated by
mkpasswd -m sha-512 <password>)
|
| services.coder.database.password | Password for accessing the database.
|
| services.stash.passwordFile | Path to file containing password for login.
|
| users.mysql.pam.passwordCrypt | The method to encrypt the user's password:
0 (or "plain"):
No encryption
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| services.athens.index.mysql.password | Password for the MySQL database
|
| services.namecoind.rpc.password | Password for RPC connections.
|
| services.gammu-smsd.backend.sql.password | User password used for connection to the database
|
| services.db-rest.redis.passwordFile | Path to a file containing the redis password.
|
| services.snipe-it.mail.passwordFile | A file containing the password corresponding to
mail.user.
|
| services.wakapi.passwordSaltFile | The path to a file containing the password salt to use for Wakapi.
|
| services.hans.server.passwordFile | File that contains password
|
| users.ldap.bind.passwordFile | The path to a file containing the credentials to use when binding
to the LDAP server (if not binding anonymously).
|
| services.siproxd.passwordFile | Path to per-user password file.
|
| services.gitea.database.password | The password corresponding to database.user
|
| services.cassandra.jmxRoles.*.password | Password for JMX
|
| services.monica.mail.passwordFile | A file containing the password corresponding to
|
| services.roundcube.database.password | Password for the postgresql connection
|
| services.podgrab.passwordFile | The path to a file containing the PASSWORD environment variable
definition for Podgrab's authentication.
|
| services.kasmweb.postgres.password | password to use for the postgres database.
|
| services.umurmur.settings.password | Required password to join server, if specified.
|
| services.selfoss.database.password | The database user's password (has no effect if type is "sqlite").
|
| services.hqplayerd.auth.password | Password used for HQPlayer's WebUI
|
| services.freshrss.passwordFile | Password for the defaultUser for FreshRSS.
|
| services.outline.smtp.passwordFile | File path containing the password to authenticate with.
|
| services.pgadmin.emailServer.passwordFile | Password for SMTP email account
|
| services.iodine.server.passwordFile | File that contains password
|
| networking.ucarp.passwordFile | File containing shared password between CARP hosts.
|
| services.ncps.cache.redis.passwordFile | File containing the redis password for authentication (for Redis ACL).
|
| services.shadowsocks.password | Password for connecting clients.
|
| services.hans.clients.<name>.passwordFile | File that contains password
|
| services.factorio.password | Your factorio.com login credentials
|
| services.gitlab.smtp.passwordFile | File containing the password of the SMTP server for GitLab
|
| services.athens.index.postgres.password | Password for the Postgres database
|
| services.athens.singleFlight.redis.password | Password for the redis server
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.factorio.game-password | Game password
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.tt-rss.database.passwordFile | The database user's password.
|
| services.netbird.server.coturn.password | The password of the user used by netbird to connect to the coturn server
|
| services.ddclient.passwordFile | A file containing the password or a TSIG key in named format when using the nsupdate protocol.
|
| services.misskey.redis.passwordFile | The path to a file containing the Redis password
|
| services.peertube.smtp.passwordFile | Password for smtp server.
|
| services.shadowsocks.passwordFile | Password file with a password for connecting clients.
|
| services.weblate.smtp.passwordFile | Location of a file containing the SMTP password
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.dawarich.smtp.passwordFile | Path to file containing the SMTP password.
|
| services.mastodon.smtp.passwordFile | Path to file containing the SMTP password.
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.redsocks.redsocks.*.password | Password to send to proxy
|
| services.openvpn.servers.<name>.authUserPass.password | The password to store inside the credentials file.
|
| services.znc.confOptions.networks.<name>.password | IRC server password, such as for a Slack gateway.
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.infinoted.passwordFile | File to read server-wide password from
|
| services.agorakit.mail.passwordFile | A file containing the password corresponding to
|
| services.peertube.redis.passwordFile | Password for redis database.
|
| services.gns3-server.auth.passwordFile | A file containing the password to access the GNS3 Server.
This should be a string, not a nix path, since nix paths
are copied into the world-readable nix store.
|
| services.lanraragi.passwordFile | A file containing the password for LANraragi's admin interface.
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.mediawiki.passwordFile | A file containing the initial password for the administrator account "admin".
|
| services.sympa.database.passwordFile | A file containing the password for services.sympa.database.name.
|
| services.mastodon.redis.passwordFile | A file containing the password for Redis database.
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.gitea.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.snipe-it.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.anki-sync-server.users.*.passwordFile | File containing the password accepted by anki-sync-server for
the associated username
|
| services.mediawiki.passwordSender | Contact address for password reset.
|
| services.mqtt2influxdb.mqtt.password | MQTT password
|
| services.zammad.database.passwordFile | A file containing the password for services.zammad.database.user.
|
| services.inadyn.settings.custom.<name>.password | Password for this DDNS provider
|
| services.bookstack.mail.passwordFile | A file containing the password corresponding to
mail.user.
|
| services.moodle.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.photoprism.passwordFile | Admin password file.
|
| services.monica.database.passwordFile | A file containing the password corresponding to
|
| services.mpdscribble.passwordFile | File containing the password for the mpd daemon
|
| services.grafana.settings.smtp.password | Password used for authentication
|
| services.zabbixWeb.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.cjdns.UDPInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.cjdns.ETHInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| services.lanraragi.redis.passwordFile | A file containing the password for LANraragi's Redis server.
|
| services.forgejo.database.passwordFile | A file containing the password corresponding to
services.forgejo.database.user.
|
| services.redmine.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.misskey.database.passwordFile | The path to a file containing the database password
|
| services.rkvm.client.settings.password | Shared secret token to authenticate the client
|
| services.rkvm.server.settings.password | Shared secret token to authenticate the client
|
| services.plausible.mail.smtp.passwordFile | The path to the file with the password in case SMTP auth is enabled.
|
| services.zabbixProxy.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.nominatim.database.passwordFile | Password file used for Nominatim database connection
|
| services.kapacitor.defaultDatabase.password | The password to connect to the remote InfluxDB server
|
| services.kimai.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.inadyn.settings.provider.<name>.password | Password for this DDNS provider
|
| services.dolibarr.database.passwordFile | Database password file.
|
| services.peertube.database.passwordFile | Password for PostgreSQL database.
|
| services.discourse.redis.passwordFile | File containing the Redis password
|
| services.netbird.server.coturn.passwordFile | The path to a file containing the password of the user used by netbird to connect to the coturn server.
|
| services.cloudlog.database.passwordFile | MySQL user password file.
|
| services.firezone.server.smtp.passwordFile | File containing the password for the given username
|
| services.mattermost.database.password | Password for local Mattermost database user
|
| services.discourse.admin.passwordFile | A path to a file containing the admin user's password
|
| services.jitsi-meet.videobridge.passwordFile | File containing password to the Prosody account for videobridge
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| services.dawarich.database.passwordFile | A file containing the password corresponding to services.dawarich.database.user.
|
| services.mastodon.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.zabbixServer.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.wasabibackend.rpc.password | RPC password for the bitcoin endpoint
|
| services.agorakit.database.passwordFile | A file containing the password corresponding to
|
| services.parsedmarc.settings.imap.password | The IMAP server password
|
| services.parsedmarc.settings.smtp.password | The SMTP server password
|
| services.mqtt2influxdb.influxdb.password | Password for InfluxDB login
|
| services.drupal.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.bitmagnet.settings.postgres.password | Password for database user
|
| services.mpd.credentials.*.passwordFile | Path to file containing the password.
|
| services.castopod.database.passwordFile | A file containing the password corresponding to
services.castopod.database.user
|
| services.anuko-time-tracker.database.passwordFile | Database user password file.
|
| services.bitcoind.<name>.rpc.users.<name>.passwordHMAC | Password HMAC-SHA-256 for JSON-RPC connections
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.invidious.database.passwordFile | Path to file containing the database password.
|
| services.grafana.settings.database.password | The database user's password (not applicable for sqlite3)
|
| services.librenms.database.passwordFile | A file containing the password for the user of the MySQL/MariaDB server
|
| services.bookstack.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.mediawiki.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.prometheus.exporters.pihole.password | The password to login into Pi-Hole
|
| services.keycloak.database.passwordFile | The path to a file containing the database password
|
| services.graylog.passwordSecret | You MUST set a secret to secure/pepper the stored user passwords here
|
| services.microbin.passwordFile | Path to file containing environment variables
|
| services.userborn.passwordFilesLocation | The location of the original password files
|
| services.sourcehut.settings.mail.smtp-password | Outgoing SMTP password.
|
| services.zoneminder.database.password | Username for accessing the database
|
| services.paperless.passwordFile | A file containing the superuser password
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.prometheus.remoteRead.*.basic_auth.password | HTTP password
|
| services.szurubooru.database.passwordFile | A file containing the password for the PostgreSQL user.
|
| services.discourse.database.passwordFile | File containing the Discourse database user password
|
| services.filesender.database.passwordFile | A file containing the password corresponding to
services.filesender.database.user.
|
| services.limesurvey.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| services.epgstation.database.passwordFile | A file containing the password for the database named
database.name.
|
| services.prometheus.remoteWrite.*.basic_auth.password | HTTP password
|
| services.mjolnir.pantalaimon.passwordFile | File containing the matrix password for the mjolnir user.
|
| services.reposilite.database.passwordFile | Path to the file containing the password for the database connection
|
| services.wordpress.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.discourse.mail.outgoing.passwordFile | A file containing the password of the SMTP server account
|
| services.roundcube.database.passwordFile | Password file for the postgresql connection
|
| services.dependency-track.database.passwordFile | The path to a file containing the database password.
|
| services.archisteamfarm.bots.<name>.passwordFile | Path to a file containing the password
|
| services.writefreely.database.passwordFile | The file to load the database password from.
|
| services.draupnir.secrets.pantalaimon.password | File containing the password for Draupnir's Matrix account when used in
conjunction with Pantalaimon to be used in place of
services.draupnir.settings.pantalaimon.password.
|
| services.prometheus.scrapeConfigs.*.basic_auth.password | HTTP password
|
| services.wasabibackend.rpc.passwordFile | File that contains the password of the RPC user.
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.prometheus.exporters.nut.passwordPath | A run-time path to the nutUser password file, which should be
provisioned outside of Nix store.
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.pdfding.database.passwordFile | File containing POSTGRES_PASSWORD
|
| services.prometheus.exporters.restic.passwordFile | File containing the password to the repository.
|
| programs.tsmClient.servers.<name>.passworddir | Directory that holds the TSM
node's password information.
|
| services.mpdscribble.endpoints.<name>.passwordFile | File containing the password, either as MD5SUM or cleartext.
|
| services.postfixadmin.database.passwordFile | Password file for the postgresql connection
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.prometheus.exporters.dmarc.imap.passwordFile | File containing the login password for the IMAP connection.
|
| services.influxdb2.provision.initialSetup.passwordFile | Password for primary user
|
| services.jibri.xmppEnvironments.<name>.call.login.passwordFile | File containing the password for the user.
|
| programs.tsmClient.servers.<name>.genPasswd | Whether to enable automatic client password generation
|
| services.mastodon.elasticsearch.passwordFile | Path to file containing password for optionally authenticating with Elasticsearch.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.invoiceplane.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.jibri.xmppEnvironments.<name>.control.login.passwordFile | File containing the password for the user.
|
| services.parsedmarc.settings.elasticsearch.password | The password to use when connecting to Elasticsearch,
if required
|
| services.prometheus.exporters.nextcloud.passwordFile | File containing the password for connecting to Nextcloud
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.password | |
| services.moodle.initialPassword | Specifies the initial password for the admin, i.e. the password assigned if the user does not already exist
|
| services.matrix-appservice-irc.passwordEncryptionKeyLength | Length of the key to encrypt IRC passwords with
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.password | Consul password
|
| services.prometheus.remoteRead.*.basic_auth.password_file | HTTP password file
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.passwordFile | The password for this entry, read from the given file when starting hostapd
|
| services.prometheus.remoteWrite.*.basic_auth.password_file | HTTP password file
|
| virtualisation.oci-containers.containers.<name>.login.passwordFile | Path to file containing password.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.password | HTTP password
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.password | HTTP password
|
| services.headscale.settings.database.postgres.password_file | A file containing the password corresponding to
database.user.
|
| services.nifi.initPasswordFile | nitial password for Apache NiFi
|
| services.prometheus.scrapeConfigs.*.basic_auth.password_file | HTTP password file
|
| programs._1password.enable | Whether to enable the 1Password CLI tool.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.password | HTTP password
|
| programs._1password-gui.enable | Whether to enable the 1Password GUI application.
|
| services.croc.pass | Password or passwordfile for the relay.
|
| programs._1password.package | The 1Password CLI package to use.
|
| services.nvme-rs.settings.email.smtp_password_file | File containing SMTP password
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.password | HTTP password
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.password | HTTP password
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.password | HTTP password
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password | HTTP password
|
| programs._1password-gui.package | The 1Password GUI package to use.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.password | Credentials are used to authenticate the requests to Uyuni API.
|
| services.prometheus.exporters.fritz.settings.devices.*.password_file | Path to a file which contains the password to authenticate with the target device
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.password | HTTP password
|
| services.matrix-appservice-irc.settings.ircService.passwordEncryptionKeyPath | Location of the key with which IRC passwords are encrypted
for storage
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.password | password for the Identity V2 and V3 APIs
|
| services.cadvisor.storageDriverPassword | Cadvisor storage driver password
|
| security.pam.enableFscrypt | Whether to enable fscrypt, to automatically unlock directories with the user's login password
|
| services.pgadmin.emailServer.enable | Whether to enable SMTP email server
|
| services.rspamd-trainer.secrets | A list of files containing the various secrets
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.password | HTTP password
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.password | HTTP password
|
| services.jupyter.notebookConfig | Raw jupyter config
|
| services.postgrest.pgpassFile | The password to authenticate to PostgreSQL with
|
| services.jirafeau.adminPasswordSha256 | SHA-256 of the desired administration password
|
| services.maubot.settings.admins | List of administrator users
|
| services.webdav.settings | Attrset that is converted and passed as config file
|
| users.mysql.pam.statusColumn | The name of the column or an SQL expression that indicates the status of
the user
|
| programs._1password-gui.polkitPolicyOwners | A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.password | HTTP password
|
| programs.msmtp.accounts | Named accounts and their respective configurations
|
| services.slurm.dbdserver.storagePassFile | Path to file with database password
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.password | HTTP password
|
| services.wg-access-server.secretsFile | yaml file containing all secrets. this needs to be in the same structure as the configuration
|
| boot.initrd.luks.gpgSupport | Enables support for authenticating with a GPG encrypted password.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.pgadmin.initialPasswordFile | Initial password file for the pgAdmin account
|
| services.amule.settings.WebServer.Password | MD5 hash of the password, obtainaible with echo "<password>" | md5sum | cut -d ' ' -f 1
|
| services.grafana.settings.security.admin_password | Default admin password
|
| security.pam.enableOTPW | Whether to enable the OTPW (one-time password) PAM module.
|
| services.postfixadmin.setupPasswordFile | Password file for the admin
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.password | HTTP password
|
| services.i2pd.proto.http.pass | Password for webconsole access.
|
| security.pam.oath.digits | Specify the lib.length of the one-time password in number of
digits.
|
| security.pam.oath.enable | Enable the OATH (one-time password) PAM module.
|
| users.mysql.pam.updateTable | The name of the table used for password alteration
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.graylog.rootPasswordSha2 | You MUST specify a hash password for the root user (which you only need to initially set up the
system and in case you lose connectivity to your authentication backend)
This password cannot be changed using the API or via the web interface
|
| security.pam.services.<name>.kwallet.enable | If enabled, pam_wallet will attempt to automatically unlock the
user's default KDE wallet upon login
|
| services.resilio.httpPass | HTTP web login password.
|
| services.keycloak.initialAdminPassword | Initial password set for the temporary admin user
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| services.lldap.silenceForceUserPassResetWarning | Disable warning when the admin password is set declaratively with the ldap_user_pass_file setting
but the force_ldap_user_pass_reset is set to false
|
| programs.udevil.enable | Whether to enable udevil, to mount filesystems without password.
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.password_file | HTTP password file
|
| security.doas.extraRules.*.noPass | If true, the user is not required to enter a
password.
|
| services.nextcloud.config.adminpassFile | The full path to a file that contains the admin's password
|
| services.diod.userdb | This option disables password/group lookups
|
| services.tt-rss.email.fromName | Name for sending outgoing mail
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.postgres-websockets.pgpassFile | The password to authenticate to PostgreSQL with
|
| services.patroni.dataDir | Folder where Patroni data will be written, this is where the pgpass password file will be written.
|
| services.blendfarm.basicSecurityPasswordFile | Path to the password file the client needs to connect to the server
|
| services.kanidm.provision.idmAdminPasswordFile | Path to a file containing the idm admin password for kanidm
|
| services.anki-sync-server.users | List of user-password pairs to provide to the sync server.
|
| services.athens.basicAuthPass | Password for basic auth
|
| services.factorio.token | Authentication token
|
| services.ncdns.enable | Whether to enable ncdns, a Go daemon to bridge Namecoin to DNS
|
| services.prometheus.remoteRead.*.basic_auth | Sets the Authorization header on every remote read request with the
configured username and password.
password and password_file are mutually exclusive.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.pgmanage.connections | pgmanage requires at least one PostgreSQL server be defined
|
| services.prometheus.remoteWrite.*.basic_auth | Sets the Authorization header on every remote write request with the
configured username and password.
password and password_file are mutually exclusive.
|
| services.amule.settings.ExternalConnect.ECPassword | MD5 hash of the password, obtainaible with echo "<password>" | md5sum | cut -d ' ' -f 1
|
| services.reposilite.settings.keyPassword | Plaintext password used to unlock the Java KeyStore set in services.reposilite.settings.keyPath
|
| services.davis.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.snipe-it.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.sourcehut.settings.mail.pgp-privkey | An absolute file path (which should be outside the Nix-store)
to an OpenPGP private key
|
| services.writefreely.admin.initialPasswordFile | Path to a file containing the initial password for the admin user
|
| services.prometheus.scrapeConfigs.*.basic_auth | Sets the Authorization header on every scrape request with the
configured username and password.
password and password_file are mutually exclusive.
|
| services.gns3-server.auth.enable | Whether to enable password based HTTP authentication to access the GNS3 Server.
|
| services.iperf3.rsaPrivateKey | Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.
|
| users.allowNoPasswordLogin | Disable checking that at least the root user or a user in the wheel group can log in using
a password or an SSH key
|
| services.tt-rss.feedCryptKey | Key used for encryption of passwords for password-protected feeds
in the database
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.firebird.baseDir | Location containing data/ and system/ directories.
data/ stores the databases, system/ stores the password database security2.fdb.
|
| services.diod.allsquash | Remap all users to "nobody"
|
| services.wakapi.smtpPassword | The password used for the smtp mailed to used by Wakapi.
|
| services.gancio.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.basicAuth | Basic Auth protection for a vhost
|
| security.doas.extraRules.*.persist | If true, do not ask for a password again for some
time after the user successfully authenticates.
|
| services.unpoller.loki.pass | Path of a file containing the password for Loki
|
| services.monica.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.tt-rss.email.fromAddress | Address for sending outgoing mail
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPasswordFile | Sets the password for WPA-PSK
|
| services.lldap.settings.ldap_user_pass | Password for default admin password
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| services.jigasi.userPasswordFile | Path to file containing password for XMPP user connection.
|
| services.jicofo.userPasswordFile | Path to file containing password for XMPP user connection.
|
| security.pam.u2f.control | This option sets pam "control"
|
| security.pam.p11.control | This option sets pam "control"
|
| boot.loader.grub.users | User accounts for GRUB
|
| services.wakapi.smtpPasswordFile | The path to a file containing the password for the smtp mailer used by Wakapi.
|
| services.gitea.mailerPasswordFile | Path to a file containing the SMTP password.
|
| services.davis.adminPasswordFile | The full path to a file that contains the admin's password
|
| services.kasmweb.redisPassword | password to use for the redis cache.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.exporters.deluge.delugePassword | Password to connect to deluge server
|
| services.diod.squashuser | Change the squash user
|
| services.documize.db | Database specific connection string for example:
- MySQL/Percona/MariaDB:
user:password@tcp(host:3306)/documize
- MySQLv8+:
user:password@tcp(host:3306)/documize?allowNativePasswords=true
- PostgreSQL:
host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable
- MSSQL:
sqlserver://username:password@localhost:1433?database=Documize or
sqlserver://sa@localhost/SQLExpress?database=Documize
|
| services.davis.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| security.pam.krb5.enable | Enables Kerberos PAM modules (pam-krb5,
pam-ccreds)
|
| security.pam.ussh.control | This option sets pam "control"
|
| services.coder.database.sslmode | Password for accessing the database.
|
| services.movim.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.hebbot.botPasswordFile | A path to the password file for your bot
|
| services.misskey.settings.db.pass | The password used for database authentication.
|
| services.snipe-it.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| security.pam.services.<name>.nodelay | Whether the delay after typing a wrong password should be disabled.
|
| services.buildbot-worker.workerPass | Specifies the Buildbot Worker password.
|
| programs.corectrl.enable | Whether to enable CoreCtrl, a tool to overclock amd graphics cards and processors
|
| security.run0.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via run0.
|
| security.loginDefs.settings | Config options for the /etc/login.defs file, that defines
the site-specific configuration for the shadow password suite
|
| services.slurm.server.enable | Whether to enable the slurm control daemon
|
| services.vsftpd.forceLocalLoginsSSL | Only applies if sslEnable is true
|
| security.sudo.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| services.librenms.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.agorakit.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.akkoma.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.gancio.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.basicAuth | Basic Auth protection for a vhost
|
| security.doas.wheelNeedsPassword | Whether users of the wheel group must provide a password to
run commands as super user via doas.
|
| services.kanboard.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.fediwall.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.calibre-server.auth.enable | Password based authentication to access the server
|
| security.sudo-rs.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| services.boinc.allowRemoteGuiRpc | If set to true, any remote host can connect to and control this BOINC
client (subject to password authentication)
|
| services.amule.WebServerPasswordFile | File containing the password for connecting to the web server,
set this only if you didn't set `settings
|
| security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| services.magnetico.web.credentialsFile | The path to the file holding the credentials to access the web
interface
|
| security.pam.yubico.control | This option sets pam "control"
|
| services.couchdb.extraConfigFiles | Extra configuration files
|
| services.tt-rss.plugins | List of plugins to load automatically for all users
|
| services.redis.servers.<name>.requirePassFile | File with password for the database.
|
| services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| security.pam.services.<name>.gnupg.storeOnly | Don't send the password immediately after login, but store for PAM
session.
|
| services.radicle.httpd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.buildbot-worker.workerPassFile | File used to store the Buildbot Worker password
|
| services.freshrss.database.passFile | Database password file for FreshRSS.
|
| services.oauth2-proxy.basicAuthPassword | The password to set when passing the HTTP Basic Auth header.
|
| services.nntp-proxy.upstreamPassword | Upstream server password
|
| services.anuko-time-tracker.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.flarum.initialAdminPassword | Initial password for the adminUser
|
| services.immich.secretsFile | Path of a file with extra environment variables to be loaded from disk
|
| services.getty.autologinOnce | If enabled the automatic login will only happen in the first tty
once per boot
|
| services.nginx.virtualHosts.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.lldap.settings.http_url | The public URL of the server, for password reset links.
|
| users.ldap.daemon.enable | Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM
|
| services.znc.confOptions.passBlock | Generate with nix-shell -p znc --command "znc --makepass"
|
| services.canaille.smtpPasswordFile | File containing the SMTP password
|
| services.rspamd-trainer.settings | IMAP authentication configuration for rspamd-trainer
|
| users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| services.oncall.secretFile | A YAML file containing secrets such as database or user passwords
|
| services.canaille.ldapBindPasswordFile | File containing the LDAP bind password.
|
| services.bookstack.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.nextcloud.secretFile | Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same
form as the services.nextcloud.settings option), for example
{"redis":{"password":"secret"}}.
|
| services.longview.mysqlPasswordFile | A file containing the password corresponding to mysqlUser.
|
| services.unpoller.influxdb.pass | Path of a file containing the password for influxdb
|
| services.portunus.dex.enable | Whether to enable Dex ldap connector
|
| services.prometheus.exporters.artifactory.artiPassword | Password for authentication against JFrog Artifactory API
|
| services.kasmweb.defaultUserPassword | default user password to use.
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| services.mailman.ldap.bindPasswordFile | Path to the file containing the bind password of the service account
defined by services.mailman.ldap.bindDn.
|
| services.grafana-to-ntfy.settings.bauthPass | The path to the password you will use in the Grafana webhook settings.
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| security.please.wheelNeedsPassword | Whether users of the wheel group must provide a password to run
commands or edit files with please and
pleaseedit respectively.
|
| services.nextcloud.config.dbpassFile | The full path to a file that contains the database password.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|
| users.mutableUsers | If set to true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands
|
| services.syncthing.guiPasswordFile | Path to file containing the plaintext password for Syncthing's GUI.
|
| services.sshwifty.socks5PasswordFile | Path to a file containing the SOCKS5 password.
|
| services.longview.mysqlPassword | The password corresponding to mysqlUser
|
| services.kasmweb.defaultAdminPassword | default admin password to use.
|
| services.kanboard.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.dockerRegistry.redisPassword | Set redis password.
|
| services.code-server.hashedPassword | Create the password with: echo -n 'thisismypassword' | nix run nixpkgs#libargon2 -- "$(head -c 20 /dev/random | base64)" -e
|
| services.fwupd.extraTrustedKeys | Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files
|
| services.fediwall.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| users.ldap.daemon.rootpwmodpwFile | The path to a file containing the credentials with which to bind to
the LDAP server if the root user tries to change a user's password.
|
| services.jirafeau.nginxConfig.basicAuth | Basic Auth protection for a vhost
|
| services.teeworlds.rconPassword | Password to access the remote console
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.physlock.enable | Whether to enable the physlock screen locking mechanism
|
| services.tor.torsocks.socks5Password | SOCKS5 password
|
| services.zabbixWeb.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| services.dragonflydb.requirePass | Password for database
|
| services.pgadmin.minimumPasswordLength | Minimum length of the password
|
| services.radicle.httpd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| services.howdy.enable | Whether to enable Howdy and its PAM module for face recognition
|
| services.deye-dummycloud.mqttPassword | MQTT password
|
| services.hologram-server.ldapBindPassword | Password of account to use to query the LDAP server
|
| services.murmur.registerPassword | Public server registry password, used authenticate your
server to the registry to prevent impersonation; required for
subsequent registry updates.
|
| services.anuko-time-tracker.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.oauth2-proxy.htpasswd.displayForm | Display username / password login form if an htpasswd file is provided.
|
| services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mongodb.initialRootPasswordFile | Path to the file containing the password for the root user if auth is enabled.
|
| services.warpgate.databaseUrlFile | Path to file containing database connection string with credentials
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.ntopng.enable | Enable ntopng, a high-speed web-based traffic analysis and flow
collection tool
|
| services.bookstack.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.factorio.extraSettingsFile | File, which is dynamically applied to server-settings.json before
startup
|
| services.unpoller.unifi.defaults.pass | Path of a file containing the password for the unifi service user
|
| services.microsocks.authPasswordFile | Path to a file containing the password for authentication.
|
| services.seafile.initialAdminPassword | Seafile Seahub Admin Account initial password
|
| boot.loader.grub.users.<name>.hashedPasswordFile | Specifies the path to a file containing the password hash
for the account, generated with grub-mkpasswd-pbkdf2
|
| services.vsftpd.anonymousUserNoPassword | Whether to disable the password for the anonymous FTP user.
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| services.grafana-to-ntfy.settings.ntfyBAuthPass | The path to the password for the specified ntfy-sh user
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.initrd.luks.devices.<name>.tryEmptyPassphrase | If keyFile fails then try an empty passphrase first before
prompting for password.
|
| services.cpuminer-cryptonight.pass | Password for mining server
|
| services.ocis.configDir | Path to directory containing oCIS config file
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.gitlab.initialRootPasswordFile | File containing the initial password of the root account if
this is a new install
|
| services.gitlab.databasePasswordFile | File containing the GitLab database user password
|
| services.jirafeau.nginxConfig.basicAuthFile | Basic Auth password file for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.initrd.systemd.emergencyAccess | Set to true for unauthenticated emergency access, and false or
null for no emergency access
|
| services.akkoma.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mattermost.database.host | Host to use for the database
|
| services.matomo.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| services.zabbixWeb.nginx.virtualHost.basicAuthFile | Basic Auth password file for a vhost
|
| services.actual.settings.serverFiles | The server will put an account.sqlite file in this directory, which will contain the (hashed) server password, a list of all the budget files the server knows about, and the active session token (along with anything else the server may want to store in the future).
|
| services.amule.ExternalConnectPasswordFile | File containing the password for connecting with amule-gui,
set this only if you didn't set `settings
|
| services.pyload.credentialsFile | File containing PYLOAD_DEFAULT_USERNAME and
PYLOAD_DEFAULT_PASSWORD in the format of an EnvironmentFile=,
as described by systemd.exec(5)
|
| services.dashy.settings | Settings serialized into user-data/conf.yml before build
|
| services.reposilite.keyPasswordFile | Path the the file containing the password used to unlock the Java KeyStore file specified in services.reposilite.settings.keyPath
|
| services.vmagent.remoteWrite.basicAuthPasswordFile | File that contains the Basic Auth password used to connect to remote_write endpoint
|
| services.userborn.static | Whether to generate the password files at build time and store them directly
in the system closure, without requiring any services at boot time
|
| services.vlagent.remoteWrite.basicAuthPasswordFile | File that contains the Basic Auth password used to connect to remote_write endpoint
|
| services.changedetection-io.environmentFile | Securely pass environment variables to changedetection-io
|
| services.bookstack.settings | Options for Bookstack configuration
|
| services.davis.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.movim.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mysql.galeraCluster.clusterPassword | Optional password for securing cluster communications
|
| services.kanidm.provision.adminPasswordFile | Path to a file containing the admin password for kanidm
|
| services.dependency-track.ldap.bindPasswordFile | The path to a file containing the LDAP bind password.
|
| services.snipe-it.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.canaille.settings.CANAILLE_LDAP.BIND_PW | The LDAP bind password
|
| services.bookstack.settings.DB_PASSWORD_FILE | The file containing your mysql/mariadb database password.
|
| services.photoprism.databasePasswordFile | Database password file.
|
| services.tsmBackup.servername | Create a systemd system service
tsm-backup.service that starts
a backup based on the given servername's stanza
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fedimintd.<name>.nginx.config.basicAuthFile | Basic Auth password file for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.matomo.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| services.rabbitmq.listenAddress | IP address on which RabbitMQ will listen for AMQP
connections
|
| services.mastodon.smtp.authenticate | Authenticate with the SMTP server using username and password.
|
| services.linkwarden.secretFiles | Attribute set containing paths to files to add to the environment of linkwarden
|
| services.limesurvey.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| services.szurubooru.server.settings.smtp.host | Host of the SMTP server used to send reset password.
|
| services.matterbridge.configFile | WARNING: THIS IS INSECURE, as your password will end up in
/nix/store, thus publicly readable
|
| services.lldap.settings.ldap_user_pass_file | Path to a file containing the default admin password
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.mysql.replication.masterPassword | Password of the MySQL replication user.
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mjolnir.pantalaimon.enable | Whether to enable ignoring the accessToken
|
| services.postgresql.ensureUsers | Ensures that the specified users exist
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| networking.wireless.networks.<name>.ssid | You could use this field to override the network's ssid
|
| services.keycloak.settings | Configuration options corresponding to parameters set in
conf/keycloak.conf
|
| services.anuko-time-tracker.settings.email.smtpPasswordFile | Path to file containing the MTA authentication password.
|
| services.fedimintd.<name>.bitcoin.rpc.secretFile | If set the URL specified in bitcoin.rpc.url will get the content of this file added
as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.commafeed.environment | Extra environment variables passed to CommaFeed, refer to
https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example
for supported values
|
| services.limesurvey.encryptionKeyFile | 32-byte key used to encrypt variables in the database
|
| services.szurubooru.server.settings.smtp.passFile | File containing the password associated to the given user for the SMTP server.
|
| services.unpoller.unifi.controllers.*.pass | Path of a file containing the password for the unifi service user
|
| services._3proxy.services.*.auth | Authentication type
|
| services.onlyoffice.postgresPasswordFile | Path to a file that contains the password OnlyOffice should use to connect to Postgresql
|
| services.prometheus.exporters.pihole.apiToken | Pi-Hole API token which can be used instead of a password
|
| services.nextcloud.notify_push.dbpassFile | The full path to a file that contains the database password.
|
| services.cjdns.ETHInterface.beacon | Auto-connect to other cjdns nodes on the same network
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.limesurvey.encryptionNonceFile | 24-byte used to encrypt variables in the database
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.szurubooru.server.settings.secretFile | File containing a secret used to salt the users' password hashes and generate filenames for static content.
|
| services.limesurvey.nginx.virtualHost.basicAuthFile | Basic Auth password file for a vhost
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| services.akkoma.initDb.enable | Whether to automatically initialise the database on startup
|
| services.radicle.httpd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.peertube.serviceEnvironmentFile | Set environment variables for the service
|
| services.victorialogs.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaLogs instance by authorization
|
| services.canaille.settings.CANAILLE.SMTP.PASSWORD | SMTP Password
|
| services.misskey.reverseProxy.webserver.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.reposilite.settings.keyPath | Path to the .jsk KeyStore or paths to the PKCS#8 certificate and private key, separated by a space (see example)
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mpd.credentials.*.permissions | List of permissions that are granted with this password
|
| services.bookstack.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mosquitto.listeners.*.omitPasswordAuth | Omits password checking, allowing anyone to log in with any user name unless
other mandatory authentication methods (eg TLS client certificates) are configured.
|
| services.pinchflat.secretsFile | Secrets like SECRET_KEY_BASE and BASIC_AUTH_PASSWORD
should be passed to the service without adding them to the world-readable Nix store
|
| services.coturn.use-auth-secret | TURN REST API flag
|
| services.step-ca.intermediatePasswordFile | Path to the file containing the password for the intermediate
certificate private key.
Make sure to use a quoted absolute path instead of a path literal
to prevent it from being copied to the globally readable Nix
store.
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.paperless.environmentFile | Path to a file containing extra paperless config options in the systemd EnvironmentFile
format
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.cadvisor.storageDriverPasswordFile | File that contains the cadvisor storage driver password.
storageDriverPasswordFile takes precedence over storageDriverPassword
Warning: when storageDriverPassword is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword
|
| services.prometheus.exporters.unpoller.loki.pass | Path of a file containing the password for Loki
|
| services.suwayomi-server.settings.server.basicAuthPasswordFile | The password file containing the value that you have to provide when authenticating.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| networking.wireless.secretsFile | File consisting of lines of the form varname=value
to define variables for the wireless configuration
|
| services.trilium-server.noAuthentication | If set to true, no password is required to access the web frontend.
|
| services.misskey.reverseProxy.webserver.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.archisteamfarm.ipcPasswordFile | Path to a file containing the password
|
| services.prometheus.exporters.bitcoin.rpcPasswordFile | File containing RPC password.
|
| services.athens.singleFlight.redisSentinel.sentinelPassword | Password for the sentinel server
|
| services.bitwarden-directory-connector-cli.secrets.ldap | Path to file that contains LDAP password for user in {option}`ldap.username
|
| services.linkwarden.environmentFile | Path of a file with extra environment variables to be loaded from disk
|
| services.lubelogger.environmentFile | Path to a file containing extra LubeLogger config options in the systemd EnvironmentFile format
|
| services.prometheus.exporters.mailman3.mailman.passFile | Mailman3 Core REST API password.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.prometheus.exporters.deluge.delugePasswordFile | File containing the password to connect to deluge server.
|
| services.transmission.credentialsFile | Path to a JSON file to be merged with the settings
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.victoriatraces.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization
|
| services.mattermost.database.fromEnvironment | Use services.mattermost.environmentFile to configure the database instead of writing the database URI
to the Nix store
|
| services.mattermost.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) which sets config options
for mattermost (see the Mattermost documentation)
|
| services.parsedmarc.provision.localMail.recipientName | The DMARC mail recipient name, i.e. the name part of the
email address which receives DMARC reports
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.livebook.environmentFile | Additional environment file as defined in systemd.exec(5)
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.victoriametrics.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization
|
| services.prometheus.exporters.ecoflow.ecoflowPasswordFile | Path to the file with your personal ecoflow app login email password
|
| services.magnetico.web.credentials | The credentials to access the web interface, in case authentication is
enabled, in the format username:hash
|
| services.prometheus.exporters.ecoflow.exporterType | The type of exporter you'd like to use
|
| services.openssh.settings.PasswordAuthentication | Specifies whether password authentication is allowed.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.prometheus.exporters.artifactory.artiAccessToken | Access token for authentication against JFrog Artifactory API
|
| services.prometheus.exporters.unpoller.controllers.*.pass | Path of a file containing the password for the unifi service user
|
| services.postgresql.authentication | Defines how users authenticate themselves to the server
|
| services.prometheus.exporters.pgbouncer.connectionString | Connection string for accessing pgBouncer
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saeAddToMacAllow | If set, all sae password entries that have a non-wildcard MAC associated to
them will additionally be used to populate the MAC allow list
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id | If this attribute is given with non-zero length, it will set the password identifier
for this entry
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth | Authentication information used to authenticate to the API server.
password and password_file are mutually exclusive.
|
| services.prometheus.exporters.mail.configuration.servers.*.passphrase | Password to use for SMTP authentication.
|
| services.prometheus.exporters.postgres.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords | Sets allowed passwords for WPA3-SAE
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.topic | Note: when using ntfy.sh and other public instances
it is recommended to set this option to an empty string and set the actual topic via
services.prometheus.alertmanager-ntfy.extraConfigFiles since
the topic in ntfy.sh is essentially a password
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_id | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_name | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| services.vsftpd.userDbPath | Only applies if enableVirtualUsers is true
|
| users.mysql.pam.cryptDefault | The default encryption method to use for passwordCrypt = 1.
|
| security.doas.extraConfig | Extra configuration text appended to doas.conf
|
| services._3proxy.usersFile | Load users and passwords from this file
|
| services.prometheus.exporters.nut.nutUser | The user to log in into NUT server
|
| security.doas.extraRules | Define specific rules to be set in the
/etc/doas.conf file
|
| services.microbin.settings | Additional configuration for MicroBin, see
https://microbin.eu/docs/installation-and-configuration/configuration/
for supported values
|
| services.qbittorrent.serverConfig | Free-form settings mapped to the qBittorrent.conf file in the profile
|
| services.ddclient.secretsFile | A file containing the secrets for the dynamic DNS provider
|
| users.mysql.pam.table | The name of table that maps unique login names to the passwords.
|
| services.prometheus.checkConfig | Check configuration with promtool check
|
| programs.ssh.askPassword | Program used by SSH to ask for passwords.
|
| security.pam.oath.window | Specify the number of one-time passwords to check in order
to accommodate for situations where the system and the
client are slightly out of sync (iteration for HOTP or time
steps for TOTP).
|
| programs.seahorse.enable | Whether to enable Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring.
|
| security.pam.sshAgentAuth.enable | Whether to enable authenticating using a signature performed by the ssh-agent
|
| services.bitlbee.authBackend | How users are authenticated
storage -- save passwords internally
pam -- Linux PAM authentication
|
| security.pam.services.<name>.unixAuth | Whether users can log in with passwords defined in
/etc/shadow.
|
| boot.initrd.luks.devices.<name>.keyFileTimeout | The amount of time in seconds for a keyFile to appear before
timing out and trying passwords.
|
| security.ipa.offlinePasswords | Whether to store offline passwords when the server is down.
|
| services.syncplay.salt | Salt to allow room operator passwords generated by this server
instance to still work when the server is restarted
|
| services.syncplay.saltFile | Path to the file that contains the server salt
|
| services.freeradius.debug | Whether to enable debug logging for freeradius (-xx
option)
|
| services.gnome.gnome-keyring.enable | Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords
.
|
| services.freshrss.api.enable | Whether to enable API access for mobile apps and third-party clients (Google Reader API and Fever API)
|
| boot.iscsi-initiator.extraConfigFile | Append an additional file's contents to /etc/iscsid.conf
|
| services.prosody.modules.register | Allow users to register on this server using a client and change passwords
|
| services.openiscsi.extraConfigFile | Append an additional file's contents to /etc/iscsid.conf
|
| services.cassandra.jmxRoles | Roles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store
|
| security.loginDefs.settings.ENCRYPT_METHOD | This defines the system default encryption algorithm for encrypting passwords.
|
| services.mosquitto.listeners.*.users | A set of users and their passwords and ACLs.
|
| services.maddy.tls.loader | TLS certificates are obtained by modules called "certificate
loaders"
|
| services.samba.settings.global."passwd program" | Path to a program that can be used to set UNIX user passwords.
|
| services.wastebin.secretFile | Path to file containing sensitive environment variables
|
| services.vikunja.environmentFiles | List of environment files set in the vikunja systemd service
|
| services.cjdns.authorizedPasswords | Any remote cjdns nodes that offer these passwords on
connection will be allowed to route through this node.
|
| services.libeufin.bank.initialAccounts | Accounts to enable before the bank service starts
|
| services.icingaweb2.resources | resources.ini contents
|
| boot.zfs.requestEncryptionCredentials | If true on import encryption keys or passwords for all encrypted datasets
are requested
|
| services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| services.chhoto-url.settings.hash_algorithm | The hash algorithm to use for passwords and API keys
|
| services.prometheus.exporters.collectd.collectdBinary.authFile | File mapping user names to pre-shared keys (passwords).
|
| services.prometheus.exporters.pve.environmentFile | Path to the service's environment file
|
| services.prometheus.exporters.idrac.configurationPath | Path to the service's config file
|
| services.matrix-synapse.settings.turn_shared_secret | The shared secret used to compute passwords for the TURN server
|