| systemd.paths | Definition of systemd path units; see systemd.path(5).
|
| systemd.user.paths | Definition of systemd per-user path units.
|
| systemd.paths.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.paths.<name>.wants | Start the specified units when this unit is started.
|
| systemd.paths.<name>.name | The name of this systemd unit, including its extension
|
| systemd.paths.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| boot.initrd.systemd.paths | Definition of systemd path units.
|
| systemd.user.paths.<name>.partOf | If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
|
| systemd.user.paths.<name>.wants | Start the specified units when this unit is started.
|
| systemd.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.user.paths.<name>.name | The name of this systemd unit, including its extension
|
| systemd.paths.<name>.aliases | Aliases of that unit.
|
| systemd.user.paths.<name>.after | If the specified units are started at the same time as
this unit, delay this unit until they have started.
|
| systemd.paths.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.paths.<name>.bindsTo | Like ‘requires’, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
|
| systemd.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.paths.<name>.before | If the specified units are started at the same time as
this unit, delay them until this unit has started.
|
| systemd.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.user.paths.<name>.aliases | Aliases of that unit.
|
| systemd.user.paths.<name>.upheldBy | Keep this unit running as long as the listed units are running
|
| systemd.user.paths.<name>.upholds | Keeps the specified running while this unit is running
|
| systemd.user.paths.<name>.onFailure | A list of one or more units that are activated when
this unit enters the "failed" state.
|
| systemd.user.paths.<name>.onSuccess | A list of one or more units that are activated when
this unit enters the "inactive" state.
|
| systemd.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.paths.<name>.pathConfig | Each attribute in this set specifies an option in the
[Path] section of the unit
|
| systemd.user.paths.<name>.unitConfig | Each attribute in this set specifies an option in the
[Unit] section of the unit
|
| systemd.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.restic.backups.<name>.paths | Which paths to backup, in addition to ones specified via
dynamicFilesFrom
|
| systemd.user.paths.<name>.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| systemd.paths.<name>.requisite | Similar to requires
|
| systemd.user.paths.<name>.startLimitBurst | Configure unit start rate limiting
|
| systemd.user.paths.<name>.requiredBy | Units that require (i.e. depend on and need to go down with) this unit
|
| systemd.user.paths.<name>.conflicts | If the specified units are started, then this unit is stopped
and vice versa.
|
| systemd.user.paths.<name>.requisite | Similar to requires
|
| environment.pathsToLink | List of directories to be symlinked in /run/current-system/sw.
|
| systemd.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.user.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| nix.settings.extra-sandbox-paths | Directories from the host filesystem to be included
in the sandbox.
|
| services.headscale.settings.derp.paths | List of file paths containing DERP maps
|
| systemd.paths.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| systemd.user.paths.<name>.restartTriggers | An arbitrary list of items such as derivations
|
| systemd.user.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.borgbackup.jobs.<name>.paths | Path(s) to back up
|
| systemd.user.paths.<name>.startLimitIntervalSec | Configure unit start rate limiting
|
| systemd.user.paths.<name>.description | Description of this unit used in systemd messages and progress indicators.
|
| services.prometheus.exporters.node-cert.paths | List of paths to search for SSL certificates.
|
| programs.nix-required-mounts.allowedPatterns.<name>.paths | A list of glob patterns, indicating which paths to expose to the sandbox
|
| services.grafana.settings.paths.plugins | Directory where grafana will automatically scan and look for plugins
|
| systemd.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| systemd.user.paths.<name>.overrideStrategy | Defines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise it creates a drop-in file named overrides.conf.
asDropin creates a drop-in file named overrides.conf
|
| systemd.user.paths.<name>.documentation | A list of URIs referencing documentation for this unit or its configuration.
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| services.grafana.settings.paths.provisioning | Folder that contains provisioning config files that grafana will apply on startup and while running
|
| services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.paths | Paths can point to a single service, or the root of a tree of services.
|
| nix.nixPath | The default Nix expression search path, used by the Nix
evaluator to look up paths enclosed in angle brackets
(e.g. <nixpkgs>).
|
| users.mysql.nss | Settings for libnss-mysql
|
| services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.paths | Paths can point to a single service, or the root of a tree of services.
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| security.apparmor.includes | List of paths to be added to AppArmor's searched paths
when resolving include directives.
|
| documentation.man.mandoc.cachePath | Change the paths where mandoc makewhatis(8)generates the
manual page index caches. documentation.man.generateCaches
should be enabled to allow cache generation
|
| services.plex.extraPlugins | A list of paths to extra plugin bundles to install in Plex's plugin
directory
|
| fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| boot.loader.grub.mirroredBoots.*.devices | The path to the devices which will have the GRUB MBR written
|
| services.plex.extraScanners | A list of paths to extra scanners to install in Plex's scanners
directory
|
| system.checks | Packages that are added as dependencies of the system's build, usually
for the purpose of validating some part of the configuration
|
| security.apparmor.enableCache | Whether to enable caching of AppArmor policies
in /var/cache/apparmor/
|
| services.librespeed.secrets | Attribute set of filesystem paths
|
| services.strongswan.secrets | A list of paths to IPSec secret files
|
| services.prosody.ssl | Paths to SSL files
|
| services.foundationdb.extraReadWritePaths | An extra set of filesystem paths that FoundationDB can read to
and write from
|
| services.restic.backups.<name>.dynamicFilesFrom | A script that produces a list of files to back up
|
| services.borgbackup.jobs.<name>.dumpCommand | Backup the stdout of this program instead of filesystem paths
|
| boot.specialFileSystems.<name>.depends | List of paths that should be mounted before this one
|
| image.repart.partitions.<name>.stripNixStorePrefix | Whether to strip /nix/store/ from the store paths
|
| boot.extraSystemdUnitPaths | Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable
that can contain mutable unit files.
|
| services.ncps.cache.dataPath | The local directory for storing configuration and cached store paths
|
| services.locate.prunePaths | Which paths to exclude from indexing
|
| boot.initrd.systemd.storePaths | Store paths to copy into the initrd as well.
|
| services.gitDaemon.repositories | A whitelist of paths of git repositories, or directories containing repositories
all of which would be published
|
| services.privoxy.settings.filterfile | List of paths to Privoxy filter files
|
| services.syncthing.settings.folders.<name>.path | The path to the folder which should be shared
|
| programs.nncp.secrets | A list of paths to NNCP configuration files that should not be
in the Nix store
|
| services.ncps.cache.hostName | The hostname of the cache server. This is used to generate the
private key used for signing store paths (.narinfo)
|
| services.zenohd.plugins | Plugin packages to add to zenohd search paths.
|
| services.nghttpx.tls | TLS certificate and key paths
|
| services.hydra.useSubstitutes | Whether to use binary caches for downloading store paths
|
| services.gancio.plugins | Paths of gancio plugins to activate (linked under $WorkingDirectory/plugins/).
|
| services.privoxy.settings.actionsfile | List of paths to Privoxy action files
|
| services.cachix-watch-store.jobs | Number of threads used for pushing store paths
|
| services.ersatztv.baseUrl | Base URL to support reverse proxies that use paths (e.g. /ersatztv)
|
| services.reposilite.settings.keyPath | Path to the .jsk KeyStore or paths to the PKCS#8 certificate and private key, separated by a space (see example)
|
| networking.search | The list of domain search paths that are considered for resolving
hostnames with fewer dots than configured in the ndots option,
which defaults to 1 if unset.
|
| services.below.cgroupFilterOut | A regexp matching the full paths of cgroups whose data shouldn't be collected
|
| services.nar-serve.domain | When set, enables the feature of serving .
on top of /nix/store/-
|
| services.zenohd.backends | Storage backend packages to add to zenohd search paths.
|
| services.harmonia.signKeyPaths | Paths to the signing keys to use for signing the cache
|
| services.collectd.include | Additional paths to load config from.
|
| programs.tsmClient.package | The tsm-client package to use
|
| services.locate.pruneNames | Directory components which should exclude paths containing them from indexing
|
| services.logstash.plugins | The paths to find other logstash plugins in.
|
| systemd.shutdownRamfs.storePaths | Store paths to copy into the shutdown ramfs as well.
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.akkoma.extraStatic | Attribute set of extra paths to add to the static files directory
|
| services.freefall.devices | Device paths to all internal spinning hard drives.
|
| security.doas.extraRules.*.cmd | The command the user is allowed to run
|
| services.fluentd.plugins | A list of plugin paths to pass into fluentd
|
| services.marytts.voices | Paths to the JAR files that contain additional voices for MaryTTS
|
| services.outline.cdnUrl | If using a Cloudfront/Cloudflare distribution or similar it can be set
using this option
|
| services.hledger-web.journalFiles | Paths to journal files relative to services.hledger-web.stateDir.
|
| services.ncps.cache.storage.local | The local directory for storing configuration and cached store
paths
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| services.public-inbox.http.mounts | Root paths or URLs that public-inbox will be served on
|
| services.slurm.extraConfigPaths | Slurm expects config files for plugins in the same path
as slurm.conf
|
| services.mediawiki.skins | Attribute set of paths whose content is copied to the skins
subdirectory of the MediaWiki installation in addition to the default skins.
|
| services.prosody.virtualHosts.<name>.ssl | Paths to SSL files
|
| services.syslog-ng.extraModulePaths | A list of paths that should be included in syslog-ng's
--module-path option
|
| programs.k3b.enable | Whether to enable k3b, the KDE disk burning application
|
| services.saunafs.master.exports | Paths to exports file (see sfsexports.cfg(5)).
|
| services.nomad.extraSettingsPaths | Additional settings paths used to configure nomad
|
| services.oauth2-proxy.upstream | The http url(s) of the upstream endpoint or file://
paths for static files
|
| systemd.services.<name>.confinement.packages | Additional packages or strings with context to add to the closure of
the chroot
|
| services.fluent-bit.configurationFile | Fluent Bit configuration
|
| virtualisation.additionalPaths | A list of paths whose closure should be made available to
the VM
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| programs.nix-required-mounts.enable | Whether to enable Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures.
|
| services.athens.protocolWorkers | Number of workers concurrently serving protocol paths.
|
| services.dysnomia.extraModulePaths | A list of paths containing additional modules that are added to the search folders
|
| services.public-inbox.inboxes.<name>.watch | Paths for public-inbox-watch(1) to monitor for new mail.
|
| services.zitadel.extraStepsPaths | A list of paths to extra steps files
|
| image.repart.partitions.<name>.storePaths | The store paths to include in the partition.
|
| services.jupyter.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.anubis.instances | An attribute set of Anubis instances
|
| programs.ssh.agentPKCS11Whitelist | A pattern-list of acceptable paths for PKCS#11 shared libraries
that may be used with the -s option to ssh-add.
|
| services.supybot.configFile | Path to initial supybot config file
|
| services.duplicity.include | List of paths to include into the backups
|
| services.duplicity.exclude | List of paths to exclude from backups
|
| services.cachix-watch-store.signingKeyFile | Optional file containing a self-managed signing key to sign uploaded store paths.
|
| services.mailcatcher.http.path | Prefix to all HTTP paths.
|
| services.gitlab.smtp.passwordFile | File containing the password of the SMTP server for GitLab
|
| services.ncps.upstream.publicKeys | A list of public keys of upstream caches in the format
host[-[0-9]*]:public-key
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| services.netdata.extraPluginPaths | Extra paths to add to the netdata global "plugins directory"
option
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.cross-seed.settings.dataDirs | Paths to be searched for matching data
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| services.gns3-server.auth.passwordFile | A file containing the password to access the GNS3 Server.
This should be a string, not a nix path, since nix paths
are copied into the world-readable nix store.
|
| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|
| hardware.deviceTree.dtboBuildExtraIncludePaths | Additional include paths that will be passed to the preprocessor when creating the final .dts to compile into .dtbo
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| boot.initrd.systemd.suppressedStorePaths | Store paths specified in the storePaths option that
should not be copied.
|
| services.bcachefs.autoScrub.fileSystems | List of paths to bcachefs filesystems to regularly call bcachefs scrub on
|
| services.duplicity.excludeFileList | File containing newline-separated list of paths to exclude into the
backups
|
| services.duplicity.includeFileList | File containing newline-separated list of paths to include into the
backups
|
| services.zitadel.extraSettingsPaths | A list of paths to extra settings files
|
| services.ncps.cache.upstream.publicKeys | A list of public keys of upstream caches in the format
host[-[0-9]*]:public-key
|
| services.gitlab.secrets.dbFile | A file containing the secret used to encrypt variables in
the DB
|
| services.gitlab.secrets.jwsFile | A file containing the secret used to encrypt session
keys
|
| services.dysnomia.extraContainerPaths | A list of paths containing additional container configurations that are added to the search folders
|
| system.extraDependencies | A list of paths that should be included in the system
closure but generally not visible to users
|
| services.kanata.keyboards.<name>.devices | Paths to keyboard devices
|
| services.komodo-periphery.includeDiskMounts | Only include these mount paths in disk reporting.
|
| services.komodo-periphery.excludeDiskMounts | Exclude these mount paths from disk reporting.
|
| services.gitlab.initialRootPasswordFile | File containing the initial password of the root account if
this is a new install
|
| services.gitlab.databasePasswordFile | File containing the GitLab database user password
|
| services.gitlab.secrets.otpFile | A file containing the secret used to encrypt secrets for OTP
tokens
|
| services.mattermost.plugins | Plugins to add to the configuration
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.beszel.agent.smartmon.deviceAllow | List of device paths to allow access to for SMART monitoring
|
| services.zammad.secretKeyBaseFile | The path to a file containing the
secret_key_base secret
|
| services.amazon-cloudwatch-agent.configurationFile | Amazon CloudWatch Agent configuration file
|
| services.discourse.redis.passwordFile | File containing the Redis password
|
| programs.nix-required-mounts.allowedPatterns | The hook config, describing which paths to mount for which system features
|
| services.amazon-cloudwatch-agent.commonConfigurationFile | Amazon CloudWatch Agent common configuration
|
| services.discourse.admin.passwordFile | A path to a file containing the admin user's password
|
| services.airsonic.transcoders | List of paths to transcoder executables that should be accessible
from Airsonic
|
| services.btrfs.autoScrub.fileSystems | List of paths to btrfs filesystems to regularly call btrfs scrub on
|
| boot.kernel.sysfs | sysfs attributes to be set as soon as they become available
|
| services.marytts.userDictionaries | Paths to the user dictionary files for MaryTTS.
|
| services.postfix.settings.master.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.subsonic.transcoders | List of paths to transcoder executables that should be accessible
from Subsonic
|
| services.borgbackup.jobs.<name>.exclude | Exclude paths matching any of the given patterns
|
| services.maddy.tls.certificates | A list of attribute sets containing paths to TLS certificates and
keys
|
| services.gitlab.secrets.secretFile | A file containing the secret used to encrypt variables in
the DB
|
| services.diod.exports | List the file systems that clients will be allowed to mount
|
| environment.profileRelativeEnvVars | Attribute set of environment variable
|
| services.mediawiki.extensions | Attribute set of paths whose content is copied to the extensions
subdirectory of the MediaWiki installation and enabled in configuration
|
| services.pretalx.settings.filesystem.data | Base path for all other storage paths.
|
| services.gitlab.secrets.activeRecordSaltFile | A file containing the salt for active record encryption in the DB
|
| services.dbus.packages | Packages whose D-Bus configuration files should be included in
the configuration of the D-Bus system-wide or session-wide
message bus
|
| environment.wordlist.lists | A set with the key names being the environment variable you'd like to
set and the values being a list of paths to text documents containing
lists of words
|
| services.sharkey.environmentFiles | List of paths to files containing environment variables for Sharkey to use at runtime
|
| services.pocket-id.credentials | Environment variables which are loaded from the contents of the specified file paths
|
| services.linkwarden.secretFiles | Attribute set containing paths to files to add to the environment of linkwarden
|
| services.hylafax.commonModemConfig | Attribute set of default values for
modem config files etc/config.*
|
| networking.nftables.checkRuleset | Run nft check on the ruleset to spot syntax errors during build
|
| services.centrifugo.credentials | Environment variables with absolute paths to credentials files to load
on service startup.
|
| systemd.services.<name>.confinement.enable | If set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
|
| services.prometheus.exporters.kea.targets | Paths or URLs to the Kea control socket.
|
| services.plex.accelerationDevices | A list of device paths to hardware acceleration devices that Plex should
have access to
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.dawarich.configureNginx | Configure nginx as a reverse proxy for dawarich
|
| programs.singularity.systemBinPaths | (Extra) system-wide /**/bin paths
for Apptainer/Singularity to find command-line utilities in.
"/run/wrappers/bin" is included by default to make
utilities with SUID bit set available to Apptainer/Singularity
|
| documentation.nixos.extraModuleSources | Which extra NixOS module paths the generated NixOS's documentation should strip
from options.
|
| services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.discourse.mail.incoming.apiKeyFile | A file containing the Discourse API key used to add
posts and messages from mail
|
| services.discourse.secretKeyBaseFile | The path to a file containing the
secret_key_base secret
|
| services.discourse.database.passwordFile | File containing the Discourse database user password
|
| networking.nftables.checkRulesetRedirects | Set of paths that should be intercepted and rewritten while checking the ruleset
using pkgs.buildPackages.libredirect.
|
| services.librechat.credentials | Environment variables which are loaded from the contents of files at a file paths, mainly used for secrets
|
| services.slskd.settings.shares.directories | Paths to shared directories
|
| services.grafana.settings.server.cdn_url | Specify a full HTTP URL address to the root of your Grafana CDN assets
|
| services.munin-node.extraAutoPlugins | Additional Munin plugins to autoconfigure, using
munin-node-configure --suggest
|
| services.discourse.mail.outgoing.passwordFile | A file containing the password of the SMTP server account
|
| system.forbiddenDependenciesRegexes | POSIX Extended Regular Expressions that match store paths that
should not appear in the system closure, with the exception of system.extraDependencies, which is not checked.
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| security.allowUserNamespaces | Whether to allow creation of user namespaces
|
| boot.loader.generic-extlinux-compatible.mirroredBoots | Mirror the boot configuration to multiple paths.
|
| services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| services.gitlab.secrets.activeRecordPrimaryKeyFile | A file containing the secret used to encrypt some rails data
in the DB
|
| services.immich.accelerationDevices | A list of device paths to hardware acceleration devices that immich should
have access to
|
| services.multipath.devices.*.ghost_delay | Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd
|
| services.prometheus.exporters.node-cert.excludePaths | List of paths to exclute from searching for SSL certificates.
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.multipath.devices.*.path_checker | The default method used to determine the paths state
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| programs.nix-required-mounts.presets.nvidia-gpu.enable | Whether to enable Declare the support for derivations that require an Nvidia GPU to be
available, e.g. derivations with requiredSystemFeatures = [ "cuda" ]
|
| documentation.man.mandoc.manPath | Change the paths included in the MANPATH environment variable,
i. e. the directories where man(1)
looks for section-specific directories of man pages
|
| services.mastodon.configureNginx | Configure nginx as a reverse proxy for mastodon
|
| services.prometheus.exporters.smartctl.devices | Paths to the disks that will be monitored
|
| services.multipath.devices.*.no_path_retry | Specify what to do when all paths are down
|
| services.athens.downloadMode | Defines how Athens behaves when a module@version
is not found in storage
|
| security.pam.sshAgentAuth.authorizedKeysFiles | A list of paths to files in OpenSSH's authorized_keys format, containing
the keys that will be trusted by the pam_ssh_agent_auth module
|
| services.prometheus.exporters.snmp.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| services.tee-supplicant.trustedApplications | A list of full paths to trusted applications that will be loaded at
runtime by tee-supplicant.
|
| services.akkoma.config.":pleroma".":instance".static_dir | Directory of static files
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| documentation.man.mandoc.settings.manpath | Override the default search path for man(1),
apropos(1), and makewhatis(8)
|
| services.prometheus.exporters.blackbox.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| security.apparmor.killUnconfinedConfinables | Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes)
|
| services.wyoming.openwakeword.customModelsDirectories | Paths to directories with custom wake word models (*.tflite model files).
|
| systemd.services.<name>.confinement.mode | The value full-apivfs (the default) sets up
private /dev, /proc,
/sys, /tmp and /var/tmp file systems
in a separate user name space
|
| environment.profileRelativeSessionVariables | Attribute set of environment variable used in the global
environment
|
| security.virtualisation.flushL1DataCache | Whether the hypervisor should flush the L1 data cache before
entering guests
|
| services.gitlab.secrets.activeRecordDeterministicKeyFile | A file containing the secret used to encrypt some rails data in a deterministic way
in the DB
|
| services.maubot.settings.plugin_directories | Plugin directory paths
|
| virtualisation.oci-containers.containers.<name>.volumes | List of volumes to attach to this container
|
| services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|
| services.multipath.devices.*.san_path_err_threshold | If set to a value greater than 0, multipathd will watch paths and check
how many times a path has been failed due to errors
|