| services.sympa.settingsFile.<name>.text | Text of the file.
|
| systemd.units.<name>.text | Text of this systemd unit.
|
| systemd.user.units.<name>.text | Text of this systemd unit.
|
| services.asusd.animeConfig.text | Text of the file.
|
| services.asusd.asusdConfig.text | Text of the file.
|
| services.rspamd.locals.<name>.text | Text of the file.
|
| services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| services.asusd.fanCurvesConfig.text | Text of the file.
|
| services.asusd.userLedModesConfig.text | Text of the file.
|
| services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| services.asusd.auraConfigs.<name>.text | Text of the file.
|
| programs.neovim.runtime.<name>.text | Text of the file.
|
| environment.etc.<name>.text | Text of the file.
|
| services.asusd.profileConfig.text | Text of the file.
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| boot.initrd.systemd.contents.<name>.text | Text of the file.
|
| services.murmur.textMsgLength | Max length of text messages
|
| security.pam.services.<name>.text | Contents of the PAM service file.
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| systemd.shutdownRamfs.contents.<name>.text | Text of the file.
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.prometheus.scrapeConfigs.*.label_name_length_limit | Per-scrape limit on length of labels name that will be accepted for a sample
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.dae.config | WARNING: This option will expose store your config unencrypted world-readable in the nix store
|
| services.bacula-sd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-fd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-sd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| programs.xonsh.config | Extra text added to the end of /etc/xonsh/xonshrc,
the system-wide control file for xonsh.
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.davis.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.slskd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.movim.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.snipe-it.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.akkoma.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fluidd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.gancio.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.monica.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.matomo.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.syncplay.motdFile | Path to text to display when users join
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| services.snmpd.configText | The contents of the snmpd.conf
|
| boot.loader.grub.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the account
|
| services.kanboard.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.dolibarr.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.librenms.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.agorakit.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fediwall.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.pixelfed.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.mainsail.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.radicle.httpd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services._3proxy.usersFile | Load users and passwords from this file
|
| services.anuko-time-tracker.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bookstack.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.zabbixWeb.nginx.virtualHost.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.jirafeau.nginxConfig.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.hylafax.userAccessFile | The hosts.hfaxd
file entry in the spooling area
will be symlinked to the location given here
|
| services.sogo.configReplaces | Replacement-filepath mapping for sogo.conf
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| services.filebeat.modules | Filebeat modules provide a quick way to get started
processing common log formats
|
| services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| networking.tempAddresses | Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces._name_.tempAddress
|
| services.nncp.daemon.socketActivation.listenStreams | TCP sockets to bind to
|
| services.syncthing.overrideFolders | Whether to delete the folders which are not configured via the
folders option
|
| services.limesurvey.nginx.virtualHost.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.airsonic.contextPath | The context path, i.e., the last part of the Airsonic
URL
|
| services.subsonic.contextPath | The context path, i.e., the last part of the Subsonic
URL
|
| services.prometheus.configText | If non-null, this option defines the text that is written to
prometheus.yml
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| services.misskey.reverseProxy.webserver.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.murmur.welcometext | Welcome message for connected clients.
|
| services.crowdsec.localConfig.contexts | A list of additional contexts to specify
|
| services.tor.settings.WarnPlaintextPorts | See torrc manual.
|
| services.sharkey.settings.fulltextSearch.provider | Which provider to use for full text search
|
| services.prometheus.alertmanager.configText | Alertmanager configuration as YAML text
|
| services.sourcehut.settings."hg.sr.ht".srhtext | Path to the srht mercurial extension
(defaults to where the hgsrht code is)
|
| services.tor.settings.RejectPlaintextPorts | See torrc manual.
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.umurmur.settings.welcometext | Welcome message for connected clients.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.prometheus.exporters.pve.environmentFile | Path to the service's environment file
|
| nix.extraOptions | Additional text appended to nix.conf.
|
| boot.plymouth.font | Font file made available for displaying text on the splash screen.
|
| programs.vim.enable | Whether to enable Vi IMproved, an advanced text editor.
|
| services.nextcloud.settings.mail_send_plaintext_only | Email will be sent by default with an HTML and a plain text body
|
| programs.nano.enable | Whether to enable nano, a small user-friendly console text editor.
|
| services.ntp.extraConfig | Additional text appended to ntp.conf.
|
| services.prometheus.exporters.idrac.configurationPath | Path to the service's config file
|
| services.prometheus.exporters.mail.configuration.servers | List of servers that should be probed.
Note: if your mailserver has rspamd(8) configured,
it can happen that emails from this exporter are marked as spam
|
| security.sudo.extraConfig | Extra configuration text appended to sudoers.
|
| security.sudo-rs.extraConfig | Extra configuration text appended to sudoers.
|
| services.vault.extraConfig | Extra text appended to vault.hcl.
|
| services.grafana.settings.users.login_hint | Text used as placeholder text on login page for login/username input.
|
| services.davis.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.solanum.motd | Solanum MOTD text
|
| services.athens.basicAuthPass | Password for basic auth
|
| services.snipe-it.nginx.basicAuth | Basic Auth protection for a vhost
|
| programs.ssh.extraConfig | Extra configuration text prepended to ssh_config
|
| security.doas.extraConfig | Extra configuration text appended to doas.conf
|
| services.agate.language | RFC 4646 Language code for text/gemini documents.
|
| services.gitweb.extraConfig | Verbatim configuration text appended to the generated gitweb.conf file.
|
| boot.loader.grub.splashImage | Background image used for GRUB
|
| services.teeworlds.motd | The server's message of the day text.
|
| services.gancio.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.monero.banlist | Path to a text file containing IPs to block
|
| programs.tsmClient.dsmSysText | This configuration key contains the effective text
of the client system-options file "dsm.sys"
|
| services.weblate.extraConfig | Text to append to settings.py Weblate configuration file.
|
| services.moodle.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| services.athens.githubToken | Creates .netrc file with the given token to be used for GitHub
|
| services.athens.storage.gcp.jsonKey | Base64 encoded GCP service account key
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| services.syncplay.motd | Text to display when users join
|
| services.syslogd.extraConfig | Additional text appended to syslog.conf,
i.e. the contents of defaultConfig.
|
| services.athens.storage.s3.token | Token for the S3 storage backend
|
| services.xonotic.appendConfig | Literal text to insert at the end of server.cfg.
|
| services.openntpd.extraConfig | Additional text appended to openntpd.conf.
|
| services.jitsi-meet.extraConfig | Text to append to config.js web application config file
|
| services.radicle.httpd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.athens.storage.s3.secret | Secret key for the S3 storage backend
|
| services.charybdis.motd | Charybdis MOTD text
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| services.terraria.messageOfTheDay | Set the server message of the day text.
|
| services.xonotic.prependConfig | Literal text to insert at the start of server.cfg.
|
| services.librenms.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.agorakit.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.kanboard.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.fediwall.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.pixelfed.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.rsyslogd.extraConfig | Additional text appended to syslog.conf,
i.e. the contents of defaultConfig.
|
| services.lavalink.password | The password for Lavalink's authentication in plain text.
|
| services.athens.storage.minio.secret | Secret key for the minio storage backend
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.athens.index.mysql.password | Password for the MySQL database
|
| services.cloudlog.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| services.vault.listenerExtraConfig | Extra text appended to the listener section.
|
| services.greetd.useTextGreeter | Whether the greeter uses text-based user interfaces (For example, tuigreet)
|
| services.anuko-time-tracker.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.postfix.enableSmtp | Whether to enable the smtp service configured in the master.cf
|
| services.bookstack.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.bird-lg.frontend.navbar.allServers | Text of 'All server' button in the navigation bar.
|
| services.xonotic.settings.sv_motd | Text displayed when players join the server.
|
| services.zabbixWeb.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| services.zitadel.settings.TLS.Key | The TLS certificate private key, as a base64-encoded string
|
| services.zitadel.settings.TLS.Cert | The TLS certificate, as a base64-encoded string
|
| services.mediawiki.extraConfig | Any additional text to be appended to MediaWiki's
LocalSettings.php configuration file
|
| services.nginx.virtualHosts.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.loader.grub.timeoutStyle |
menu shows the menu.countdown uses a text-mode countdown.hidden hides GRUB entirely
|
| services.jirafeau.nginxConfig.basicAuth | Basic Auth protection for a vhost
|
| services.gitwatch.<name>.message | Optional text to use in as commit message; all occurrences of %d will be replaced by formatted date/time
|
| services.postgrey.greylistText | Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.athens.index.postgres.password | Password for the Postgres database
|
| services.athens.singleFlight.redis.password | Password for the redis server
|
| services.suricata.settings.stats | Engine statistics such as packet counters, memory use counters and others can be logged in several ways
|
| services.immich.database.enableVectorChord | Whether to enable the new VectorChord extension for full-text search in Postgres.
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| programs.tsmClient.servers.<name>.inclexcl | Text lines with include.* and exclude.* directives
to be used when sending files to the IBM TSM server,
or an absolute path pointing to a file with such lines.
|
| documentation.doc.enable | Whether to install documentation distributed in packages' /share/doc
|
| services.vsftpd.userDbPath | Only applies if enableVirtualUsers is true
|
| services.komodo-periphery.passkeys | Passkeys required to access the periphery API
|
| networking.tcpcrypt.enable | Whether to enable opportunistic TCP encryption
|
| services.athens.storage.azureblob.accountKey | Account key for the Azure Blob storage backend
|
| services.limesurvey.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.nitter.preferences.bidiSupport | Support bidirectional text (makes clicking on tweets harder).
|
| services.wordpress.sites.<name>.extraConfig | Any additional text to be appended to the wp-config.php
configuration file
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.karakeep.meilisearch.enable | Enable Meilisearch and configure Karakeep to use it
|
| services.pinnwand.settings.paste_help | Raw HTML help text shown in the header area.
|
| environment.wordlist.lists | A set with the key names being the environment variable you'd like to
set and the values being a list of paths to text documents containing
lists of words
|
| services.misskey.reverseProxy.webserver.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dendrite.settings.sync_api.search.enabled | Whether to enable Dendrite's full-text search engine.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.loader.limine.style.graphicalTerminal.foreground | Text foreground color (RRGGBB).
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.loader.limine.style.graphicalTerminal.background | Text background color (TTRRGGBB)
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.vault.extraSettingsPaths | Configuration files to load besides the immutable one defined by the NixOS module
|
| services.mastodon.elasticsearch.host | Elasticsearch host
|
| services.postfix.enableSubmission | Whether to enable the `submission` service configured in master.cf
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| boot.loader.limine.style.graphicalTerminal.brightForeground | Text foreground bright color (RRGGBB).
|
| boot.loader.limine.style.graphicalTerminal.brightBackground | Text background bright color (RRGGBB).
|
| services.athens.singleFlight.redisSentinel.sentinelPassword | Password for the sentinel server
|
| services.wyoming.faster-whisper.servers.<name>.initialPrompt | Optional text to provide as a prompt for the first window
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| documentation.man.mandoc.settings.output.indent | Number of blank characters at the left margin for normal text,
default of 5 for mdoc(7) and 7 for
man(7)
|
| services.grafana.provision.alerting.templates.settings.templates.*.template | Alerting with a custom text template
|
| services.jellyfin.transcoding.enableSubtitleExtraction | Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|