| services.slurm.rest.environment.SLURM_JWT | This variable must be set to use JWT token authentication.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id | Server side EAP-Identity to expect in the EAP method
|
| boot.initrd.luks.devices.<name>.yubikey.iterationStep | How much the iteration count for PBKDF2 is increased at each successful authentication.
|
| programs._1password-gui.polkitPolicyOwners | A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
|
| security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|
| services.pixelfed.database.createLocally | Whether to enable a local database using UNIX socket authentication.
|
| services.wordpress.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.graylog.rootPasswordSha2 | You MUST specify a hash password for the root user (which you only need to initially set up the
system and in case you lose connectivity to your authentication backend)
This password cannot be changed using the API or via the web interface
|
| services.scrutiny.settings.web.influxdb.token | Authentication token for connecting to InfluxDB.
|
| services.mysql.galeraCluster.clusterPassword | Optional password for securing cluster communications
|
| services.chatgpt-retrieval-plugin.bearerTokenPath | Path to the secret bearer token used for the http api authentication.
|
| services.guacamole-client.settings | Configuration written to guacamole.properties.
The Guacamole web application uses one main configuration file called
guacamole.properties
|
| services.kubernetes.apiserver.tokenAuthFile | Kubernetes apiserver token authentication file
|
| services.kubernetes.apiserver.basicAuthFile | Kubernetes apiserver basic authentication file
|
| services.canaille.settings.CANAILLE.SMTP | SMTP configuration
|
| networking.wireless.fallbackToWPA2 | Whether to fall back to WPA2 authentication protocols if WPA3 failed
|
| services.gitlab-runner.services.<name>.runUntagged | Register to run untagged builds; defaults to
true when tagList is empty
|
| networking.wireless.networks.<name>.psk | The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw with an external
reference to keep it safe.
Mutually exclusive with pskRaw.
|
| services.prometheus.exporters.nut.nutUser | The user to log in into NUT server
|
| services.grafana.settings.smtp.password | Password used for authentication
|
| services.anuko-time-tracker.settings.email.smtpPasswordFile | Path to file containing the MTA authentication password.
|
| services.umami.createPostgresqlDatabase | Whether to automatically create the database for Umami using PostgreSQL
|
| services.gitlab-runner.services.<name>.protected | When set to true Runner will only run on pipelines
triggered on protected branches
|
| services.onlyoffice.postgresPasswordFile | Path to a file that contains the password OnlyOffice should use to connect to Postgresql
|
| services.prometheus.exporters.ipmi.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.strongswan-swanctl.swanctl.connections.<name>.unique | Connection uniqueness policy to enforce
|
| services.listmonk.database.settings.smtp.*.tls_type | Type of TLS authentication with the SMTP server
|
| services.gitlab-runner.services.<name>.maximumTimeout | What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit
|
| services.roundcube.database.passwordFile | Password file for the postgresql connection
|
| services.sourcehut.settings."git.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| services.grafana.settings.server.root_url | This is the full URL used to access Grafana from a web browser
|
| services.mosquitto.listeners.*.omitPasswordAuth | Omits password checking, allowing anyone to log in with any user name unless
other mandatory authentication methods (eg TLS client certificates) are configured.
|
| services.sourcehut.settings."meta.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| services.kerberos_server.enable | Whether to enable the kerberos authentication server.
|
| services.strongswan-swanctl.swanctl.secrets.eap | EAP secret section for a specific secret
|
| services.sourcehut.settings."pages.sr.ht::api".internal-ipnet | Set of IP subnets which are permitted to utilize internal API
authentication
|
| services.dependency-track.settings."alpine.ldap.enabled" | Defines if LDAP will be used for user authentication
|
| services.suwayomi-server.settings.server.basicAuthEnabled | Whether to enable basic access authentication for Suwayomi-Server
|
| services.dependency-track.settings."alpine.oidc.enabled" | Defines if OpenID Connect will be used for user authentication
|
| services.strongswan-swanctl.swanctl.secrets.ntlm | NTLM secret section for a specific secret
|
| services.outline.oidcAuthentication.scopes | OpenID authentication scopes.
|
| services.outline.oidcAuthentication.clientId | Authentication client identifier.
|
| services.hercules-ci-agent.settings.clusterJoinTokenPath | Location of the cluster-join-token.key file
|
| services.dysnomia.enableAuthentication | Whether to publish privacy-sensitive authentication credentials
|
| services.outline.slackAuthentication.clientId | Authentication key.
|
| virtualisation.podman.networkSocket.tls.cacert | Path to CA certificate to use for client authentication.
|
| services.firefox-syncserver.database.createLocally | Whether to create database and user on the local machine if they do not exist
|
| services.outline.azureAuthentication.clientId | Authentication client identifier.
|
| services.prometheus.remoteRead.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.cloudflare-ddns.credentialsFile | Path to a file containing the Cloudflare API authentication token
|
| services.hostapd.radios.<name>.networks.<name>.macAcl | Station MAC address -based authentication
|
| services.outline.googleAuthentication.clientId | Authentication client identifier.
|
| services.prometheus.exporters.pgbouncer.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.prometheus.remoteWrite.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.outline.slackAuthentication.secretFile | File path containing the authentication secret.
|
| services.outline.oidcAuthentication.displayName | Display name for OIDC authentication.
|
| services.outline.discordAuthentication.clientId | Authentication client identifier.
|
| services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.mattermost.database.fromEnvironment | Use services.mattermost.environmentFile to configure the database instead of writing the database URI
to the Nix store
|
| services.prometheus.remoteWrite.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.outline.oidcAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.openssh.settings.AuthorizedPrincipalsFile | Specifies a file that lists principal names that are accepted for certificate authentication
|
| services.prometheus.scrapeConfigs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.outline.azureAuthentication.resourceAppId | Authentication application resource ID.
|
| services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_id | The project_id and project_name fields are optional for the Identity V2 API
|
| services.outline.azureAuthentication.clientSecretFile | File path containing the authentication secret.
|
| virtualisation.podman.networkSocket.enable | Make the Podman and Docker compatibility API available over the network
with TLS client certificate authentication
|
| services.outline.googleAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.prometheus.scrapeConfigs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| services.magnetico.web.credentialsFile | The path to the file holding the credentials to access the web
interface
|
| services.outline.discordAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_name | The project_id and project_name fields are optional for the Identity V2 API
|
| services.openssh.settings.PasswordAuthentication | Specifies whether password authentication is allowed.
|
| services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| services.prometheus.exporters.artifactory.artiAccessToken | Access token for authentication against JFrog Artifactory API
|
| services.prometheus.exporters.artifactory.artiPassword | Password for authentication against JFrog Artifactory API
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert | Section for a certificate candidate to use for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.ghostunnel.servers.<name>.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.grafana.settings.database.client_key_path | The path to the client key
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round | Optional numeric identifier by which authentication rounds are
sorted
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert | Section for a CA certificate to accept for authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_id | Identity to use as peer identity during EAP authentication
|
| services.prometheus.exporters.mail.configuration.servers.*.login | Username to use for SMTP authentication.
|
| services.openssh.settings.KbdInteractiveAuthentication | Specifies whether keyboard-interactive authentication is allowed.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys | List of raw public keys to accept for
authentication
|
| services.grafana.settings.database.client_cert_path | The path to the client cert
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id | Identity in CA certificate to accept for authentication
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_secret | The application_credential_secret field is required if using an application
credential to authenticate.
|
| services.prometheus.exporters.mail.configuration.servers.*.passphrase | Password to use for SMTP authentication.
|
| services.dependency-track.oidc.teamSynchronization | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_certreq | Send certificate request payloads to offer trusted root CA certificates to
the peer
|
| services.matrix-synapse.settings.macaroon_secret_key | Secret key for authentication tokens
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|