| services.fedimintd.<name>.nginx.config.root | The path of the web root directory.
|
| services.glusterfs.tlsSettings.tlsPem | Path to the certificate used for TLS.
|
| services.hebbot.templates.section | A path to the Markdown file for the section template.
|
| services.immich.settings | Configuration for Immich
|
| security.pam.services.<name>.u2fAuth | If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.traefik.dynamic.dir | Path to the directory Traefik should watch for configuration files.
Files in this directory matching the glob _nixos-* (reserved for Nix-managed dynamic configurations) will be deleted as part of
systemd-tmpfiles-resetup.service, regardless of their origin..
|
| services.ncdns.dnssec.keys.public | Path to the file containing the KSK public key
|
| services.thanos.query.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.nextcloud.config.dbpassFile | The full path to a file that contains the database password.
|
| services.thanos.store.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.stash.settings.generated | Path to generated files
|
| services.zabbixServer.database.socket | Path to the unix socket file to use for authentication.
|
| services.zabbixServer.extraPackages | Packages to be added to the Zabbix PATH
|
| services.multipath.devices.*.delay_watch_checks | This option is deprecated, and mapped to san_path_err_forget_rate
|
| services.peering-manager.oidcConfigPath | Path to the Configuration-File for OIDC-Authentication, will be loaded as oidc_config.py
|
| services.hqplayerd.licenseFile | Path to the HQPlayer license key file
|
| fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.syncthing.guiPasswordFile | Path to file containing the plaintext password for Syncthing's GUI.
|
| services.sshwifty.socks5PasswordFile | Path to a file containing the SOCKS5 password.
|
| services.tcsd.platformCred | Path to the platform credential for your TPM
|
| services.nsd.remoteControl.serverCertFile | Path to the server self signed certificate, which is used by the server
but and by nsd-control
|
| services.miniflux.config.LISTEN_ADDR | Address to listen on
|
| services.openiscsi.extraConfigFile | Append an additional file's contents to /etc/iscsid.conf
|
| services.peering-manager.ldapConfigPath | Path to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py
|
| services.oauth2-proxy.customTemplatesDir | Path to custom HTML templates.
|
| systemd.shutdownRamfs.contents.<name>.target | Path of the symlink.
|
| systemd.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.weblate.djangoSecretKeyFile | Location of the Django secret key
|
| services.zabbixWeb.httpd.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.dnscrypt-proxy.configFile | Path to TOML config file
|
| services.gns3-server.auth.passwordFile | A file containing the password to access the GNS3 Server.
This should be a string, not a nix path, since nix paths
are copied into the world-readable nix store.
|
| services.dolibarr.h2o.tls.identity.*.key-file | Path to key file
|
| services.drupal.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.firezone.relay.tokenFile | A file containing the firezone relay token
|
| services.quicktun.<name>.privateKeyFile | Path to file containing local secret key in binary or hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.pulseaudio.configFile | The path to the default configuration options the PulseAudio server
should use
|
| services.microbin.passwordFile | Path to file containing environment variables
|
| services.ncdns.dnssec.keys.zonePublic | Path to the file containing the ZSK public key
|
| services.nextcloud.datadir | Nextcloud's data storage path
|
| services.oauth2-proxy.nginx.domain | The domain under which the oauth2-proxy will be accesible and the path of cookies are set to
|
| services.sillytavern.configFile | Path to the SillyTavern configuration file.
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| users.ldap.daemon.rootpwmodpwFile | The path to a file containing the credentials with which to bind to
the LDAP server if the root user tries to change a user's password.
|
| services.zabbixWeb.httpd.virtualHost.sslServerCert | Path to server SSL certificate.
|
| systemd.shutdownRamfs.contents.<name>.source | Path of the source file.
|
| services.komodo-periphery.configFile | Path to the periphery configuration file
|
| services.drupal.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| services.beszel.agent.smartmon.enable | Include services.beszel.agent.smartmon.package in the Beszel agent path for disk monitoring and add the agent to the disk group.
|
| services.dokuwiki.sites.<name>.extraConfigs | Path(s) to additional configuration files that are then linked to the 'conf' directory.
|
| services.journald.gateway.trust | Specify the path to a file or AF_UNIX stream socket to read a CA
certificate from
|
| boot.initrd.luks.devices.<name>.gpgCard.encryptedPass | Path to the GPG encrypted passphrase.
|
| programs.firejail.wrappedBinaries | Wrap the binaries in firejail and place them in the global path.
|
| services.nsd.remoteControl.controlKeyFile | Path to the client private key, which is used by nsd-control
but not by the server
|
| services.quake3-server.baseq3 | Path to the baseq3 files (pak*.pk3)
|
| services.k3s.environmentFile | File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| services.lasuite-meet.settings.DJANGO_DATA_DIR | Path to the data directory
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs | List of certificates to accept for authentication
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| security.agnos.generateKeys.enable | Enable automatic generation of account keys
|
| services.earlyoom.killHook | An absolute path to an executable to be run for each process killed
|
| services.cloudflare-dyndns.apiTokenFile | The path to a file containing the CloudFlare API token.
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| services.gitweb.projectroot | Path to git projects (bare repositories) that should be served by
gitweb
|
| programs.river-classic.package | The river-classic package to use
|
| services.dockerRegistry.storagePath | Docker registry storage path for the filesystem storage backend
|
| programs.tsmClient.wrappedPackage | The tsm-client package to use
|
| services.glusterfs.tlsSettings.caCert | Path certificate authority used to sign the cluster certificates.
|
| services.bird-lg.proxy.traceroute.binary | Traceroute's binary path.
|
| services.drupal.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.dokuwiki.sites.<name>.plugins | List of path(s) to respective plugin(s) which are copied into the 'plugin' directory.
These plugins need to be packaged before use, see example.
|
| services.suricata.settings.rule-files | Files to load suricata-update managed rules, relative to 'default-rule-path'.
|
| services.tlsrpt.reportd.settings.dbname | Path to the sqlite database.
|
| services.ncps.cache.storage.s3.secretAccessKeyPath | The path to a file containing only the secret-access-key.
|
| services.searx.settingsFile | The path of the Searx server settings.yml file
|
| services.thanos.rule.objstore.config-file | Path to YAML file that contains object store configuration
|
| services.pretix.settings.database.host | Database host or socket path.
|
| services.opensnitch.rules | Declarative configuration of firewall rules
|
| services.opengfw.settings.ruleset.geoip | Path to geoip.dat.
|
| services.rke2.environmentFile | File path containing environment variables for configuring the rke2 service in the format of an EnvironmentFile
|
| services.davis.nginx.sslCertificate | Path to server SSL certificate.
|
| services.docuseal.secretKeyBaseFile | Path to file containing the secret key base
|
| services.homebridge.userStoragePath | Path to store homebridge user files (needs to be writeable).
|
| services.glusterfs.tlsSettings.tlsKeyPath | Path to the private key used for TLS.
|
| services.c2fmzq-server.passphraseFile | Path to file containing the database passphrase
|
| services.journald.gateway.cert | The path to a file or AF_UNIX stream socket to read the server
certificate from
|
| services.homebridge.pluginPath | Path to the plugin download directory (needs to be writeable)
|
| services.iperf3.authorizedUsersFile | Path to the configuration file containing authorized users credentials to run iperf tests.
|
| environment.unixODBCDrivers | Specifies Unix ODBC drivers to be registered in
/etc/odbcinst.ini
|
| services.public-inbox.inboxes.<name>.inboxdir | The absolute path to the directory which hosts the public-inbox.
|
| services.slskd.nginx.sslCertificate | Path to server SSL certificate.
|
| services.openvscode-server.socketPath | The path to a socket file for the server to listen to.
|
| services.movim.nginx.sslCertificate | Path to server SSL certificate.
|
| services.openvpn.servers.<name>.config | Configuration of this OpenVPN instance
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|