| services.wordpress.sites.<name>.themes | Path(s) to respective theme(s) which are copied from the 'theme' directory.
These themes need to be packaged before use, see example.
|
| services.github-runners.<name>.extraPackages | Extra packages to add to PATH of the service to make them available to workflows.
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| services.mastodon.otpSecretFile | Path to file containing the OTP secret
|
| services.dnscrypt-proxy2.configFile | Path to TOML config file
|
| services.forgejo.settings.server.HTTP_ADDR | Listen address
|
| services.asterisk.confFiles | Sets the content of config files (typically ending with
.conf) in the Asterisk configuration directory
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.nsd.remoteControl.controlCertFile | Path to the client certificate signed with the server certificate
|
| services.matrix-conduit.secretFile | Path to a file containing sensitive environment as described in {manpage}`systemd.exec(5)
|
| services.tailscale.serve.configFile | Path to a Tailscale Serve configuration file in JSON format
|
| services.qbittorrent.profileDir | the path passed to qbittorrent via --profile.
|
| services.onlyoffice.postgresHost | The Postgresql hostname or socket path OnlyOffice should connect to.
|
| services.snipe-it.nginx.sslCertificate | Path to server SSL certificate.
|
| services.zabbixWeb.httpd.virtualHost.sslServerChain | Path to server SSL chain file.
|
| containers.<name>.nixpkgs | A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container
|
| services.borgbackup.repos.<name>.group | The group borg serve is run as
|
| services.journald.gateway.key | Specify the path to a file or AF_UNIX stream socket to read the
secret server key corresponding to the certificate specified with
services.journald.gateway.cert from
|
| services.c2fmzq-server.settings.database | Path of the database
|
| services.klipper.firmwares.<name>.serial | Path to serial port this printer is connected to
|
| services.nitter.sessionsFile | Path to the session tokens file
|
| services.shiori.environmentFile | Path to file containing environment variables
|
| services.mediawiki.database.socket | Path to the unix socket file to use for authentication.
|
| services.thanos.store.objstore.config-file | Path to YAML file that contains object store configuration
|
| services.sympa.database.host | Database host address
|
| services.mongodb.initialRootPasswordFile | Path to the file containing the password for the root user if auth is enabled.
|
| services.mail.sendmailSetuidWrapper.source | The absolute path to the program to be wrapped.
|
| systemd.user.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.warpgate.databaseUrlFile | Path to file containing database connection string with credentials
|
| services.jigasi.componentPasswordFile | Path to file containing component secret.
|
| services.gitea.settings.server.STATIC_ROOT_PATH | Upper level of template and static files path.
|
| services.ghostunnel.servers.<name>.key | Path to certificate private key (PEM with private key)
|
| services.drupal.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| security.apparmor.policies.<name>.profile | The profile file contents
|
| services.draupnir.settings.dataPath | The path Draupnir will store its state/data in.
This option is read-only.
If you want to customize where this data is stored, use a bind mount.
|
| services.glance.settings | Configuration written to a yaml file that is read by glance
|
| services.icingaweb2.libraryPaths | Libraries to add to the Icingaweb2 library path
|
| services.ghostunnel.servers.<name>.cert | Path to certificate (PEM with certificate chain)
|
| services.klipper.firmwares.<name>.package | Path to the built firmware package.
|
| documentation.enable | Whether to install documentation of packages from
environment.systemPackages into the generated system path
|
| services.davis.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.calibre-web.options.calibreLibrary | Path to Calibre library.
|
| services.jicofo.componentPasswordFile | Path to file containing component secret.
|
| services.oauth2-proxy.tls.certificate | Path to certificate file.
|
| services.thinkfan.sensors | List of temperature sensors thinkfan will monitor.
This section slightly departs from the thinkfan.conf syntax
|
| services.onlyoffice.jwtSecretFile | Path to a file that contains the secret to sign web requests using JSON Web Tokens
|
| services.slskd.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.nextcloud.config.dbhost | Database host (+port) or socket path
|
| services.movim.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.zoneminder.storageDir | ZoneMinder can generate quite a lot of data, so in case you don't want
to use the default /var/lib/zoneminder, you can override the path here.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts | List of CA certificates to accept for
authentication
|
| services.akkoma.extraPackages | List of extra packages to include in the executable search path of the service unit
|
| services.akkoma.nginx.sslCertificate | Path to server SSL certificate.
|
| services.fluidd.nginx.sslCertificate | Path to server SSL certificate.
|
| services.borgbackup.jobs.<name>.wrapper | Name of the wrapper that is installed into PATH
|
| services.grafana.settings.smtp.key_file | File path to a key file.
|
| services.gancio.nginx.sslCertificate | Path to server SSL certificate.
|
| services.snipe-it.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.thanos.sidecar.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.thanos.receive.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.quassel.certificateFile | Path to the certificate used for SSL connections with clients.
|
| services.monica.nginx.sslCertificate | Path to server SSL certificate.
|
| services.oauth2-proxy.google.serviceAccountJSON | The path to the service account JSON credentials.
|
| services.thanos.compact.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.pretalx.settings.database.host | Database host or socket path.
|
| services.unpoller.unifi.defaults.pass | Path of a file containing the password for the unifi service user
|
| services.matomo.nginx.sslCertificate | Path to server SSL certificate.
|
| services.microsocks.authPasswordFile | Path to a file containing the password for authentication.
|
| services.gitlab.secrets.dbFile | A file containing the secret used to encrypt variables in
the DB
|
| services.gitlab.secrets.jwsFile | A file containing the secret used to encrypt session
keys
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys | List of raw public keys to accept for
authentication
|
| services.klipper.firmwares.<name>.configFile | Path to firmware config which is generated using klipper-genconf
|
| services.hardware.pommed.configFile | The path to the pommed.conf file
|
| services.buffyboard.configFile | Path to an INI format configuration file to provide Buffyboard
|
| programs.tsmClient.servers.<name>.inclexcl | Text lines with include.* and exclude.* directives
to be used when sending files to the IBM TSM server,
or an absolute path pointing to a file with such lines.
|
| boot.loader.grub.users.<name>.hashedPasswordFile | Specifies the path to a file containing the password hash
for the account, generated with grub-mkpasswd-pbkdf2
|
| services.moodle.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.nagios.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.tlsrpt.fetcher.settings.storage | Path to the collectd sqlite database.
|
| services.opengfw.settings.ruleset | The path to load specific local geoip/geosite db files
|
| services.slurm.dbdserver.storagePassFile | Path to file with database password
|
| services.misskey.database.passwordFile | The path to a file containing the database password
|
| services.wordpress.sites.<name>.plugins | Path(s) to respective plugin(s) which are copied from the 'plugins' directory.
These plugins need to be packaged before use, see example.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.multipath.blacklist_exceptions | This section defines which devices should be included in the
multipath topology discovery, despite being listed in the
blacklist section.
|
| services.prosody.uploadHttp.httpUploadPath | Directory where the uploaded files will be stored when the http_upload module is used
|
| services.jupyterhub.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| networking.firewall.extraPackages | Additional packages to be included in the environment of the system
as well as the path of networking.firewall.extraCommands.
|
| services.grafana-to-ntfy.settings.ntfyBAuthPass | The path to the password for the specified ntfy-sh user
|
| services.jupyterhub.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.buildkite-agents.<name>.hooksPath | Path to the directory storing the hooks
|
| services.firezone.gateway.tokenFile | A file containing the firezone gateway token
|
| services.tinc.networks.<name>.ed25519PrivateKeyFile | Path of the private ed25519 keyfile.
|
| services.pgadmin.emailServer.passwordFile | Password for SMTP email account
|
| services.plausible.mail.smtp.passwordFile | The path to the file with the password in case SMTP auth is enabled.
|
| services.uwsgi.instance | uWSGI configuration
|
| services.xserver.displayManager.xserverBin | Path to the X server used by display managers.
|
| services.wyoming.satellite.sounds.done | Path to audio file in WAV format to play when voice command recording has ended.
|
| services.postsrsd.settings.chroot-dir | Path to chroot into at runtime as an additional layer of protection.
We confine the runtime environment through systemd hardening instead, so this option is read-only.
|
| services.xserver.windowManager.i3.configFile | Path to the i3 configuration file
|