| services.davis.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.thanos.receive.tracing.config | Tracing configuration
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| services.thanos.compact.tracing.config | Tracing configuration
|
| services.postfix-tlspol.settings.server.address | Path or address/port where postfix-tlspol binds its socket to.
|
| services.pufferpanel.extraPackages | Packages to add to the PATH environment variable
|
| services.movim.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.thanos.sidecar.tracing.config | Tracing configuration
|
| services.slskd.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| virtualisation.diskImage | Path to the disk image containing the root filesystem
|
| services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration with runner registration
tokens
|
| services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| services.simplesamlphp.<name>.configDir | Path to the SimpleSAMLphp config directory.
|
| services.bitmagnet.settings.postgres.host | Address, hostname or Unix socket path of the database server
|
| security.tpm2.tctiEnvironment.deviceConf | Configuration part of the device TCTI, e.g. the path to the TPM device
|
| services.apache-kafka.configFiles.log4jProperties | Kafka log4j property configuration file path
|
| services.anuko-time-tracker.nginx.sslCertificate | Path to server SSL certificate.
|
| services.step-ca.settings | Settings that go into ca.json
|
| services.limesurvey.httpd.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| services.snipe-it.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.prometheus.exporters.mqtt.mqttTopic | Topic path to subscribe to.
|
| services.nginx.virtualHosts.<name>.sslCertificate | Path to server SSL certificate.
|
| services.sabnzbd.settings.misc.https_key | Path to the TLS key for the web UI
|
| services.gitlab.secrets.activeRecordSaltFile | A file containing the salt for active record encryption in the DB
|
| services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| services.misskey.reverseProxy.webserver.nginx.root | The path of the web root directory.
|
| services.radicle.httpd.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.pretalx.settings.filesystem.logs | Path to the log directory, that pretalx logs message to.
|
| services.limesurvey.httpd.virtualHost.sslServerCert | Path to server SSL certificate.
|
| virtualisation.bootLoaderDevice | The path (inside th VM) to the device to boot from when legacy booting.
|
| services.xserver.windowManager.bspwm.sxhkd.configFile | Path to the sxhkd configuration file
|
| services.wordpress.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.gitlab-runner.services.<name>.authenticationTokenConfigFile | Absolute path to a file containing environment variables used for
gitlab-runner registrations with runner authentication tokens
|
| services.sourcehut.settings."pages.sr.ht".gemini-certs | An absolute file path (which should be outside the Nix-store)
to Gemini certificates.
|
| nixpkgs.flake.setFlakeRegistry | Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json) to the
store path of the sources of nixpkgs used to build the NixOS system
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| services.bookstack.nginx.sslCertificate | Path to server SSL certificate.
|
| services.unbound.localControlSocketPath | When not set to null this option defines the path
at which the unbound remote control socket should be created at
|
| services.openbao.settings.listener.<name>.address | The TCP address or UNIX socket path to listen on.
|
| services.openssh.authorizedKeysCommand | Specifies a program to be used to look up the user's public
keys
|
| services.nextcloud.config.adminpassFile | The full path to a file that contains the admin's password
|
| services.prometheus.exporters.sql.configFile | Path to configuration file.
|
| services.slskd.environmentFile | Path to the environment file sourced on startup
|
| services.zfs.autoReplication.identityFilePath | Path to SSH key used to login to host.
|
| services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.paths | Paths can point to a single service, or the root of a tree of services.
|
| services.gancio.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.fluidd.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.akkoma.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.anuko-time-tracker.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.firezone.headless-client.tokenFile | A file containing the firezone client token
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.openvscode-server.extensionsDir | Set the root path for extensions.
|
| services.monero.environmentFile | Path to an EnvironmentFile for the monero service as defined in systemd.exec(5)
|
| services.monica.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.matomo.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.wstunnel.clients.<name>.upgradePathPrefix | Use a specific HTTP path prefix that will show up in the upgrade
request to the wstunnel server
|
| services.keepalived.enableScriptSecurity | Don't run scripts configured to be run as root if any part of the path is writable by a non-root user.
|
| services.audiobookshelf.dataDir | Path to Audiobookshelf config and metadata inside of /var/lib.
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.matrix-continuwuity.admin.enable | Add conduwuit command to PATH for administration
|
| services.prometheus.exporters.json.configFile | Path to configuration file.
|
| services.prometheus.exporters.ipmi.configFile | Path to configuration file.
|
| services.xserver.xkb.extraLayouts.<name>.keycodesFile | The path to the xkb keycodes file
|
| services.pipewire.wireplumber.extraScripts | Additional scripts for WirePlumber to be used by configuration files
|
| services.fcgiwrap.instances.<name>.socket.address | Socket address
|
| services.cyrus-imap.imapdSettings.lmtpsocket | Unix socket that lmtpd listens on, used by deliver(8)
|
| services.homebridge.environmentFile | Path to an environment-file which may contain secrets.
|
| services.bookstack.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.dawarich.secretKeyBaseFile | Path to file containing the secret key base
|
| services.limesurvey.httpd.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.thanos.downsample.tracing.config-file | Path to YAML file that contains tracing configuration
|
| services.zeronsd.servedNetworks.<name>.settings.token | Path to a file containing the API Token for ZeroTier Central.
|
| services.grafana.settings.users.home_page | Path to a custom home page
|
| services.calibre-web.options.enableBookConversion | Configure path to the Calibre's ebook-convert in the DB.
|
| services.apache-kafka.configFiles.serverProperties | Kafka server.properties configuration file path
|
| services.bacula-sd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.grafana.settings.database.host | Only applicable to MySQL or Postgres
|
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.bacula-fd.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.thanos.compact.objstore.config | Object store configuration
|
| services.umurmur.settings.certificate | Path to your SSL certificate
|
| services.movim.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| services.snapserver.settings.http.doc_root | Path to serve from the HTTP servers root.
|
| services.prometheus.exporters.bird.birdSocket | Path to BIRD2 (or BIRD1 v4) socket.
|
| services.plausible.database.postgres.socket | Path to the UNIX domain-socket to communicate with postgres.
|
| services.thanos.sidecar.objstore.config | Object store configuration
|
| services.lighthouse.beacon.execution.jwtPath | Path for the jwt secret required to connect to the execution layer.
|
| services.umurmur.settings.private_key | Path to your SSL key
|
| services.munin-node.extraPlugins | Additional Munin plugins to activate
|
| services.thanos.receive.objstore.config | Object store configuration
|
| services.jirafeau.nginxConfig.sslCertificate | Path to server SSL certificate.
|
| security.agnos.settings.accounts.*.certificates.*.key_output_file | Output path for the certificate private key
|
| services.sourcehut.settings."sr.ht".network-key | An absolute file path (which should be outside the Nix-store)
to a secret key to encrypt internal messages with
|
| services.bacula-dir.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.desktopManager.pantheon.sessionPath | Additional list of packages to be added to the session search path
|
| services.librespeed.frontend.servers.*.dlURL | URL path to download test on this server
|
| services.klipper.firmwares.<name>.klipperFlashPackage | Path to the built klipper-flash package.
|
| services.librespeed.frontend.servers.*.ulURL | URL path to upload test on this server
|
| services.pretalx.settings.filesystem.static | Path to the directory that contains static files.
|
| services.opensnitch.settings.Ebpf.ModulesPath | Configure eBPF modules path
|