| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| boot.kernelModules | The set of kernel modules to be loaded in the second stage of
the boot process
|
| nix.buildMachines.*.publicHostKey | The (base64-encoded) public host key of this builder
|
| services.mediawiki.skins | Attribute set of paths whose content is copied to the skins
subdirectory of the MediaWiki installation in addition to the default skins.
|
| services.paisa.settings | Paisa configuration
|
| services.monica.mail.passwordFile | A file containing the password corresponding to
|
| services.mongodb.initialScript | A file containing MongoDB statements to execute on first startup.
|
| services.mighttpd2.routing | Verbatim routing file to use
(see https://kazu-yamamoto.github.io/mighttpd2/config.html)
|
| services.traccar.settingsFile | File used as configuration for traccar
|
| services.outline.redisUrl | Connection to a redis server
|
| services.rethinkdb.pidpath | Location where each instance's pid file is located.
|
| services.oauth2-proxy.clientSecretFile | The path to a file containing the OAuth Client Secret.
|
| services.toxBootstrapd.keysFile | Node key file.
|
| services.webdav-server-rs.configFile | Path to config file
|
| services.gerrit.builtinPlugins | List of builtins plugins to install
|
| services.xserver.moduleSection | Contents of the Module section of the X server configuration file.
|
| services.wiki-js.stateDirectoryName | Name of the directory in /var/lib.
|
| services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.profile | Named AWS profile used to connect to the API.
|
| services.snipe-it.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| system.nssDatabases.passwd | List of passwd entries to configure in /etc/nsswitch.conf
|
| services.openssh.settings.AuthorizedPrincipalsFile | Specifies a file that lists principal names that are accepted for certificate authentication
|
| services.mattermost.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) which sets config options
for mattermost (see the Mattermost documentation)
|
| services.sourcehut.hg.group | Group for hg.sr.ht
|
| networking.dhcpcd.extraConfig | Literal string to append to the config file generated for dhcpcd.
|
| services.athens.storage.mongo.certPath | Path to the certificate file for the mongo database.
|
| services.bitlbee.extraDefaults | Will be inserted in the Default section of the config file.
|
| services.athens.storage.gcp.jsonKey | Base64 encoded GCP service account key
|
| services.apache-kafka.settings."log.dirs" | Log file directories.
|
| services.hebbot.botPasswordFile | A path to the password file for your bot
|
| security.pam.services.<name>.updateWtmp | Whether to update /var/log/wtmp.
|
| services.bitlbee.extraSettings | Will be inserted in the Settings section of the config file.
|
| programs.starship.settings | Configuration included in starship.toml
|
| programs.rust-motd.enableMotdInSSHD | Whether to let openssh print the
result when entering a new ssh-session
|
| services.livekit.settings | LiveKit configuration file expressed in nix
|
| services.postfix.extraAliases | Additional entries to put verbatim into aliases file, cf. man-page aliases(8).
|
| services.podgrab.passwordFile | The path to a file containing the PASSWORD environment variable
definition for Podgrab's authentication.
|
| services.radicale.config | Radicale configuration, this will set the service
configuration file
|
| services.sing-box.settings | The sing-box configuration, see https://sing-box.sagernet.org/configuration/ for documentation
|
| services.postfix.extraHeaderChecks | Extra lines to /etc/postfix/header_checks file.
|
| services.xserver.screenSection | Contents of the first Screen section of the X server configuration file.
|
| services.xserver.deviceSection | Contents of the first Device section of the X server configuration file.
|
| services.home-assistant.configDir | The config directory, where your configuration.yaml is located.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.pipewire.wireplumber.extraScripts | Additional scripts for WirePlumber to be used by configuration files
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.key | key in the setting section for which this entry provides a value
|
| boot.loader.grub.users | User accounts for GRUB
|
| services.oauth2-proxy.upstream | The http url(s) of the upstream endpoint or file://
paths for static files
|
| system.nssDatabases.sudoers | List of sudoers entries to configure in /etc/nsswitch.conf
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.sourcehut.man.group | Group for man.sr.ht
|
| services.sourcehut.git.group | Group for git.sr.ht
|
| services.sourcehut.hub.group | Group for hub.sr.ht
|
| hardware.deviceTree.overlays.*.dtboFile | Path to .dtbo compiled overlay file.
|
| services.libeufin.settings | Global configuration options for the libeufin bank system config file.
|
| services.cloudlog.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| services.ente.api.settings | Museum yaml configuration
|
| services.moodle.database.socket | Path to the unix socket file to use for authentication.
|
| services.oncall.settings | Extra configuration options to append or override
|
| services.nagios.validateConfig | if true, the syntax of the nagios configuration file is checked at build time
|
| services.nfs.server.createMountPoints | Whether to create the mount points in the exports file at startup time.
|
| services.lokinet.settings | Configuration for Lokinet
|
| services.saunafs.master.exports | Paths to exports file (see sfsexports.cfg(5)).
|
| services.llama-cpp.modelsPreset | Models preset configuration as a Nix attribute set
|
| services.ncdns.dnssec.keys.zonePrivate | Path to the file containing the ZSK private key.
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.munin-cron.extraGlobalConfig | munin.conf extra global configuration
|
| services.k3s.manifests.<name>.source | Path of the source .yaml file.
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.wiki-js.settings.offline | Disable latest file updates and enable
sideloading.
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| services.archisteamfarm.bots.<name>.passwordFile | Path to a file containing the password
|
| services.system76-scheduler.settings.cfsProfiles.responsive.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.agorakit.appKeyFile | A file containing the Laravel APP_KEY - a 32 character long,
base64 encoded key used for encryption where needed
|
| boot.initrd.systemd.contents.<name>.source | Path of the source file.
|
| security.loginDefs.settings | Config options for the /etc/login.defs file, that defines
the site-specific configuration for the shadow password suite
|
| services.athens.storage.s3.secret | Secret key for the S3 storage backend
|
| services.cross-seed.settingsFile | Path to a JSON file containing settings that will be merged with the
settings option
|
| services.iodine.server.passwordFile | File that contains password
|
| services.slurm.server.enable | Whether to enable the slurm control daemon
|
| services.minetest-server.config | Settings to add to the minetest config file
|
| services.sympa.settingsFile.<name>.source | Path of the source file.
|
| services.outline.smtp.passwordFile | File path containing the password to authenticate with.
|
| services.oauth2-proxy.cookie.secretFile | The path to a file containing the seed string for secure cookies.
|
| services.matrix-synapse.configFile | Path to the configuration file on the target system
|
| systemd.shutdownRamfs.storePaths.*.source | Path of the source file.
|
| services.auto-cpufreq.settings | Configuration for auto-cpufreq
|
| services.rke2.manifests.<name>.source | Path of the source .yaml file.
|
| services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.prometheus.exporters.nextcloud.passwordFile | File containing the password for connecting to Nextcloud
|
| services.nextcloud.config.objectstore.s3.sseCKeyFile | If provided this is the full path to a file that contains the key
to enable [server-side encryption with customer-provided keys][1]
(SSE-C)
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.trim | whether leading and trailing whitespace should be stripped from the files content before being passed to NetworkManager
|