| services.fedimintd.<name>.nginx.config.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.orthanc.settings | Configuration written to a json file that is read by orthanc
|
| services.zeronet.settings | zeronet.conf configuration
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| virtualisation.containers.policy | Signature verification policy file
|
| services.archisteamfarm.ipcPasswordFile | Path to a file containing the password
|
| services.public-inbox.settings | Settings for the public-inbox config file.
|
| system.nssDatabases.group | List of group entries to configure in /etc/nsswitch.conf
|
| system.nssDatabases.hosts | List of hosts entries to configure in /etc/nsswitch.conf
|
| services._3proxy.extraConfig | Extra configuration, appended to the 3proxy configuration file
|
| services.cassandra.jmxRolesFile | Specify your own jmx roles file.
|
| security.loginDefs.settings.UMASK | The file mode creation mask is initialized to this value.
|
| services.gitea.database.socket | Path to the unix socket file to use for authentication.
|
| services.autorandr.profiles.<name>.hooks.postswitch | Postswitch hook executed after mode switch.
|
| services.kubernetes.kubelet.kubeconfig.certFile | Kubelet client certificate file used to connect to kube-apiserver.
|
| services.ttyd.passwordFile | File containing the password to use for basic http authentication
|
| services.longview.apiKeyFile | A file containing the Longview API key
|
| security.wrappers | This option effectively allows adding setuid/setgid bits, capabilities,
changing file ownership and permissions of a program without directly
modifying it
|
| services.forgejo.database.path | Path to the sqlite3 database file.
|
| services.vikunja.database.path | Path to the sqlite3 database file.
|
| system.nssDatabases.shadow | List of shadow entries to configure in /etc/nsswitch.conf
|
| services.qbittorrent.serverConfig | Free-form settings mapped to the qBittorrent.conf file in the profile
|
| services.libinput.touchpad.accelProfile | Sets the pointer acceleration profile to the given profile
|
| environment.etc.<name>.source | Path of the source file.
|
| services.terraria.worldPath | The path to the world file (.wld) which should be loaded
|
| services.phpfpm.pools.<name>.socket | Path to the unix socket file on which to accept FastCGI requests.
This option is read-only and managed by NixOS.
|
| services.mysql.initialScript | A file containing SQL statements to be executed on the first startup
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| security.pam.services.<name>.unixAuth | Whether users can log in with passwords defined in
/etc/shadow.
|
| services.nezha-agent.settings | Generate to config.json as a Nix attribute set
|
| services.privoxy.userActions | Actions to be included in a user.action file
|
| meta.maintainers | List of maintainers of each module
|
| image.repart.mkfsOptions | Specify extra options for created file systems
|
| services.gns3-server.settings | The global options in config file in ini format
|
| services.diod.statfsPassthru | This option configures statfs to return the host file system's type
rather than V9FS_MAGIC.
|
| services.listmonk.secretFile | A file containing secrets as environment variables
|
| services.gnome.gnome-user-share.enable | Whether to enable GNOME User Share, a user-level file sharing service for GNOME.
|
| services.goeland.settings | Configuration of goeland
|
| services.cassandra.extraEnvSh | Extra shell lines to be appended onto cassandra-env.sh.
|
| services.pdns-recursor.luaConfig | The content Lua configuration file for PowerDNS Recursor
|
| services.athens.storage.gcp.jsonKey | Base64 encoded GCP service account key
|
| services.davis.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.movim.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.siproxd.passwordFile | Path to per-user password file.
|
| programs.neovim.runtime.<name>.source | Path of the source file.
|
| services.asusd.auraConfigs.<name>.source | Path of the source file.
|
| services.opengfw.settingsFile | Path to file containing OpenGFW settings.
|
| services.forgejo.customDir | Base directory for custom templates and other options
|
| services.ncdns.settings | ncdns settings
|
| services.radicle.publicKey | An SSH public key (as an absolute file path or directly as a string),
usually generated by rad auth
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.sks.extraDbConfig | Set contents of the files "KDB/DB_CONFIG" and "PTree/DB_CONFIG" within
the ${dataDir} directory
|
| services.prometheus.alertmanager.configText | Alertmanager configuration as YAML text
|
| services.openafsServer.roles.fileserver.volserverArgs | Arguments to the davolserver process
|
| services.linkwarden.environmentFile | Path of a file with extra environment variables to be loaded from disk
|
| services.activemq.configurationDir | The base directory for ActiveMQ's configuration
|
| services.prosody.extraConfig | Additional prosody configuration
The generated file is processed by envsubst to allow secrets to be passed securely via environment variables.
|
| users.ldap.bind.policy | Specifies the policy to use for reconnecting to an unavailable
LDAP server
|
| services.athens.storage.mongo.certPath | Path to the certificate file for the mongo database.
|
| services.privoxy.userFilters | Filters to be included in a user.filter file
|
| services.pixelfed.secretFile | A secret file to be sourced for the .env settings
|
| services.bacula-dir.port | Specify the port (a positive integer) on which the Director daemon
will listen for Bacula Console connections
|
| services.postfix.virtualMapType | What type of virtual alias map file to use
|
| services.xonotic.settings | Generates the server.cfg file
|
| services.drupal.sites.<name>.phpOptions | Options for PHP's php.ini file for this Drupal site.
|
| services.munin-node.extraPluginConfig | plugin-conf.d extra plugin configuration
|
| services.lubelogger.environmentFile | Path to a file containing extra LubeLogger config options in the systemd EnvironmentFile format
|
| services.mycelium.keyFile | Optional path to a file containing the mycelium key material
|
| services.wakapi.passwordSaltFile | The path to a file containing the password salt to use for Wakapi.
|
| services.jicofo.userPasswordFile | Path to file containing password for XMPP user connection.
|
| services.jigasi.userPasswordFile | Path to file containing password for XMPP user connection.
|
| services.mediatomb.mediaDirectories.*.hidden-files | Whether to index the hidden files or not.
|
| services.snipe-it.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.monica.mail.passwordFile | A file containing the password corresponding to
|
| services.pihole-ftl.macvendorURL | URL from which to download the macvendor.db file.
|
| services.rmfakecloud.environmentFile | Path to an environment file loaded for the rmfakecloud service
|
| services.atd.allowEveryone | Whether to make /var/spool/at{jobs,spool}
writeable by everyone (and sticky)
|
| services.dovecot2.extraConfig | Additional entries to put verbatim into Dovecot's config file.
|
| services.actkbd.bindings | Key bindings for actkbd
|
| nix.buildMachines.*.sshKey | The path to the SSH private key with which to authenticate on
the build machine
|
| services.ncdns.dnssec.keys.zonePrivate | Path to the file containing the ZSK private key.
|
| services.duckdns.domainsFile | The path to a file containing a
newline-separated list of DuckDNS
domain(s) to be updated
(without the .duckdns.org suffix)
|
| services.mopidy.extraConfigFiles | Extra config file read by Mopidy when the service starts
|
| services.outline.redisUrl | Connection to a redis server
|
| services.rspamd.locals.<name>.enable | Whether this file locals should be generated
|
| services.sourcehut.hg.group | Group for hg.sr.ht
|
| programs.nncp.settings | NNCP configuration, see
http://www.nncpgo.org/Configuration.html
|
| services.osquery.settings | Configuration to be written to the osqueryd JSON configuration file
|
| services.ente.api.settings | Museum yaml configuration
|
| services.beesd.filesystems.<name>.hashTableSizeMB | Hash table size in MB; must be a multiple of 16
|
| services.displayManager.logToFile | Whether the display manager redirects the output of the
session script to ~/.xsession-errors.
|
| services.akkoma.config.":joken".":default_signer" | JWT signing secret
|
| services.prometheus.scrapeConfigs.*.bearer_token_file | Sets the Authorization header on every scrape request with
the bearer token read from the configured file
|
| services.journald.rateLimitBurst | Configures the rate limiting burst limit (number of messages per
interval) that is applied to all messages generated on the system
|
| services.davis.adminPasswordFile | The full path to a file that contains the admin's password
|