| environment.profileRelativeEnvVars | Attribute set of environment variable
|
| services.prometheus.scrapeConfigs.*.basic_auth.password_file | HTTP password file
|
| services.grafana.settings.security.secret_key | Secret key used for signing
|
| services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| services.davis.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.bacula-dir.port | Specify the port (a positive integer) on which the Director daemon
will listen for Bacula Console connections
|
| services.diod.squashuser | Change the squash user
|
| services.forgejo.settings | Free-form settings written directly to the app.ini configfile file
|
| programs.nncp.settings | NNCP configuration, see
http://www.nncpgo.org/Configuration.html
|
| services.ergochat.settings | Ergo IRC daemon configuration file.
https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
|
| security.auditd.plugins.<name>.args | This allows you to pass arguments to the child program
|
| boot.specialFileSystems.<name>.mountPoint | Location where the file system will be mounted
|
| boot.kernelModules | The set of kernel modules to be loaded in the second stage of
the boot process
|
| nix.buildMachines.*.publicHostKey | The (base64-encoded) public host key of this builder
|
| services.movim.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.mediawiki.skins | Attribute set of paths whose content is copied to the skins
subdirectory of the MediaWiki installation in addition to the default skins.
|
| services.slskd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.paisa.settings | Paisa configuration
|
| services.monica.mail.passwordFile | A file containing the password corresponding to
|
| services.mongodb.initialScript | A file containing MongoDB statements to execute on first startup.
|
| services.mighttpd2.routing | Verbatim routing file to use
(see https://kazu-yamamoto.github.io/mighttpd2/config.html)
|
| services.traccar.settingsFile | File used as configuration for traccar
|
| services.outline.redisUrl | Connection to a redis server
|
| services.rethinkdb.pidpath | Location where each instance's pid file is located.
|
| services.oauth2-proxy.clientSecretFile | The path to a file containing the OAuth Client Secret.
|
| services.toxBootstrapd.keysFile | Node key file.
|
| services.gerrit.builtinPlugins | List of builtins plugins to install
|
| services.xserver.moduleSection | Contents of the Module section of the X server configuration file.
|
| services.wiki-js.stateDirectoryName | Name of the directory in /var/lib.
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| services.seafile.gc.persistent | Takes a boolean argument
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.openssh.settings.AuthorizedPrincipalsFile | Specifies a file that lists principal names that are accepted for certificate authentication
|
| services.mattermost.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) which sets config options
for mattermost (see the Mattermost documentation)
|
| services.sourcehut.hg.group | Group for hg.sr.ht
|
| networking.dhcpcd.extraConfig | Literal string to append to the config file generated for dhcpcd.
|
| services.athens.storage.mongo.certPath | Path to the certificate file for the mongo database.
|
| services.bitlbee.extraDefaults | Will be inserted in the Default section of the config file.
|
| services.athens.storage.gcp.jsonKey | Base64 encoded GCP service account key
|
| services.apache-kafka.settings."log.dirs" | Log file directories.
|
| services.hebbot.botPasswordFile | A path to the password file for your bot
|
| security.pam.services.<name>.updateWtmp | Whether to update /var/log/wtmp.
|
| services.bitlbee.extraSettings | Will be inserted in the Settings section of the config file.
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| programs.starship.settings | Configuration included in starship.toml
|
| programs.rust-motd.enableMotdInSSHD | Whether to let openssh print the
result when entering a new ssh-session
|
| services.livekit.settings | LiveKit configuration file expressed in nix
|
| services.postfix.extraAliases | Additional entries to put verbatim into aliases file, cf. man-page aliases(8).
|
| services.podgrab.passwordFile | The path to a file containing the PASSWORD environment variable
definition for Podgrab's authentication.
|
| services.sing-box.settings | The sing-box configuration, see https://sing-box.sagernet.org/configuration/ for documentation
|
| services.postfix.extraHeaderChecks | Extra lines to /etc/postfix/header_checks file.
|
| services.snipe-it.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.xserver.screenSection | Contents of the first Screen section of the X server configuration file.
|
| system.nssDatabases.passwd | List of passwd entries to configure in /etc/nsswitch.conf
|
| services.xserver.deviceSection | Contents of the first Device section of the X server configuration file.
|
| services.filesender.database.hostname | Database hostname.
|
| services.prometheus.exporters.idrac.configurationPath | Path to the service's config file
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.prometheus.remoteWrite.*.sigv4.profile | The named AWS profile used to authenticate.
|
| services.nvme-rs.settings.email.smtp_password_file | File containing SMTP password
|
| services.pipewire.wireplumber.extraScripts | Additional scripts for WirePlumber to be used by configuration files
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.sourcehut.man.group | Group for man.sr.ht
|
| services.sourcehut.git.group | Group for git.sr.ht
|
| services.sourcehut.hub.group | Group for hub.sr.ht
|
| boot.loader.grub.users | User accounts for GRUB
|
| hardware.deviceTree.overlays.*.dtboFile | Path to .dtbo compiled overlay file.
|
| services.libeufin.settings | Global configuration options for the libeufin bank system config file.
|
| services.cloudlog.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| services.ente.api.settings | Museum yaml configuration
|
| services.moodle.database.socket | Path to the unix socket file to use for authentication.
|
| services.oauth2-proxy.upstream | The http url(s) of the upstream endpoint or file://
paths for static files
|
| services.oncall.settings | Extra configuration options to append or override
|
| services.nagios.validateConfig | if true, the syntax of the nagios configuration file is checked at build time
|
| services.nfs.server.createMountPoints | Whether to create the mount points in the exports file at startup time.
|
| services.lokinet.settings | Configuration for Lokinet
|
| services.saunafs.master.exports | Paths to exports file (see sfsexports.cfg(5)).
|
| services.llama-cpp.modelsPreset | Models preset configuration as a Nix attribute set
|
| services.ncdns.dnssec.keys.zonePrivate | Path to the file containing the ZSK private key.
|
| services.rspamd.overrides.<name>.text | Text of the file.
|
| services.munin-cron.extraGlobalConfig | munin.conf extra global configuration
|
| system.nssDatabases.sudoers | List of sudoers entries to configure in /etc/nsswitch.conf
|
| services.k3s.manifests.<name>.source | Path of the source .yaml file.
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.wiki-js.settings.offline | Disable latest file updates and enable
sideloading.
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.tor.relay.onionServices.<name>.authorizeClient.clientNames | Only clients that are listed here are authorized to access the hidden service
|
| services.archisteamfarm.bots.<name>.passwordFile | Path to a file containing the password
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.id | This is the name that will be displayed by NetworkManager and GUIs.
|
| services.watchdogd.settings.filenr.enabled | Whether to enable watchdogd plugin filenr.
|
| services.filesender.settings.log_facilities | Defines where FileSender logging is sent
|
| services.pretalx.settings.filesystem.data | Base path for all other storage paths.
|
| services.seafile.ccnetSettings.General.SERVICE_URL | Seahub public URL.
|
| networking.supplicant.<name>.configFile.writable | Whether the configuration file at configFile.path should be written to by
wpa_supplicant.
|
| services.watchdogd.settings.filenr.warning | The high watermark level
|
| services.agorakit.appKeyFile | A file containing the Laravel APP_KEY - a 32 character long,
base64 encoded key used for encryption where needed
|