| services.rosenpass.settings.secret_key | Path to a file containing the secret key of the local Rosenpass peer
|
| services.opensnitch.settings.Audit.AudispSocketPath | Configure audit socket path
|
| virtualisation.docker.extraPackages | Extra packages to add to PATH for the docker daemon process.
|
| services.wasabibackend.customConfigFile | Defines the path to a custom configuration file that is copied to the user's directory
|
| services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.wastebin.settings.WASTEBIN_DATABASE_PATH | Path to the sqlite3 database file
|
| services.vault.extraSettingsPaths | Configuration files to load besides the immutable one defined by the NixOS module
|
| virtualisation.xen.store.settings.pidFile | Path to the Xen Store Daemon PID file.
|
| services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| services.radicle.httpd.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.routinator.settings.repository-dir | The path where the collected RPKI data is stored.
|
| services.warpgate.settings.mysql.certificate | Path to MySQL listener certificate.
|
| services.kubernetes.apiserver.kubeletClientCaFile | Path to a cert file for connecting to kubelet.
|
| services.bitwarden-directory-connector-cli.ldap.rootPath | Root path for LDAP.
|
| services.armagetronad.servers.<name>.package | The armagetronad-dedicated package to use
|
| services.nextcloud.notify_push.dbhost | Database host (+port) or socket path
|
| services.nginx.sso.configuration | nginx-sso configuration
(documentation)
as a Nix attribute set
|
| services.prometheus.exporters.shelly.metrics-file | Path to the JSON file with the metric definitions
|
| virtualisation.bootPartition | The path (inside the VM) to the device containing the EFI System Partition (ESP)
|
| services.anuko-time-tracker.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.fedimintd.<name>.nginx.config.sslCertificate | Path to server SSL certificate.
|
| services.prometheus.exporters.varnish.healthPath | Path under which to expose healthcheck
|
| services.nginx.virtualHosts.<name>.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.rosenpass.settings.peers.*.public_key | Path to a file containing the public key of the remote Rosenpass peer.
|
| services.akkoma.config.":pleroma"."Pleroma.Upload".base_url | Base path which uploads will be stored at
|
| services.prometheus.exporters.nut.passwordPath | A run-time path to the nutUser password file, which should be
provisioned outside of Nix store.
|
| services.limesurvey.httpd.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.prometheus.exporters.zfs.telemetryPath | Path under which to expose metrics.
|
| services.thanos.downsample.tracing.config | Tracing configuration
|
| nixpkgs.pkgs | If set, the pkgs argument to all NixOS modules is the value of
this option, extended with nixpkgs.overlays, if
that is also set
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.dolibarr.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| services.bookstack.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.ocsinventory-agent.settings.local | If specified, the OCS Inventory Agent will run in offline mode
and the resulting inventory file will be stored in the specified path.
|
| virtualisation.podman.networkSocket.tls.cert | Path to certificate describing the server.
|
| services.sourcehut.settings.mail.pgp-privkey | An absolute file path (which should be outside the Nix-store)
to an OpenPGP private key
|
| services.fedimintd.<name>.nginx.config.sslCertificateKey | Path to server SSL certificate key.
|
| boot.loader.generic-extlinux-compatible.populateCmd | Contains the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument
|
| services.prometheus.exporters.fastly.configFile | Path to a fastly-exporter configuration file
|
| services.prometheus.exporters.unbound.unbound.ca | Path to the Unbound server certificate authority
|
| services.prometheus.exporters.php-fpm.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.ping.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.blackbox.configFile | Path to configuration file.
|
| services.prometheus.exporters.mail.telemetryPath | Path under which to expose metrics.
|
| services.writefreely.admin.initialPasswordFile | Path to a file containing the initial password for the admin user
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| services.sftpgo.settings.webdavd.bindings.*.address | Network listen address
|
| services.prometheus.exporters.unbound.unbound.key | Path to the Unbound control socket key.
|
| virtualisation.xen.store.settings.quota.maxPath | Path limit for the quota system.
|
| services.sourcehut.settings."builds.sr.ht::worker".buildlogs | Path to write build logs.
|
| services.tailscale.useRoutingFeatures | Enables settings required for Tailscale's routing features like subnet routers and exit nodes
|
| services.paperless.environmentFile | Path to a file containing extra paperless config options in the systemd EnvironmentFile
format
|
| services.prometheus.exporters.varnish.varnishStatPath | Path to varnishstat.
|
| services.xserver.desktopManager.pantheon.sessionPath | Additional list of packages to be added to the session search path
|
| services.sourcehut.settings."meta.sr.ht::billing".stripe-secret-key | An absolute file path (which should be outside the Nix-store)
to a secret key for Stripe
|
| services.cadvisor.storageDriverPasswordFile | File that contains the cadvisor storage driver password.
storageDriverPasswordFile takes precedence over storageDriverPassword
Warning: when storageDriverPassword is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword
|
| services.cloudflared.tunnels.<name>.originRequest.caPool | Path to the certificate authority (CA) for the certificate of your origin
|
| services.prometheus.exporters.nginx.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.unpoller.loki.pass | Path of a file containing the password for Loki
|
| services.nextcloud.config.objectstore.s3.secretFile | The full path to a file that contains the access secret.
|
| services.prometheus.exporters.nextcloud.url | URL to the Nextcloud serverinfo page
|
| services.matrix-synapse.settings.database.args.database | Name of the database when using the psycopg2 backend,
path to the database location when using sqlite3.
|
| services.xserver.desktopManager.cinnamon.sessionPath | Additional list of packages to be added to the session search path
|
| services.jirafeau.nginxConfig.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.sourcehut.settings."sr.ht".service-key | An absolute file path (which should be outside the Nix-store)
to a key used for encrypting session cookies
|
| services.authelia.instances.<name>.secrets.sessionSecretFile | Path to your session secret
|
| security.pam.ussh.authorizedPrincipalsFile | Path to a list of principals; if the user presents a certificate with
one of these principals, then they will be authorized
|
| services.kanidm.provision.systems.oauth2.<name>.basicSecretFile | The basic secret to use for this service
|
| services.gotosocial.environmentFile | File path containing environment variables for configuring the GoToSocial service
in the format of an EnvironmentFile as described by systemd.exec(5)
|
| networking.firewall.checkReversePath | Performs a reverse path filter test on a packet
|
| services.bacula-sd.device.<name>.archiveDevice | The specified name-string gives the system file name of the storage
device managed by this storage daemon
|
| documentation.man.mandoc.settings.output.style | Path to the file used for an external style-sheet
|
| services.thanos.downsample.objstore.config | Object store configuration
|
| services.prometheus.exporters.postfix.logfilePath | Path where Postfix writes log entries
|
| services.zabbixWeb.nginx.virtualHost.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| documentation.man.mandoc.manPath | Change the paths included in the MANPATH environment variable,
i. e. the directories where man(1)
looks for section-specific directories of man pages
|
| services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| services.nextcloud-spreed-signaling.settings.https.key | Path to the private key used for the HTTPS listener
|
| services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|
| services.logrotate.checkConfig | Whether the config should be checked at build time
|
| services.prometheus.exporters.mysqld.configFile | Path to the services config file
|
| services.etebase-server.settings.global.secret_file | The path to a file containing the secret
used as django's SECRET_KEY.
|
| services.prometheus.pushgateway.web.route-prefix | Prefix for the internal routes of web endpoints
|
| services.prometheus.exporters.mysqld.telemetryPath | Path under which to expose metrics.
|
| services.prometheus.exporters.mikrotik.configFile | Path to a mikrotik exporter configuration file
|
| services.archisteamfarm.ipcPasswordFile | Path to a file containing the password
|
| services.consul-template.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| services.crowdsec-firewall-bouncer.secrets.apiKeyPath | Path to the API key to authenticate with a local CrowdSec API
|
| services.opentelemetry-collector.configFile | Specify a path to a configuration file that Opentelemetry Collector should use.
|
| services.prometheus.exporters.borgmatic.configFile | The path to the borgmatic config file
|
| virtualisation.podman.networkSocket.tls.cacert | Path to CA certificate to use for client authentication.
|
| services.homepage-dashboard.environmentFile | The path to an environment file that contains environment variables to pass
to the homepage-dashboard service, for the purpose of passing secrets to
the service
|
| services.bitwarden-directory-connector-cli.secrets.ldap | Path to file that contains LDAP password for user in {option}`ldap.username
|
| programs.singularity.enableExternalLocalStateDir | Whether to use top-level directories as LOCALSTATEDIR
instead of the store path ones
|
| services.prometheus.exporters.unbound.unbound.host | Path to the unbound control socket
|
| services.athens.downloadMode | Defines how Athens behaves when a module@version
is not found in storage
|
| security.pam.sshAgentAuth.authorizedKeysFiles | A list of paths to files in OpenSSH's authorized_keys format, containing
the keys that will be trusted by the pam_ssh_agent_auth module
|
| services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|