| boot.initrd.systemd.contents.<name>.source | Path of the source file.
|
| security.loginDefs.settings | Config options for the /etc/login.defs file, that defines
the site-specific configuration for the shadow password suite
|
| services.athens.storage.s3.secret | Secret key for the S3 storage backend
|
| services.cross-seed.settingsFile | Path to a JSON file containing settings that will be merged with the
settings option
|
| services.iodine.server.passwordFile | File that contains password
|
| services.slurm.server.enable | Whether to enable the slurm control daemon
|
| services.sympa.settingsFile.<name>.source | Path of the source file.
|
| services.outline.smtp.passwordFile | File path containing the password to authenticate with.
|
| services.oauth2-proxy.cookie.secretFile | The path to a file containing the seed string for secure cookies.
|
| systemd.shutdownRamfs.storePaths.*.source | Path of the source file.
|
| services.auto-cpufreq.settings | Configuration for auto-cpufreq
|
| services.rke2.manifests.<name>.source | Path of the source .yaml file.
|
| services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.prometheus.exporters.nextcloud.passwordFile | File containing the password for connecting to Nextcloud
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.watchdogd.settings.filenr.logmark | Whether to log current stats every poll interval.
|
| services.filebrowser.settings.address | The address to listen on.
|
| services.privoxy.settings.filterfile | List of paths to Privoxy filter files
|
| services.pretalx.settings.filesystem.logs | Path to the log directory, that pretalx logs message to.
|
| services.prometheus.exporters.mqtt.environmentFile | File to load as environment file
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.sourcehut.todo.group | Group for todo.sr.ht
|
| services.sourcehut.meta.group | Group for meta.sr.ht
|
| services.cachix-watch-store.cachixTokenFile | Required file that needs to contain the cachix auth token.
|
| services.komodo-periphery.ssl.keyFile | Path to SSL key file.
|
| services.gancio.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| nix.settings | Configuration for Nix, see
https://nixos.org/manual/nix/stable/command-ref/conf-file.html or
nix.conf(5) for available options
|
| security.acme.certs.<name>.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| services.akkoma.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.actual.settings | Server settings, refer to the documentation for available options
|
| networking.ucarp.passwordFile | File containing shared password between CARP hosts.
|
| services.fluidd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| programs.spacefm.settings | The system-wide spacefm configuration
|
| services.metabase.ssl.keystore | Java KeyStore file containing the certificates.
|
| services.monica.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.octoprint.extraConfig | Extra options which are added to OctoPrint's YAML configuration file.
|
| services.transfer-sh.secretFile | Path to file containing environment variables
|
| services.matomo.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.prosody.virtualHosts.<name>.ssl.key | Path to the key file.
|
| services.radicale.rights | Configuration for Radicale's rights file
|
| services.peering-manager.secretKeyFile | Path to a file containing the secret key.
|
| services.pinnwand.settings | Your pinnwand.toml as a Nix attribute set
|
| services.postsrsd.settings | Configuration options for the postsrsd.conf file
|
| services.zabbixWeb.database.socket | Path to the unix socket file to use for authentication.
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.angrr.settings.profile-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.prometheus.exporters.blackbox.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| services.filesender.settings.storage_filesystem_path | When using storage type filesystem this is the absolute path to the file system where uploaded files are stored until they expire
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.type | The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.
|
| services.dawarich.configureNginx | Configure nginx as a reverse proxy for dawarich
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.angrr.settings.profile-policies.<name>.keep-since | Retention period for the GC roots in this profile.
|
| services.cassandra.extraConfig | Extra options to be merged into cassandra.yaml as nix attribute set.
|
| hardware.deviceTree.overlays.*.dtsText | Literal DTS contents, overlay is applied to
each .dtb file matching "compatible" of the overlay.
|
| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.amule.WebServerPasswordFile | File containing the password for connecting to the web server,
set this only if you didn't set `settings
|
| services.davis.database.urlFile | A file containing the database connection url
|
| services.hans.clients.<name>.passwordFile | File that contains password
|
| services.ncps.cache.redis.passwordFile | File containing the redis password for authentication (for Redis ACL).
|
| services.nginx.appendConfig | Configuration lines appended to the generated Nginx
configuration file
|
| services.nipap.nipap-www.xmlrpcURIFile | Path to file containing XMLRPC URI for use by web UI - this is a secret, since it contains auth credentials
|
| services.stubby.settings | Content of the Stubby configuration file
|
| services.outline.storage.uploadMaxSize | Maxmium file size for uploads.
|
| systemd.shutdownRamfs.storePaths.*.enable | Whether to enable copying of this file and symlinking it.
|
| services.webdav-server-rs.settings | Attrset that is converted and passed as config file
|
| users.ldap.bind.policy | Specifies the policy to use for reconnecting to an unavailable
LDAP server
|
| services.frigate.settings | Frigate configuration as a nix attribute set
|
| services.k3s.images | List of derivations that provide container images
|
| services.prometheus.pushgateway.persistMetrics | Whether to persist metrics to a file
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.nitter.preferences.stickyProfile | Make profile sidebar stick to top.
|
| services.prometheus.remoteRead.*.bearer_token_file | Sets the Authorization header on every remote read request with the bearer token
read from the configured file
|
| services.kubernetes.kubeconfig.caFile | Default kubeconfig certificate authority file used to connect to kube-apiserver.
|
| services.tuned.settings.profile_dirs | Directories to search for profiles, separated by , or ;.
|
| services.watchdogd.settings.filenr.interval | Amount of seconds between every poll.
|
| services.kubernetes.kubeconfig.keyFile | Default kubeconfig client key file used to connect to kube-apiserver.
|
| services.magnetico.web.credentialsFile | The path to the file holding the credentials to access the web
interface
|
| services.aria2.settings.save-session | Save error/unfinished downloads to FILE on exit.
|
| services.komodo-periphery.ssl.certFile | Path to SSL certificate file.
|
| services.akkoma.initDb.password | Password of the database user to initialise the database with
|
| security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| services.bluemap.webappSettings | Settings for the webapp.conf file, see upstream docs.
|
| services.redis.servers.<name>.requirePassFile | File with password for the database.
|
| services.prosody.virtualHosts.<name>.ssl.cert | Path to the certificate file.
|
| services.sunshine.settings | Settings to be rendered into the configuration file
|
| services.nagios.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.searx.limiterSettings | Limiter settings for SearXNG.
|
| services.moodle.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.lighttpd.extraConfig | These configuration lines will be appended to the generated lighttpd
config file
|
| services.paisa.settings.journalFile | Filename of the main journal / ledger file.
|
| services.pomerium.secretsFile | Path to file containing secrets for Pomerium, in systemd
EnvironmentFile format
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| services.openafsClient.mountPoint | Mountpoint of the AFS file tree, conventionally
/afs
|
| services.xserver.monitorSection | Contents of the first Monitor section of the X server configuration file.
|
| services.wiki-js.settings | Settings to configure wiki-js
|
| services.vault.storageConfig | HCL configuration to insert in the storageBackend section
|
| services.openafsServer.roles.fileserver.enable | Fileserver role, serves files and volumes from its local storage.
|
| services.prometheus.remoteWrite.*.bearer_token_file | Sets the Authorization header on every remote write request with the bearer token
read from the configured file
|
| services.beesd.filesystems.<name>.verbosity | Log verbosity (syslog keyword/level).
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.password_file | HTTP password file
|