| services.canaille.ldapBindPasswordFile | File containing the LDAP bind password.
|
| services.keepalived.extraConfig | Extra lines to be added verbatim to the configuration file.
|
| services.postgresql.checkConfig | Check the syntax of the configuration file at compile time
|
| services.slurm.extraPlugstackConfig | Extra configuration that will be added to the end of plugstack.conf.
|
| services.teeworlds.extraOptions | Extra configuration lines for the teeworlds.cfg
|
| services.nsd.remoteControl.serverKeyFile | Path to the server private key, which is used by the server
but not by nsd-control
|
| services.postfix.settings.main | The main.cf configuration file as key value set
|
| services.nextcloud.secretFile | Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same
form as the services.nextcloud.settings option), for example
{"redis":{"password":"secret"}}.
|
| services.longview.mysqlPasswordFile | A file containing the password corresponding to mysqlUser.
|
| services.zoneminder.extraConfig | Additional configuration added verbatim to the configuration file.
|
| services.wiki-js.environmentFile | Environment file to inject e.g. secrets into the configuration.
|
| services.xserver.serverLayoutSection | Contents of the ServerLayout section of the X server configuration file.
|
| services.dnscrypt-proxy.settings | Attrset that is converted and passed as TOML config file
|
| services.k3s.manifests.<name>.target | Name of the symlink (relative to /var/lib/rancher/k3s/server/manifests)
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.matchers | Process matchers.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.guacamole-server.logbackXml | Configuration file that correspond to logback.xml.
|
| services.mx-puppet-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.coturn.listening-ips | Listener IP addresses of relay server
|
| services.awstats.configs.<name>.logFile | The log file to be scanned
|
| boot.loader.limine.validateChecksums | Whether to validate file checksums before booting.
|
| services.guacamole-client.logbackXml | Configuration file that correspond to logback.xml.
|
| security.pam.services.<name>.logFailures | Whether to log authentication failures in /var/log/faillog.
|
| services.duplicity.secretFile | Path of a file containing secrets (gpg passphrase, access key...) in
the format of EnvironmentFile as described by
systemd.exec(5)
|
| services.mailman.ldap.bindPasswordFile | Path to the file containing the bind password of the service account
defined by services.mailman.ldap.bindDn.
|
| services.postfix-tlspol.settings | The postfix-tlspol configuration file as a Nix attribute set
|
| services.mastodon.redis.passwordFile | A file containing the password for Redis database.
|
| services.sympa.database.passwordFile | A file containing the password for services.sympa.database.name.
|
| services.reaction.settings | Configuration for reaction
|
| services.tahoe.nodes.<name>.client.shares.needed | The number of shares required to reconstitute a file.
|
| services.searx.faviconsSettings | Favicons settings for SearXNG.
|
| services.suwayomi-server.settings | Configuration to write to server.conf
|
| services.mediawiki.passwordFile | A file containing the initial password for the administrator account "admin".
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.rke2.manifests.<name>.target | Name of the symlink (relative to /var/lib/rancher/rke2/server/manifests)
|
| services.rke2.images | List of derivations that provide container images
|
| services.vaultwarden.environmentFile | Additional environment file or files as defined in systemd.exec(5)
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.password_file | HTTP password file
|
| services.openiscsi.extraConfigFile | Append an additional file's contents to /etc/iscsid.conf
|
| services.journald.remote.settings.Remote.ServerCertificateFile | A path to a SSL certificate file in PEM format
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.thanos.rule.query.sd-interval | Refresh interval to re-read file SD files. (used as a fallback)
Defaults to 5m in Thanos
when set to null.
|
| services.pgbouncer.settings.pgbouncer.max_client_conn | Maximum number of client connections allowed
|
| services.system76-scheduler.settings.cfsProfiles.responsive.wakeup-granularity | sched_wakeup_granularity_ns.
|
| services.gitea.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.fusionInventory.extraConfig | Configuration that is injected verbatim into the configuration file.
|
| services.hebbot.templates.section | A path to the Markdown file for the section template.
|
| services.iodine.clients.<name>.passwordFile | Path to a file containing the password.
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| services.borgbackup.jobs.<name>.preHook | Shell commands to run before the backup
|
| services.headscale.settings | Overrides to config.yaml as a Nix attribute set
|
| services.hebbot.templates.project | A path to the Markdown file for the project template.
|
| services.gitDaemon.exportAll | Publish all directories that look like Git repositories (have the objects
and refs subdirectories), even if they do not have the git-daemon-export-ok file
|
| services.fail2ban.daemonSettings | The contents of Fail2ban's main configuration file
|
| services.ncdns.dnssec.keys.public | Path to the file containing the KSK public key
|
| services.reposilite.settings | Configuration written to the reposilite.cdn file
|
| services.tandoor-recipes.extraConfig | Extra tandoor recipes config options
|
| services.nextcloud.config.dbpassFile | The full path to a file that contains the database password.
|
| services.misskey.settings.chmodSocket | The file access mode of the UNIX socket.
|
| services.restic.backups.<name>.passwordFile | Read the repository password from a file.
|
| services.mchprs.whitelist.enable | Whether or not the whitelist (in whitelist.json) shoud be enabled
|
| systemd.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.zabbixServer.database.socket | Path to the unix socket file to use for authentication.
|
| services.prometheus.exporters.unpoller.controllers.*.pass | Path of a file containing the password for the unifi service user
|
| services.xserver.logFile | Controls the file Xorg logs to
|
| services.deepin.deepin-anything.enable | Whether to enable deepin anything file search tool.
|
| services.peering-manager.oidcConfigPath | Path to the Configuration-File for OIDC-Authentication, will be loaded as oidc_config.py
|
| services.dnscrypt-proxy2.settings | Attrset that is converted and passed as TOML config file
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.cloudlog.update-dok.enable | Whether to periodically update the DOK resource file
|
| services.hqplayerd.licenseFile | Path to the HQPlayer license key file
|
| services.prometheus.webConfigFile | Specifies which file should be used as web.config.file and be passed on startup
|
| services.syncthing.guiPasswordFile | Path to file containing the plaintext password for Syncthing's GUI.
|
| services.sshwifty.socks5PasswordFile | Path to a file containing the SOCKS5 password.
|
| services.peering-manager.ldapConfigPath | Path to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py
|
| services.oncall.secretFile | A YAML file containing secrets such as database or user passwords
|
| services.pulseaudio.extraConfig | Literal string to append to configFile
and the config file generated by the pulseaudio module.
|
| services.nsd.remoteControl.serverCertFile | Path to the server self signed certificate, which is used by the server
but and by nsd-control
|
| services.snipe-it.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.weblate.djangoSecretKeyFile | Location of the Django secret key
|
| users.extraUsers.<name>.description | A short description of the user account, typically the
user's full name
|
| services.dolibarr.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.kanboard.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.vaultwarden.config | The configuration of vaultwarden is done through environment variables,
therefore it is recommended to use upper snake case (e.g. DISABLE_2FA_REMEMBER)
|
| services.prosody.uploadHttp.uploadFileSizeLimit | Maximum file size, in bytes
|
| services.apcupsd.configText | Contents of the runtime configuration file, apcupsd.conf
|
| security.acme.defaults.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| services.cross-seed.settings.dataDirs | Paths to be searched for matching data
|
| security.tpm2.fapi.ekCertLess | A switch to disable Endorsement Key (EK) certificate verification
|
| services.clickhouse.usersConfig | Your users.yaml as a Nix attribute set
|
| services.jenkins.jobBuilder.accessTokenFile | File containing the API token for the accessUser
user.
|