| services.nagios.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.moodle.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.redis.servers.<name>.requirePassFile | File with password for the database.
|
| services.fider.database.url | URI to use for the main PostgreSQL database
|
| services.freshrss.database.passFile | Database password file for FreshRSS.
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| hardware.amdgpu.amdvlk.settings | Runtime settings for AMDVLK to be configured /etc/amd/amdVulkanSettings.cfg
|
| i18n.inputMethod.fcitx5.settings.addons | The addon configures in conf folder in ini format with global sections
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.klipper.mutableConfig | Whether to manage the config outside of NixOS
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| services.buildbot-master.masterCfg | Optionally pass master.cfg path
|
| services.nginx.prependConfig | Configuration lines prepended to the generated Nginx
configuration file
|
| services.peering-manager.enableOidc | Enable OIDC-Authentication for Peering Manager
|
| services.peering-manager.enableLdap | Enable LDAP-Authentication for Peering Manager
|
| services.syncplay.passwordFile | Path to the file that contains the server password
|
| services.zabbixProxy.database.socket | Path to the unix socket file to use for authentication.
|
| services.xserver.serverFlagsSection | Contents of the ServerFlags section of the X server configuration file.
|
| services.bookstack.appKeyFile | A file containing the Laravel APP_KEY - a 32 character long,
base64 encoded key used for encryption where needed
|
| services.dawarich.smtp.passwordFile | Path to file containing the SMTP password.
|
| services.mastodon.smtp.passwordFile | Path to file containing the SMTP password.
|
| services.nextcloud.settings | Extra options which should be appended to Nextcloud's config.php file.
|
| services.swapspace.settings | Config file for swapspace
|
| services.gitlab.smtp.passwordFile | File containing the password of the SMTP server for GitLab
|
| xdg.terminal-exec.settings | Configuration options for the Default Terminal Execution Specification
|
| systemd.shutdownRamfs.contents.<name>.text | Text of the file.
|
| services.ncdns.dnssec.keys.public | Path to the file containing the KSK public key
|
| services.ddclient.extraConfig | Extra configuration
|
| services.rss2email.feeds.<name>.to | Email address to which to send feed items
|
| services.pleroma.secretConfigFile | Path to the file containing your secret pleroma configuration.
DO NOT POINT THIS OPTION TO THE NIX
STORE, the store being world-readable, it'll
compromise all your secrets.
|
| system.nssDatabases.services | List of services entries to configure in /etc/nsswitch.conf
|
| services.draupnir.settings | Free-form settings written to Draupnir's configuration file
|
| services.duplicity.exclude | List of paths to exclude from backups
|
| services.duplicity.include | List of paths to include into the backups
|
| services.nextcloud.secrets | Secret files to read into entries in config.php
|
| services.prosody.modules.proxy65 | Enables a file transfer proxy service which clients behind NAT can use
|
| services.cachix-watch-store.signingKeyFile | Optional file containing a self-managed signing key to sign uploaded store paths.
|
| services.mediawiki.extraConfig | Any additional text to be appended to MediaWiki's
LocalSettings.php configuration file
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".signing_salt | Signing salt
|
| services.ddclient.passwordFile | A file containing the password or a TSIG key in named format when using the nsupdate protocol.
|
| services.sympa.settingsFile.<name>.enable | Whether this file should be generated
|
| services.matrix-tuwunel.settings | Generates the tuwunel.toml configuration file
|
| services.outline.storage.storageType | File storage type, it can be local or s3.
|
| services.firewalld.settings | FirewallD config file
|
| services.privoxy.settings | This option is mapped to the main Privoxy configuration file
|
| services.buildbot-worker.workerPassFile | File used to store the Buildbot Worker password
|
| services.tahoe.nodes.<name>.client.shares.needed | The number of shares required to reconstitute a file.
|
| services.system76-scheduler.settings.cfsProfiles.default.latency | sched_latency_ns.
|
| services.postfix.settings.main | The main.cf configuration file as key value set
|
| services.tailscale.authKeyFile | A file containing the auth key
|
| services.lavalink.extraConfig | Configuration to write to application.yml
|
| services.nsd.remoteControl.serverKeyFile | Path to the server private key, which is used by the server
but not by nsd-control
|
| services.thanos.rule.query.sd-interval | Refresh interval to re-read file SD files. (used as a fallback)
Defaults to 5m in Thanos
when set to null.
|
| services.system76-scheduler.settings.cfsProfiles.default.preempt | Preemption mode.
|
| services.sourcehut.builds.group | Group for builds.sr.ht
|
| services.system76-scheduler.settings.cfsProfiles.default.nr-latency | sched_nr_latency.
|
| programs.rust-motd.refreshInterval | Interval in which the motd(5) file is refreshed
|
| services.sks.webroot | Source directory (will be symlinked, if not null) for the files the
built-in webserver should serve
|
| i18n.inputMethod.fcitx5.settings.inputMethod | The input method configure in profile file in ini format.
|
| services.kimai.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.agorakit.mail.passwordFile | A file containing the password corresponding to
|
| services.dokuwiki.sites.<name>.phpOptions | Options for PHP's php.ini file for this dokuwiki site.
|
| services.httpd.virtualHosts.<name>.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.radicle.privateKeyFile | Absolute file path to an SSH private key,
usually generated by rad auth
|
| services.hadoop.log4jProperties | log4j.properties file added to HADOOP_CONF_DIR
|
| services.prometheus.exporters.pve.environmentFile | Path to the service's environment file
|
| users.users.<name>.description | A short description of the user account, typically the
user's full name
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.ncdns.dnssec.keys.zonePublic | Path to the file containing the ZSK public key
|
| services.syncoid.commands.<name>.sshKey | SSH private key file to use to login to the remote system
|
| services.mailman.ldap.bindPasswordFile | Path to the file containing the bind password of the service account
defined by services.mailman.ldap.bindDn.
|
| security.ipa.certificate | IPA server CA certificate
|
| services.rspamd.workers.<name>.extraConfig | Additional entries to put verbatim into worker section of rspamd config file.
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.watchdogd.settings | Configuration to put in watchdogd.conf
|
| security.apparmor.policies.<name>.path | A path of a profile file to include
|
| services.canaille.smtpPasswordFile | File containing the SMTP password
|
| services.xserver.inputClassSections | Content of additional InputClass sections of the X server configuration file.
|
| services.invidious.hmacKeyFile | A path to a file containing the hmac_key
|
| boot.loader.limine.validateChecksums | Whether to validate file checksums before booting.
|
| services.mastodon.redis.passwordFile | A file containing the password for Redis database.
|
| services.sympa.database.passwordFile | A file containing the password for services.sympa.database.name.
|
| networking.ifstate.settings | Content of IfState's configuration file
|
| services.infinoted.passwordFile | File to read server-wide password from
|
| services.netbox.keycloakClientSecret | File that contains the keycloak client secret.
|
| services.rspamd.overrides.<name>.source | Path of the source file.
|
| services.aerospike.networkConfig | network section of configuration file
|
| services.nextcloud.secretFile | Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same
form as the services.nextcloud.settings option), for example
{"redis":{"password":"secret"}}.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.k3s.manifests.<name>.target | Name of the symlink (relative to /var/lib/rancher/k3s/server/manifests)
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.gitDaemon.exportAll | Publish all directories that look like Git repositories (have the objects
and refs subdirectories), even if they do not have the git-daemon-export-ok file
|
| services.mchprs.whitelist.enable | Whether or not the whitelist (in whitelist.json) shoud be enabled
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.gotenberg.enableBasicAuth | HTTP Basic Authentication
|
| services.dnscrypt-proxy.settings | Attrset that is converted and passed as TOML config file
|
| services.teeworlds.extraOptions | Extra configuration lines for the teeworlds.cfg
|
| services.gitea.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.zabbixServer.database.socket | Path to the unix socket file to use for authentication.
|