| security.pam.services.<name>.setLoginUid | Set the login uid of the process
(/proc/self/loginuid) for auditing
purposes
|
| services.gns3-server.auth.passwordFile | A file containing the password to access the GNS3 Server.
This should be a string, not a nix path, since nix paths
are copied into the world-readable nix store.
|
| services.caddy.enableReload | Reload Caddy instead of restarting it when configuration file changes
|
| services.drupal.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.openssh.settings.StrictModes | Whether sshd should check file modes and ownership of directories
|
| services.sillytavern.configFile | Path to the SillyTavern configuration file.
|
| services.slurm.dbdserver.extraConfig | Extra configuration for slurmdbd.conf See also:
slurmdbd.conf(8).
|
| services.quicktun.<name>.privateKeyFile | Path to file containing local secret key in binary or hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.thinkfan.fans.*.query | The query string used to match one or more fans: can be
a fullpath to the temperature file (single fan) or a fullpath
to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
|
| services.quickwit.settings.version | Configuration file version.
|
| services.lldap.environmentFile | Environment file as defined in systemd.exec(5) passed to the service.
|
| services.nextcloud.datadir | Nextcloud's data storage path
|
| services.microbin.passwordFile | Path to file containing environment variables
|
| services.pulseaudio.extraClientConf | Extra configuration appended to pulse/client.conf file.
|
| services.ncdns.dnssec.keys.zonePublic | Path to the file containing the ZSK public key
|
| systemd.user.paths.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.vdirsyncer.jobs.<name>.configFile | existing configuration file
|
| services.powerdns-admin.config | Configuration python file
|
| systemd.shutdownRamfs.contents.<name>.source | Path of the source file.
|
| services.yarr.environmentFile | Environment file for specifying additional settings such as secrets
|
| users.ldap.daemon.rootpwmodpwFile | The path to a file containing the credentials with which to bind to
the LDAP server if the root user tries to change a user's password.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.apache-kafka.settings | Kafka broker configuration
server.properties
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.foundationdb.tls.key | Private key file for the certificate.
|
| networking.wireless.extraConfig | Extra lines appended to the configuration file
|
| services.jitsi-meet.interfaceConfig | Client-side web-app interface settings that override the defaults in interface_config.js
|
| services.journald.gateway.trust | Specify the path to a file or AF_UNIX stream socket to read a CA
certificate from
|
| services.matrix-hookshot.settings | config.yml configuration as a Nix attribute set
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| services.photoprism.passwordFile | Admin password file.
|
| services.r53-ddns.environmentFile | File containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
in the format of an EnvironmentFile as described by systemd.exec(5)
|
| services.tuliprox.systemSettings | Main config file
Refer to the Tuliprox documentation for available attributes
|
| services.monado.forceDefaultRuntime | Whether to ensure that Monado is the active runtime set for the current
user
|
| services.nsd.remoteControl.controlKeyFile | Path to the client private key, which is used by nsd-control
but not by the server
|
| services.tuned.settings.sections | attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| services.k3s.environmentFile | File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile
|
| services.zammad.database.passwordFile | A file containing the password for services.zammad.database.user.
|
| services.webdav.settings | Attrset that is converted and passed as config file
|
| services.caddy.adapter | Name of the config adapter to use
|
| services.nginx.proxyCachePath.<name>.useTempPath | Nginx first writes files that are destined for the cache to a temporary
storage area, and the use_temp_path=off directive instructs Nginx to
write them to the same directories where they will be cached
|
| services.thanos.query.store.sd-interval | Refresh interval to re-read file SD files
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.bookstack.mail.passwordFile | A file containing the password corresponding to
mail.user.
|
| services.guacamole-server.userMappingXml | Configuration file that correspond to user-mapping.xml.
|
| services.flexget.systemScheduler | When true, execute the runs via the flexget-runner.timer
|
| security.agnos.generateKeys.enable | Enable automatic generation of account keys
|
| services.guacamole-client.userMappingXml | Configuration file that correspond to user-mapping.xml.
|
| services.keepalived.extraGlobalDefs | Extra lines to be added verbatim to the 'global_defs' block of the
configuration file
|
| services.cloudflare-dyndns.apiTokenFile | The path to a file containing the CloudFlare API token.
|
| services.cassandra.jmxRoles | Roles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store
|
| programs.tsmClient.wrappedPackage | The tsm-client package to use
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| services.lldap.environment | Environment variables passed to the service
|
| services.multipath.pathGroups.*.options | Options used to mount the file system
|
| services.moodle.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.portunus.ldap.tls | Whether to enable LDAPS protocol
|
| services.mautrix-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.ncps.cache.storage.s3.secretAccessKeyPath | The path to a file containing only the secret-access-key.
|
| services.smartdns.settings | A set that will be generated into configuration file, see the SmartDNS README for details of configuration parameters
|
| services.outline.databaseUrl | URI to use for the main PostgreSQL database
|
| services.rke2.environmentFile | File path containing environment variables for configuring the rke2 service in the format of an EnvironmentFile
|
| services.webdav.environmentFile | Environment file as defined in systemd.exec(5).
|
| systemd.shutdownRamfs.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.xrdp.defaultWindowManager | The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session"
This is per-user overridable, if file ~/startwm.sh exists it will be used instead.
|
| services.webhook.enableTemplates | Enable the generated hooks file to be parsed as a Go template
|
| services.xinetd.services.*.unlisted | Whether this server is listed in
/etc/services
|
| services.zabbixWeb.httpd.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.radicle.httpd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.cross-seed.settings.torrentDir | Directory containing torrent files, or if you're using a torrent
client integration and injection - your torrent client's .torrent
file store/cache.
|
| services.neo4j.constrainLoadCsv | Sets the root directory for file URLs used with the Cypher
LOAD CSV clause to be that defined by
directories.imports
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prosody.uploadHttp.uploadExpireAfter | Max age of a file before it gets deleted, in seconds.
|
| services.code-server.disableFileDownloads | Disable file downloads from Code.
|
| services.journald.gateway.cert | The path to a file or AF_UNIX stream socket to read the server
certificate from
|
| services.libeufin.bank.settings | Configuration options for the libeufin bank system config file
|
| services.buildkite-agents.<name>.extraConfig | Extra lines to be added verbatim to the configuration file.
|
| services.c2fmzq-server.passphraseFile | Path to file containing the database passphrase
|
| services.garage.environmentFile | File containing environment variables to be passed to the Garage server.
|
| environment.unixODBCDrivers | Specifies Unix ODBC drivers to be registered in
/etc/odbcinst.ini
|
| services.anki-sync-server.users.*.passwordFile | File containing the password accepted by anki-sync-server for
the associated username
|
| services.iperf3.authorizedUsersFile | Path to the configuration file containing authorized users credentials to run iperf tests.
|
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.openvpn.servers.<name>.config | Configuration of this OpenVPN instance
|
| services.monica.database.passwordFile | A file containing the password corresponding to
|
| services.thinkfan.settings | Thinkfan settings
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.openvscode-server.socketPath | The path to a socket file for the server to listen to.
|
| systemd.sockets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.evcc.environmentFile | File with environment variables to pass into the runtime environment
|
| systemd.targets.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.strongswan.secrets | A list of paths to IPSec secret files
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|