| services.fluentd.plugins | A list of plugin paths to pass into fluentd
|
| services.marytts.voices | Paths to the JAR files that contain additional voices for MaryTTS
|
| services.outline.cdnUrl | If using a Cloudfront/Cloudflare distribution or similar it can be set
using this option
|
| services.hledger-web.journalFiles | Paths to journal files relative to services.hledger-web.stateDir.
|
| services.ncps.cache.storage.local | The local directory for storing configuration and cached store
paths
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| services.public-inbox.http.mounts | Root paths or URLs that public-inbox will be served on
|
| services.mediawiki.skins | Attribute set of paths whose content is copied to the skins
subdirectory of the MediaWiki installation in addition to the default skins.
|
| services.prosody.virtualHosts.<name>.ssl | Paths to SSL files
|
| services.saunafs.master.exports | Paths to exports file (see sfsexports.cfg(5)).
|
| services.nomad.extraSettingsPaths | Additional settings paths used to configure nomad
|
| virtualisation.additionalPaths | A list of paths whose closure should be made available to
the VM
|
| services.athens.protocolWorkers | Number of workers concurrently serving protocol paths.
|
| programs.nix-required-mounts.enable | Whether to enable Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures.
|
| services.dysnomia.extraModulePaths | A list of paths containing additional modules that are added to the search folders
|
| services.public-inbox.inboxes.<name>.watch | Paths for public-inbox-watch(1) to monitor for new mail.
|
| services.zitadel.extraStepsPaths | A list of paths to extra steps files
|
| image.repart.partitions.<name>.storePaths | The store paths to include in the partition.
|
| programs.ssh.agentPKCS11Whitelist | A pattern-list of acceptable paths for PKCS#11 shared libraries
that may be used with the -s option to ssh-add.
|
| services.jupyter.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.anubis.instances | An attribute set of Anubis instances
|
| services.duplicity.exclude | List of paths to exclude from backups
|
| services.duplicity.include | List of paths to include into the backups
|
| services.cachix-watch-store.signingKeyFile | Optional file containing a self-managed signing key to sign uploaded store paths.
|
| services.ncps.upstream.publicKeys | A list of public keys of upstream caches in the format
host[-[0-9]*]:public-key
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| services.netdata.extraPluginPaths | Extra paths to add to the netdata global "plugins directory"
option
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.cross-seed.settings.dataDirs | Paths to be searched for matching data
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|
| hardware.deviceTree.dtboBuildExtraIncludePaths | Additional include paths that will be passed to the preprocessor when creating the final .dts to compile into .dtbo
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| boot.initrd.systemd.suppressedStorePaths | Store paths specified in the storePaths option that
should not be copied.
|
| services.bcachefs.autoScrub.fileSystems | List of paths to bcachefs filesystems to regularly call bcachefs scrub on
|
| services.duplicity.includeFileList | File containing newline-separated list of paths to include into the
backups
|
| services.duplicity.excludeFileList | File containing newline-separated list of paths to exclude into the
backups
|
| services.zitadel.extraSettingsPaths | A list of paths to extra settings files
|
| services.ncps.cache.upstream.publicKeys | A list of public keys of upstream caches in the format
host[-[0-9]*]:public-key
|
| services.dysnomia.extraContainerPaths | A list of paths containing additional container configurations that are added to the search folders
|
| system.extraDependencies | A list of paths that should be included in the system
closure but generally not visible to users
|
| services.komodo-periphery.excludeDiskMounts | Exclude these mount paths from disk reporting.
|
| services.komodo-periphery.includeDiskMounts | Only include these mount paths in disk reporting.
|
| services.kanata.keyboards.<name>.devices | Paths to keyboard devices
|
| services.mattermost.plugins | Plugins to add to the configuration
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.beszel.agent.smartmon.deviceAllow | List of device paths to allow access to for SMART monitoring
|
| programs.nix-required-mounts.allowedPatterns | The hook config, describing which paths to mount for which system features
|
| services.airsonic.transcoders | List of paths to transcoder executables that should be accessible
from Airsonic
|
| services.btrfs.autoScrub.fileSystems | List of paths to btrfs filesystems to regularly call btrfs scrub on
|
| services.postfix.settings.master.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.subsonic.transcoders | List of paths to transcoder executables that should be accessible
from Subsonic
|
| services.marytts.userDictionaries | Paths to the user dictionary files for MaryTTS.
|
| services.borgbackup.jobs.<name>.exclude | Exclude paths matching any of the given patterns
|
| services.maddy.tls.certificates | A list of attribute sets containing paths to TLS certificates and
keys
|
| services.dbus.packages | Packages whose D-Bus configuration files should be included in
the configuration of the D-Bus system-wide or session-wide
message bus
|
| environment.wordlist.lists | A set with the key names being the environment variable you'd like to
set and the values being a list of paths to text documents containing
lists of words
|
| services.pocket-id.credentials | Environment variables which are loaded from the contents of the specified file paths
|
| services.sharkey.environmentFiles | List of paths to files containing environment variables for Sharkey to use at runtime
|
| services.linkwarden.secretFiles | Attribute set containing paths to files to add to the environment of linkwarden
|
| services.hylafax.commonModemConfig | Attribute set of default values for
modem config files etc/config.*
|
| networking.nftables.checkRuleset | Run nft check on the ruleset to spot syntax errors during build
|
| services.centrifugo.credentials | Environment variables with absolute paths to credentials files to load
on service startup.
|
| systemd.services.<name>.confinement.enable | If set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
|
| services.prometheus.exporters.kea.targets | Paths or URLs to the Kea control socket.
|
| services.plex.accelerationDevices | A list of device paths to hardware acceleration devices that Plex should
have access to
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.dawarich.configureNginx | Configure nginx as a reverse proxy for dawarich
|
| documentation.nixos.extraModuleSources | Which extra NixOS module paths the generated NixOS's documentation should strip
from options.
|
| programs.singularity.systemBinPaths | (Extra) system-wide /**/bin paths
for Apptainer/Singularity to find command-line utilities in.
"/run/wrappers/bin" is included by default to make
utilities with SUID bit set available to Apptainer/Singularity
|
| services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| networking.nftables.checkRulesetRedirects | Set of paths that should be intercepted and rewritten while checking the ruleset
using pkgs.buildPackages.libredirect.
|
| services.librechat.credentials | Environment variables which are loaded from the contents of files at a file paths, mainly used for secrets
|
| services.slskd.settings.shares.directories | Paths to shared directories
|
| services.grafana.settings.server.cdn_url | Specify a full HTTP URL address to the root of your Grafana CDN assets
|
| services.munin-node.extraAutoPlugins | Additional Munin plugins to autoconfigure, using
munin-node-configure --suggest
|
| system.forbiddenDependenciesRegexes | POSIX Extended Regular Expressions that match store paths that
should not appear in the system closure, with the exception of system.extraDependencies, which is not checked.
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| security.allowUserNamespaces | Whether to allow creation of user namespaces
|
| boot.loader.generic-extlinux-compatible.mirroredBoots | Mirror the boot configuration to multiple paths.
|
| services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| services.immich.accelerationDevices | A list of device paths to hardware acceleration devices that immich should
have access to
|
| services.prometheus.exporters.node-cert.excludePaths | List of paths to exclute from searching for SSL certificates.
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| programs.nix-required-mounts.presets.nvidia-gpu.enable | Whether to enable Declare the support for derivations that require an Nvidia GPU to be
available, e.g. derivations with requiredSystemFeatures = [ "cuda" ]
|
| services.mastodon.configureNginx | Configure nginx as a reverse proxy for mastodon
|
| services.prometheus.exporters.smartctl.devices | Paths to the disks that will be monitored
|
| services.prometheus.exporters.snmp.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| services.tee-supplicant.trustedApplications | A list of full paths to trusted applications that will be loaded at
runtime by tee-supplicant.
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| services.prometheus.exporters.blackbox.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| security.apparmor.killUnconfinedConfinables | Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes)
|
| services.wyoming.openwakeword.customModelsDirectories | Paths to directories with custom wake word models (*.tflite model files).
|
| systemd.services.<name>.confinement.mode | The value full-apivfs (the default) sets up
private /dev, /proc,
/sys, /tmp and /var/tmp file systems
in a separate user name space
|
| security.virtualisation.flushL1DataCache | Whether the hypervisor should flush the L1 data cache before
entering guests
|
| services.maubot.settings.plugin_directories | Plugin directory paths
|
| virtualisation.oci-containers.containers.<name>.volumes | List of volumes to attach to this container
|
| services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|