| services.cachix-watch-store.jobs | Number of threads used for pushing store paths
|
| services.ersatztv.baseUrl | Base URL to support reverse proxies that use paths (e.g. /ersatztv)
|
| services.reposilite.settings.keyPath | Path to the .jsk KeyStore or paths to the PKCS#8 certificate and private key, separated by a space (see example)
|
| networking.search | The list of domain search paths that are considered for resolving
hostnames with fewer dots than configured in the ndots option,
which defaults to 1 if unset.
|
| services.below.cgroupFilterOut | A regexp matching the full paths of cgroups whose data shouldn't be collected
|
| services.nar-serve.domain | When set, enables the feature of serving .
on top of /nix/store/-
|
| services.zenohd.backends | Storage backend packages to add to zenohd search paths.
|
| services.harmonia.signKeyPaths | Paths to the signing keys to use for signing the cache
|
| services.collectd.include | Additional paths to load config from.
|
| programs.tsmClient.package | The tsm-client package to use
|
| services.locate.pruneNames | Directory components which should exclude paths containing them from indexing
|
| services.logstash.plugins | The paths to find other logstash plugins in.
|
| systemd.shutdownRamfs.storePaths | Store paths to copy into the shutdown ramfs as well.
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.akkoma.extraStatic | Attribute set of extra paths to add to the static files directory
|
| services.freefall.devices | Device paths to all internal spinning hard drives.
|
| security.doas.extraRules.*.cmd | The command the user is allowed to run
|
| services.fluentd.plugins | A list of plugin paths to pass into fluentd
|
| services.marytts.voices | Paths to the JAR files that contain additional voices for MaryTTS
|
| services.outline.cdnUrl | If using a Cloudfront/Cloudflare distribution or similar it can be set
using this option
|
| services.hledger-web.journalFiles | Paths to journal files relative to services.hledger-web.stateDir.
|
| services.ncps.cache.storage.local | The local directory for storing configuration and cached store
paths
|
| containers.<name>.tmpfs | Mounts a set of tmpfs file systems into the container
|
| services.public-inbox.http.mounts | Root paths or URLs that public-inbox will be served on
|
| services.slurm.extraConfigPaths | Slurm expects config files for plugins in the same path
as slurm.conf
|
| services.mediawiki.skins | Attribute set of paths whose content is copied to the skins
subdirectory of the MediaWiki installation in addition to the default skins.
|
| services.prosody.virtualHosts.<name>.ssl | Paths to SSL files
|
| services.syslog-ng.extraModulePaths | A list of paths that should be included in syslog-ng's
--module-path option
|
| programs.k3b.enable | Whether to enable k3b, the KDE disk burning application
|
| services.saunafs.master.exports | Paths to exports file (see sfsexports.cfg(5)).
|
| services.nomad.extraSettingsPaths | Additional settings paths used to configure nomad
|
| services.oauth2-proxy.upstream | The http url(s) of the upstream endpoint or file://
paths for static files
|
| systemd.services.<name>.confinement.packages | Additional packages or strings with context to add to the closure of
the chroot
|
| services.fluent-bit.configurationFile | Fluent Bit configuration
|
| virtualisation.additionalPaths | A list of paths whose closure should be made available to
the VM
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| programs.nix-required-mounts.enable | Whether to enable Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures.
|
| services.athens.protocolWorkers | Number of workers concurrently serving protocol paths.
|
| services.dysnomia.extraModulePaths | A list of paths containing additional modules that are added to the search folders
|
| services.public-inbox.inboxes.<name>.watch | Paths for public-inbox-watch(1) to monitor for new mail.
|
| services.zitadel.extraStepsPaths | A list of paths to extra steps files
|
| image.repart.partitions.<name>.storePaths | The store paths to include in the partition.
|
| services.jupyter.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.anubis.instances | An attribute set of Anubis instances
|
| programs.ssh.agentPKCS11Whitelist | A pattern-list of acceptable paths for PKCS#11 shared libraries
that may be used with the -s option to ssh-add.
|
| services.supybot.configFile | Path to initial supybot config file
|
| services.duplicity.include | List of paths to include into the backups
|
| services.duplicity.exclude | List of paths to exclude from backups
|
| services.cachix-watch-store.signingKeyFile | Optional file containing a self-managed signing key to sign uploaded store paths.
|
| services.mailcatcher.http.path | Prefix to all HTTP paths.
|
| services.gitlab.smtp.passwordFile | File containing the password of the SMTP server for GitLab
|
| services.ncps.upstream.publicKeys | A list of public keys of upstream caches in the format
host[-[0-9]*]:public-key
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| services.netdata.extraPluginPaths | Extra paths to add to the netdata global "plugins directory"
option
|
| services.restic.backups.<name>.command | Command to pass to --stdin-from-command
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.cross-seed.settings.dataDirs | Paths to be searched for matching data
|
| services.borgbackup.jobs.<name>.group | The group borg is run as
|
| services.gns3-server.auth.passwordFile | A file containing the password to access the GNS3 Server.
This should be a string, not a nix path, since nix paths
are copied into the world-readable nix store.
|
| services.ytdl-sub.instances.<name>.readWritePaths | List of paths that ytdl-sub can write to.
|
| hardware.deviceTree.dtboBuildExtraIncludePaths | Additional include paths that will be passed to the preprocessor when creating the final .dts to compile into .dtbo
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| boot.initrd.systemd.suppressedStorePaths | Store paths specified in the storePaths option that
should not be copied.
|
| services.bcachefs.autoScrub.fileSystems | List of paths to bcachefs filesystems to regularly call bcachefs scrub on
|
| services.duplicity.excludeFileList | File containing newline-separated list of paths to exclude into the
backups
|
| services.duplicity.includeFileList | File containing newline-separated list of paths to include into the
backups
|
| services.zitadel.extraSettingsPaths | A list of paths to extra settings files
|
| services.ncps.cache.upstream.publicKeys | A list of public keys of upstream caches in the format
host[-[0-9]*]:public-key
|
| services.gitlab.secrets.dbFile | A file containing the secret used to encrypt variables in
the DB
|
| services.gitlab.secrets.jwsFile | A file containing the secret used to encrypt session
keys
|
| services.dysnomia.extraContainerPaths | A list of paths containing additional container configurations that are added to the search folders
|
| system.extraDependencies | A list of paths that should be included in the system
closure but generally not visible to users
|
| services.kanata.keyboards.<name>.devices | Paths to keyboard devices
|
| services.komodo-periphery.includeDiskMounts | Only include these mount paths in disk reporting.
|
| services.komodo-periphery.excludeDiskMounts | Exclude these mount paths from disk reporting.
|
| services.gitlab.initialRootPasswordFile | File containing the initial password of the root account if
this is a new install
|
| services.gitlab.databasePasswordFile | File containing the GitLab database user password
|
| services.gitlab.secrets.otpFile | A file containing the secret used to encrypt secrets for OTP
tokens
|
| services.mattermost.plugins | Plugins to add to the configuration
|
| services.jupyterhub.kernels.<name>.extraPaths | Extra paths to link in kernel directory
|
| services.beszel.agent.smartmon.deviceAllow | List of device paths to allow access to for SMART monitoring
|
| services.zammad.secretKeyBaseFile | The path to a file containing the
secret_key_base secret
|
| services.amazon-cloudwatch-agent.configurationFile | Amazon CloudWatch Agent configuration file
|
| services.discourse.redis.passwordFile | File containing the Redis password
|
| programs.nix-required-mounts.allowedPatterns | The hook config, describing which paths to mount for which system features
|
| services.amazon-cloudwatch-agent.commonConfigurationFile | Amazon CloudWatch Agent common configuration
|
| services.discourse.admin.passwordFile | A path to a file containing the admin user's password
|
| services.airsonic.transcoders | List of paths to transcoder executables that should be accessible
from Airsonic
|
| services.btrfs.autoScrub.fileSystems | List of paths to btrfs filesystems to regularly call btrfs scrub on
|
| boot.kernel.sysfs | sysfs attributes to be set as soon as they become available
|
| services.marytts.userDictionaries | Paths to the user dictionary files for MaryTTS.
|
| services.postfix.settings.master.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.subsonic.transcoders | List of paths to transcoder executables that should be accessible
from Subsonic
|
| services.borgbackup.jobs.<name>.exclude | Exclude paths matching any of the given patterns
|
| services.maddy.tls.certificates | A list of attribute sets containing paths to TLS certificates and
keys
|
| services.gitlab.secrets.secretFile | A file containing the secret used to encrypt variables in
the DB
|
| services.diod.exports | List the file systems that clients will be allowed to mount
|
| environment.profileRelativeEnvVars | Attribute set of environment variable
|
| services.mediawiki.extensions | Attribute set of paths whose content is copied to the extensions
subdirectory of the MediaWiki installation and enabled in configuration
|
| services.pretalx.settings.filesystem.data | Base path for all other storage paths.
|