| services.invoiceplane.sites.<name>.cron.key | Cron key taken from the administration page.
|
| services.knot.keyFiles | A list of files containing additional configuration
to be included using the include directive
|
| programs.ssh.pubkeyAcceptedKeyTypes | Specifies the key lib.types that will be used for public key authentication.
|
| services.nix-serve.secretKeyFile | The path to the file used for signing derivation data
|
| services.openssh.knownHosts.<name>.publicKey | The public key data for the host
|
| services.tmate-ssh-server.keysDir | Directory containing ssh keys, defaulting to auto-generation
|
| services.dolibarr.h2o.tls.identity.*.key-file | Path to key file
|
| services.ncdns.dnssec.keys.public | Path to the file containing the KSK public key
|
| services.oink.settings.apiKey | API key to use when modifying DNS records.
|
| services.kanidm.serverSettings.tls_key | TLS key in pem format.
|
| services.sourcehut.settings."meta.sr.ht::billing".stripe-public-key | Public key for Stripe
|
| services.oauth2-proxy.keyFile | oauth2-proxy allows passing sensitive configuration via environment variables
|
| services.lk-jwt-service.keyFile | Path to a file containing the credential mapping (<keyname>: <secret>) to access LiveKit
|
| services.ncdns.dnssec.keys.zonePublic | Path to the file containing the ZSK public key
|
| services.opendkim.keyPath | The path that opendkim should put its generated private keys into
|
| security.tpm2.fapi.ekCertLess | A switch to disable Endorsement Key (EK) certificate verification
|
| services.sourcehut.settings."meta.sr.ht::billing".stripe-secret-key | An absolute file path (which should be outside the Nix-store)
to a secret key for Stripe
|
| services.nextcloud-spreed-signaling.settings.turn.apikeyFile | The path to the file containing the value for turn.apikey
|
| services.grafana.settings.smtp.key_file | File path to a key file.
|
| services.nextcloud.config.objectstore.s3.key | The access key for the S3 bucket.
|
| services.nsd.keys | Define your TSIG keys here.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.key | Path to certificate private key (PEM with private key)
|
| services.nsd.zones.<name>.notify | This primary server will notify all given secondary servers about
zone changes
|
| services.keyd.keyboards.<name>.settings | Configuration, except ids section, that is written to /etc/keyd/.conf
|
| services.sourcehut.settings.mail.pgp-pubkey | OpenPGP public key.
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.spiped.config.<name>.keyfile | Name of a file containing the spiped key
|
| swapDevices.*.randomEncryption.keySize | Set the encryption key size for the plain device
|
| services.keyd.keyboards | Configuration for one or more device IDs
|
| services.keyd.keyboards.<name>.ids | Device identifiers, as shown by keyd(1).
|
| boot.initrd.luks.devices.<name>.keyFileTimeout | The amount of time in seconds for a keyFile to appear before
timing out and trying passwords.
|
| services.prometheus.exporters.unbound.unbound.key | Path to the Unbound control socket key.
|
| services.maddy.tls.certificates.*.keyPath | Path to the private key used for TLS.
|
| hardware.openrazer.keyStatistics | Collects number of keypresses per hour per key used to
generate a heatmap.
|
| services.misskey.settings.db.db | The database name.
|
| services.misskey.settings.db | Database settings.
|
| programs.yazi.settings.keymap | Configuration included in keymap.toml
|
| services.warpgate.settings.http.sni_certificates.*.key | Path to private key.
|
| services.lokinet.settings.network.keyfile | The private key to persist address with
|
| services.ncdns.dnssec.keys.private | Path to the file containing the KSK private key.
|
| services.sabnzbd.settings.misc.https_key | Path to the TLS key for the web UI
|
| security.pam.u2f.settings | Options to pass to the PAM module
|
| services.dendrite.settings.global.private_key | The path to the signing private key file, used to sign
requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
|
| services.nsd.keys.<name>.algorithm | Authentication algorithm for this key.
|
| virtualisation.podman.networkSocket.tls.key | Path to the private key corresponding to the server certificate
|
| services.misskey.settings.db.port | The PostgreSQL port.
|
| services.misskey.settings.db.host | The PostgreSQL host.
|
| services.wgautomesh.settings.peers.*.pubkey | Wireguard public key of this peer.
|
| services.sharkey.settings.id | The ID generation method for Sharkey to use
|
| services.misskey.settings | Configuration for Misskey, see
example.yml
for all supported options.
|
| services.misskey.settings.id | The ID generation method to use
|
| services.reposilite.settings.keyPassword | Plaintext password used to unlock the Java KeyStore set in services.reposilite.settings.keyPath
|
| services.misskey.settings.db.user | The user used for database authentication.
|
| services.misskey.settings.db.pass | The password used for database authentication.
|
| services.oink.apiKeyFile | Path to a file containing the API key to use when modifying DNS records.
|
| services.pgbackrest.repos.<name>.sftp-private-key-file | SFTP private key file
|
| services.misskey.settings.port | The port your Misskey server should listen on.
|
| services.sharkey.settings.port | The port that Sharkey will listen on.
|
| services.ncdns.dnssec.keys.zonePrivate | Path to the file containing the ZSK private key.
|
| services.sharkey.settings | Configuration options for Sharkey
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.sharkey.settings.url | The full URL that the Sharkey instance will be publically accessible on
|
| security.pam.rssh.settings | Options to pass to the pam_rssh module
|
| services.kubernetes.kubeconfig.keyFile | Default kubeconfig client key file used to connect to kube-apiserver.
|
| services.misskey.settings.db.extra | Extra connection options.
|
| programs.ssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.omnom.settings.activitypub.pubkey | ActivityPub public key
|
| services.misskey.settings.redis | ioredis options
|
| services.umurmur.settings.private_key | Path to your SSL key
|
| services.toxBootstrapd.keysFile | Node key file.
|
| services.misskey.settings.redis.host | The Redis host.
|
| services.misskey.settings.redis.port | The Redis port.
|
| services.misskey.settings.url | The final user-facing URL
|
| services.tox-node.keysFile | Path to the file where DHT keys are stored.
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.kubernetes.proxy.kubeconfig.keyFile | Kubernetes proxy client key file used to connect to kube-apiserver.
|
| services.lasuite-docs.secretKeyPath | Path to the Django secret key
|
| services.lasuite-meet.secretKeyPath | Path to the Django secret key
|
| services.meilisearch.masterKeyFile | Path to file which contains the master key
|
| services.omnom.settings.activitypub.privkey | ActivityPub private key
|
| services.headscale.settings.derp.server.private_key_path | Path to derp private key file, generated automatically if it does not exist.
|
| services.warpgate.settings.ssh.keys | Path to store SSH host & client keys.
|
| services.hockeypuck.enable | Whether to enable Hockeypuck OpenPGP Key Server.
|
| services.misskey.settings.socket | The UNIX socket your Misskey server should listen on.
|
| services.resilio.apiKey | API key, which enables the developer API.
|
| services.sharkey.settings.socket | If specified, creates a UNIX socket at the given path that Sharkey listens on.
|
| services.rosenpass.settings.public_key | Path to a file containing the public key of the local Rosenpass peer
|
| services.rosenpass.settings.secret_key | Path to a file containing the secret key of the local Rosenpass peer
|
| services.dawarich.secretKeyBaseFile | Path to file containing the secret key base
|
| services.kubernetes.kubelet.kubeconfig.keyFile | Kubelet client key file used to connect to kube-apiserver.
|
| services.keycloak.settings.http-host | On which address Keycloak should accept new connections.
|
| services.keycloak.settings.http-port | On which port Keycloak should listen for new HTTP connections.
|
| services.sharkey.settings.address | The address that Sharkey binds to.
|
| services.rosenpass.settings.peers.*.public_key | Path to a file containing the public key of the remote Rosenpass peer.
|
| hardware.keyboard.qmk.keychronSupport | Whether to enable udev rules for keychron QMK based keyboards.
|
| services.openssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.keyd.package | The keyd package to use.
|
| swapDevices.*.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| security.agnos.settings.accounts.*.private_key_path | Path of the PEM-encoded private key for this account
|
| services.keycloak.settings.https-port | On which port Keycloak should listen for new HTTPS connections.
|