| services.journald.gateway.cert | The path to a file or AF_UNIX stream socket to read the server
certificate from
|
| services.microbin.passwordFile | Path to file containing environment variables
|
| services.rke2.manifests.<name>.target | Name of the symlink (relative to /var/lib/rancher/rke2/server/manifests)
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.apache-kafka.settings | Kafka broker configuration
server.properties
|
| services.yarr.environmentFile | Environment file for specifying additional settings such as secrets
|
| services.displayManager.dms-greeter.logs.save | Whether to enable saving logs from the DMS greeter to a file.
|
| services.bookstack.mail.passwordFile | A file containing the password corresponding to
mail.user.
|
| services.moodle.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.clickhouse.usersConfig | Your users.yaml as a Nix attribute set
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.libeufin.bank.settings | Configuration options for the libeufin bank system config file
|
| services.lldap.environmentFile | Environment file as defined in systemd.exec(5) passed to the service.
|
| services.zabbixWeb.httpd.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.pulseaudio.extraClientConf | Extra configuration appended to pulse/client.conf file.
|
| systemd.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.shutdownRamfs.contents.<name>.source | Path of the source file.
|
| services.cross-seed.settings.torrentDir | Directory containing torrent files, or if you're using a torrent
client integration and injection - your torrent client's .torrent
file store/cache.
|
| services.sympa.database.host | Database host address
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.tinc.networks.<name>.extraConfig | Extra lines to add to the tinc service configuration file
|
| services.cassandra.jmxRoles | Roles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store
|
| services.monado.forceDefaultRuntime | Whether to ensure that Monado is the active runtime set for the current
user
|
| services.jitsi-meet.interfaceConfig | Client-side web-app interface settings that override the defaults in interface_config.js
|
| services.nginx.proxyCachePath.<name>.useTempPath | Nginx first writes files that are destined for the cache to a temporary
storage area, and the use_temp_path=off directive instructs Nginx to
write them to the same directories where they will be cached
|
| services.netbird.tunnels.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.netbird.clients.<name>.login.setupKeyFile | A Setup Key file path used for automated login of the machine.
|
| services.k3s.environmentFile | File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile
|
| services.outline.databaseUrl | URI to use for the main PostgreSQL database
|
| services.monica.database.passwordFile | A file containing the password corresponding to
|
| networking.wireless.extraConfig | Extra lines appended to the configuration file
|
| services.matrix-hookshot.settings | config.yml configuration as a Nix attribute set
|
| services.tuliprox.systemSettings | Main config file
Refer to the Tuliprox documentation for available attributes
|
| services.prosody.uploadHttp.uploadExpireAfter | Max age of a file before it gets deleted, in seconds.
|
| services.r53-ddns.environmentFile | File containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
in the format of an EnvironmentFile as described by systemd.exec(5)
|
| services.journald.gateway.key | Specify the path to a file or AF_UNIX stream socket to read the
secret server key corresponding to the certificate specified with
services.journald.gateway.cert from
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| services.smartdns.settings | A set that will be generated into configuration file, see the SmartDNS README for details of configuration parameters
|
| programs.tsmClient.wrappedPackage | The tsm-client package to use
|
| services.kubernetes.controllerManager.kubeconfig.caFile | Kubernetes controller manager certificate authority file used to connect to kube-apiserver.
|
| services.xrdp.defaultWindowManager | The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session"
This is per-user overridable, if file ~/startwm.sh exists it will be used instead.
|
| services.nsd.remoteControl.controlCertFile | Path to the client certificate signed with the server certificate
|
| services.hylafax.faxcron.enable.spoolInit | Whether to enable purging old files from the spooling area with
faxcron
each time the spooling area is initialized
.
|
| services.photoprism.passwordFile | Admin password file.
|
| services.pipewire.extraConfig.jack | Additional configuration for the PipeWire JACK server and client library
|
| services.journald.remote.settings | Configuration in the journal-remote configuration file
|
| services.draupnir.secrets.accessToken | File containing the access token for Draupnir's Matrix account
to be used in place of services.draupnir.settings.accessToken.
|
| users.extraUsers.<name>.description | A short description of the user account, typically the
user's full name
|
| services.lldap.environment | Environment variables passed to the service
|
| services.kubernetes.controllerManager.kubeconfig.keyFile | Kubernetes controller manager client key file used to connect to kube-apiserver.
|
| services.mautrix-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| containers.<name>.bindMounts.<name>.mountPoint | Mount point on the container file system.
|
| services.neo4j.constrainLoadCsv | Sets the root directory for file URLs used with the Cypher
LOAD CSV clause to be that defined by
directories.imports
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.xinetd.services.*.unlisted | Whether this server is listed in
/etc/services
|
| i18n.inputMethod.fcitx5.settings.globalOptions | The global options in config file in ini format.
|
| services.dnscrypt-proxy2.settings | Attrset that is converted and passed as TOML config file
|
| services.anuko-time-tracker.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.flexget.systemScheduler | When true, execute the runs via the flexget-runner.timer
|
| services.webhook.enableTemplates | Enable the generated hooks file to be parsed as a Go template
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.asterisk.confFiles | Sets the content of config files (typically ending with
.conf) in the Asterisk configuration directory
|
| services.zabbixWeb.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.thinkfan.settings | Thinkfan settings
|
| services.journald.remote.settings.Remote.TrustedCertificateFile | A path to a SSL CA certificate file in PEM format, or all
|
| services.prometheus.exporters.mail.configuration | Specify the mailexporter configuration file to use.
|
| services.libeufin.nexus.settings | Configuration options for the libeufin nexus config file
|
| services.taler.exchange.settings | Configuration options for the taler exchange config file
|
| services.taler.merchant.settings | Configuration options for the taler merchant config file
|
| services.keepalived.extraGlobalDefs | Extra lines to be added verbatim to the 'global_defs' block of the
configuration file
|
| services.multipath.pathGroups.*.options | Options used to mount the file system
|
| systemd.shutdownRamfs.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.cloudflare-dyndns.apiTokenFile | The path to a file containing the CloudFlare API token.
|
| services.webdav.environmentFile | Environment file as defined in systemd.exec(5).
|
| services.guacamole-server.userMappingXml | Configuration file that correspond to user-mapping.xml.
|
| services.guacamole-client.userMappingXml | Configuration file that correspond to user-mapping.xml.
|
| services.system76-scheduler.settings.cfsProfiles.default.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| services.rsyncd.settings.sections | attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
|
| services.tuned.settings.globalSection | global section of an INI file (attrs of INI atom (null, bool, int, float or string))
|
| services.quicktun.<name>.privateKeyFile | Path to file containing local secret key in binary or hexadecimal form.
Not needed when services.quicktun..protocol is set to raw.
|
| services.anki-sync-server.users.*.passwordFile | File containing the password accepted by anki-sync-server for
the associated username
|
| services.maddy.tls.loader | TLS certificates are obtained by modules called "certificate
loaders"
|
| services.evcc.environmentFile | File with environment variables to pass into the runtime environment
|
| services.outline.storage | To support uploading of images for avatars and document attachments an
s3-compatible storage can be provided
|
| services.matrix-conduit.secretFile | Path to a file containing sensitive environment as described in {manpage}`systemd.exec(5)
|
| services.crowdsec.settings.general | Settings for the main CrowdSec configuration file
|
| services.oauth2-proxy.htpasswd.displayForm | Display username / password login form if an htpasswd file is provided.
|
| services.gitlab.secrets.dbFile | A file containing the secret used to encrypt variables in
the DB
|
| services.gitlab.backup.uploadOptions | GitLab automatic upload specification
|
| services.kubernetes.kubelet.tlsKeyFile | File containing x509 private key matching tlsCertFile.
|
| services.kubernetes.controllerManager.kubeconfig.certFile | Kubernetes controller manager client certificate file used to connect to kube-apiserver.
|
| services.lanraragi.redis.passwordFile | A file containing the password for LANraragi's Redis server.
|
| services.mediawiki.database.socket | Path to the unix socket file to use for authentication.
|
| services.gitlab.secrets.jwsFile | A file containing the secret used to encrypt session
keys
|
| services.kubernetes.kubelet.tlsCertFile | File containing x509 Certificate for HTTPS.
|
| systemd.user.timers.<name>.reloadTriggers | An arbitrary list of items such as derivations
|
| systemd.user.slices.<name>.reloadTriggers | An arbitrary list of items such as derivations
|