| services.blockbook-frontend.<name>.extraConfig | Additional configurations to be appended to coin.conf
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.saunafs.chunkserver.settings | Contents of chunkserver config file (see sfschunkserver.cfg(5)).
|
| services.prometheus.exporters.mail.configFile | Specify the mailexporter configuration file to use.
|
| services.mautrix-whatsapp.settings | config.yaml configuration as a Nix attribute set
|
| services.znc.config | Configuration for ZNC, see
https://wiki.znc.in/Configuration for details
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret_file | Read the client secret from a file
|
| services.sourcehut.settings."sr.ht".network-key | An absolute file path (which should be outside the Nix-store)
to a secret key to encrypt internal messages with
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| services.dawarich.configureNginx | Configure nginx as a reverse proxy for dawarich
|
| services.dsnet.settings | The settings to use for dsnet
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.tigerbeetle.clusterId | The 128-bit cluster ID used to create the replica data file (if needed)
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.akkoma.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.discourse.mail.incoming.apiKeyFile | A file containing the Discourse API key used to add
posts and messages from mail
|
| services.anuko-time-tracker.settings.email.smtpPasswordFile | Path to file containing the MTA authentication password.
|
| services.discourse.secretKeyBaseFile | The path to a file containing the
secret_key_base secret
|
| services.discourse.database.passwordFile | File containing the Discourse database user password
|
| services.blendfarm.basicSecurityPasswordFile | Path to the password file the client needs to connect to the server
|
| services.fedimintd.<name>.bitcoin.rpc.secretFile | If set the URL specified in bitcoin.rpc.url will get the content of this file added
as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com
|
| services.fluidd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matomo.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.livekit.ingress.environmentFile | Environment file as defined in systemd.exec(5) passed to the service
|
| services.monica.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.mjolnir.pantalaimon.options.dataPath | The directory where pantalaimon should store its state such as the database file.
|
| services.szurubooru.server.settings.smtp.passFile | File containing the password associated to the given user for the SMTP server.
|
| services.mjolnir.pantalaimon.passwordFile | File containing the matrix password for the mjolnir user.
|
| virtualisation.xen.efi.path | Path to xen.efi. pkgs.xen is patched to install the xen.efi file
on $boot/boot/xen.efi, but an unpatched Xen build may install it
somewhere else, such as $out/boot/efi/efi/nixos/xen.efi
|
| services.govee2mqtt.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.komodo-periphery.environmentFile | Environment file for additional configuration via environment variables.
|
| services.nextcloud.configureRedis | Whether to configure Nextcloud to use the recommended Redis settings for small instances.
The Nextcloud system check recommends to configure either Redis or Memcache for file lock caching.
The notify_push app requires Redis to be configured
|
| services.onlyoffice.postgresPasswordFile | Path to a file that contains the password OnlyOffice should use to connect to Postgresql
|
| services.prometheus.exporters.pve.server.keyFile | Path to a SSL private key file for the server
|
| services.mosquitto.listeners.*.authPlugins.*.plugin | Plugin path to load, should be a .so file.
|
| services.mautrix-meta.instances.<name>.settings | config.yaml configuration as a Nix attribute set
|
| services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.uvcvideo.dynctrl.packages | List of packages containing uvcvideo dynamic controls
rules
|
| services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.sourcehut.settings.objects.s3-secret-key | An absolute file path (which should be outside the Nix-store)
to the secret key of the S3-compatible object storage service.
|
| programs.openvpn3.log-service.settings.timestamp | Add timestamp log file
|
| services.hockeypuck.settings | Configuration file for hockeypuck, here you can override
certain settings (loglevel and
openpgp.db.dsn) by just setting those values
|
| services.fail2ban.banaction-allports | Default banning action (e.g. iptables, iptables-new, iptables-multiport,
shorewall, etc) for "allports" jails
|
| services.headscale.settings.database.sqlite.path | Path to the sqlite3 database file.
|
| programs.chromium.extensions | List of chromium extensions to install
|
| services.matrix-continuwuity.settings | Generates the continuwuity.toml configuration file
|
| services.nextcloud.notify_push.dbpassFile | The full path to a file that contains the database password.
|
| services.ocsinventory-agent.settings.ca | Path to CA certificates file in PEM format, for server
SSL certificate validation.
|
| services.prometheus.exporters.pve.server.certFile | Path to a SSL certificate file for the server
|
| services.prometheus.exporters.ipmi.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.hercules-ci-agent.settings.secretsJsonPath | Path to a JSON file containing secrets for effects
|
| services.wordpress.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.your_spotify.spotifySecretFile | A file containing the secret key of your Spotify application
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.passwordFile | The password for this entry, read from the given file when starting hostapd
|
| services.postfixadmin.setupPasswordFile | Password file for the admin
|
| services.grafana.settings.server.cdn_url | Specify a full HTTP URL address to the root of your Grafana CDN assets
|
| services.interception-tools.udevmonConfig | String of udevmon YAML configuration, or path to a udevmon YAML
configuration file.
|
| services.caddy.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.dependency-track.database.passwordFile | The path to a file containing the database password.
|
| services.neo4j.directories.imports | The root directory for file URLs used with the Cypher
LOAD CSV clause
|
| services.opencloud.environmentFile | An environment file as defined in systemd.exec(5)
|
| services.kubernetes.proxy.kubeconfig.caFile | Kubernetes proxy certificate authority file used to connect to kube-apiserver.
|
| services.szurubooru.server.settings.secretFile | File containing a secret used to salt the users' password hashes and generate filenames for static content.
|
| services.anubis.defaultOptions.settings.POLICY_FNAME | The policy file to use
|
| services.public-inbox.settings.publicinbox.css | The local path name of a CSS file for the PSGI web interface.
|
| services.kubernetes.proxy.kubeconfig.keyFile | Kubernetes proxy client key file used to connect to kube-apiserver.
|
| services.writefreely.database.passwordFile | The file to load the database password from.
|
| services.workout-tracker.environmentFile | An environment file as defined in systemd.exec(5)
|
| virtualisation.lxc.usernetConfig | This is the config file for managing unprivileged user network
administration access in LXC
|
| services.limesurvey.nginx.virtualHost.basicAuthFile | Basic Auth password file for a vhost
|
| services.grafana.provision.alerting.rules.path | Path to YAML rules configuration
|
| boot.initrd.network.ifstate.cleanupSettings | Content of IfState's initrd cleanup configuration file
|
| services.anubis.instances.<name>.settings.POLICY_FNAME | The policy file to use
|
| networking.supplicant.<name>.configFile.writable | Whether the configuration file at configFile.path should be written to by
wpa_supplicant.
|
| services.anubis.defaultOptions.policy.settings | Additional policy settings merged into the policy file
|
| services.openvscode-server.connectionTokenFile | Path to a file that contains the connection token.
|
| services.yggdrasil.settings.PrivateKeyPath | Path to the private key file on the host system
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.credentials_file | Sets the credentials to the credentials read from the configured file
|
| services.hylafax.faxqclean.enable.frequency | Purge old files from the spooling area with
faxcron with the given frequency
(see systemd.time(7)).
|
| services.radicle.httpd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.postfix.tlsTrustedAuthorities | File containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery
|
| services.pds.environmentFiles | File to load environment variables from
|
| services.discourse.mail.outgoing.passwordFile | A file containing the password of the SMTP server account
|
| services.anubis.instances.<name>.policy.settings | Additional policy settings merged into the policy file
|
| services.waagent.settings.ResourceDisk.EnableSwap | If enabled, the agent creates a swap file (/swapfile) on the resource disk
and adds it to the system swap space
|