| services.spacecookie.settings.root | The directory spacecookie should serve via gopher
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.profile.matchers | Process matchers.
|
| services.navidrome.environmentFile | Environment file, used to set any secret ND_* environment variables.
|
| services.matrix-alertmanager.secretFile | File that contains a secret for the Alertmanager webhook.
|
| services.amazon-cloudwatch-agent.configurationFile | Amazon CloudWatch Agent configuration file
|
| services.kubernetes.apiserver.tokenAuthFile | Kubernetes apiserver token authentication file
|
| services.kubernetes.apiserver.basicAuthFile | Kubernetes apiserver basic authentication file
|
| services.kubernetes.apiserver.clientCaFile | Kubernetes apiserver CA file for client auth.
|
| services.keycloak.database.passwordFile | The path to a file containing the database password
|
| environment.systemPackages | The set of packages that appear in
/run/current-system/sw
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchUuid | UUID of the connection profile
UUIDs are assigned once on connection creation and should never change as long as the connection still applies to the same network.
|
| systemd.automounts.*.reloadTriggers | An arbitrary list of items such as derivations
|
| services.limesurvey.httpd.virtualHost.sslServerChain | Path to server SSL chain file.
|
| services.photoprism.databasePasswordFile | Database password file.
|
| services.slskd.environmentFile | Path to the environment file sourced on startup
|
| services.matrix-synapse.settings.listeners.*.mode | File permissions on the UNIX domain socket.
|
| services.borgbackup.jobs.<name>.failOnWarnings | Fail the whole backup job if any borg command returns a warning
(exit code 1), for example because a file changed during backup.
|
| services.gokapi.environment.GOKAPI_CONFIG_FILE | Sets the filename for the config file.
|
| services.davis.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.slskd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.movim.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.szurubooru.server.settings.smtp.passFile | File containing the password associated to the given user for the SMTP server.
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchId | connection id used by NetworkManager
|
| services.languagetool.settings | Configuration file options for LanguageTool, see
'languagetool-http-server --help'
for supported settings.
|
| services.discourse.mail.incoming.apiKeyFile | A file containing the Discourse API key used to add
posts and messages from mail
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchType | NetworkManager connection type
The NetworkManager configuration settings reference roughly corresponds to connection types
|
| virtualisation.lxc.bridgeConfig | This is the config file for override lxc-net bridge default settings.
|
| services.szurubooru.database.passwordFile | A file containing the password for the PostgreSQL user.
|
| services.snipe-it.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dsnet.settings | The settings to use for dsnet
|
| services.xserver.displayManager.lightdm.greeter.name | The name of a .desktop file in the directory specified
in the 'package' option.
|
| services.prometheus.exporters.pve.server.keyFile | Path to a SSL private key file for the server
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| services.home-assistant.blueprints.script | List of script
blueprints to
install into ${config.services.home-assistant.configDir}/blueprints/script.
|
| services.mpdscribble.journalInterval | How often should mpdscribble save the journal file? [seconds]
|
| services.zeronsd.servedNetworks.<name>.settings.token | Path to a file containing the API Token for ZeroTier Central.
|
| services.nextcloud.phpOptions | Options for PHP's php.ini file for nextcloud
|
| services.limesurvey.database.passwordFile | A file containing the password corresponding to
database.user.
|
| networking.nftables.checkRuleset | Run nft check on the ruleset to spot syntax errors during build
|
| services.grafana.provision.datasources.settings.datasources.*.secureJsonData | Datasource specific secure configuration
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting | name of the setting section for which secrets are requested
|
| services.miniflux.adminCredentialsFile | File containing the ADMIN_USERNAME and
ADMIN_PASSWORD (length >= 6) in the format of
an EnvironmentFile=, as described by systemd.exec(5).
|
| services.prometheus.exporters.pve.server.certFile | Path to a SSL certificate file for the server
|
| services.anuko-time-tracker.settings.email.smtpPasswordFile | Path to file containing the MTA authentication password.
|
| services.mjolnir.pantalaimon.options.dataPath | The directory where pantalaimon should store its state such as the database file.
|
| services.headscale.settings.database.sqlite.path | Path to the sqlite3 database file.
|
| services.sourcehut.settings."sr.ht".network-key | An absolute file path (which should be outside the Nix-store)
to a secret key to encrypt internal messages with
|
| services.saunafs.chunkserver.settings | Contents of chunkserver config file (see sfschunkserver.cfg(5)).
|
| services.epgstation.database.passwordFile | A file containing the password for the database named
database.name.
|
| services.system76-scheduler.settings.cfsProfiles.responsive.wakeup-granularity | sched_wakeup_granularity_ns.
|
| services.prowlarr.environmentFiles | Environment file to pass secret configuration values
|
| services.whisparr.environmentFiles | Environment file to pass secret configuration values
|
| services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| services.fedimintd.<name>.bitcoin.rpc.secretFile | If set the URL specified in bitcoin.rpc.url will get the content of this file added
as an URL password, so http://user@example.com will turn into http://user:SOMESECRET@example.com
|
| services.grafana.settings.server.cdn_url | Specify a full HTTP URL address to the root of your Grafana CDN assets
|
| services.aria2.downloadDirPermission | The permission for settings.dir
|
| programs.uwsm.waylandCompositors.<name>.prettyName | The full name of the desktop entry file.
|
| services.mautrix-whatsapp.settings | config.yaml configuration as a Nix attribute set
|
| services.sourcehut.settings.objects.s3-secret-key | An absolute file path (which should be outside the Nix-store)
to the secret key of the S3-compatible object storage service.
|
| services.journalwatch.extraConfig | Extra lines to be added verbatim to the journalwatch/config configuration file
|
| services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| virtualisation.xen.efi.path | Path to xen.efi. pkgs.xen is patched to install the xen.efi file
on $boot/boot/xen.efi, but an unpatched Xen build may install it
somewhere else, such as $out/boot/efi/efi/nixos/xen.efi
|
| services.discourse.database.passwordFile | File containing the Discourse database user password
|
| services.akkoma.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fluidd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matomo.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.monica.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.grafana.provision.alerting.rules.path | Path to YAML rules configuration
|
| services.prometheus.exporters.ipmi.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.uvcvideo.dynctrl.packages | List of packages containing uvcvideo dynamic controls
rules
|
| services.icingaweb2.resources | resources.ini contents
|
| services.livekit.ingress.environmentFile | Environment file as defined in systemd.exec(5) passed to the service
|
| boot.initrd.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.easytier.instances.<name>.extraSettings | Extra settings to add to easytier-‹name›.toml.
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| services.homebridge.environmentFile | Path to an environment-file which may contain secrets.
|
| services.discourse.secretKeyBaseFile | The path to a file containing the
secret_key_base secret
|
| boot.initrd.network.ifstate.cleanupSettings | Content of IfState's initrd cleanup configuration file
|
| services.mjolnir.pantalaimon.passwordFile | File containing the matrix password for the mjolnir user.
|
| services.tigerbeetle.clusterId | The 128-bit cluster ID used to create the replica data file (if needed)
|
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.restic.backups.<name>.environmentFile | file containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| networking.supplicant.<name>.extraConf | Configuration options for wpa_supplicant.conf
|
| services.hercules-ci-agent.settings.secretsJsonPath | Path to a JSON file containing secrets for effects
|
| services.anubis.defaultOptions.settings.POLICY_FNAME | The policy file to use
|
| environment.enableDebugInfo | Some NixOS packages provide debug symbols
|
| services.anubis.defaultOptions.policy.settings | Additional policy settings merged into the policy file
|
| services.neo4j.directories.imports | The root directory for file URLs used with the Cypher
LOAD CSV clause
|
| services.public-inbox.settings.publicinbox.css | The local path name of a CSS file for the PSGI web interface.
|
| services.icingaweb2.generalConfig | config.ini contents
|
| services.blockbook-frontend.<name>.rpc.passwordFile | File containing password of the RPC user
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.ocsinventory-agent.settings.ca | Path to CA certificates file in PEM format, for server
SSL certificate validation.
|
| services.wordpress.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.nextcloud.notify_push.dbpassFile | The full path to a file that contains the database password.
|
| services.szurubooru.server.settings.secretFile | File containing a secret used to salt the users' password hashes and generate filenames for static content.
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| programs.openvpn3.log-service.settings.timestamp | Add timestamp log file
|
| virtualisation.xen.boot.efi.path | Path to xen.efi. pkgs.xen is patched to install the xen.efi file
on $boot/boot/xen.efi, but an unpatched Xen build may install it
somewhere else, such as $out/boot/efi/efi/nixos/xen.efi
|