| services.wasabibackend.rpc.passwordFile | File that contains the password of the RPC user.
|
| services.kubernetes.proxy.kubeconfig.certFile | Kubernetes proxy client certificate file used to connect to kube-apiserver.
|
| services.hercules-ci-agent.settings.binaryCachesPath | Path to a JSON file containing binary cache secret keys
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| environment.defaultPackages | Set of default packages that aren't strictly necessary
for a running system, entries can be removed for a more
minimal NixOS installation
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.minecraft-server.serverProperties | Minecraft server properties for the server.properties file
|
| services.peertube.serviceEnvironmentFile | Set environment variables for the service
|
| services.persistent-evdev.devices | A set of virtual proxy device labels with backing physical device ids
|
| services.victorialogs.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaLogs instance by authorization
|
| services.xserver.exportConfiguration | Whether to symlink the X server configuration under
/etc/X11/xorg.conf.
|
| virtualisation.xen.boot.efi.path | Path to xen.efi. pkgs.xen is patched to install the xen.efi file
on $boot/boot/xen.efi, but an unpatched Xen build may install it
somewhere else, such as $out/boot/efi/efi/nixos/xen.efi
|
| services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.suricata.settings.unix-command | Unix command socket that can be used to pass commands to Suricata
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.influxdb2.provision.initialSetup.tokenFile | API Token to set for the admin user
|
| services.healthchecks.settings.SECRET_KEY_FILE | Path to a file containing the secret key.
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.prometheus.exporters.opnsense.apiKeyFile | File containing the api key.
|
| services.rosenpass.settings.public_key | Path to a file containing the public key of the local Rosenpass peer
|
| services.rosenpass.settings.secret_key | Path to a file containing the secret key of the local Rosenpass peer
|
| services.prometheus.exporters.dnsmasq.leasesPath | Path to the dnsmasq.leases file.
|
| services.home-assistant.blueprints.template | List of template
blueprints to
install into ${config.services.home-assistant.configDir}/blueprints/template.
|
| virtualisation.libvirtd.extraConfig | Extra contents appended to the libvirtd configuration file,
libvirtd.conf.
|
| services.wastebin.settings.WASTEBIN_DATABASE_PATH | Path to the sqlite3 database file
|
| services.wasabibackend.customConfigFile | Defines the path to a custom configuration file that is copied to the user's directory
|
| virtualisation.xen.store.settings.pidFile | Path to the Xen Store Daemon PID file.
|
| boot.loader.generationsDir.enable | Whether to create symlinks to the system generations under
/boot
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.geoipupdate.settings.LicenseKey | A file containing the MaxMind license key
|
| services.gitlab.secrets.activeRecordPrimaryKeyFile | A file containing the secret used to encrypt some rails data
in the DB
|
| services.activemq.configurationDir | The base directory for ActiveMQ's configuration
|
| services.roundcube.database.passwordFile | Password file for the postgresql connection
|
| services.mautrix-meta.instances.<name>.registerToSynapse | Whether to add registration file to services.matrix-synapse.settings.app_service_config_files and
make Synapse wait for registration service.
|
| services.prosody.httpFileShare.expires_after | Max age of a file before it gets deleted.
|
| services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKey | Legacy RSA public key of the host in PEM format, including start and
end markers
|
| services.kubernetes.apiserver.kubeletClientCaFile | Path to a cert file for connecting to kubelet.
|
| environment.extraOutputsToInstall | Entries listed here will be appended to the meta.outputsToInstall attribute for each package in environment.systemPackages, and the files from the corresponding derivation outputs symlinked into /run/current-system/sw
|
| services.bookstack.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.waagent.settings.ResourceDisk.FileSystem | The file system type for the resource disk
|
| services.crowdsec.settings.capi.credentialsFile | The CAPI credential file to use.
|
| services.crowdsec.settings.lapi.credentialsFile | The LAPI credential file to use.
|
| services.nginx.sso.configuration | nginx-sso configuration
(documentation)
as a Nix attribute set
|
| services.matrix-hookshot.registrationFile | Appservice registration file
|
| services.kubernetes.controllerManager.tlsKeyFile | Kubernetes controller-manager private key file.
|
| services.grafana.provision.dashboards.path | Path to YAML dashboard configuration
|
| services.librenms.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.agorakit.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dolibarr.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.kanboard.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fediwall.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.pixelfed.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.pufferpanel.environmentFile | File to load environment variables from
|
| services.mainsail.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.rosenpass.settings.peers.*.public_key | Path to a file containing the public key of the remote Rosenpass peer.
|
| services.kubernetes.controllerManager.tlsCertFile | Kubernetes controller-manager certificate file.
|
| services.kubernetes.kubelet.kubeconfig.caFile | Kubelet certificate authority file used to connect to kube-apiserver.
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.prometheus.exporters.nut.passwordPath | A run-time path to the nutUser password file, which should be
provisioned outside of Nix store.
|
| services.kubernetes.kubelet.kubeconfig.keyFile | Kubelet client key file used to connect to kube-apiserver.
|
| services.k3s.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/k3s/server/manifests before k3s starts
|
| services.adguardhome.settings | AdGuard Home configuration
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.paperless.passwordFile | A file containing the superuser password
|
| services.ocsinventory-agent.settings.local | If specified, the OCS Inventory Agent will run in offline mode
and the resulting inventory file will be stored in the specified path.
|
| services.rke2.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/rke2/server/manifests before rke2 starts
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.sourcehut.settings.mail.pgp-privkey | An absolute file path (which should be outside the Nix-store)
to an OpenPGP private key
|
| services.elasticsearch-curator.actionYAML | curator action.yaml file contents, alternatively use curator-cli which takes a simple action command
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets | The subnets which this tinc daemon will serve
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.prometheus.exporters.blackbox.configFile | Path to configuration file.
|
| virtualisation.xen.domains.extraConfig | Options defined here will override the defaults for xendomains
|
| services.writefreely.admin.initialPasswordFile | Path to a file containing the initial password for the admin user
|
| services.kubernetes.kubelet.kubeconfig.certFile | Kubelet client certificate file used to connect to kube-apiserver.
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| services.activemq.configurationURI | The URI that is passed along to the BrokerFactory to
set up the configuration of the ActiveMQ broker service
|
| boot.initrd.network.openvpn.configuration | The configuration file for OpenVPN.
Unless your bootloader supports initrd secrets, this configuration
is stored insecurely in the global Nix store.
|
| services.ocsinventory-agent.settings.server | The URI of the OCS Inventory server where to send the inventory file
|
| services.pipewire.extraConfig.pipewire-pulse | Additional configuration for the PipeWire PulseAudio server
|
| services.step-ca.intermediatePasswordFile | Path to the file containing the password for the intermediate
certificate private key.
Make sure to use a quoted absolute path instead of a path literal
to prevent it from being copied to the globally readable Nix
store.
|
| services.prometheus.exporters.restic.passwordFile | File containing the password to the repository.
|
| services.transmission.settings.umask | Sets transmission's file mode creation mask
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.postfix.masterConfig.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.grafana.settings.server.socket_mode | Mode where the socket should be set when protocol=socket
|
| services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.mail.sendmailSetuidWrapper.permissions | The permissions of the wrapper program
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.kubernetes.controllerManager.rootCaFile | Kubernetes controller manager certificate authority file included in
service account's token secret.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.sourcehut.settings."meta.sr.ht::billing".stripe-secret-key | An absolute file path (which should be outside the Nix-store)
to a secret key for Stripe
|
| networking.networkmanager.dns | Set the DNS (resolv.conf) processing mode
|
| services.nextcloud.config.objectstore.s3.secretFile | The full path to a file that contains the access secret.
|
| services.mpdscribble.endpoints.<name>.passwordFile | File containing the password, either as MD5SUM or cleartext.
|