| services.yggdrasil.settings.PrivateKeyPath | Path to the private key file on the host system
|
| services.prometheus.exporters.snmp.configurationPath | Path to a snmp exporter configuration file
|
| services.postfix.tlsTrustedAuthorities | File containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery
|
| services.pds.environmentFiles | File to load environment variables from
|
| services.discourse.mail.outgoing.passwordFile | A file containing the password of the SMTP server account
|
| services.anubis.instances.<name>.policy.settings | Additional policy settings merged into the policy file
|
| services.limesurvey.nginx.virtualHost.basicAuthFile | Basic Auth password file for a vhost
|
| services.waagent.settings.ResourceDisk.EnableSwap | If enabled, the agent creates a swap file (/swapfile) on the resource disk
and adds it to the system swap space
|
| services.hylafax.faxqclean.enable.frequency | Purge old files from the spooling area with
faxcron with the given frequency
(see systemd.time(7)).
|
| services.wasabibackend.rpc.passwordFile | File that contains the password of the RPC user.
|
| services.hercules-ci-agent.settings.binaryCachesPath | Path to a JSON file containing binary cache secret keys
|
| services.system76-scheduler.settings.cfsProfiles.responsive.latency | sched_latency_ns.
|
| environment.defaultPackages | Set of default packages that aren't strictly necessary
for a running system, entries can be removed for a more
minimal NixOS installation
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.radicle.httpd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.minecraft-server.serverProperties | Minecraft server properties for the server.properties file
|
| services.peertube.serviceEnvironmentFile | Set environment variables for the service
|
| services.persistent-evdev.devices | A set of virtual proxy device labels with backing physical device ids
|
| services.victorialogs.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaLogs instance by authorization
|
| services.xserver.exportConfiguration | Whether to symlink the X server configuration under
/etc/X11/xorg.conf.
|
| virtualisation.xen.boot.efi.path | Path to xen.efi. pkgs.xen is patched to install the xen.efi file
on $boot/boot/xen.efi, but an unpatched Xen build may install it
somewhere else, such as $out/boot/efi/efi/nixos/xen.efi
|
| services.system76-scheduler.settings.cfsProfiles.responsive.preempt | Preemption mode.
|
| services.system76-scheduler.settings.cfsProfiles.responsive.nr-latency | sched_nr_latency.
|
| services.influxdb2.provision.initialSetup.tokenFile | API Token to set for the admin user
|
| services.healthchecks.settings.SECRET_KEY_FILE | Path to a file containing the secret key.
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.prometheus.exporters.opnsense.apiKeyFile | File containing the api key.
|
| services.rosenpass.settings.public_key | Path to a file containing the public key of the local Rosenpass peer
|
| services.rosenpass.settings.secret_key | Path to a file containing the secret key of the local Rosenpass peer
|
| services.prometheus.exporters.dnsmasq.leasesPath | Path to the dnsmasq.leases file.
|
| services.openssh.authorizedKeysFiles | Specify the rules for which files to read on the host
|
| services.home-assistant.blueprints.template | List of template
blueprints to
install into ${config.services.home-assistant.configDir}/blueprints/template.
|
| virtualisation.libvirtd.extraConfig | Extra contents appended to the libvirtd configuration file,
libvirtd.conf.
|
| services.wastebin.settings.WASTEBIN_DATABASE_PATH | Path to the sqlite3 database file
|
| services.wasabibackend.customConfigFile | Defines the path to a custom configuration file that is copied to the user's directory
|
| virtualisation.xen.store.settings.pidFile | Path to the Xen Store Daemon PID file.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.geoipupdate.settings.LicenseKey | A file containing the MaxMind license key
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.gitlab.secrets.activeRecordPrimaryKeyFile | A file containing the secret used to encrypt some rails data
in the DB
|
| boot.loader.generationsDir.enable | Whether to create symlinks to the system generations under
/boot
|
| services.suricata.settings.unix-command | Unix command socket that can be used to pass commands to Suricata
|
| services.roundcube.database.passwordFile | Password file for the postgresql connection
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mautrix-meta.instances.<name>.registerToSynapse | Whether to add registration file to services.matrix-synapse.settings.app_service_config_files and
make Synapse wait for registration service.
|
| services.prosody.httpFileShare.expires_after | Max age of a file before it gets deleted.
|
| services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKey | Legacy RSA public key of the host in PEM format, including start and
end markers
|
| services.kubernetes.apiserver.kubeletClientCaFile | Path to a cert file for connecting to kubelet.
|
| services.prometheus.exporters.dnssec.configuration | dnssec exporter configuration as nix attribute set
|
| security.agnos.settings.accounts.*.certificates.*.fullchain_output_file | Output path for the full chain including the acquired certificate
|
| environment.extraOutputsToInstall | Entries listed here will be appended to the meta.outputsToInstall attribute for each package in environment.systemPackages, and the files from the corresponding derivation outputs symlinked into /run/current-system/sw
|
| services.crowdsec.settings.capi.credentialsFile | The CAPI credential file to use.
|
| services.crowdsec.settings.lapi.credentialsFile | The LAPI credential file to use.
|
| services.matrix-hookshot.registrationFile | Appservice registration file
|
| services.kubernetes.controllerManager.tlsKeyFile | Kubernetes controller-manager private key file.
|
| services.filebeat.settings.output.elasticsearch.hosts | The list of Elasticsearch nodes to connect to
|
| services.grafana.provision.dashboards.path | Path to YAML dashboard configuration
|
| services.librenms.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.agorakit.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.dolibarr.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.kanboard.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fediwall.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.bookstack.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.pufferpanel.environmentFile | File to load environment variables from
|
| services.mainsail.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.rosenpass.settings.peers.*.public_key | Path to a file containing the public key of the remote Rosenpass peer.
|
| services.waagent.settings.ResourceDisk.FileSystem | The file system type for the resource disk
|
| services.kubernetes.controllerManager.tlsCertFile | Kubernetes controller-manager certificate file.
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| services.prometheus.exporters.nut.passwordPath | A run-time path to the nutUser password file, which should be
provisioned outside of Nix store.
|
| services.adguardhome.settings | AdGuard Home configuration
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.paperless.passwordFile | A file containing the superuser password
|
| services.ocsinventory-agent.settings.local | If specified, the OCS Inventory Agent will run in offline mode
and the resulting inventory file will be stored in the specified path.
|
| services.k3s.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/k3s/server/manifests before k3s starts
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".live_view.signing_salt | LiveView signing salt
|
| services.sourcehut.settings.mail.pgp-privkey | An absolute file path (which should be outside the Nix-store)
to an OpenPGP private key
|
| services.elasticsearch-curator.actionYAML | curator action.yaml file contents, alternatively use curator-cli which takes a simple action command
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets | The subnets which this tinc daemon will serve
|
| services.radicle.httpd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| virtualisation.xen.domains.extraConfig | Options defined here will override the defaults for xendomains
|
| services.writefreely.admin.initialPasswordFile | Path to a file containing the initial password for the admin user
|
| services.rke2.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/rke2/server/manifests before rke2 starts
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| services.ocsinventory-agent.settings.server | The URI of the OCS Inventory server where to send the inventory file
|
| services.pipewire.extraConfig.pipewire-pulse | Additional configuration for the PipeWire PulseAudio server
|
| services.step-ca.intermediatePasswordFile | Path to the file containing the password for the intermediate
certificate private key.
Make sure to use a quoted absolute path instead of a path literal
to prevent it from being copied to the globally readable Nix
store.
|
| services.prometheus.exporters.restic.passwordFile | File containing the password to the repository.
|
| services.transmission.settings.umask | Sets transmission's file mode creation mask
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.postfix.masterConfig.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.grafana.settings.server.socket_mode | Mode where the socket should be set when protocol=socket
|
| services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.mail.sendmailSetuidWrapper.permissions | The permissions of the wrapper program
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.kubernetes.controllerManager.rootCaFile | Kubernetes controller manager certificate authority file included in
service account's token secret.
|