| services.suwayomi-server.settings.server.basicAuthPasswordFile | The password file containing the value that you have to provide when authenticating.
|
| services.prometheus.exporters.opnsense.apiSecretFile | File containing the api secret.
|
| services.home-assistant.lovelaceConfigWritable | Whether to make ui-lovelace.yaml writable
|
| services.misskey.reverseProxy.webserver.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.postfixadmin.database.passwordFile | Password file for the postgresql connection
|
| services.sourcehut.settings."sr.ht".service-key | An absolute file path (which should be outside the Nix-store)
to a key used for encrypting session cookies
|
| environment.corePackages | Set of core packages for a normal interactive system
|
| security.pam.ussh.authorizedPrincipalsFile | Path to a list of principals; if the user presents a certificate with
one of these principals, then they will be authorized
|
| services.bookstack.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.osquery.flags.database_path | Path used for the database file.
If left as the default value, this directory will be automatically created before the
service starts, otherwise you are responsible for ensuring the directory exists with
the appropriate ownership and permissions.
|
| services.mollysocket.environmentFile | Environment file (see systemd.exec(5) "EnvironmentFile="
section for the syntax) passed to the service
|
| services.woodpecker-server.environmentFile | File to load environment variables
from
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.auth_token_file | Optional authentication information for token-based authentication:
https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token
It is mutually exclusive with auth_token and other authentication mechanisms.
|
| documentation.man.mandoc.settings.output.style | Path to the file used for an external style-sheet
|
| services.immichframe.settings.Accounts.*.ApiKeyFile | File containing an API key to talk to the Immich server
|
| services.grafana.provision.alerting.muteTimings.path | Path to YAML mute timings configuration
|
| services.gotosocial.environmentFile | File path containing environment variables for configuring the GoToSocial service
in the format of an EnvironmentFile as described by systemd.exec(5)
|
| services.prometheus.exporters.dmarc.imap.passwordFile | File containing the login password for the IMAP connection.
|
| services.xserver.displayManager.lightdm.greeter.package | The LightDM greeter to login via
|
| services.grafana.provision.datasources.path | Path to YAML datasource configuration
|
| services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| services.firezone.server.settingsSecret.TOKENS_SALT | A file containing a unique base64 encoded secret for the
TOKENS_SALT
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.opensmtpd.serverConfiguration | The contents of the smtpd.conf configuration file
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.waagent.settings.ResourceDisk.Format | If set to true, waagent formats and mounts the resource disk that the platform provides,
unless the file system type in `ResourceDisk
|
| services.firezone.server.provision.accounts | All accounts to provision
|
| services.influxdb2.provision.initialSetup.passwordFile | Password for primary user
|
| services.grafana.provision.alerting.policies.path | Path to YAML notification policies configuration
|
| services.mastodon.configureNginx | Configure nginx as a reverse proxy for mastodon
|
| services.pantalaimon-headless.instances.<name>.dataPath | The directory where pantalaimon should store its state such as the database file.
|
| services.prometheus.exporters.mikrotik.configFile | Path to a mikrotik exporter configuration file
|
| services.sslh.settings.verbose-connections | Where to log connections information
|
| services.grafana.settings.server.socket_gid | GID where the socket should be set when protocol=socket
|
| services.bluesky-pds.environmentFiles | File to load environment variables from
|
| services.jibri.xmppEnvironments.<name>.call.login.passwordFile | File containing the password for the user.
|
| services.prometheus.exporters.borgmatic.configFile | The path to the borgmatic config file
|
| services.prometheus.exporters.bitcoin.rpcPasswordFile | File containing RPC password.
|
| services.opentelemetry-collector.configFile | Specify a path to a configuration file that Opentelemetry Collector should use.
|
| services.xserver.displayManager.sx.enable | Whether to enable the "sx" pseudo-display manager, which allows users
to start manually via the "sx" command from a vt shell
|
| services.jirafeau.nginxConfig.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.grafana-image-renderer.settings.service.logging.level | The log-level of the grafana-image-renderer.service-unit.
|
| services.firezone.server.settingsSecret.TOKENS_KEY_BASE | A file containing a unique base64 encoded secret for the
TOKENS_KEY_BASE
|
| services.bitwarden-directory-connector-cli.secrets.ldap | Path to file that contains LDAP password for user in {option}`ldap.username
|
| services.athens.singleFlight.redisSentinel.sentinelPassword | Password for the sentinel server
|
| documentation.man.mandoc.settings.output.toc | Whether to enable printing a table of contents near the beginning of the HTML output
of mandoc(1) if an input file contains at least two
non-standard sections
.
|
| services.firezone.server.settingsSecret.SECRET_KEY_BASE | A file containing a unique base64 encoded secret for the
SECRET_KEY_BASE
|
| services.homepage-dashboard.environmentFile | The path to an environment file that contains environment variables to pass
to the homepage-dashboard service, for the purpose of passing secrets to
the service
|
| services.home-assistant.blueprints.automation | List of automation
blueprints to
install into ${config.services.home-assistant.configDir}/blueprints/automation.
|
| services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| services.pid-fan-controller.settings.fans.*.wildcardPath | Wildcard path of the hwmon pwm file
|
| services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| security.pam.sshAgentAuth.authorizedKeysFiles | A list of paths to files in OpenSSH's authorized_keys format, containing
the keys that will be trusted by the pam_ssh_agent_auth module
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.suricata.settings.outputs | Configure the type of alert (and other) logging you would like
|
| services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| virtualisation.containerd.configFile | Path to containerd config file
|
| services.kubernetes.scheduler.kubeconfig.caFile | Kubernetes scheduler certificate authority file used to connect to kube-apiserver.
|
| services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.grafana.provision.alerting.contactPoints.path | Path to YAML contact points configuration
|
| services.prometheus.exporters.exportarr-bazarr.apiKeyFile | File containing the api-key.
|
| services.prometheus.exporters.exportarr-sonarr.apiKeyFile | File containing the api-key.
|
| services.prometheus.exporters.exportarr-radarr.apiKeyFile | File containing the api-key.
|
| services.prometheus.exporters.tibber.apiTokenPath | Add here the path to your personal Tibber API Token ('Bearer Token') File
|
| services.prometheus.exporters.exportarr-lidarr.apiKeyFile | File containing the api-key.
|
| services.kubernetes.scheduler.kubeconfig.keyFile | Kubernetes scheduler client key file used to connect to kube-apiserver.
|
| services.xserver.displayManager.lightdm.greeters.enso.extraConfig | Extra configuration that should be put in the greeter.conf
configuration file
|
| services.xserver.displayManager.lightdm.greeters.gtk.extraConfig | Extra configuration that should be put in the lightdm-gtk-greeter.conf
configuration file.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.grafana.provision.alerting.templates.path | Path to YAML templates configuration
|
| services.prometheus.exporters.pgbouncer.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| services.dendrite.settings.global.private_key | The path to the signing private key file, used to sign
requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
|
| services.automysqlbackup.settings | automysqlbackup configuration
|
| services.prometheus.exporters.storagebox.tokenFile | File that contains the Hetzner API token to use.
|
| services.prometheus.exporters.deluge.delugePasswordFile | File containing the password to connect to deluge server.
|
| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| services.mastodon.elasticsearch.passwordFile | Path to file containing password for optionally authenticating with Elasticsearch.
|
| services.outline.slackAuthentication.secretFile | File path containing the authentication secret.
|
| services.radicle.ci.adapters.native.instances.<name>.settings.log | File where radicle-native-ci should write the run log.
|
| services.kubernetes.scheduler.kubeconfig.certFile | Kubernetes scheduler client certificate file used to connect to kube-apiserver.
|
| virtualisation.credentials.<name>.source | Source file on the host containing the credential data.
|
| services.xserver.displayManager.lightdm.greeters.mini.extraConfig | Extra configuration that should be put in the lightdm-mini-greeter.conf
configuration file.
|
| services.sourcehut.settings.webhooks.private-key | An absolute file path (which should be outside the Nix-store)
to a base64-encoded Ed25519 key for signing webhook payloads
|
| services.grafana.provision.alerting.rules.settings.apiVersion | Config file version.
|
| services.invoiceplane.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.nextcloud.settings.loglevel | Log level value between 0 (DEBUG) and 4 (FATAL).
-
0 (debug): Log all activity.
-
1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
-
2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
-
3 (error): Log failed operations and fatal errors.
-
4 (fatal): Log only fatal errors that cause the server to stop.
|
| services.victoriatraces.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization
|
| virtualisation.libvirtd.qemu.runAsRoot | If true, libvirtd runs qemu as root
|
| services.prometheus.exporters.exportarr-readarr.apiKeyFile | File containing the api-key.
|
| services.xserver.displayManager.lightdm.greeters.slick.extraConfig | Extra configuration that should be put in the lightdm-slick-greeter.conf
configuration file.
|
| services.firezone.server.settingsSecret.RELEASE_COOKIE | A file containing a unique secret identifier for the Erlang
cluster
|
| services.pid-fan-controller.settings.heatSources.*.wildcardPath | Path of the heat source's hwmon temp_input file
|
| services.prometheus.exporters.restic.repositoryFile | Path to the file containing the URI for the repository to monitor.
|
| services.nextcloud-spreed-signaling.settings.turn.apikeyFile | The path to the file containing the value for turn.apikey
|
| services.nextcloud-spreed-signaling.settings.turn.secretFile | The path to the file containing the value for turn.secret
|