| services.misskey.reverseProxy.webserver.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.matrix-hookshot.registrationFile | Appservice registration file
|
| services.grafana.settings.server.socket_mode | Mode where the socket should be set when protocol=socket
|
| services.grafana.provision.alerting.muteTimings.path | Path to YAML mute timings configuration
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.xserver.displayManager.lightdm.greeter.package | The LightDM greeter to login via
|
| virtualisation.xen.domains.extraConfig | Options defined here will override the defaults for xendomains
|
| documentation.man.mandoc.settings.output.style | Path to the file used for an external style-sheet
|
| services.writefreely.admin.initialPasswordFile | Path to a file containing the initial password for the admin user
|
| services.transmission.settings.umask | Sets transmission's file mode creation mask
|
| services.adguardhome.settings | AdGuard Home configuration
|
| services.sourcehut.settings."meta.sr.ht::billing".stripe-secret-key | An absolute file path (which should be outside the Nix-store)
to a secret key for Stripe
|
| services.prometheus.exporters.dmarc.imap.passwordFile | File containing the login password for the IMAP connection.
|
| services.pufferpanel.environmentFile | File to load environment variables from
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.authelia.instances.<name>.settingsFiles | Here you can provide authelia with configuration files or directories
|
| services.suwayomi-server.settings.server.basicAuthPasswordFile | The password file containing the value that you have to provide when authenticating.
|
| services.frp.instances.<name>.environmentFiles | List of paths files that follows systemd environmentfile structure
|
| services.xserver.displayManager.sx.enable | Whether to enable the "sx" pseudo-display manager, which allows users
to start manually via the "sx" command from a vt shell
|
| services.prometheus.exporters.opnsense.apiSecretFile | File containing the api secret.
|
| services.waagent.settings.ResourceDisk.Format | If set to true, waagent formats and mounts the resource disk that the platform provides,
unless the file system type in `ResourceDisk
|
| services.ocsinventory-agent.settings.server | The URI of the OCS Inventory server where to send the inventory file
|
| services.grafana.provision.alerting.policies.path | Path to YAML notification policies configuration
|
| services.restic.backups.<name>.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.sourcehut.settings."sr.ht".service-key | An absolute file path (which should be outside the Nix-store)
to a key used for encrypting session cookies
|
| services.firezone.server.settingsSecret.TOKENS_SALT | A file containing a unique base64 encoded secret for the
TOKENS_SALT
|
| services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| environment.extraOutputsToInstall | Entries listed here will be appended to the meta.outputsToInstall attribute for each package in environment.systemPackages, and the files from the corresponding derivation outputs symlinked into /run/current-system/sw
|
| services.tinc.networks.<name>.hostSettings.<name>.subnets | The subnets which this tinc daemon will serve
|
| services.mail.sendmailSetuidWrapper.permissions | The permissions of the wrapper program
|
| services.kubernetes.controllerManager.rootCaFile | Kubernetes controller manager certificate authority file included in
service account's token secret.
|
| services.jitsi-videobridge.xmppConfigs.<name>.passwordFile | File containing the password for the user.
|
| services.rke2.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/rke2/server/manifests before rke2 starts
|
| security.pam.ussh.authorizedPrincipalsFile | Path to a list of principals; if the user presents a certificate with
one of these principals, then they will be authorized
|
| services.grafana.provision.datasources.path | Path to YAML datasource configuration
|
| documentation.man.mandoc.settings.output.toc | Whether to enable printing a table of contents near the beginning of the HTML output
of mandoc(1) if an input file contains at least two
non-standard sections
.
|
| services.osquery.flags.database_path | Path used for the database file.
If left as the default value, this directory will be automatically created before the
service starts, otherwise you are responsible for ensuring the directory exists with
the appropriate ownership and permissions.
|
| services.elasticsearch-curator.actionYAML | curator action.yaml file contents, alternatively use curator-cli which takes a simple action command
|
| services.step-ca.intermediatePasswordFile | Path to the file containing the password for the intermediate
certificate private key.
Make sure to use a quoted absolute path instead of a path literal
to prevent it from being copied to the globally readable Nix
store.
|
| services.bookstack.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.grafana.settings.server.socket_gid | GID where the socket should be set when protocol=socket
|
| services.grafana-image-renderer.settings.service.logging.level | The log-level of the grafana-image-renderer.service-unit.
|
| services.postfixadmin.database.passwordFile | Password file for the postgresql connection
|
| services.firezone.server.settingsSecret.TOKENS_KEY_BASE | A file containing a unique base64 encoded secret for the
TOKENS_KEY_BASE
|
| services.firezone.server.settingsSecret.SECRET_KEY_BASE | A file containing a unique base64 encoded secret for the
SECRET_KEY_BASE
|
| services.xserver.displayManager.lightdm.greeters.gtk.extraConfig | Extra configuration that should be put in the lightdm-gtk-greeter.conf
configuration file.
|
| services.immichframe.settings.Accounts.*.ApiKeyFile | File containing an API key to talk to the Immich server
|
| services.xserver.displayManager.lightdm.greeters.enso.extraConfig | Extra configuration that should be put in the greeter.conf
configuration file
|
| services.postfix.masterConfig.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.firezone.server.provision.accounts | All accounts to provision
|
| services.home-assistant.lovelaceConfigWritable | Whether to make ui-lovelace.yaml writable
|
| services.jibri.xmppEnvironments.<name>.call.login.passwordFile | File containing the password for the user.
|
| services.prometheus.exporters.bitcoin.rpcPasswordFile | File containing RPC password.
|
| services.sslh.settings.verbose-connections | Where to log connections information
|
| services.grafana.provision.alerting.contactPoints.path | Path to YAML contact points configuration
|
| networking.networkmanager.dns | Set the DNS (resolv.conf) processing mode
|
| services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| services.athens.singleFlight.redisSentinel.sentinelPassword | Password for the sentinel server
|
| services.radicle.ci.adapters.native.instances.<name>.settings.log | File where radicle-native-ci should write the run log.
|
| services.xserver.displayManager.lightdm.greeters.mini.extraConfig | Extra configuration that should be put in the lightdm-mini-greeter.conf
configuration file.
|
| services.suricata.settings.outputs | Configure the type of alert (and other) logging you would like
|
| services.mpdscribble.endpoints.<name>.passwordFile | File containing the password, either as MD5SUM or cleartext.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| security.pam.sshAgentAuth.authorizedKeysFiles | A list of paths to files in OpenSSH's authorized_keys format, containing
the keys that will be trusted by the pam_ssh_agent_auth module
|
| services.mollysocket.environmentFile | Environment file (see systemd.exec(5) "EnvironmentFile="
section for the syntax) passed to the service
|
| services.grafana.provision.alerting.templates.path | Path to YAML templates configuration
|
| services.woodpecker-server.environmentFile | File to load environment variables
from
|
| services.influxdb2.provision.initialSetup.passwordFile | Password for primary user
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.szurubooru.server.settings.delete_source_files | Whether to delete thumbnails and source files on post delete.
|
| services.gotosocial.environmentFile | File path containing environment variables for configuring the GoToSocial service
in the format of an EnvironmentFile as described by systemd.exec(5)
|
| services.prometheus.exporters.tibber.apiTokenPath | Add here the path to your personal Tibber API Token ('Bearer Token') File
|
| services.jirafeau.nginxConfig.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.grafana.provision.alerting.rules.settings.apiVersion | Config file version.
|
| environment.corePackages | Set of core packages for a normal interactive system
|
| services.bluesky-pds.environmentFiles | File to load environment variables from
|
| services.pid-fan-controller.settings.fans.*.wildcardPath | Wildcard path of the hwmon pwm file
|
| services.home-assistant.blueprints.automation | List of automation
blueprints to
install into ${config.services.home-assistant.configDir}/blueprints/automation.
|
| services.bitwarden-directory-connector-cli.secrets.ldap | Path to file that contains LDAP password for user in {option}`ldap.username
|
| services.xserver.displayManager.lightdm.greeters.slick.extraConfig | Extra configuration that should be put in the lightdm-slick-greeter.conf
configuration file.
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.opensmtpd.serverConfiguration | The contents of the smtpd.conf configuration file
|
| services.prometheus.exporters.exportarr-bazarr.apiKeyFile | File containing the api-key.
|
| services.prometheus.exporters.exportarr-sonarr.apiKeyFile | File containing the api-key.
|
| services.prometheus.exporters.exportarr-radarr.apiKeyFile | File containing the api-key.
|
| services.prometheus.exporters.exportarr-lidarr.apiKeyFile | File containing the api-key.
|
| services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| services.prometheus.exporters.pgbouncer.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.sourcehut.settings.webhooks.private-key | An absolute file path (which should be outside the Nix-store)
to a base64-encoded Ed25519 key for signing webhook payloads
|
| services.dendrite.settings.global.private_key | The path to the signing private key file, used to sign
requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
|
| services.pantalaimon-headless.instances.<name>.dataPath | The directory where pantalaimon should store its state such as the database file.
|
| boot.loader.systemd-boot.sortKey | The sort key used for the NixOS bootloader entries
|
| services.prometheus.exporters.storagebox.tokenFile | File that contains the Hetzner API token to use.
|
| services.prometheus.exporters.deluge.delugePasswordFile | File containing the password to connect to deluge server.
|
| services.homepage-dashboard.environmentFile | The path to an environment file that contains environment variables to pass
to the homepage-dashboard service, for the purpose of passing secrets to
the service
|
| services.nextcloud.settings.loglevel | Log level value between 0 (DEBUG) and 4 (FATAL).
-
0 (debug): Log all activity.
-
1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
-
2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
-
3 (error): Log failed operations and fatal errors.
-
4 (fatal): Log only fatal errors that cause the server to stop.
|
| services.firezone.server.settingsSecret.RELEASE_COOKIE | A file containing a unique secret identifier for the Erlang
cluster
|