| services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.mautrix-meta.instances.<name>.registrationFile | Path to the yaml registration file of the appservice.
|
| services.mastodon.elasticsearch.passwordFile | Path to file containing password for optionally authenticating with Elasticsearch.
|
| services.outline.slackAuthentication.secretFile | File path containing the authentication secret.
|
| services.postfix.settings.master.<name>.wakeupUnusedComponent | If set to false the component will only be woken
up if it is used
|
| services.prometheus.exporters.exportarr-readarr.apiKeyFile | File containing the api-key.
|
| services.nextcloud-spreed-signaling.settings.turn.apikeyFile | The path to the file containing the value for turn.apikey
|
| services.nextcloud-spreed-signaling.settings.turn.secretFile | The path to the file containing the value for turn.secret
|
| services.matrix-appservice-discord.settings | config.yaml configuration as a Nix attribute set
|
| virtualisation.libvirtd.qemu.runAsRoot | If true, libvirtd runs qemu as root
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.invoiceplane.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| services.prometheus.exporters.restic.repositoryFile | Path to the file containing the URI for the repository to monitor.
|
| services.grafana.provision.dashboards.settings.apiVersion | Config file version.
|
| services.firezone.server.settingsSecret.LIVE_VIEW_SIGNING_SALT | A file containing a unique base64 encoded secret for the
LIVE_VIEW_SIGNING_SALT
|
| services.prometheus.exporters.ecoflow.ecoflowEmailFile | Path to the file with your personal ecoflow app login email address
|
| services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|
| services.pipewire.extraConfig.pipewire | Additional configuration for the PipeWire server
|
| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| services.jibri.xmppEnvironments.<name>.control.login.passwordFile | File containing the password for the user.
|
| services.prometheus.exporters.pgbouncer.pidFile | Path to PgBouncer pid file
|
| services.pid-fan-controller.settings.heatSources.*.wildcardPath | Path of the heat source's hwmon temp_input file
|
| services.automysqlbackup.settings | automysqlbackup configuration
|
| services.prometheus.exporters.buildkite-agent.tokenPath | The token from your Buildkite "Agents" page
|
| services.prometheus.exporters.mail.environmentFile | File containing env-vars to be substituted into the exporter's config.
|
| services.firezone.server.settingsSecret.COOKIE_SIGNING_SALT | A file containing a unique base64 encoded secret for the
COOKIE_SIGNING_SALT
|
| services.draupnir.secrets.pantalaimon.password | File containing the password for Draupnir's Matrix account when used in
conjunction with Pantalaimon to be used in place of
services.draupnir.settings.pantalaimon.password.
|
| services.netbird.tunnels.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.netbird.clients.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.slskd.settings.remote_file_management | Whether to enable modification of share contents through the web ui.
|
| services.victoriatraces.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization
|
| services.grafana.provision.datasources.settings.prune | When true, provisioned datasources from this file will be deleted
automatically when removed from
services.grafana.provision.datasources.settings.datasources.
|
| services.grafana.provision.alerting.muteTimings.settings.apiVersion | Config file version.
|
| services.prometheus.exporters.exportarr-prowlarr.apiKeyFile | File containing the api-key.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cacert | Path to CA bundle file (PEM/X509)
|
| documentation.man.mandoc.settings.output.man | A template for linked manuals (usually via the Xr macro) in HTML
output
|
| services.grafana.provision.alerting.policies.settings.apiVersion | Config file version.
|
| services.woodpecker-agents.agents.<name>.environmentFile | File to load environment variables
from
|
| services.outline.oidcAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.matrix-appservice-irc.settings.ircService.mediaProxy.signingKeyPath | Path to the signing key file for authenticated media.
|
| virtualisation.credentials.<name>.source | Source file on the host containing the credential data.
|
| virtualisation.libvirtd.qemu.verbatimConfig | Contents written to the qemu configuration file, qemu.conf
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.prometheus.exporters.kafka.environmentFile | File containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.nextcloud-spreed-signaling.backends.<name>.secretFile | The path to the file containing the value for backends.<name>.secret
|
| services.prometheus.exporters.ecoflow.ecoflowAccessKeyFile | Path to the file with your personal api access string from the Ecoflow development website https://developer-eu.ecoflow.com
|
| services.prometheus.exporters.ecoflow.ecoflowSecretKeyFile | Path to the file with your personal api secret string from the Ecoflow development website https://developer-eu.ecoflow.com
|
| services.displayManager.dms-greeter.compositor.customConfig | Custom compositor configuration to use for the greeter session
|
| services.grafana.provision.datasources.settings.apiVersion | Config file version.
|
| services.prometheus.exporters.fastly.environmentFile | An environment file containg at least the FASTLY_API_TOKEN= environment
variable.
|
| services.matrix-appservice-discord.environmentFile | File containing environment variables to be passed to the matrix-appservice-discord service,
in which secret tokens can be specified securely by defining values for
APPSERVICE_DISCORD_AUTH_CLIENT_I_D and
APPSERVICE_DISCORD_AUTH_BOT_TOKEN.
|
| services.outline.azureAuthentication.clientSecretFile | File path containing the authentication secret.
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| services.grafana.provision.alerting.contactPoints.settings.apiVersion | Config file version.
|
| services.meilisearch.masterKeyEnvironmentFile | Path to file which contains the master key
|
| services.prometheus.exporters.collectd.collectdBinary.authFile | File mapping user names to pre-shared keys (passwords).
|
| boot.initrd.availableKernelModules | The set of kernel modules in the initial ramdisk used during the
boot process
|
| services.jellyfin.forceEncodingConfig | Whether to overwrite Jellyfin's encoding.xml configuration file on each service start
|
| networking.resolvconf.dnsExtensionMechanism | Enable the edns0 option in resolv.conf
|
| services.prometheus.exporters.restic.environmentFile | File containing the credentials to access the repository, in the
format of an EnvironmentFile as described by systemd.exec(5)
|
| services.mautrix-discord.registrationServiceUnit | The registration service that generates the registration file
|
| services.grafana.provision.alerting.templates.settings.apiVersion | Config file version.
|
| services.outline.googleAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.kubernetes.apiserver.serviceAccountSigningKeyFile | Path to the file that contains the current private key of the service
account token issuer
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.akkoma.config.":web_push_encryption".":vapid_details".private_key | base64-encoded private ECDH key
|
| services.prometheus.exporters.ecoflow.ecoflowPasswordFile | Path to the file with your personal ecoflow app login email password
|
| services.stash.settings.preview_segments | Number of segments in a preview file
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.victoriametrics.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization
|
| services.veilid.settings.client_api.ipc_directory | IPC directory where file sockets are stored.
|
| services.outline.slackIntegration.verificationTokenFile | File path containing the verification token.
|
| services.kubernetes.controllerManager.serviceAccountKeyFile | Kubernetes controller manager PEM-encoded private RSA key file used to
sign service account tokens
|
| networking.openconnect.interfaces.<name>.passwordFile | File containing the password to authenticate with
|
| services.outline.discordAuthentication.clientSecretFile | File path containing the authentication secret.
|
| services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in)
|
| services.opentelemetry-collector.validateConfigFile | Whether to enable Validate configuration file.
|
| services.archisteamfarm.settings | The ASF.json file, all the options are documented here
|
| services.strongswan-swanctl.swanctl.authorities.<name>.handle | Hex-encoded CKA_ID or handle of the certificate on a token or TPM,
respectively
|
| services.mastodon.activeRecordEncryptionPrimaryKeyFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| services.mautrix-telegram.environmentFile | File containing environment variables to be passed to the mautrix-telegram service,
in which secret tokens can be specified securely by defining values for e.g.
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN,
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN,
MAUTRIX_TELEGRAM_TELEGRAM_API_ID,
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH and optionally
MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN
|
| services.firezone.server.settingsSecret.COOKIE_ENCRYPTION_SALT | A file containing a unique base64 encoded secret for the
COOKIE_ENCRYPTION_SALT
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.prometheus.exporters.junos-czerwonk.environmentFile | File containing env-vars to be substituted into the exporter's config.
|
| services.prometheus.exporters.restic.rcloneConfig | Configuration for the rclone remote being used for backup
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| services.kubernetes.apiserver.authorizationPolicy | Kubernetes apiserver authorization policy file
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.prometheus.exporters.tailscale.environmentFile | Environment file containg at least the TAILSCALE_TAILNET,
TAILSCALE_OAUTH_CLIENT_ID, and TAILSCALE_OAUTH_CLIENT_SECRET
environment variables.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris | List of CRL distribution points (ldap, http, or file URI)
|
| services.prometheus.exporters.ecoflow.ecoflowDevicesFile | File must contain one line, example: R3300000,R3400000,NC430000,...
|
| services.icingaweb2.authentications | authentication.ini contents
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| services.nextcloud-spreed-signaling.settings.sessions.hashkeyFile | The path to the file containing the value for sessions.hashkey
|
| services.gitlab.secrets.activeRecordDeterministicKeyFile | A file containing the secret used to encrypt some rails data in a deterministic way
in the DB
|