| virtualisation.additionalPaths | A list of paths whose closure should be made available to
the VM
|
| services.homer.settings | Settings serialized into config.yml before build
|
| services.graylog.dataDir | Directory used to store Graylog server state.
|
| services.k3s.token | The k3s token to use when connecting to a server.
WARNING: This option will expose your token unencrypted in the world-readable nix store
|
| services.roundcube.database.password | Password for the postgresql connection
|
| services.grafana.settings.smtp.password | Password used for authentication
|
| services.changedetection-io.datastorePath | The directory used to store all data for changedetection-io.
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| programs.neovim.configure | Generate your init file from your list of plugins and custom commands
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mjolnir.dataPath | The directory the bot should store various bits of information in.
|
| services.limesurvey.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| services.rke2.token | The rke2 token to use when connecting to a server.
WARNING: This option will expose your token unencrypted in the world-readable nix store
|
| services.murmur.logDays | How long to store RPC logs for in the database
|
| services.pocket-id.credentials | Environment variables which are loaded from the contents of the specified file paths
|
| services.cfssl.configFile | Path to configuration file
|
| services.radicle.httpd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.forgejo.dump.type | Archive format used to store the dump file.
|
| services.gitea.lfs.contentDir | Where to store LFS files.
|
| services.memos.dataDir | Specifies the directory where Memos will store its data.
|
| services.discourse.database.passwordFile | File containing the Discourse database user password
|
| services.ncps.cache.hostName | The hostname of the cache server. This is used to generate the
private key used for signing store paths (.narinfo)
|
| services.guix.stateDir | The state directory where Guix service will store its data such as its
user-specific profiles, cache, and state files.
Changing it to something other than the default will rebuild the
package.
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| system.build.toplevel | This option contains the store path that typically represents a NixOS system
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.discourse.secretKeyBaseFile | The path to a file containing the
secret_key_base secret
|
| services.ncps.cache.maxSize | The maximum size of the store
|
| services.certmgr.specs | Certificate specs as described by:
https://github.com/cloudflare/certmgr#certificate-specs
These will be added to the Nix store, so they will be world readable.
|
| services.discourse.mail.outgoing.passwordFile | A file containing the password of the SMTP server account
|
| services.hydra.useSubstitutes | Whether to use binary caches for downloading store paths
|
| services.pocket-id.environmentFile | Path to an environment file to be loaded
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| services.mattermost.database.password | Password for local Mattermost database user
|
| image.repart.verityStore.enable | Whether to enable building images with a dm-verity protected nix store.
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.artalk.allowModify | allow Artalk store the settings to config file persistently
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.aria2.settings.dir | Directory to store downloaded files.
|
| services.mailhog.storage | Store mails on disk or in memory.
|
| services.dovecot2.mailUser | Default user to store mail for virtual users.
|
| services.tt-rss.database.type | Database to store feeds
|
| programs.msmtp.accounts | Named accounts and their respective configurations
|
| services.misskey.reverseProxy.webserver.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.pingvin-share.dataDir | The path to the data directory in which Pingvin Share will store its data.
|
| services.bitlbee.configDir | Specify an alternative directory to store all the per-user configuration
files.
|
| networking.wg-quick.interfaces.<name>.privateKey | Base64 private key generated by wg genkey
|
| services.wasabibackend.rpc.password | RPC password for the bitcoin endpoint
|
| nix.optimise.automatic | Automatically run the nix store optimiser at a specific time.
|
| services.etebase-server.dataDir | Directory to store the Etebase server data.
|
| services.prometheus.exporters.nut.passwordPath | A run-time path to the nutUser password file, which should be
provisioned outside of Nix store.
|
| services.grafana.settings.database.password | The database user's password (not applicable for sqlite3)
|
| services.mqtt2influxdb.mqtt.password | MQTT password
|
| services.froide-govplan.dataDir | Directory to store the Froide-Govplan server data.
|
| services.guix.publish.enable | Whether to enable substitute server for your Guix store directory.
|
| services.paperless.dataDir | Directory to store the Paperless data.
|
| services.sickbeard.dataDir | Path where to store data files.
|
| services.dovecot2.mailGroup | Default group to store mail for virtual users.
|
| services.nar-serve.domain | When set, enables the feature of serving .
on top of /nix/store/-
|
| services.logstash.dataDir | A path to directory writable by logstash that it uses to store data
|
| services.node-red.userDir | The directory to store all user data, such as flow and credential files and all library data
|
| services.forgejo.lfs.contentDir | Where to store LFS files.
|
| services.sonarr.dataDir | The Sonarr home directory used to store all data
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| services.alloy.configPath | Alloy configuration file/directory path
|
| services.vlagent.enable | Whether to enable VictoriaMetrics's vlagent.
vlagent is a tiny agent which helps you collect logs from various sources and store them in VictoriaLogs .
|
| services.prosody.modules.mam | Store messages in an archive and allow users to access it
|
| programs.ssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.stash.sessionStoreKeyFile | Path to file containing a secret for session store.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.paperless.mediaDir | Directory to store the Paperless documents.
|
| services.go-neb.secretFile | Environment variables from this file will be interpolated into the
final config file using envsubst with this syntax: $ENVIRONMENT
or ${VARIABLE}
|
| services.cadvisor.storageDriverPasswordFile | File that contains the cadvisor storage driver password.
storageDriverPasswordFile takes precedence over storageDriverPassword
Warning: when storageDriverPassword is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword
|
| services.prometheus.exporters.mysqld.configFile | Path to the services config file
|
| services.atuin.maxHistoryLength | The max length of each history item the atuin server should store.
|
| services.syncplay.motd | Text to display when users join
|
| services.knot.keyFiles | A list of files containing additional configuration
to be included using the include directive
|
| services.k3s.agentToken | The k3s token agents can use to connect to the server
|
| services.turn-rs.secretFile | Environment variables from this file will be interpolated into the
final config file using envsubst with this syntax: $ENVIRONMENT or
${VARIABLE}
|
| services.influxdb2.provision.initialSetup.passwordFile | Password for primary user
|
| services.thanos.rule.enable | Whether to enable the Thanos ruler service which evaluates Prometheus rules against given Query nodes, exposing Store API and storing old blocks in bucket.
|
| services.thanos.query.enable | Whether to enable the Thanos query node exposing PromQL enabled Query API with data retrieved from multiple store nodes.
|
| services.syncplay.statsDBFile | Path to SQLite database file to store stats
|
| services.prosody.dataDir | The prosody home directory used to store all data
|
| services.athens.downloadMode | Defines how Athens behaves when a module@version
is not found in storage
|
| services.prometheus.exporters.snmp.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| services.longview.apiKey | Longview API key
|
| services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| services.cfssl.mutualTlsClientKey | Mutual TLS - client key to call remote instance requiring client certs
|
| services.syncplay.roomsDBFile | Path to SQLite database file to store room states
|
| services.ncps.cache.storage.local | The local directory for storing configuration and cached store
paths
|