| services.nsd.zones.<name>.allowNotify | Listed primary servers are allowed to notify this secondary server
|
| services.misskey.settings.chmodSocket | The file access mode of the UNIX socket.
|
| services.misskey.settings.redisForJobQueue.port | The Redis port.
|
| services.misskey.settings.redisForJobQueue.host | The Redis host.
|
| services.docuseal.secretKeyBaseFile | Path to file containing the secret key base
|
| services.misskey.settings.redisForJobQueue | ioredis options for the job queue
|
| services.misskey.settings.redisForPubsub.port | The Redis port.
|
| services.misskey.settings.redisForPubsub.host | The Redis host.
|
| fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.keyd.keyboards.<name>.extraConfig | Extra configuration that is appended to the end of the file.
Do not write ids section here, use a separate option for it
|
| services.misskey.settings.redisForPubsub | ioredis options for pubsub
|
| services.headscale.settings.tls_key_path | Path to key for already created certificate.
|
| services.misskey.settings.db.disableCache | Whether to disable caching queries.
|
| services.sharkey.setupMeilisearch | Whether to automatically set up a local Meilisearch instance and configure Sharkey to use it
|
| services.journald.upload.settings.Upload.ServerKeyFile | SSL key in PEM format
|
| security.duosec.secretKeyFile | A file containing your secret key
|
| services.grafana.settings.security.secret_key | Secret key used for signing
|
| services.kubernetes.scheduler.kubeconfig.keyFile | Kubernetes scheduler client key file used to connect to kube-apiserver.
|
| services.minio.accessKey | Access key of 5 to 20 characters in length that clients use to access the server
|
| services.wg-access-server.secretsFile | yaml file containing all secrets. this needs to be in the same structure as the configuration
|
| services.neo4j.ssl.policies.<name>.privateKey | The name of private PKCS #8 key file for this policy to be found
in the baseDirectory, or the absolute path to
the key file
|
| services.minio.secretKey | Specify the Secret key of 8 to 40 characters in length that clients use to access the server
|
| services.i2pd.proto.httpProxy.keys | File to persist HTTPPROXY keys.
|
| services.dendrite.tlsKey | The path to the TLS key.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
|
| services.mastodon.secretKeyBaseFile | Path to file containing the secret key base
|
| services.reposilite.keyPasswordFile | Path the the file containing the password used to unlock the Java KeyStore file specified in services.reposilite.settings.keyPath
|
| services.firefly-iii.settings.APP_KEY_FILE | The path to your appkey
|
| services.tt-rss.feedCryptKey | Key used for encryption of passwords for password-protected feeds
in the database
|
| services.misskey.enable | Whether to enable misskey.
|
| services.zitadel.masterKeyFile | Path to a file containing a master encryption key for ZITADEL
|
| services.nsd.zones.<name>.dnssecPolicy.ksk | Key policy for key signing keys
|
| services.tor.relay.onionServices.<name>.secretKey | Secret key of the onion service
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.key | key in the setting section for which this entry provides a value
|
| services.keybase.enable | Whether to start the Keybase service.
|
| services.i2pd.proto.socksProxy.keys | File to persist SOCKSPROXY keys.
|
| services.matrix-synapse.settings.macaroon_secret_key | Secret key for authentication tokens
|
| hardware.onlykey.enable | Enable OnlyKey device (https://crp.to/p/) support.
|
| services.logkeys.enable | Whether to enable logkeys, a keylogger service.
|
| services.sharkey.enable | Whether to enable Sharkey, a Sharkish microblogging platform.
|
| services.keycloak.settings.hostname | The hostname part of the public URL used as base for
all frontend requests
|
| services.misskey.reverseProxy.webserver.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.datadog-agent.apiKeyFile | Path to a file containing the Datadog API key to associate the
agent with your account.
|
| services.misskey.reverseProxy.webserver.nginx.serverName | Name of this virtual host
|
| services.dkimproxy-out.selector | The selector to use for DKIM key identification
|
| services.quorum.nodekeyFile | Path to the nodekey.
|
| services.misskey.reverseProxy.webserver | The webserver to use as the reverse proxy.
|
| nix.buildMachines.*.sshKey | The path to the SSH private key with which to authenticate on
the build machine
|
| services.i2pd.inTunnels.<name>.keys | Keyset used for tunnel identity.
|
| security.tpm2.fapi.ekFingerprint | The fingerprint of the endorsement key
|
| services.pgpkeyserver-lite.hkpPort | Which port the sks-keyserver is listening on.
|
| services.evremap.settings.dual_role | List of dual-role remappings that output different key sequences based on whether the
input key is held or tapped.
|
| services.longview.apiKey | Longview API key
|
| services.sharkey.package | The sharkey package to use.
|
| services.misskey.package | The misskey package to use.
|
| services.i2pd.outTunnels.<name>.keys | Keyset used for tunnel identity.
|
| services.bookstack.settings.APP_KEY_FILE | The path to your appkey
|
| services.keycloak.sslCertificateKey | The path to a PEM formatted private key to use for TLS/SSL
connections.
|
| services.sharkey.settings.mediaDirectory | Path to the folder where Sharkey stores uploaded media such as images and attachments.
|
| services.kubernetes.controllerManager.kubeconfig.keyFile | Kubernetes controller manager client key file used to connect to kube-apiserver.
|
| services.misskey.settings.redisForTimelines.port | The Redis port.
|
| services.misskey.settings.redisForTimelines.host | The Redis host.
|
| services.outline.utilsSecretFile | File path that contains the utility secret key
|
| services.kmonad.keyboards.<name>.defcfg.compose.delay | The delay (in milliseconds) between compose key sequences.
|
| services.mastodon.vapidPrivateKeyFile | Path to file containing the private key used for Web Push
Voluntary Application Server Identification
|
| services.outline.secretKeyFile | File path that contains the application secret key
|
| services.logkeys.device | Use the given device as keyboard input event device instead of /dev/input/eventX default.
|
| services.go-camo.sslKey | Path to TLS private key.
|
| services.misskey.settings.redisForTimelines | ioredis options for timelines
|
| services.dendrite.settings.key_server.database.connection_string | Database for the Key Server (for end-to-end encryption).
|
| services.cfssl.metadata | Metadata file for root certificate presence
|
| services.evremap.settings.dual_role.*.tap | The key sequence that should be output when the input key is tapped
|
| services.longview.apiKeyFile | A file containing the Longview API key
|
| services.sharkey.setupRedis | Whether to automatically set up a local Redis cache and configure Sharkey to use it.
|
| hardware.nitrokey.enable | Enables udev rules for Nitrokey devices.
|
| services.misskey.reverseProxy.webserver.nginx.root | The path of the web root directory.
|
| services.hockeypuck.settings | Configuration file for hockeypuck, here you can override
certain settings (loglevel and
openpgp.db.dsn) by just setting those values
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| services.kubernetes.apiserver.serviceAccountKeyFile | File containing PEM-encoded x509 RSA or ECDSA private or public keys,
used to verify ServiceAccount tokens
|
| services.evremap.settings.dual_role.*.hold | The key sequence that should be output when the input key is held
|
| services.coder.tlsKey | The path to the TLS key.
|
| nix.settings | Configuration for Nix, see
https://nixos.org/manual/nix/stable/command-ref/conf-file.html or
nix.conf(5) for available options
|
| services.misskey.reverseProxy.webserver.caddy | Extra configuration for the caddy virtual host of Misskey
|
| services.misskey.reverseProxy.webserver.nginx | Extra configuration for the nginx virtual host of Misskey
|
| services.keycloak.enable | Whether to enable the Keycloak identity and access management
server.
|
| services.kubernetes.apiserver.serviceAccountSigningKeyFile | Path to the file that contains the current private key of the service
account token issuer
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| services.meilisearch.masterKeyEnvironmentFile | Path to file which contains the master key
|
| services.misskey.reverseProxy.webserver.caddy.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.misskey.reverseProxy.webserver.nginx.serverAliases | Additional names of virtual hosts served by this virtual host configuration.
|
| services.pgpkeyserver-lite.enable | Whether to enable pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver.
|
| services.misskey.reverseProxy.webserver.caddy.hostName | Canonical hostname for the server.
|
| services.misskey.settings.meilisearch.ssl | Whether to connect via SSL.
|
| boot.initrd.luks.yubikeySupport | Enables support for authenticating with a YubiKey on LUKS devices
|
| services.misskey.settings.meilisearch | Meilisearch connection options.
|
| services.mqtt2influxdb.mqtt.keyfile | Key file for MQTT
|
| hardware.keyboard.qmk.enable | Whether to enable non-root access to the firmware of QMK keyboards.
|
| services.misskey.settings.meilisearch.host | The Meilisearch host.
|
| services.misskey.settings.meilisearch.port | The Meilisearch port.
|
| services.sympa.settings | The sympa.conf configuration file as key value set
|
| services.xserver.xkb.extraLayouts.<name>.keycodesFile | The path to the xkb keycodes file
|