| programs.tsmClient.servers.<name>.inclexcl | Text lines with include.* and exclude.* directives
to be used when sending files to the IBM TSM server,
or an absolute path pointing to a file with such lines.
|
| services.wordpress.sites.<name>.plugins | Path(s) to respective plugin(s) which are copied from the 'plugins' directory.
These plugins need to be packaged before use, see example.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs | List of certificate candidates to use for
authentication
|
| services.klipper.firmwares.<name>.configFile | Path to firmware config which is generated using klipper-genconf
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| boot.specialFileSystems.<name>.device | The device as passed to mount
|
| services.jupyterhub.kernels.<name>.logo64 | Path to 64x64 logo png.
|
| services.jupyterhub.kernels.<name>.logo32 | Path to 32x32 logo png.
|
| services.tinc.networks.<name>.ed25519PrivateKeyFile | Path of the private ed25519 keyfile.
|
| services.gitlab-runner.services.<name>.buildsDir | Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
|
| services.public-inbox.settings.coderepo.<name>.dir | Path to a git repository
|
| services.opendkim.keyPath | The path that opendkim should put its generated private keys into
|
| services.vmalert.instances.<name>.settings.rule | Path to the files with alerting and/or recording rules.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.httpd.virtualHosts.<name>.documentRoot | The path of Apache's document root directory
|
| services.spiped.config.<name>.source | Address on which spiped should listen for incoming
connections
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys | List of raw public key candidates to use for
authentication
|
| services.vdirsyncer.jobs.<name>.config.statusPath | vdirsyncer's status path
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| services.simplesamlphp.<name>.libDir | Path to the SimpleSAMLphp library directory.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| programs.ssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| services.wordpress.sites.<name>.languages | List of path(s) to respective language(s) which are copied from the 'languages' directory.
|
| services.restic.backups.<name>.repositoryFile | Path to the file containing the repository location to backup to.
|
| services.icingaweb2.libraryPaths | Libraries to add to the Icingaweb2 library path
|
| services.buildkite-agents.<name>.privateSshKeyPath | OpenSSH private key
A run-time path to the key file, which is supposed to be provisioned
outside of Nix store.
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.tor.relay.onionServices.<name>.secretKey | Secret key of the onion service
|
| services.restic.backups.<name>.createWrapper | Whether to generate and add a script to the system path, that has the same environment variables set
as the systemd service
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| boot.initrd.compressor | The compressor to use on the initrd image
|
| virtualisation.oci-containers.containers | OCI (Docker) containers to run as systemd services.
|
| services.easytier.instances.<name>.configFile | Path to easytier config file
|
| services.keepalived.vrrpScripts.<name>.script | (Path of) Script command to execute followed by args, i.e. cmd [args]...
|
| services.wordpress.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.wordpress.sites.<name>.virtualHost.sslServerKey | Path to server SSL certificate key.
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| services.openvpn.servers.<name>.authUserPass | This option can be used to store the username / password credentials
with the "auth-user-pass" authentication method
|
| services.wordpress.sites.<name>.virtualHost.sslServerCert | Path to server SSL certificate.
|
| services.patroni.namespace | Path within the configuration store where Patroni will keep information about the cluster.
|
| services.drupal.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| security.acme.certs.<name>.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| services.httpd.extraModules | Additional Apache modules to be used
|
| services.multipath.devices.*.vendor | Regular expression to match the vendor name
|
| services.nginx.virtualHosts.<name>.sslCertificate | Path to server SSL certificate.
|
| services.simplesamlphp.<name>.configDir | Path to the SimpleSAMLphp config directory.
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| services.wordpress.sites.<name>.virtualHost.sslServerChain | Path to server SSL chain file.
|
| boot.binfmt.registrations.<name>.openBinary | Whether to pass the binary to the interpreter as an open
file descriptor, instead of a path.
|
| services.openbao.settings.listener.<name>.address | The TCP address or UNIX socket path to listen on.
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.tarsnap.archives.<name>.keyfile | Set a specific keyfile for this archive
|
| services.wstunnel.clients.<name>.upgradePathPrefix | Use a specific HTTP path prefix that will show up in the upgrade
request to the wstunnel server
|
| services.fcgiwrap.instances.<name>.socket.address | Socket address
|
| services.zeronsd.servedNetworks.<name>.settings.token | Path to a file containing the API Token for ZeroTier Central.
|
| services.nix-serve.secretKeyFile | The path to the file used for signing derivation data
|
| services.gitea-actions-runner.instances.<name>.tokenFile | Path to an environment file, containing the TOKEN environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
|
| services.openssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.multipath.devices.*.product | Regular expression to match the product name
|
| services.klipper.firmwares.<name>.klipperFlashPackage | Path to the built klipper-flash package.
|
| services.strongswan-swanctl.swanctl.authorities.<name>.cacert | The certificates may use a relative path from the swanctl
x509ca directory or an absolute path
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.atuin.path | A path to prepend to all the routes of the server.
|
| services.simplesamlphp.<name>.settings.baseurlpath | URL where SimpleSAMLphp can be reached.
|
| services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| services.authelia.instances.<name>.secrets.jwtSecretFile | Path to your JWT secret used during identity verificaton.
|
| services.vault-agent.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| services.ghostunnel.servers.<name>.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.neo4j.ssl.policies.<name>.publicCertificate | The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file
|
| services.dysnomia.containers | An attribute set in which each key represents a container and each value an attribute set providing its configuration properties
|
| services.nextcloud-spreed-signaling.backends.<name>.secretFile | The path to the file containing the value for backends.<name>.secret
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.btrbk.instances.<name>.snapshotOnly | Whether to run in snapshot only mode
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.wordpress.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.tlsrpt.reportd.settings.dbname | Path to the sqlite database.
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| services.printing.cups-pdf.instances.<name>.settings.AnonDirName | path for anonymously created PDF files
|
| services.gitlab-runner.services.<name>.registrationConfigFile | Absolute path to a file with environment variables
used for gitlab-runner registration with runner registration
tokens
|
| services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| services.armagetronad.servers.<name>.package | The armagetronad-dedicated package to use
|
| services.nginx.virtualHosts.<name>.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.fedimintd.<name>.nginx.config.sslCertificate | Path to server SSL certificate.
|
| services.neo4j.ssl.policies.<name>.baseDirectory | The mandatory base directory for cryptographic objects of this
policy
|
| services.wstunnel.servers.<name>.settings.restrict-to | Restrictions on the connections that the server will accept
|
| services.fedimintd.<name>.nginx.config.sslCertificateKey | Path to server SSL certificate key.
|
| boot.uki.name | Name of the UKI
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| services.cloudflared.tunnels.<name>.originRequest.caPool | Path to the certificate authority (CA) for the certificate of your origin
|
| boot.kernelPatches | A list of additional patches to apply to the kernel
|
| services.kanidm.provision.systems.oauth2.<name>.basicSecretFile | The basic secret to use for this service
|
| services.authelia.instances.<name>.secrets.sessionSecretFile | Path to your session secret
|
| services.syncthing.settings.devices.<name>.autoAcceptFolders | Automatically create or share folders that this device advertises at the default path
|