| services.forgejo.useWizard | Whether to use the built-in installation wizard instead of
declaratively managing the app.ini config file in nix.
|
| security.sudo.extraRules | Define specific rules to be in the sudoers file
|
| services.neard.settings | Neard INI-style configuration file as a Nix attribute set
|
| services.znc.confOptions.extraZncConf | Extra config to znc.conf file.
|
| services.power-profiles-daemon.package | The power-profiles-daemon package to use.
|
| services.prometheus.exporters.postfix.logfilePath | Path where Postfix writes log entries
|
| services.freeswitch.configDir | Override file in FreeSWITCH config template directory
|
| security.sudo-rs.extraRules | Define specific rules to be in the sudoers file
|
| services.couchdb.configFile | Configuration file for persisting runtime changes
|
| services.radicle.checkConfig | Whether to enable checking the config.json file resulting from services.radicle.settings.
|
| services.unpoller.loki.pass | Path of a file containing the password for Loki
|
| services.hylafax.userAccessFile | The hosts.hfaxd
file entry in the spooling area
will be symlinked to the location given here
|
| services.prometheus.exporters.php-fpm.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.power-profiles-daemon.enable | Whether to enable power-profiles-daemon, a DBus daemon that allows
changing system behavior based upon user-selected power profiles.
|
| services.etebase-server.settings.global.secret_file | The path to a file containing the secret
used as django's SECRET_KEY.
|
| services.samba.settings | Configuration file for the Samba suite in ini format
|
| systemd.user.services.<name>.path | Packages added to the service's PATH
environment variable
|
| services.rabbitmq.config | Verbatim advanced configuration file contents using the Erlang syntax
|
| services.litestream.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.xtreemfs.mrc.syncMode | The sync mode influences how operations are committed to the disk
log before the operation is acknowledged to the caller.
-ASYNC mode the writes to the disk log are buffered in memory by the operating system
|
| services.xtreemfs.dir.syncMode | The sync mode influences how operations are committed to the disk
log before the operation is acknowledged to the caller.
-ASYNC mode the writes to the disk log are buffered in memory by the operating system
|
| services.consul-template.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| services.thanos.rule.objstore.config | Object store configuration
|
| services.reposilite.keyPasswordFile | Path the the file containing the password used to unlock the Java KeyStore file specified in services.reposilite.settings.keyPath
|
| services.suricata.settings.rule-files | Files to load suricata-update managed rules, relative to 'default-rule-path'.
|
| programs.neovim.enable | Whether to enable Neovim
|
| services.httpd.logPerVirtualHost | If enabled, each virtual host gets its own
access.log and
error.log, namely suffixed by the
hostName of the virtual host.
|
| environment.etc.<name>.mode | If set to something else than symlink,
the file is copied instead of symlinked, with the given
file mode.
|
| services.nginx.config | Verbatim nginx.conf configuration
|
| services.slurm.extraCgroupConfig | Extra configuration for cgroup.conf
|
| services.glusterfs.tlsSettings | Make the server communicate via TLS
|
| services.restic.backups.<name>.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.hedgedoc.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.udev.packages | List of packages containing udev rules
|
| services.prometheus.remoteRead.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| boot.initrd.services.udev.rules | udev rules to include in the initrd
only
|
| services.openssh.moduliFile | Path to moduli file to install in
/etc/ssh/moduli
|
| services.znc.confOptions.modules | A list of modules to include in the znc.conf file.
|
| boot.swraid.mdadmConf | Contents of /etc/mdadm.conf.
|
| services.filesender.database.hostname | Database hostname.
|
| services.homer.settings | Settings serialized into config.yml before build
|
| boot.initrd.systemd.tmpfiles.settings | Similar to systemd.tmpfiles.settings but the rules are
only applied by systemd-tmpfiles before initrd-switch-root.target
|
| services.diod.exports | List the file systems that clients will be allowed to mount
|
| services.umami.settings.DATABASE_URL_FILE | A file containing a connection string for the database
|
| services.thanos.store.objstore.config | Object store configuration
|
| services.mympd.settings | Manages the configuration files declaratively
|
| services.teeworlds.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.pdfding.secretKeyFile | File containing the Django SECRET_KEY
|
| services.autorandr.profiles.<name>.hooks | Profile hook scripts.
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| boot.initrd.systemd.root | Controls how systemd will interpret the root FS in initrd
|
| services.prometheus.remoteWrite.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.printing.extraFilesConf | Extra contents of the configuration file of the CUPS daemon
(cups-files.conf).
|
| services.openafsServer.roles.fileserver.enable | Fileserver role, serves files and volumes from its local storage.
|
| services.jitsi-meet.extraConfig | Text to append to config.js web application config file
|
| services.bonsaid.configFile | Path to a .json file specifying the state transitions
|
| services.asterisk.extraConfig | Extra configuration options appended to the default
asterisk.conf file.
|
| services.coturn.no-auth | This option is opposite to lt-cred-mech.
(TURN Server with no-auth option allows anonymous access)
|
| services.namecoind.wallet | Wallet file
|
| services.hylafax.modems.<name>.type | Name of modem configuration file,
will be searched for in config
in the spooling area directory.
|
| services.thanos.compact.tracing.config | Tracing configuration
|
| services.thanos.sidecar.tracing.config | Tracing configuration
|
| services.thanos.receive.tracing.config | Tracing configuration
|
| services.dendrite.environmentFile | Environment file as defined in systemd.exec(5)
|
| networking.networkmanager.ensureProfiles.profiles | Declaratively define NetworkManager profiles
|
| services.umami.settings.APP_SECRET_FILE | A file containing a secure random string
|
| services.step-ca.settings | Settings that go into ca.json
|
| services.slurm.extraConfigPaths | Slurm expects config files for plugins in the same path
as slurm.conf
|
| services.crowdsec.localConfig.profiles | A list of profiles to enable
|
| services.qbittorrent.profileDir | the path passed to qbittorrent via --profile.
|
| services.strongswan.ca | A set of CAs (certification authorities) and their options for
the ‘ca xxx’ sections of the ipsec.conf
file.
|
| services.nohang.configPath | Configuration file to use with nohang
|
| services.beesd.filesystems.<name>.verbosity | Log verbosity (syslog keyword/level).
|
| services.pipewire.wireplumber.extraConfig | Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
supported way to run WirePlumber configured via extraConfig)
|
| services.prometheus.remoteRead.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.tuned.settings.profile_dirs | Directories to search for profiles, separated by , or ;.
|
| services.pretalx.settings.filesystem.data | Base path for all other storage paths.
|
| services.seafile.initialAdminPassword | Seafile Seahub Admin Account initial password
|
| services.lldap.settings.jwt_secret_file | Path to a file containing the JWT secret.
|
| services.peering-manager.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.slurm.enableStools | Whether to provide a slurm.conf file
|
| services.pretalx.settings.filesystem.logs | Path to the log directory, that pretalx logs message to.
|
| services.matterbridge.configFile | WARNING: THIS IS INSECURE, as your password will end up in
/nix/store, thus publicly readable
|
| services.inspircd.config | Verbatim inspircd.conf file
|
| services.autorandr.profiles.<name>.config | Per output profile configuration.
|
| services.ergochat.configFile | Path to configuration file
|
| services.datadog-agent.extraConfig | Extra configuration options that will be merged into the
main config file datadog.yaml.
|
| services.outline.utilsSecretFile | File path that contains the utility secret key
|
| services.mackerel-agent.apiKeyFile | Path to file containing the Mackerel API key
|
| services.printing.browsedConf | The contents of the configuration. file of the CUPS Browsed daemon
(cups-browsed.conf)
|
| services.znc.confOptions.userModules | A list of user modules to include in the znc.conf file.
|
| services.prometheus.remoteWrite.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.filesender.database.createLocally | Create the PostgreSQL database and database user locally.
|
| hardware.nvidia-container-toolkit.csv-files | The path to the list of CSV files to use when generating the CDI specification in CSV mode.
|
| services.postfix.masterConfig | An attribute set of service options, which correspond to the service
definitions usually done within the Postfix
master.cf file.
|
| security.pam.services.<name>.p11Auth | If set, keys listed in
~/.ssh/authorized_keys and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
|
| security.pam.yubico.enable | Enables Yubico PAM (yubico-pam) module
|