| services.nginx.virtualHosts.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.lldap.settings.http_url | The public URL of the server, for password reset links.
|
| users.ldap.daemon.enable | Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM
|
| services.znc.confOptions.passBlock | Generate with nix-shell -p znc --command "znc --makepass"
|
| services.canaille.smtpPasswordFile | File containing the SMTP password
|
| services.rspamd-trainer.settings | IMAP authentication configuration for rspamd-trainer
|
| users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| services.oncall.secretFile | A YAML file containing secrets such as database or user passwords
|
| services.canaille.ldapBindPasswordFile | File containing the LDAP bind password.
|
| services.bookstack.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.nextcloud.secretFile | Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same
form as the services.nextcloud.settings option), for example
{"redis":{"password":"secret"}}.
|
| services.longview.mysqlPasswordFile | A file containing the password corresponding to mysqlUser.
|
| services.unpoller.influxdb.pass | Path of a file containing the password for influxdb
|
| services.portunus.dex.enable | Whether to enable Dex ldap connector
|
| services.prometheus.exporters.artifactory.artiPassword | Password for authentication against JFrog Artifactory API
|
| services.kasmweb.defaultUserPassword | default user password to use.
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| services.mailman.ldap.bindPasswordFile | Path to the file containing the bind password of the service account
defined by services.mailman.ldap.bindDn.
|
| services.grafana-to-ntfy.settings.bauthPass | The path to the password you will use in the Grafana webhook settings.
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|
| security.please.wheelNeedsPassword | Whether users of the wheel group must provide a password to run
commands or edit files with please and
pleaseedit respectively.
|
| services.nextcloud.config.dbpassFile | The full path to a file that contains the database password.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPskFile | Sets the password(s) for WPA-PSK
|
| users.mutableUsers | If set to true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands
|
| services.syncthing.guiPasswordFile | Path to file containing the plaintext password for Syncthing's GUI.
|
| services.sshwifty.socks5PasswordFile | Path to a file containing the SOCKS5 password.
|
| services.longview.mysqlPassword | The password corresponding to mysqlUser
|
| services.kasmweb.defaultAdminPassword | default admin password to use.
|
| services.kanboard.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.dockerRegistry.redisPassword | Set redis password.
|
| services.code-server.hashedPassword | Create the password with: echo -n 'thisismypassword' | nix run nixpkgs#libargon2 -- "$(head -c 20 /dev/random | base64)" -e
|
| services.fwupd.extraTrustedKeys | Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files
|
| services.fediwall.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| users.ldap.daemon.rootpwmodpwFile | The path to a file containing the credentials with which to bind to
the LDAP server if the root user tries to change a user's password.
|
| services.jirafeau.nginxConfig.basicAuth | Basic Auth protection for a vhost
|
| services.teeworlds.rconPassword | Password to access the remote console
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.physlock.enable | Whether to enable the physlock screen locking mechanism
|
| services.tor.torsocks.socks5Password | SOCKS5 password
|
| services.zabbixWeb.nginx.virtualHost.basicAuth | Basic Auth protection for a vhost
|
| services.dragonflydb.requirePass | Password for database
|
| services.pgadmin.minimumPasswordLength | Minimum length of the password
|
| services.radicle.httpd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| services.howdy.enable | Whether to enable Howdy and its PAM module for face recognition
|
| services.deye-dummycloud.mqttPassword | MQTT password
|
| services.hologram-server.ldapBindPassword | Password of account to use to query the LDAP server
|
| services.murmur.registerPassword | Public server registry password, used authenticate your
server to the registry to prevent impersonation; required for
subsequent registry updates.
|
| services.anuko-time-tracker.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.oauth2-proxy.htpasswd.displayForm | Display username / password login form if an htpasswd file is provided.
|
| services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mongodb.initialRootPasswordFile | Path to the file containing the password for the root user if auth is enabled.
|
| services.warpgate.databaseUrlFile | Path to file containing database connection string with credentials
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.ntopng.enable | Enable ntopng, a high-speed web-based traffic analysis and flow
collection tool
|
| services.bookstack.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.factorio.extraSettingsFile | File, which is dynamically applied to server-settings.json before
startup
|
| services.unpoller.unifi.defaults.pass | Path of a file containing the password for the unifi service user
|
| services.microsocks.authPasswordFile | Path to a file containing the password for authentication.
|
| services.seafile.initialAdminPassword | Seafile Seahub Admin Account initial password
|
| boot.loader.grub.users.<name>.hashedPasswordFile | Specifies the path to a file containing the password hash
for the account, generated with grub-mkpasswd-pbkdf2
|
| services.vsftpd.anonymousUserNoPassword | Whether to disable the password for the anonymous FTP user.
|
| services.lldap.settings.force_ldap_user_pass_reset | Force reset of the admin password
|
| services.grafana-to-ntfy.settings.ntfyBAuthPass | The path to the password for the specified ntfy-sh user
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.initrd.luks.devices.<name>.tryEmptyPassphrase | If keyFile fails then try an empty passphrase first before
prompting for password.
|
| services.cpuminer-cryptonight.pass | Password for mining server
|
| services.ocis.configDir | Path to directory containing oCIS config file
|
| services.snipe-it.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.gitlab.initialRootPasswordFile | File containing the initial password of the root account if
this is a new install
|
| services.gitlab.databasePasswordFile | File containing the GitLab database user password
|
| services.jirafeau.nginxConfig.basicAuthFile | Basic Auth password file for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| boot.initrd.systemd.emergencyAccess | Set to true for unauthenticated emergency access, and false or
null for no emergency access
|
| services.akkoma.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mattermost.database.host | Host to use for the database
|
| services.matomo.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| services.zabbixWeb.nginx.virtualHost.basicAuthFile | Basic Auth password file for a vhost
|
| services.actual.settings.serverFiles | The server will put an account.sqlite file in this directory, which will contain the (hashed) server password, a list of all the budget files the server knows about, and the active session token (along with anything else the server may want to store in the future).
|
| services.amule.ExternalConnectPasswordFile | File containing the password for connecting with amule-gui,
set this only if you didn't set `settings
|
| services.pyload.credentialsFile | File containing PYLOAD_DEFAULT_USERNAME and
PYLOAD_DEFAULT_PASSWORD in the format of an EnvironmentFile=,
as described by systemd.exec(5)
|
| services.dashy.settings | Settings serialized into user-data/conf.yml before build
|
| services.reposilite.keyPasswordFile | Path the the file containing the password used to unlock the Java KeyStore file specified in services.reposilite.settings.keyPath
|
| services.vmagent.remoteWrite.basicAuthPasswordFile | File that contains the Basic Auth password used to connect to remote_write endpoint
|
| services.userborn.static | Whether to generate the password files at build time and store them directly
in the system closure, without requiring any services at boot time
|
| services.vlagent.remoteWrite.basicAuthPasswordFile | File that contains the Basic Auth password used to connect to remote_write endpoint
|
| services.changedetection-io.environmentFile | Securely pass environment variables to changedetection-io
|
| services.bookstack.settings | Options for Bookstack configuration
|