| services.longview.mysqlPassword | The password corresponding to mysqlUser
|
| services.prowlarr.settings | Attribute set of arbitrary config options
|
| services.whisparr.settings | Attribute set of arbitrary config options
|
| services.quake3-server.baseq3 | Path to the baseq3 files (pak*.pk3)
|
| services.pds.settings.PDS_DATA_DIRECTORY | Directory to store state
|
| services.pyload.downloadDirectory | Directory to store downloads.
|
| security.apparmor.enableCache | Whether to enable caching of AppArmor policies
in /var/cache/apparmor/
|
| services.nextcloud.config.objectstore.s3.sseCKeyFile | If provided this is the full path to a file that contains the key
to enable [server-side encryption with customer-provided keys][1]
(SSE-C)
|
| services.searx.settingsFile | The path of the Searx server settings.yml file
|
| services.cassandra.jmxRoles | Roles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store
|
| services.outline.databaseUrl | URI to use for the main PostgreSQL database
|
| services.cross-seed.settings.torrentDir | Directory containing torrent files, or if you're using a torrent
client integration and injection - your torrent client's .torrent
file store/cache.
|
| services.moodle.initialPassword | Specifies the initial password for the admin, i.e. the password assigned if the user does not already exist
|
| services.graylog.messageJournalDir | The directory which will be used to store the message journal
|
| services.zitadel.settings.TLS.Key | The TLS certificate private key, as a base64-encoded string
|
| boot.initrd.systemd.suppressedStorePaths | Store paths specified in the storePaths option that
should not be copied.
|
| services.zitadel.settings.TLS.Cert | The TLS certificate, as a base64-encoded string
|
| services.k3s.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.postfix.masterConfig.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| services.homebridge.userStoragePath | Path to store homebridge user files (needs to be writeable).
|
| services.tor.relay.onionServices.<name>.path | Path where to store the data files of the hidden service
|
| services.nextcloud.autoUpdateApps.enable | Run a regular auto-update of all apps installed from the Nextcloud app store.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.ncps.cache.upstream.publicKeys | A list of public keys of upstream caches in the format
host[-[0-9]*]:public-key
|
| services.draupnir.settings.dataPath | The path Draupnir will store its state/data in.
This option is read-only.
If you want to customize where this data is stored, use a bind mount.
|
| services.biboumi.settings.db_name | The name of the database to use
|
| services.thanos.downsample.enable | Whether to enable the Thanos downsampler which continuously downsamples blocks in an object store bucket.
|
| services.artalk.settings | The artalk configuration
|
| services.journalbeat.stateDir | Directory below /var/lib/ to store journalbeat's
own logs and other data
|
| services.gitlab.secrets.dbFile | A file containing the secret used to encrypt variables in
the DB
|
| virtualisation.docker.daemon.settings.live-restore | Allow dockerd to be restarted without affecting running container
|
| services.gitlab.secrets.jwsFile | A file containing the secret used to encrypt session
keys
|
| services.rke2.autoDeployCharts.<name>.values | Override default chart values via Nix expressions
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.healthchecks.settings | Environment variables which are read by healthchecks (local)_settings.py
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.zitadel.extraSettingsPaths | A list of paths to extra settings files
|
| services.thanos.rule.tracing.config | Tracing configuration
|
| services.zwave-js.settings | Configuration settings for the generated config file
|
| services.moodle.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.nagios.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.firezone.gateway.tokenFile | A file containing the firezone gateway token
|
| services.jenkins.jobBuilder.accessToken | User token in Jenkins used to reload config
|
| programs.singularity.enableExternalLocalStateDir | Whether to use top-level directories as LOCALSTATEDIR
instead of the store path ones
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| services.healthchecks.settingsFile | Environment variables which are read by healthchecks (local)_settings.py
|
| boot.loader.generationsDir.copyKernels | Whether to copy the necessary boot files into /boot, so
/nix/store is not needed by the boot loader.
|
| services.gitlab.secrets.otpFile | A file containing the secret used to encrypt secrets for OTP
tokens
|
| services.rustus.info_storage.dir | directory to store info about uploads
|
| services.komodo-periphery.passkeys | Passkeys required to access the periphery API
|
| services.nginx.logError | Configures logging
|
| services.thanos.query.tracing.config | Tracing configuration
|
| services.prometheus.exporters.idrac.configurationPath | Path to the service's config file
|
| services.open-webui.environmentFile | Environment file to be passed to the systemd service
|
| services.matrix-synapse.settings.pid_file | The file to store the PID in.
|
| services.silverbullet.spaceDir | Folder to store Silverbullet's space/workspace
|
| services.crossfire-server.stateDir | Where to store runtime data (save files, persistent items, etc)
|
| services.gatus.environmentFile | File to load as environment file
|
| services.gitlab.initialRootPasswordFile | File containing the initial password of the root account if
this is a new install
|
| services.gitlab.databasePasswordFile | File containing the GitLab database user password
|
| services.httpd.virtualHosts.<name>.documentRoot | The path of Apache's document root directory
|
| services.rabbitmq.unsafeCookie | Erlang cookie is a string of arbitrary length which must
be the same for several nodes to be allowed to communicate
|
| services.linyaps.webStoreInstallerPackage | The linyaps-web-store-installer package to use.
|
| services.keepalived.secretFile | Environment variables from this file will be interpolated into the
final config file using envsubst with this syntax: $ENVIRONMENT
or ${VARIABLE}
|
| services.bcg.environmentFiles | File to load as environment file
|
| services.hadoop.yarn.nodemanager.localDir | List of directories to store localized files in.
|
| services.scrutiny.settings.web.influxdb.org | InfluxDB organisation under which to store data.
|
| boot.loader.systemd-boot.xbootldrMountPoint | Where the XBOOTLDR partition is mounted
|
| services.writefreely.database.name | The name of the database to store data in.
|
| services.prefect.databasePasswordFile | path to a file containing e.g.:
DBPASSWORD=supersecret
stored outside the nix store, read by systemd as EnvironmentFile.
|
| services.garage.settings.data_dir | The directory in which Garage will store the data blocks of objects
|
| services.pgadmin.initialPasswordFile | Initial password file for the pgAdmin account
|
| services.openvpn.servers.<name>.authUserPass.username | The username to store inside the credentials file.
|
| services.actual.settings.serverFiles | The server will put an account.sqlite file in this directory, which will contain the (hashed) server password, a list of all the budget files the server knows about, and the active session token (along with anything else the server may want to store in the future).
|
| services.matrix-synapse.extraConfigFiles | Extra config files to include
|
| services.victorialogs.stateDir | Directory below /var/lib to store VictoriaLogs data
|
| services.postfix.settings.master.<name>.chroot | Whether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| services.litellm.environmentFile | Environment file to be passed to the systemd service
|
| services.orthanc.environmentFile | Environment file to be passed to the systemd service
|
| services.gitlab.secrets.secretFile | A file containing the secret used to encrypt variables in
the DB
|
| services.userborn.static | Whether to generate the password files at build time and store them directly
in the system closure, without requiring any services at boot time
|
| services.taskchampion-sync-server.dataDir | Directory in which to store data
|
| services.bluesky-pds.settings.PDS_DATA_DIRECTORY | Directory to store state
|
| services.rathole.credentialsFile | Path to a TOML file to be merged with the settings
|
| services.ghostunnel.servers.<name>.cacert | Path to CA bundle file (PEM/X509)
|
| services.zabbixWeb.httpd.virtualHost.documentRoot | The path of Apache's document root directory
|
| services.beszel.hub.environmentFile | Environment file to be passed to the systemd service
|
| services.ntfy-sh.environmentFile | Path to a file containing extra ntfy environment variables in the systemd EnvironmentFile
format
|
| boot.loader.grub.mirroredBoots.*.efiBootloaderId | The id of the bootloader to store in efi nvram
|
| services.buildkite-agents.<name>.privateSshKeyPath | OpenSSH private key
A run-time path to the key file, which is supposed to be provisioned
outside of Nix store.
|
| virtualisation.mountHostNixStore | Mount the host Nix store as a 9p mount.
|
| services.thanos.compact.tracing.config | Tracing configuration
|
| services.thanos.sidecar.tracing.config | Tracing configuration
|
| services.thanos.receive.tracing.config | Tracing configuration
|
| services.kanidm.provision.adminPasswordFile | Path to a file containing the admin password for kanidm
|
| services.chhoto-url.environmentFiles | Files to load environment variables from in addition to services.chhoto-url.settings
|
| services.paperless.exporter.directory | Directory to store export.
|
| services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| services.drupal.sites.<name>.virtualHost.documentRoot | The path of Apache's document root directory
|