| virtualisation.fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| boot.loader.grub.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the account
|
| services.maubot.extraConfigFile | A file for storing secrets
|
| fileSystems.<name>.overlay.useStage1BaseDirectories | If enabled, lowerdir, upperdir and workdir will be prefixed with /sysroot
|
| services.dovecot2.configFile | Config file used for the whole dovecot configuration.
|
| services.ejabberd.configFile | Configuration file for ejabberd in YAML format
|
| services.routedns.configFile | Path to RouteDNS TOML configuration file.
|
| fonts.fontDir.enable | Whether to create a directory with links to all fonts in
/run/current-system/sw/share/X11/fonts.
|
| boot.tmp.useZram | Whether to mount a zram device on /tmp during boot.
Large Nix builds can fail if the mounted zram device is not large enough
|
| boot.tmp.useTmpfs | Whether to mount a tmpfs on /tmp during boot.
Large Nix builds can fail if the mounted tmpfs is not large enough
|
| services.osrm.dataFile | Data file location
|
| services.radicle.ci.broker.checkConfig | Whether to enable checking the ci-broker.yaml file resulting from services.radicle.ci.broker.settings.
|
| services.weblate.smtp.passwordFile | Location of a file containing the SMTP password
|
| services.tuned.profiles | Profiles for TuneD
|
| services.lokinet.settings.network.keyfile | The private key to persist address with
|
| services.seafile.adminEmail | Seafile Seahub Admin Account Email.
|
| programs.git.config | Configuration to write to /etc/gitconfig
|
| services.akkoma.config | Configuration for Akkoma
|
| systemd.tmpfiles.rules | Rules for creation, deletion and cleaning of volatile and temporary files
automatically
|
| services.syslog-ng.configHeader | The very first lines of the configuration file
|
| services.thanos.rule.rule-files | Rule files that should be used by rule manager
|
| security.tpm2.fapi.profileName | Name of the default cryptographic profile chosen from the profile_dir directory.
|
| security.dhparams.params.<name>.path | The resulting path of the generated Diffie-Hellman parameters
file for other services to reference
|
| boot.iscsi-initiator.extraConfigFile | Append an additional file's contents to /etc/iscsid.conf
|
| services.send.redis.passwordFile | The path to the file containing the Redis password
|
| services.unpoller.influxdb.pass | Path of a file containing the password for influxdb
|
| services.hylafax.sendmailPath | Path to sendmail program
|
| services.mqtt2influxdb.mqtt.cafile | Certification Authority file for MQTT
|
| services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| boot.plymouth.font | Font file made available for displaying text on the splash screen.
|
| services.etcd.certFile | Cert file to use for clients
|
| services.ttyd.certFile | SSL certificate file path.
|
| services.ttyd.caFile | SSL CA file path for client certificate verification.
|
| systemd.mounts.*.what | Absolute path of device node, file or other resource. (Mandatory)
|
| services.ddclient.secretsFile | A file containing the secrets for the dynamic DNS provider
|
| programs.hyprland.enable | Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks
|
| services.seafile.gc.dates | When to run garbage collection on stored data blocks
|
| services.filebeat.enable | Whether to enable filebeat.
|
| services.drupal.sites.<name>.filesDir | The location of the Drupal files directory.
|
| services.immich.settings | Configuration for Immich
|
| security.pam.services.<name>.u2fAuth | If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key
|
| services.sympa.domains.<name>.settings | The robot.conf configuration file as key value set
|
| services.k3s.extraKubeProxyConfig | Extra configuration to add to the kube-proxy's configuration file
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.mighttpd2.config | Verbatim config file to use
(see https://kazu-yamamoto.github.io/mighttpd2/config.html)
|
| services.charybdis.config | Charybdis IRC daemon configuration file.
|
| services.ddclient.configFile | Path to configuration file
|
| services.seafile.gc.enable | Whether to enable automatic garbage collection on stored data blocks.
|
| systemd.nspawn.<name>.filesConfig | Each attribute in this set specifies an option in the
[Files] section of this unit
|
| services.canaille.secretKeyFile | File containing the Flask secret key
|
| programs.openvpn3.netcfg.settings | Options stored in /etc/openvpn3/netcfg.json configuration file
|
| services.postgrest.pgpassFile | The password to authenticate to PostgreSQL with
|
| services.postfix.settings.master | The master.cf configuration file as an attribute set of service
defitions
|
| services.rsyslogd.defaultConfig | The default syslog.conf file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig.
|
| services.rke2.extraKubeProxyConfig | Extra configuration to add to the kube-proxy's configuration file
|
| services.honk.extraJS | An extra JavaScript file to be loaded by the client.
|
| services.cfssl.caKey | CA private key -- accepts '[file:]fname' or 'env:varname'.
|
| boot.plymouth.logo | Logo which is displayed on the splash screen
|
| services.cfssl.ca | CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'.
|
| services.hydra.logo | Path to a file containing the logo of your Hydra instance.
|
| services.arbtt.logFile | The log file for captured samples.
|
| services.prometheus.remoteRead.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| systemd.user.tmpfiles.users | Per-user rules for creation, deletion and cleaning of volatile and
temporary files automatically.
|
| services.seafile.workers | The number of gunicorn worker processes for handling requests.
|
| networking.networkmanager.ensureProfiles.environmentFiles | Files to load as environment file
|
| services.bitcoind.<name>.configFile | The configuration file path to supply bitcoind.
|
| services.promtail.configFile | Config file path for Promtail
|
| services.mqtt2influxdb.mqtt.keyfile | Key file for MQTT
|
| services.firezone.relay.tokenFile | A file containing the firezone relay token
|
| services.vsftpd.userlistFile | Newline separated list of names to be allowed/denied if userlistEnable
is true
|
| services.filesender.database.passwordFile | A file containing the password corresponding to
services.filesender.database.user.
|
| networking.wg-quick.interfaces.<name>.configFile | wg-quick .conf file, describing the interface
|
| services.prometheus.alertmanager.environmentFile | File to load as environment file
|
| services.disnix.profiles | Names of the Disnix profiles to expose in the system's PATH
|
| virtualisation.fileSystems.<name>.label | Label of the device
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| hardware.sane.drivers.scanSnap.package | The epjitsu package to use
|
| boot.readOnlyNixStore | If set, NixOS will enforce the immutability of the Nix store
by making /nix/store a read-only bind
mount
|
| services.honk.extraCSS | An extra CSS file to be loaded by the client.
|
| services.cachix-agent.profile | Profile name, defaults to 'system' (NixOS).
|
| services.prometheus.remoteWrite.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.lighttpd.configText | Overridable config file contents to use for lighttpd
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.oauth2-proxy.profileURL | Profile access endpoint.
|
| services.bacula-sd.device.<name>.archiveDevice | The specified name-string gives the system file name of the storage
device managed by this storage daemon
|
| services.sickbeard.configFile | Path to config file.
|
| services.trickster.configFile | Path to configuration file.
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.radicale.config | Radicale configuration, this will set the service
configuration file
|
| programs.dconf.profiles | Attrset of dconf profiles
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| services.asusd.profileConfig | The content of /etc/asusd/profile.ron
|
| services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| services.hercules-ci-agent.settings.clusterJoinTokenPath | Location of the cluster-join-token.key file
|
| services.synergy.server.configFile | The Synergy server configuration file.
|
| services.uptime.configFile | The uptime configuration file
If mongodb: server != localhost, please set usesRemoteMongo = true
If you only want to run the monitor, please set enableWebService = false
and enableSeparateMonitoringService = true
If autoStartMonitor: false (recommended) and you want to run both
services, please set enableSeparateMonitoringService = true
|
| services.headscale.configFile | Path to the configuration file of headscale.
|
| services.webdav-server-rs.configFile | Path to config file
|
| services.rss-bridge.config.FileCache.path | Directory where to store cache files (if cache.type = "file").
|