| services.monica.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.postgrey.greylistText | Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient
|
| services.hylafax.userAccessFile | The hosts.hfaxd
file entry in the spooling area
will be symlinked to the location given here
|
| services.redis.servers.<name>.masterAuth | If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.redis.servers.<name>.requirePass | Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
|
| services.prometheus.alertmanager.configText | Alertmanager configuration as YAML text
|
| services.dendrite.settings.sync_api.search.enabled | Whether to enable Dendrite's full-text search engine.
|
| services.prometheus.configText | If non-null, this option defines the text that is written to
prometheus.yml
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.akkoma.config.":joken".":default_signer" | JWT signing secret
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".live_view.signing_salt | LiveView signing salt
|
| services.healthchecks.settings | Environment variables which are read by healthchecks (local)_settings.py
|
| virtualisation.qemu.networkingOptions | Networking-related command-line options that should be passed to qemu
|
| boot.loader.limine.style.graphicalTerminal.foreground | Text foreground color (RRGGBB).
|
| system.includeBuildDependencies | Whether to include the build closure of the whole system in
its runtime closure
|
| boot.loader.limine.style.graphicalTerminal.background | Text background color (TTRRGGBB)
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.healthchecks.settingsFile | Environment variables which are read by healthchecks (local)_settings.py
|
| services.dolibarr.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.kanboard.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.nitter.preferences.bidiSupport | Support bidirectional text (makes clicking on tweets harder).
|
| networking.tcpcrypt.enable | Whether to enable opportunistic TCP encryption
|
| documentation.doc.enable | Whether to install documentation distributed in packages' /share/doc
|
| services.printing.cups-pdf.instances.<name>.confFileText | This will contain the contents of cups-pdf.conf for this instance, derived from settings
|
| services.karakeep.meilisearch.enable | Enable Meilisearch and configure Karakeep to use it
|
| services.pinnwand.settings.paste_help | Raw HTML help text shown in the header area.
|
| services.komodo-periphery.passkeys | Passkeys required to access the periphery API
|
| boot.loader.limine.style.graphicalTerminal.brightBackground | Text background bright color (RRGGBB).
|
| boot.loader.limine.style.graphicalTerminal.brightForeground | Text foreground bright color (RRGGBB).
|
| services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services._3proxy.usersFile | Load users and passwords from this file
|
| services.gitwatch.<name>.message | Optional text to use in as commit message; all occurrences of %d will be replaced by formatted date/time
|
| virtualisation.oci-containers.containers.<name>.labels | Labels to attach to the container at runtime.
|
| services.bookstack.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.wordpress.sites.<name>.extraConfig | Any additional text to be appended to the wp-config.php
configuration file
|
| environment.wordlist.lists | A set with the key names being the environment variable you'd like to
set and the values being a list of paths to text documents containing
lists of words
|
| services.vault.extraSettingsPaths | Configuration files to load besides the immutable one defined by the NixOS module
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".secret_key_base | Secret key used as a base to generate further secrets for encrypting and
signing data
|
| documentation.man.mandoc.settings.output.indent | Number of blank characters at the left margin for normal text,
default of 5 for mdoc(7) and 7 for
man(7)
|
| services.jirafeau.nginxConfig.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.athens.singleFlight.redisSentinel.sentinelPassword | Password for the sentinel server
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.mastodon.elasticsearch.host | Elasticsearch host
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.postfix.enableSubmission | Whether to enable the `submission` service configured in master.cf
|
| services.wyoming.faster-whisper.servers.<name>.initialPrompt | Optional text to provide as a prompt for the first window
|
| services.nginx.virtualHosts.<name>.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| specialisation | Additional configurations to build
|
| services.prometheus.exporters.pve.environmentFile | Path to the service's environment file
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| services.grafana.provision.alerting.templates.settings.templates.*.template | Alerting with a custom text template
|
| services.maddy.ensureCredentials.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the user.
|
| virtualisation.oci-containers.containers.<name>.capabilities | Capabilities to configure for the container
|
| services.prometheus.exporters.mail.configuration.servers | List of servers that should be probed.
Note: if your mailserver has rspamd(8) configured,
it can happen that emails from this exporter are marked as spam
|
| security.allowSimultaneousMultithreading | Whether to allow SMT/hyperthreading
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.prometheus.exporters.idrac.configurationPath | Path to the service's config file
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| services.jellyfin.transcoding.enableSubtitleExtraction | Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|