| services.minetest-server.config | Settings to add to the minetest config file
|
| services.umami.settings.APP_SECRET_FILE | A file containing a secure random string
|
| services.thermald.configFile | The thermald manual configuration file
|
| services.znc.config | Configuration for ZNC, see
https://wiki.znc.in/Configuration for details
|
| services.step-ca.settings | Settings that go into ca.json
|
| services.asterisk.extraConfig | Extra configuration options appended to the default
asterisk.conf file.
|
| services.namecoind.wallet | Wallet file
|
| services.teeworlds.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.filebeat.package | The filebeat package to use.
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.slurm.extraConfigPaths | Slurm expects config files for plugins in the same path
as slurm.conf
|
| services.apcupsd.configText | Contents of the runtime configuration file, apcupsd.conf
|
| fonts.fontconfig.localConf | System-wide customization file contents, has higher priority than
defaultFonts settings.
|
| services.mqtt2influxdb.mqtt.keyfile | Key file for MQTT
|
| services.strongswan.ca | A set of CAs (certification authorities) and their options for
the ‘ca xxx’ sections of the ipsec.conf
file.
|
| services.filesender.database.passwordFile | A file containing the password corresponding to
services.filesender.database.user.
|
| services.printing.extraFilesConf | Extra contents of the configuration file of the CUPS daemon
(cups-files.conf).
|
| programs.schroot.profiles | Custom configuration profiles for schroot.
|
| services.dendrite.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.slurm.enableStools | Whether to provide a slurm.conf file
|
| security.pam.yubico.enable | Enables Yubico PAM (yubico-pam) module
|
| services.logrotate.configFile | Override the configuration file used by logrotate
|
| services.znc.confOptions.userModules | A list of user modules to include in the znc.conf file.
|
| services.mpd.settings.db_file | The path to MPD's database.
|
| services.pipewire.wireplumber.extraConfig | Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
supported way to run WirePlumber configured via extraConfig)
|
| services.prometheus.exporters.mysqld.configFile | Path to the services config file
|
| services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| services.mackerel-agent.apiKeyFile | Path to file containing the Mackerel API key
|
| services.outline.utilsSecretFile | File path that contains the utility secret key
|
| virtualisation.fileSystems.<name>.label | Label of the device
|
| services.datadog-agent.extraConfig | Extra configuration options that will be merged into the
main config file datadog.yaml.
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| services.printing.browsedConf | The contents of the configuration. file of the CUPS Browsed daemon
(cups-browsed.conf)
|
| services.peering-manager.environmentFile | Environment file as defined in systemd.exec(5)
|
| security.doas.extraRules | Define specific rules to be set in the
/etc/doas.conf file
|
| services.nsd.zonefilesCheck | Whether to check mtime of all zone files on start and sighup.
|
| services.outline.secretKeyFile | File path that contains the application secret key
|
| services.prometheus.scrapeConfigs.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| security.pam.services.<name>.p11Auth | If set, keys listed in
~/.ssh/authorized_keys and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.couchdb.uriFile | This file contains the full URI that can be used to access this
instance of CouchDB
|
| services.filesender.user | User under which filesender runs.
|
| services.postfix.masterConfig | An attribute set of service options, which correspond to the service
definitions usually done within the Postfix
master.cf file.
|
| services.fail2ban.jails | The configuration of each Fail2ban “jail”
|
| services.headphones.configFile | Path to config file.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file | Absolute path to the certificate to load
|
| boot.tmp.useZram | Whether to mount a zram device on /tmp during boot.
Large Nix builds can fail if the mounted zram device is not large enough
|
| services.cfssl.metadata | Metadata file for root certificate presence
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.supybot.plugins | Attribute set of additional plugins that will be symlinked to the
plugin subdirectory
|
| services.pairdrop.rtcConfig | Configuration for STUN/TURN servers
|
| services.mqtt2influxdb.mqtt.certfile | Certificate file for MQTT
|
| services.phpfpm.pools.<name>.phpOptions | "Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
|
| services.postfix.settings.main.smtp_tls_CAfile | File containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates
|
| services.discourse.backendSettings | Additional settings to put in the
discourse.conf file
|
| services.vault-agent.instances.<name>.settings.pid_file | Path to use for the pid file.
|
| hardware.fancontrol.config | Required fancontrol configuration file content
|
| services.sssd.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.powerdns-admin.config | Configuration python file
|
| programs.zsh.histFile | Change history file.
|
| services.neo4j.https.sslPolicy | Neo4j SSL policy for HTTPS traffic
|
| boot.tmp.useTmpfs | Whether to mount a tmpfs on /tmp during boot.
Large Nix builds can fail if the mounted tmpfs is not large enough
|
| services.gammu-smsd.backend.files.sentSMSPath | Where the transmitted SMSes are placed
|
| virtualisation.fileSystems.<name>.autoFormat | If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
|
| services.shibboleth-sp.configFile | Path to shibboleth config file
|
| networking.networkmanager.ensureProfiles.environmentFiles | Files to load as environment file
|
| systemd.mounts.*.type | File system type.
|
| services.gitlab-runner.configFile | Configuration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.pangolin.settings | Additional attributes to be merged with the configuration options and written to Pangolin's config.yml file.
|
| services.seafile.seahubPackage | The seahub package to use.
|
| services.syncplay.saltFile | Path to the file that contains the server salt
|
| services.dockerRegistry.configFile | Path to CNCF distribution config file
|
| virtualisation.fileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| programs.less.lessclose | When less closes a file opened in such a way, it will call another program, called the input postprocessor,
which may perform any desired clean-up action (such as deleting the replacement file created by LESSOPEN).
|
| services.openafsServer.roles.fileserver.fileserverArgs | Arguments to the dafileserver process
|
| services.gammu-smsd.backend.files.inboxPath | Where the received SMSes are stored
|
| services.ifm.dataDir | Directory to serve throught the file managing service
|
| security.acme.defaults.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| virtualisation.fileSystems.<name>.autoResize | If set, the filesystem is grown to its maximum size before
being mounted. (This is typically the size of the containing
partition.) This is currently only supported for ext2/3/4
filesystems that are mounted during early boot.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file | Absolute path to the certificate to load
|
| services.etcd.keyFile | Key file to use for clients
|
| fonts.fontDir.enable | Whether to create a directory with links to all fonts in
/run/current-system/sw/share/X11/fonts.
|
| services.nextcloud.config.dbpassFile | The full path to a file that contains the database password.
|
| hardware.deviceTree.overlays.*.dtsFile | Path to .dts overlay file, overlay is applied to
each .dtb file matching "compatible" of the overlay.
|
| services.calibre-server.auth.userDb | Choose users database file to use for authentication
|
| services.strongswan.setup | A set of options for the ‘config setup’ section of the
ipsec.conf file
|
| services.disnix.enableProfilePath | Whether to enable exposing the Disnix profiles in the system's PATH.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.k3s.extraKubeletConfig | Extra configuration to add to the kubelet's configuration file
|
| environment.etc.<name>.user | User name of file owner
|
| services.prometheus.exporters.snmp.environmentFile | EnvironmentFile as defined in systemd.exec(5)
|
| services.gokapi.settingsFile | Path to config file to parse and append to settings
|
| boot.loader.grub.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the account
|