| services.transmission.credentialsFile | Path to a JSON file to be merged with the settings
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.victoriatraces.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaTraces instance by authorization
|
| services.mattermost.database.fromEnvironment | Use services.mattermost.environmentFile to configure the database instead of writing the database URI
to the Nix store
|
| services.mattermost.environmentFile | Environment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) which sets config options
for mattermost (see the Mattermost documentation)
|
| services.parsedmarc.provision.localMail.recipientName | The DMARC mail recipient name, i.e. the name part of the
email address which receives DMARC reports
|
| services.limesurvey.nginx.virtualHost.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.livebook.environmentFile | Additional environment file as defined in systemd.exec(5)
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.victoriametrics.basicAuthPasswordFile | File that contains the Basic Auth password used to protect VictoriaMetrics instance by authorization
|
| services.prometheus.exporters.ecoflow.ecoflowPasswordFile | Path to the file with your personal ecoflow app login email password
|
| services.magnetico.web.credentials | The credentials to access the web interface, in case authentication is
enabled, in the format username:hash
|
| services.prometheus.exporters.ecoflow.exporterType | The type of exporter you'd like to use
|
| services.openssh.settings.PasswordAuthentication | Specifies whether password authentication is allowed.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.prometheus.exporters.artifactory.artiAccessToken | Access token for authentication against JFrog Artifactory API
|
| services.prometheus.exporters.unpoller.controllers.*.pass | Path of a file containing the password for the unifi service user
|
| services.postgresql.authentication | Defines how users authenticate themselves to the server
|
| services.prometheus.exporters.pgbouncer.connectionString | Connection string for accessing pgBouncer
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saeAddToMacAllow | If set, all sae password entries that have a non-wildcard MAC associated to
them will additionally be used to populate the MAC allow list
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id | If this attribute is given with non-zero length, it will set the password identifier
for this entry
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth | Authentication information used to authenticate to the API server.
password and password_file are mutually exclusive.
|
| services.prometheus.exporters.mail.configuration.servers.*.passphrase | Password to use for SMTP authentication.
|
| services.prometheus.exporters.postgres.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords | Sets allowed passwords for WPA3-SAE
|
| services.prometheus.alertmanager-ntfy.settings.ntfy.notification.topic | Note: when using ntfy.sh and other public instances
it is recommended to set this option to an empty string and set the actual topic via
services.prometheus.alertmanager-ntfy.extraConfigFiles since
the topic in ntfy.sh is essentially a password
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_id | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_name | The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate
|
| services.vsftpd.userDbPath | Only applies if enableVirtualUsers is true
|
| users.mysql.pam.cryptDefault | The default encryption method to use for passwordCrypt = 1.
|
| security.doas.extraConfig | Extra configuration text appended to doas.conf
|
| services._3proxy.usersFile | Load users and passwords from this file
|
| services.prometheus.exporters.nut.nutUser | The user to log in into NUT server
|
| security.doas.extraRules | Define specific rules to be set in the
/etc/doas.conf file
|
| services.microbin.settings | Additional configuration for MicroBin, see
https://microbin.eu/docs/installation-and-configuration/configuration/
for supported values
|
| services.qbittorrent.serverConfig | Free-form settings mapped to the qBittorrent.conf file in the profile
|
| services.ddclient.secretsFile | A file containing the secrets for the dynamic DNS provider
|
| users.mysql.pam.table | The name of table that maps unique login names to the passwords.
|
| services.prometheus.checkConfig | Check configuration with promtool check
|
| programs.ssh.askPassword | Program used by SSH to ask for passwords.
|
| security.pam.oath.window | Specify the number of one-time passwords to check in order
to accommodate for situations where the system and the
client are slightly out of sync (iteration for HOTP or time
steps for TOTP).
|
| programs.seahorse.enable | Whether to enable Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring.
|
| security.pam.sshAgentAuth.enable | Whether to enable authenticating using a signature performed by the ssh-agent
|
| services.bitlbee.authBackend | How users are authenticated
storage -- save passwords internally
pam -- Linux PAM authentication
|
| security.pam.services.<name>.unixAuth | Whether users can log in with passwords defined in
/etc/shadow.
|
| boot.initrd.luks.devices.<name>.keyFileTimeout | The amount of time in seconds for a keyFile to appear before
timing out and trying passwords.
|
| security.ipa.offlinePasswords | Whether to store offline passwords when the server is down.
|
| services.syncplay.salt | Salt to allow room operator passwords generated by this server
instance to still work when the server is restarted
|
| services.syncplay.saltFile | Path to the file that contains the server salt
|
| services.freeradius.debug | Whether to enable debug logging for freeradius (-xx
option)
|
| services.gnome.gnome-keyring.enable | Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords
.
|
| services.freshrss.api.enable | Whether to enable API access for mobile apps and third-party clients (Google Reader API and Fever API)
|
| boot.iscsi-initiator.extraConfigFile | Append an additional file's contents to /etc/iscsid.conf
|
| services.prosody.modules.register | Allow users to register on this server using a client and change passwords
|
| services.openiscsi.extraConfigFile | Append an additional file's contents to /etc/iscsid.conf
|
| services.cassandra.jmxRoles | Roles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store
|
| security.loginDefs.settings.ENCRYPT_METHOD | This defines the system default encryption algorithm for encrypting passwords.
|
| services.mosquitto.listeners.*.users | A set of users and their passwords and ACLs.
|
| services.maddy.tls.loader | TLS certificates are obtained by modules called "certificate
loaders"
|
| services.samba.settings.global."passwd program" | Path to a program that can be used to set UNIX user passwords.
|
| services.wastebin.secretFile | Path to file containing sensitive environment variables
|
| services.vikunja.environmentFiles | List of environment files set in the vikunja systemd service
|
| services.cjdns.authorizedPasswords | Any remote cjdns nodes that offer these passwords on
connection will be allowed to route through this node.
|
| services.libeufin.bank.initialAccounts | Accounts to enable before the bank service starts
|
| services.icingaweb2.resources | resources.ini contents
|
| boot.zfs.requestEncryptionCredentials | If true on import encryption keys or passwords for all encrypted datasets
are requested
|
| services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| services.chhoto-url.settings.hash_algorithm | The hash algorithm to use for passwords and API keys
|
| services.prometheus.exporters.collectd.collectdBinary.authFile | File mapping user names to pre-shared keys (passwords).
|
| services.prometheus.exporters.pve.environmentFile | Path to the service's environment file
|
| services.prometheus.exporters.idrac.configurationPath | Path to the service's config file
|
| services.matrix-synapse.settings.turn_shared_secret | The shared secret used to compute passwords for the TURN server
|