| boot.tmp.zramSettings.fs-type | The file system to put on the device
|
| services.athens.tlsKeyFile | Path to the TLS key file.
|
| services.send.enable | Whether to enable Send, a file sharing web sevice for ffsend..
|
| services.vsftpd.rsaKeyFile | RSA private key file.
|
| users.mysql.passwordFile | The path to the file containing the password for the user
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| services.seafile.seahubPackage | The seahub package to use.
|
| services.thanos.query.store.sd-files | Path to files that contain addresses of store API servers
|
| programs.msmtp.accounts | Named accounts and their respective configurations
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| boot.loader.systemd-boot.extraEntries | Any additional entries you want added to the systemd-boot menu
|
| services.journald.remote.output | The location of the output journal
|
| services.nginx.logError | Configures logging
|
| services.openafsServer.roles.fileserver.fileserverArgs | Arguments to the dafileserver process
|
| services.headphones.configFile | Path to config file.
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| programs.git.lfs.enable | Whether to enable git-lfs (Large File Storage).
|
| services.ttyd.keyFile | SSL key file path
|
| services.vsftpd.rsaCertFile | RSA certificate file.
|
| users.groups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| swapDevices | The swap devices and swap files
|
| services.prometheus.exporters.restic.rcloneConfigFile | Path to the file containing rclone configuration
|
| services.mediatomb.customCfg | Allow the service to create and use its own config file inside the dataDir as
configured by services.mediatomb.dataDir
|
| services.xserver.xkb.extraLayouts.<name>.typesFile | The path to the xkb types file
|
| services.pretalx.settings.files.upload_limit | Maximum file upload size in MiB.
|
| services.apcupsd.configText | Contents of the runtime configuration file, apcupsd.conf
|
| services.headscale.settings.policy.path | If the mode is set to "file", the path to a
HuJSON file containing ACL policies.
|
| services.firezone.server.smtp.passwordFile | File containing the password for the given username
|
| services.tsidp.environmentFile | Path to an environment file loaded for the tsidp service
|
| services.pdfding.database.passwordFile | File containing POSTGRES_PASSWORD
|
| services.shibboleth-sp.configFile | Path to shibboleth config file
|
| services.sshguard.blacklist_file | Blacklist an attacker when its score exceeds threshold
|
| hardware.fancontrol.config | Required fancontrol configuration file content
|
| services.disnix.enableProfilePath | Whether to enable exposing the Disnix profiles in the system's PATH.
|
| services.cloudflared.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| services.lasuite-meet.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.athens.tlsCertFile | Path to the TLS certificate file.
|
| services.athens.netrcPath | Path to the .netrc file.
|
| boot.initrd.enable | Whether to enable the NixOS initial RAM disk (initrd)
|
| services.prosody.ssl.key | Path to the key file.
|
| services.ntp.extraConfig | Additional text appended to ntp.conf.
|
| services.plikd.enable | Whether to enable plikd, a temporary file upload system.
|
| services.locate.output | The database file to build.
|
| services.vault.tlsKeyFile | TLS private key file
|
| users.users.<name>.subUidRanges | Subordinate user ids that user is allowed to use
|
| users.users.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| security.pam.rssh.settings.auth_key_file | Path to file with trusted public keys in OpenSSH's authorized_keys format
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| services.dashy.settings | Settings serialized into user-data/conf.yml before build
|
| services.dnsmasq.settings | Configuration of dnsmasq
|
| services.jupyterhub.extraConfig | Extra contents appended to the jupyterhub configuration
Jupyterhub configuration is a normal python file using
Traitlets. https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html
|
| services.traccar.settings | config.xml configuration as a Nix attribute set
|
| services.newt.environmentFile | Path to a file containing sensitive environment variables for Newt
|
| virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| virtualisation.fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.dockerRegistry.configFile | Path to CNCF distribution config file
|
| environment.profiles | A list of profiles used to setup the global environment.
|
| services.murmur.logFile | Path to the log file for Murmur daemon
|
| boot.loader.grub.extraConfig | Additional GRUB commands inserted in the configuration file
just before the menu entries.
|
| services.cfssl.dbConfig | Certificate db configuration file
|
| services.mongodb.pidFile | Location of MongoDB pid file
|
| services.ndppd.routeTTL | This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route,
in milliseconds.
|
| services.ncps.netrcFile | The path to netrc file for upstream authentication
|
| services.nghttpx.tls.crt | Path to the TLS certificate file.
|
| services.nghttpx.tls.key | Path to the TLS key file.
|
| services.vault.tlsCertFile | TLS certificate file
|
| systemd.mounts.*.options | Options used to mount the file system.
|
| xdg.portal.wlr.enable | Whether to enable desktop portal for wlroots-based desktops
|
| services.github-runners.<name>.tokenFile | The full path to a file which contains either
- a fine-grained personal access token (PAT),
- a classic PAT
- or a runner registration token
Changing this option or the tokenFile’s content triggers a new runner registration
|
| services.yarr.authFilePath | Path to a file containing username:password. null means no authentication required to use the service.
|
| services.prometheus.exporters.postfix.logfilePath | Path where Postfix writes log entries
|
| security.acme.defaults.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| services.powerdns-admin.config | Configuration python file
|
| services.livebook.environmentFile | Additional environment file as defined in systemd.exec(5)
|
| services.castopod.database.passwordFile | A file containing the password corresponding to
services.castopod.database.user
|
| services.mastodon.vapidPublicKeyFile | Path to file containing the public key used for Web Push
Voluntary Application Server Identification
|
| services.home-assistant.lovelaceConfigFile | Your ui-lovelace.yaml managed as configuraton file
|
| services.xserver.xkb.extraLayouts.<name>.compatFile | The path to the xkb compat file
|
| services.kanidm.provision.extraJsonFile | A JSON file for provisioning persons, groups & systems
|
| services.seafile.ccnetSettings | Configuration for ccnet, see
https://manual.seafile.com/config/ccnet-conf/
for supported values.
|
| services.gammu-smsd.backend.files.sentSMSPath | Where the transmitted SMSes are placed
|
| services.nghttpx.rlimit-nofile | Set maximum number of open files (RLIMIT_NOFILE) to <N>
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.filesender.enable | Whether to enable FileSender.
|
| services.etebase-server.settings.global.secret_file | The path to a file containing the secret
used as django's SECRET_KEY.
|
| virtualisation.fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| programs.nix-index.enable | Whether to enable nix-index, a file database for nixpkgs.
|
| services.couchdb.logFile | Specifies the location of file for logging output.
|
| services.gitea.camoHmacKeyFile | Path to a file containing the camo HMAC key.
|
| services.prosody.ssl.cert | Path to the certificate file.
|
| services.movim.secretFile | The secret file to be sourced for the .env settings.
|
| services.opengfw.logFile | File to write the output to instead of systemd.
|