| services.mastodon.vapidPublicKeyFile | Path to file containing the public key used for Web Push
Voluntary Application Server Identification
|
| services.home-assistant.lovelaceConfigFile | Your ui-lovelace.yaml managed as configuraton file
|
| services.xserver.xkb.extraLayouts.<name>.compatFile | The path to the xkb compat file
|
| services.autorandr.profiles.<name>.fingerprint | Output name to EDID mapping
|
| services.slskd.settings.retention.files.incomplete | Lifespan of incomplete downloading files in minutes.
|
| programs.nix-index.enable | Whether to enable nix-index, a file database for nixpkgs.
|
| services.couchdb.logFile | Specifies the location of file for logging output.
|
| services.gitea.camoHmacKeyFile | Path to a file containing the camo HMAC key.
|
| services.prosody.ssl.cert | Path to the certificate file.
|
| services.mimir.configFile | Specify a configuration file that Mimir should use.
|
| services.movim.secretFile | The secret file to be sourced for the .env settings.
|
| services.opengfw.logFile | File to write the output to instead of systemd.
|
| services.lirc.options | LIRC default options described in man:lircd(8) (lirc_options.conf)
|
| services.nextcloud.settings."profile.enabled" | Makes user-profiles globally available under nextcloud.tld/u/user.name
|
| services.angrr.settings.profile-policies.<name>.keep-current-system | Whether to keep the current system generation
|
| services.traefik.environmentFiles | Files to load as an environment file just before Traefik starts
|
| services.prometheus.exporters.fritz.settings.devices.*.password_file | Path to a file which contains the password to authenticate with the target device
|
| services.bepasty.servers.<name>.secretKeyFile | A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey
|
| services.mastodon.vapidPrivateKeyFile | Path to file containing the private key used for Web Push
Voluntary Application Server Identification
|
| services.xserver.xkb.extraLayouts.<name>.symbolsFile | The path to the xkb symbols file
|
| services.kanidm.provision.adminPasswordFile | Path to a file containing the admin password for kanidm
|
| services.hostapd.radios.<name>.networks.<name>.dynamicConfigScripts | All of these scripts will be executed in lexicographical order before hostapd
is started, right after the bss segment was generated and may dynamically
append bss options to the generated configuration file
|
| services.mautrix-meta.instances.<name>.environmentFile | File containing environment variables to substitute when copying the configuration
out of Nix store to the services.mautrix-meta.dataDir
|
| services.cron.cronFiles | A list of extra crontab files that will be read and appended to the main
crontab file when the cron service starts.
|
| virtualisation.sharedDirectories.<name>.securityModel | The security model to use for this share:
passthrough: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)mapped-xattr: some of the file attributes like uid, gid, mode bits and link target are stored as file attributesmapped-file: the attributes are stored in the hidden .virtfs_metadata directory
|
| services.prometheus.remoteRead.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.airsonic.war | Airsonic war file to use.
|
| services.dante.config | Contents of Dante's configuration file
|
| services.davis.mail.dsnFile | A file containing the mail DSN for sending emails
|
| services.bacula-fd.enable | Whether to enable the Bacula File Daemon.
|
| programs.thunar.enable | Whether to enable Thunar, the Xfce file manager.
|
| security.sudo.extraConfig | Extra configuration text appended to sudoers.
|
| services.nar-serve.enable | Whether to enable serving NAR file contents via HTTP.
|
| services.soju.extraConfig | Lines added verbatim to the generated configuration file.
|
| services.tempo.configFile | Specify a path to a configuration file that Tempo should use.
|
| services.lirc.configs | Configurations for lircd to load, see man:lircd.conf(5) for details (lircd.conf)
|
| services.loki.configFile | Specify a configuration file that Loki should use
|
| services.murmur.logToFile | Whether to enable logging to a file instead of journald, which is stored in /var/log/murmur.
|
| services.oauth2-proxy.tls.key | Path to private key file.
|
| users.extraUsers.<name>.pamMount | Attributes for user's entry in
pam_mount.conf.xml
|
| services.k3s.configPath | File path containing the k3s YAML config
|
| services.bookstack.settings.APP_KEY_FILE | The path to your appkey
|
| services.prometheus.scrapeConfigs.*.bearer_token_file | Sets the Authorization header on every scrape request with
the bearer token read from the configured file
|
| services.kubernetes.apiserver.serviceAccountKeyFile | File containing PEM-encoded x509 RSA or ECDSA private or public keys,
used to verify ServiceAccount tokens
|
| services.pufferpanel.extraPackages | Packages to add to the PATH environment variable
|
| environment.etc | Set of files that have to be linked in /etc.
|
| services.kanata.keyboards.<name>.configFile | The config file
|
| services.gns3-server.ssl.keyFile | Private key file for the certificate.
|
| security.sudo-rs.extraConfig | Extra configuration text appended to sudoers.
|
| power.ups.schedulerRules | File which contains the rules to handle UPS events.
|
| security.pam.ussh.caFile | By default pam-ussh reads the trusted user CA keys
from /etc/ssh/trusted_user_ca
|
| services._3proxy.confFile | Ignore all other 3proxy options and load configuration from this file.
|
| services.galene.keyFile | Path to the server's private key
|
| services.node-red.configFile | Path to the JavaScript configuration file
|
| services.sssd.settings | Contents of sssd.conf.
|
| services.mihomo.configFile | Configuration file to use.
|
| services.nginx.sslDhparam | Path to DH parameters file.
|
| services.rke2.configPath | File path containing the rke2 YAML config
|
| services.castopod.environmentFile | Environment file to inject e.g. secrets into the configuration
|
| services.guacamole-client.settings | Configuration written to guacamole.properties.
The Guacamole web application uses one main configuration file called
guacamole.properties
|
| services.trilium-server.environmentFile | File to load as the environment file
|
| services.tsmBackup.servername | Create a systemd system service
tsm-backup.service that starts
a backup based on the given servername's stanza
|
| services.home-assistant.lovelaceConfig | Your ui-lovelace.yaml as a Nix attribute set
|
| services.openafsServer.roles.fileserver.salvageserverArgs | Arguments to the salvageserver process
|
| services.system76-scheduler.settings.cfsProfiles.enable | Tweak CFS latency parameters when going on/off battery
|
| services.prometheus.remoteWrite.*.tls_config.ca_file | CA certificate to validate API server certificate with.
|
| services.jigasi.config | Contents of the sip-communicator.properties configuration file for jigasi.
|
| services.cron.systemCronJobs | A list of Cron jobs to be appended to the system-wide
crontab
|
| services.etcd.trustedCaFile | Certificate authority file to use for clients
|
| programs.xonsh.config | Extra text added to the end of /etc/xonsh/xonshrc,
the system-wide control file for xonsh.
|
| services.bind.extraConfig | Extra lines to be added verbatim to the generated named configuration file.
|
| services.galene.certFile | Path to the server's certificate
|
| services.lemmy.pictrsApiKeyFile | File which contains the value of pictrs.api_key.
|
| services.self-deploy.nixFile | Path to nix file in repository
|
| services.qui.secretFile | Path to a file that contains the session secret
|
| services.vault.extraConfig | Extra text appended to vault.hcl.
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| services.pocket-id.credentials | Environment variables which are loaded from the contents of the specified file paths
|
| services.lldap.settings.ldap_user_pass_file | Path to a file containing the default admin password
|
| services.hylafax.commonModemConfig | Attribute set of default values for
modem config files etc/config.*
|
| services.firezone.headless-client.tokenFile | A file containing the firezone client token
|
| services.monero.environmentFile | Path to an EnvironmentFile for the monero service as defined in systemd.exec(5)
|
| services.kubernetes.kubelet.extraConfig | Kubernetes kubelet extra configuration file entries
|
| services.grav.maxUploadSize | The upload limit for files
|
| services.rspamd.locals | Local configuration files, written into /etc/rspamd/local.d/{name}.
|
| services.transmission.settings.script-torrent-done-filename | Executable to be run at torrent completion.
|
| services.graylog.nodeIdFile | Path of the file containing the graylog node-id
|
| services.flannel.etcd.caFile | Etcd certificate authority file
|
| services.klipper.logFile | Path of the file Klipper should log to
|
| programs.bat.settings | Parameters to be written to the system-wide bat configuration file.
|
| programs.atop.settings | Parameters to be written to /etc/atoprc.
|
| services.flannel.etcd.keyFile | Etcd key file
|
| services.cfssl.configFile | Path to configuration file
|
| boot.plymouth.extraConfig | Literal string to append to configFile
and the config file generated by the plymouth module.
|
| services.tftpd.enable | Whether to enable tftpd, a Trivial File Transfer Protocol server
|
| services.pdnsd.extraConfig | Extra configuration directives that should be added to
pdnsd.conf.
|
| services.target.config | Content of /etc/target/saveconfig.json
This file is normally read and written by targetcli
|
| services.vault.storagePath | Data directory for file backend
|
| users.ldap.extraConfig | Extra configuration options that will be added verbatim at
the end of the ldap configuration file (ldap.conf(5))
|
| users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|