| services.pixelfed.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.mainsail.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.chatgpt-retrieval-plugin.openaiApiKeyPath | Path to the secret openai api key used for embeddings.
|
| services.triggerhappy.bindings | Key bindings for triggerhappy.
|
| services.agorakit.config | Agorakit configuration options to set in the
.env file
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.access_key | Access key to use. https://console.scaleway.com/project/credentials
|
| services.bookstack.config | BookStack configuration options to set in the
.env file
|
| services.discourse.mail.contactEmailAddress | Email address of key contact responsible for this
site
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key | Secret key to use when listing targets. https://console.scaleway.com/project/credentials
It is mutually exclusive with secret_key_file.
|
| services.xserver.windowManager.xmonad.config | Configuration from which XMonad gets compiled
|
| services.zfs.autoReplication.identityFilePath | Path to SSH key used to login to host.
|
| services.hylafax.commonModemConfig | Attribute set of default values for
modem config files etc/config.*
|
| services.znapzend.features.sendRaw | Whether to enable sendRaw feature which adds the options -w to the
zfs send command
|
| environment.wordlist.lists | A set with the key names being the environment variable you'd like to
set and the values being a list of paths to text documents containing
lists of words
|
| services.anuko-time-tracker.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.discourse.sslCertificateKey | The path to the server SSL certificate key
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.bookstack.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.rabbitmq.configItems | Configuration options in RabbitMQ's new config file format,
which is a simple key-value format that can not express nested
data structures
|
| boot.loader.systemd-boot.rebootForBitlocker | Enable EXPERIMENTAL BitLocker support
|
| services.rmfakecloud.extraSettings | Extra settings in the form of a set of key-value pairs
|
| services.gitlab.workhorse.config | Configuration options to add to Workhorse's configuration
file
|
| services.wgautomesh.gossipSecretFile | File containing the gossip secret, a shared secret key to use for gossip
encryption
|
| services.zabbixWeb.nginx.virtualHost.sslCertificateKey | Path to server SSL certificate key.
|
| services.nginx.virtualHosts.<name>.sslCertificateKey | Path to server SSL certificate key.
|
| services.privoxy.inspectHttps | Whether to configure Privoxy to inspect HTTPS requests, meaning all
encrypted traffic will be filtered as well
|
| networking.wg-quick.interfaces.<name>.peers.*.publicKey | The base64 public key to the peer.
|
| services.jirafeau.nginxConfig.sslCertificateKey | Path to server SSL certificate key.
|
| networking.wireless.networks.<name>.psk | The network's pre-shared key in plaintext defaulting
to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw with an external
reference to keep it safe.
Mutually exclusive with pskRaw.
|
| services.matrix-appservice-irc.settings.ircService.passwordEncryptionKeyPath | Location of the key with which IRC passwords are encrypted
for storage
|
| services.pocket-id.environmentFile | Path to an environment file to be loaded
|
| services.strongswan-swanctl.swanctl.secrets.token | Definition for a private key that's stored on a token/smartcard/TPM.
|
| services.strongswan-swanctl.swanctl.secrets.ppk | Postquantum Preshared Key (PPK) section for a specific secret
|
| networking.wg-quick.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys | List of raw public keys to accept for
authentication
|
| services.invoiceplane.sites.<name>.cron.enable | Enable cron service which periodically runs Invoiceplane tasks
|
| services.limesurvey.encryptionKeyFile | 32-byte key used to encrypt variables in the database
|
| services.foundationdb.locality.zoneId | Zone identifier key
|
| services.your_spotify.spotifySecretFile | A file containing the secret key of your Spotify application
|
| services.coturn.use-auth-secret | TURN REST API flag
|
| services.foundationdb.locality.dataHall | Data hall identifier key
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| services.mautrix-signal.environmentFile | File containing environment variables to be passed to the mautrix-signal service
|
| services.kubernetes.controllerManager.tlsKeyFile | Kubernetes controller-manager private key file.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.borgbackup.jobs.<name>.environment | Environment variables passed to the backup script
|
| services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret | Value of decryption passphrase for RSA key.
|
| services.fedimintd.<name>.nginx.config.sslCertificateKey | Path to server SSL certificate key.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key_file | Sets the secret key with the credentials read from the configured file
|
| services.mosquitto.listeners.*.authPlugins.*.options | Options for the auth plugin
|
| services.beesd.filesystems.<name>.spec | Description of how to identify the filesystem to be duplicated by this
instance of bees
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.pin | Optional PIN required to access the key on the token
|
| services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret | Value of decryption passphrase for ECDSA key.
|
| services.foundationdb.locality.machineId | Machine identifier key
|
| services.prometheus.exporters.postgres.dataSourceName | Accepts PostgreSQL URI form and key=value form arguments.
|
| services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret | Value of decryption passphrase for PKCS#8 key.
|
| services.step-ca.intermediatePasswordFile | Path to the file containing the password for the intermediate
certificate private key.
Make sure to use a quoted absolute path instead of a path literal
to prevent it from being copied to the globally readable Nix
store.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| services.cadvisor.storageDriverPasswordFile | File that contains the cadvisor storage driver password.
storageDriverPasswordFile takes precedence over storageDriverPassword
Warning: when storageDriverPassword is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword
|
| services.strongswan-swanctl.swanctl.connections.<name>.keyingtries | Number of retransmission sequences to perform during initial
connect
|
| boot.zfs.requestEncryptionCredentials | If true on import encryption keys or passwords for all encrypted datasets
are requested
|
| services.strongswan-swanctl.swanctl.secrets.token.<name>.handle | Hex-encoded CKA_ID or handle of the private key on the token or TPM,
respectively.
|
| services.mautrix-whatsapp.environmentFile | File containing environment variables to be passed to the mautrix-whatsapp service
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| services.outline.slackAuthentication.clientId | Authentication key.
|
| services.limesurvey.nginx.virtualHost.sslCertificateKey | Path to server SSL certificate key.
|
| services.neo4j.ssl.policies.<name>.allowKeyGeneration | Allows the generation of a private key and associated self-signed
certificate
|
| services.borgbackup.repos.<name>.authorizedKeys | Public SSH keys that are given full write access to this repository
|
| services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile | Path to your private key file used to encrypt OIDC JWTs.
|
| swapDevices.*.randomEncryption.enable | Encrypt swap device with a random key
|
| networking.wireguard.interfaces.<name>.privateKeyFile | Private key file as generated by wg genkey.
|
| services.strongswan-swanctl.swanctl.secrets.private.<name>.secret | Value of decryption passphrase for private key.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.key_file | Key file for client cert authentication to the server.
|
| networking.wg-quick.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.prometheus.exporters.klipper.moonrakerApiKey | API Key to authenticate with the Moonraker APIs
|
| services.discourse.siteSettings | Discourse site settings
|
| services.netbird.tunnels.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.netbird.clients.<name>.login.systemdDependencies | Additional systemd dependencies required to succeed before the Setup Key file becomes available.
|
| services.yggdrasil.persistentKeys | Whether to enable automatic generation and persistence of keys
|
| networking.openconnect.interfaces.<name>.privateKey | Private key to authenticate with.
|
| services.matrix-appservice-irc.passwordEncryptionKeyLength | Length of the key to encrypt IRC passwords with
|
| services.foundationdb.locality.datacenterId | Data center identifier key
|
| services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| swapDevices.*.randomEncryption | Encrypt swap device with a random key
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_id | String identifying the Postquantum Preshared Key (PPK) to be used.
|
| services.kubernetes.controllerManager.serviceAccountKeyFile | Kubernetes controller manager PEM-encoded private RSA key file used to
sign service account tokens
|
| services.cockroachdb.locality | An ordered, comma-separated list of key-value pairs that describe the
topography of the machine
|
| networking.wireguard.interfaces.<name>.generatePrivateKeyFile | Automatically generate a private key with
wg genkey, at the privateKeyFile location.
|
| services.mastodon.activeRecordEncryptionPrimaryKeyFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| services.postfix.settings.main.smtpd_tls_chain_files | List of paths to the server private keys and certificates.
The order of items matters and a private key must always be followed by the corresponding certificate.
https://www.postfix.org/postconf.5.html#smtpd_tls_chain_files
|
| services.matrix-synapse.settings.tls_certificate_path | PEM encoded X509 certificate for TLS
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| services.neo4j.directories.certificates | Directory for storing certificates to be used by Neo4j for
TLS connections
|
| services.mastodon.activeRecordEncryptionKeyDerivationSaltFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.access_key | The AWS API keys
|
| services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.secret_key | The AWS API keys
|
| services.strongswan-swanctl.swanctl.connections.<name>.ppk_required | Whether a Postquantum Preshared Key (PPK) is required for this connection
|