| options/nixos/services.movim.logDir | Log directory of the movim user which holds the application’s logs.
|
| options/nixos/services.influxdb2.provision.users | Users to provision.
|
| options/nixos/services.cloudlog.update-lotw-users.enable | Whether to periodically update the list of LoTW users
|
| options/nixos/services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| options/nixos/services.matomo.webServerUser | Name of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used
|
| options/nixos/services.xrdp.defaultWindowManager | The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session"
This is per-user overridable, if file ~/startwm.sh exists it will be used instead.
|
| options/nixos/users.ldap.bind.distinguishedName | The distinguished name to bind to the LDAP server with
|
| options/home-manager/programs.npm.enable | Whether to enable npm user config.
|
| options/nixos/services.spiped.config.<name>.keyfile | Name of a file containing the spiped key
|
| options/nixos/services.inadyn.settings.custom.<name>.username | Username for this DDNS provider.
|
| options/nixos/services.mosquitto.listeners.*.users | A set of users and their passwords and ACLs.
|
| options/nixos/services.mtprotoproxy.users | Allowed users and their secrets
|
| options/nixos/services.pipewire.systemWide | If true, a system-wide PipeWire service and socket is enabled
allowing all users in the "pipewire" group to use it simultaneously
|
| options/nixos/services.samba.settings.global."invalid users" | List of users who are denied to login via Samba.
|
| options/nixos/services.grafana-to-ntfy.settings.bauthUser | The user that you will authenticate with in the Grafana webhook settings
|
| options/nixos/services.openvpn.servers.<name>.authUserPass.username | The username to store inside the credentials file.
|
| options/nixos/services.grocy.dataDir | Home directory of the grocy user which contains
the application's state.
|
| options/nixos/programs.rush.enable | Whether to enable Restricted User Shell..
|
| options/nixos/programs.firefox.autoConfigFiles | AutoConfig files can be used to set and lock preferences that are not covered
by the policies.json for Mac and Linux
|
| options/nixos/services.umurmur.settings.max_users | Maximum number of concurrent clients allowed.
|
| options/nixos/services.openafsServer.roles.backup.buserverArgs | Arguments to the buserver process
|
| options/nixos/services.movim.dataDir | State directory of the movim user which holds the application’s state & data.
|
| options/nixos/services.unpoller.unifi.defaults.pass | Path of a file containing the password for the unifi service user
|
| options/nixos/services.zfs.autoReplication.username | Username used by SSH to login to remote host.
|
| options/nixos/services.dependency-track.oidc.usernameClaim | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| options/nixos/services.nifi.initUser | Initial user account for Apache NiFi
|
| options/home-manager/programs.jjui.enable | Whether to enable jjui - A terminal user interface for jujutsu.
|
| options/home-manager/dconf.databases | Settings to write to specific dconf user databases
|
| options/home-manager/programs.fd.enable | Whether to enable fd, a simple, fast and user-friendly alternative to find.
|
| options/nixos/services.displayManager.sddm.autoLogin.minimumUid | Minimum user ID for auto-login user.
|
| options/nixos/systemd.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| options/nixos/systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| options/nixos/systemd.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| options/nixos/services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| options/nixos/services.netbird.tunnels.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/nixos/services.netbird.clients.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/nixos/services.syncoid.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| options/nixos/security.pam.ussh.group | If set, then the authenticating user must be a member of this group
to use this module.
|
| options/nixos/services.prosody.muc | Multi User Chat (MUC) configuration
|
| options/nixos/services.newt.enable | Whether to enable Newt, user space tunnel client for Pangolin.
|
| options/nixos/services.userborn.passwordFilesLocation | The location of the original password files
|
| options/nixos/services.mosquitto.listeners.*.users.<name>.acl | Control client access to topics on the broker.
|
| options/nixos/boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| options/nixos/services.logind.settings.Login.KillUserProcesses | Specifies whether the processes of a user should be killed
when the user logs out
|
| options/nixos/services.zoneminder.database.username | Username for accessing the database.
|
| options/nixos/services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".username | User used to connect to the database
|
| options/nixos/services.lldap.settings.ldap_user_dn | Admin username
|
| options/nixos/programs.nano.enable | Whether to enable nano, a small user-friendly console text editor.
|
| options/darwin/homebrew.taps.*.name | When clone_target is unspecified, this is the name of a formula
repository to tap from GitHub using HTTPS
|
| options/nixos/services.inadyn.settings.provider.<name>.username | Username for this DDNS provider.
|
| options/nixos/services.logind.killUserProcesses | Specifies whether the processes of a user should be killed
when the user logs out
|
| options/nixos/systemd.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| options/nixos/systemd.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| options/nixos/services.mjolnir.pantalaimon.username | The username to login with.
|
| options/nixos/users.mysql.pam.disconnectEveryOperation | By default, pam_mysql keeps the connection to the MySQL
database until the session is closed
|
| options/nixos/services.saunafs.sfsUser | Run daemons as user.
|
| options/nixos/services.bitcoind.<name>.rpc.users.<name>.passwordHMAC | Password HMAC-SHA-256 for JSON-RPC connections
|
| options/nixos/security.pam.services.<name>.startSession | If set, the service will register a new session with
systemd's login manager
|
| options/nixos/services.postgresql.ensureUsers.*.ensureClauses.superuser | Grants the user, created by the ensureUser attr, superuser permissions
|
| options/nixos/users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| packages/nixpkgs/udocker | Basic user tool to execute simple docker containers in user space without root privileges |
| options/nixos/services.nextcloud.config.adminuser | Username for the admin account
|
| options/nixos/users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| options/nixos/services.seafile.dataDir | Path in which to store user data
|
| options/nixos/services.homed.enable | Whether to enable systemd home area/user account manager.
|
| options/nixos/services.mailman.webUser | User to run mailman-web as
|
| options/nixos/services.rshim.enable | Whether to enable user-space rshim driver for the BlueField SoC.
|
| options/nixos/system.nixos.variantName | A string identifying a specific variant or edition of the operating system suitable for presentation to the user
|
| options/home-manager/launchd.agents.<name>.config.ProcessType | This optional key describes, at a high level, the intended purpose of the job
|
| options/nixos/systemd.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| options/nixos/systemd.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| options/nixos/boot.crashDump.enable | If enabled, NixOS will set up a kernel that will
boot on crash, and leave the user in systemd rescue
to be able to save the crashed kernel dump at
/proc/vmcore
|
| options/nixos/services.monado.enable | Whether to enable Monado user service.
|
| options/nixos/services.grafana.settings.users.auto_assign_org | Set to true to automatically add new users to the main organization (id 1)
|
| options/nixos/services.postfix.recipientDelimiter | Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
|
| options/nixos/services.rshim.package | The rshim-user-space package to use.
|
| options/home-manager/programs.man.extraConfig | Additional fields to be added to the end of the user manpath config file.
|
| options/nixos/services.saunafs.chunkserver.hdds | Mount points to be used by chunkserver for storage (see sfshdd.cfg(5))
|
| options/nixos/services.kapacitor.defaultDatabase.username | The username to connect to the remote InfluxDB server
|
| packages/nixpkgs/spdk | Set of libraries for fast user-mode storage |
| options/nixos/services.grafana.settings.users.home_page | Path to a custom home page
|
| options/nixos/services.davfs2.davUser | When invoked by root the mount.davfs daemon will run as this user
|
| options/nixos/security.pam.ussh.caFile | By default pam-ussh reads the trusted user CA keys
from /etc/ssh/trusted_user_ca
|
| options/nixos/services.librenms.database.passwordFile | A file containing the password for the user of the MySQL/MariaDB server
|
| options/nixos/services.umami.settings.APP_SECRET_FILE | A file containing a secure random string
|
| options/nixos/programs.rush.shell | The resolved shell path that users can inherit to set rush as their login shell
|
| options/nixos/services.botamusique.settings.bot.username | Name the bot should appear with.
|
| options/nixos/users.extraUsers.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| options/nixos/systemd.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| packages/nixpkgs/lxd-ui | Web user interface for LXD |
| packages/nixpkgs/lbry | Browser and wallet for LBRY, the decentralized, user-controlled content marketplace |
| options/nixos/security.doas.extraRules.*.noPass | If true, the user is not required to enter a
password.
|
| options/nixos/security.pam.mount.enable | Enable PAM mount system to mount filesystems on user login.
|
| options/nixos/services.dwm-status.enable | Whether to enable dwm-status user service.
|
| options/home-manager/home.extraOutputsToInstall | List of additional package outputs of the packages
home.packages that should be installed into
the user environment.
|
| options/home-manager/services.dwm-status.enable | Whether to enable dwm-status user service.
|
| options/nixos/services.rabbitmq.listenAddress | IP address on which RabbitMQ will listen for AMQP
connections
|
| options/nixos/services.mqtt2influxdb.mqtt.username | Username used to connect to the MQTT server.
|
| options/nixos/services.grafana.settings.users.login_hint | Text used as placeholder text on login page for login/username input.
|
| options/nixos/services.glitchtip.settings.ENABLE_USER_REGISTRATION | When true, any user will be able to register
|