This tells pgmanage to only allow users in a certain PostgreSQL group to login to pgmanage

Whether to enable API access for mobile apps and third-party clients (Google Reader API and Fever API)

If enabled, spacecookie will hide personal information of users like IP addresses from log output.

Whether users of the wheel group must provide a password to run commands as super user via run0.

If set, users listed in ~/.yubico/authorized_yubikeys are able to log in with the associated Yubikey tokens.

The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication

Enable or disable TTY auditing for specified users

If enabled, starts a Terraria server

Seed settings for users and groups

A list of users which will not be shown in the display manager.

Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication

Define resource limits that should apply to users or groups

Window class translation rules. /etc/X11/imwheelrc is generated based on this config which means this config is global for all users

Send announcement to all online users

Number of daemons to serve user requests

Whether to enable provisioning of groups, users and oauth2 resource servers.

Defines whether users see the Register option in the menu of Time Tracker that allows them to self-register and create new organizations (top groups).

Whether to add Soundmodem to the global environment and configure a wrapper for 'soundmodemconfig' for users in the 'soundmodem' group.

Whether to enable non-root access to the firmware of UHK keyboards

The lmtp daemon will make the unix socket group-read/write for users in this group.

Font packages to use in Steam

Whether to enable tailscale.nginx-auth, to authenticate nginx users via tailscale.

If set, users listed in $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set) are able to log in with the associated U2F key

Allow users to register on this server using a client and change passwords

Whether to enable udev rules for devices supported by libjaylink

File containing a secret used to salt the users' password hashes and generate filenames for static content.

Whether users of the wheel group must provide a password to run commands or edit files with please and pleaseedit respectively.

Install the SPICE USB redirection helper with setuid privileges

Whether any uploads are permitted to anonymous users.

If set, users with an SSH certificate containing an authorized principal in their SSH agent are able to log in

Newline separated list of names to be allowed/denied if userlistEnable is true

Whether to enable the Howdy PAM module

Users and proxy configuration

Refer to the Tuliprox documentation for available attributes

Launch Hyprland with the UWSM (Universal Wayland Session Manager) session manager

An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs

Initial preferences are used to configure the browser for the first run

Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication

Enable font antialiasing

List of users allowed to operate with the config. "root" is always implicitly included

Whether to enable exposing OpenSSH public keys defined in userdb

If true, a system-wide PipeWire service and socket is enabled allowing all users in the "pipewire" group to use it simultaneously

Whether local users are confined to their home directory.

Whether any uploads are permitted to anonymous users.

A file containing the secret used to encrypt session keys

Make your The Lounge instance public

Enable if you want to fetch all, even the read messages from the server

Whether to allow registration of new admin users.

An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs

Do minification on public static files which reduces the size of assets — saving data for the server & users as well as offering a performance improvement

A file containing the secret used to encrypt secrets for OTP tokens

Sets transmission's file mode creation mask

Enables U2F PAM (pam-u2f) module

All listed users will become part of the firezone-client group so they can control the tunnel service

List of reporter objects used to present build status to various users.

Whether to enable System bus notification support

WARNING: enabling this option (while convenient) should not be done on a machine where you do not trust the other users as it allows any other local user to DoS your session by spamming notifications .

Path to the configuration file containing authorized users credentials to run iperf tests.

Whether new users can register on this server

The duration in time a user invitation remains valid before expiring

Enable hardened VirtualBox, which ensures that only the binaries in the system path get access to the devices exposed by the kernel modules instead of all users in the vboxusers group.

Enable if you want to delete read messages from the server

Enable font hinting

Set this option to true to enable HTTP compression, this can improve transfer speed and bandwidth utilization

This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles

Maximum amount of users which will be allowed to register on this system. 0 - no limit.

If set, shows a contact email address when rendering error pages

A list of paths that should be included in the system closure but generally not visible to users

The hosts.hfaxd file entry in the spooling area will be symlinked to the location given here

Maximum number of client connections allowed

Whether to generate the password files at build time and store them directly in the system closure, without requiring any services at boot time

Makes user-profiles globally available under nextcloud.tld/u/user.name

Paths to the Nix profile

Don't allow users to connect in non-secure mode (without random padding).

If set, shows a contact email address when rendering error pages

Path to a file containing extra ntfy environment variables in the systemd EnvironmentFile format

Defines one or more team names that auto-provisioned OIDC users shall be added to

Frontend configuration

Name of the remote read config, which if specified must be unique among remote read configs

This is optional and is by default off, because most users will not need it

Specify SSH host keys to import into the initrd

A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.

Apple menu > System Preferences > Users and Groups > Login Options

Auto login the supplied user on boot

Name of the remote write config, which if specified must be unique among remote write configs

SFTP private key file

Where to redirect new users upon registration.

JSON file containing secret keys

Whether to enable configuration for Hyprland, a tiling Wayland compositor that doesn't sacrifice on its looks.

The set of packages that appear in /run/current-system/sw

The set of packages that appear in /run/current-system/sw

When not set to null this option defines the path at which the unbound remote control socket should be created at

FreeType LCD filter

Whether new users can register on this server

Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers and UDP 21027 for discovery

This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles

If false, a PulseAudio server is launched automatically for each user that tries to use the sound system

If you want to prevent node sharing from allowing users to access services across tailnets, declare your expected tailnets domain here.

Allow users to register themselves

Deactivates analytics

Whether to enable the dummy "startx" pseudo-display manager, which allows users to start X manually via the startx command from a virtual terminal.

The permission for settings.dir

The channel in which users will appear in when connecting.