| options/nixos/services.bepasty.servers.<name>.workDir | Path to the working directory (used for config and pidfile)
|
| options/nixos/security.doas.wheelNeedsPassword | Whether users of the wheel group must provide a password to
run commands as super user via doas.
|
| options/nixos/services.prosody.modules.welcome | Welcome users who register accounts
|
| packages/nixpkgs/afsctool | Utility that allows end-users to leverage HFS+/APFS compression |
| options/nixos/security.sudo-rs.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| options/nixos/services.displayManager.hiddenUsers | A list of users which will not be shown in the display manager.
|
| options/nixos/security.pam.dp9ik.authserver | This controls the hostname for the 9front authentication server
that users will be authenticated against.
|
| options/nixos/security.pam.services.<name>.yubicoAuth | If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
|
| options/nixos/services.portunus.seedSettings | Seed settings for users and groups
|
| options/nixos/services.pgmanage.loginGroup | This tells pgmanage to only allow users in a certain PostgreSQL group to
login to pgmanage
|
| options/nixos/services.terraria.enable | If enabled, starts a Terraria server
|
| options/nixos/services.upower.ignoreLid | Do we ignore the lid state
Some laptops are broken
|
| packages/nixpkgs/scmutils | Scheme library for mathematical physics |
| options/nixos/services.bitlbee.authMode | The following authentication modes are available:
Open -- Accept connections from anyone, use NickServ for user authentication
|
| options/nixos/security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| options/nixos/services.freshrss.api.enable | Whether to enable API access for mobile apps and third-party clients (Google Reader API and Fever API)
|
| options/nixos/programs.soundmodem.enable | Whether to add Soundmodem to the global environment and configure a
wrapper for 'soundmodemconfig' for users in the 'soundmodem' group.
|
| options/nixos/services.openafsClient.daemons | Number of daemons to serve user requests
|
| packages/nixpkgs/tntnet | Web server which allows users to develop web applications using C++ |
| packages/nixpkgs/whisparr | Adult movie collection manager for Usenet and BitTorrent users |
| options/nixos/virtualisation.spiceUSBRedirection.enable | Install the SPICE USB redirection helper with setuid
privileges
|
| options/nixos/security.pam.loginLimits | Define resource limits that should apply to users or groups
|
| options/nixos/services.prosody.modules.announce | Send announcement to all online users
|
| options/nixos/services.glitchtip.settings.ENABLE_USER_REGISTRATION | When true, any user will be able to register
|
| options/nixos/programs.steam.fontPackages | Font packages to use in Steam
|
| options/nixos/services.kanidm.provision.enable | Whether to enable provisioning of groups, users and oauth2 resource servers.
|
| options/nixos/services.xserver.imwheel.rules | Window class translation rules.
/etc/X11/imwheelrc is generated based on this config
which means this config is global for all users
|
| options/nixos/hardware.libjaylink.enable | Whether to enable udev rules for devices supported by libjaylink
|
| options/nixos/services.nginx.tailscaleAuth.enable | Whether to enable tailscale.nginx-auth, to authenticate nginx users via tailscale.
|
| options/nixos/security.pam.services.<name>.u2fAuth | If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key
|
| options/nixos/security.please.wheelNeedsPassword | Whether users of the wheel group must provide a password to run
commands or edit files with please and
pleaseedit respectively.
|
| options/nixos/hardware.keyboard.uhk.enable | Whether to enable non-root access to the firmware of UHK keyboards
|
| options/nixos/services.vsftpd.anonymousMkdirEnable | Whether any uploads are permitted to anonymous users.
|
| options/darwin/environment.shellAliases | An attribute set that maps aliases (the top level attribute names in
this option) to command strings or directly to build outputs
|
| packages/nixpkgs/uutils-coreutils-noprefix | Cross-platform Rust rewrite of the GNU coreutils |
| options/nixos/services.biboumi.settings.admin | The bare JID of the gateway administrator
|
| options/nixos/services.tuliprox.apiProxySettings | Users and proxy configuration
Refer to the Tuliprox documentation for available attributes
|
| options/nixos/services.openssh.settings.AllowUsers | If specified, login is allowed only for the listed users
|
| options/nixos/services.prosody.modules.register | Allow users to register on this server using a client and change passwords
|
| packages/nixpkgs/gotrue | SWT based API for managing users and issuing SWT tokens |
| options/nixos/security.pam.services.<name>.usshAuth | If set, users with an SSH certificate containing an authorized principal
in their SSH agent are able to log in
|
| options/nixos/services.kubo.settings.Mounts.FuseAllowOther | Allow all users to access the FUSE mount points
|
| options/nixos/services.openssh.settings.LogLevel | Gives the verbosity level that is used when logging messages from sshd(8)
|
| options/nixos/services.openssh.settings.DenyUsers | If specified, login is denied for all listed users
|
| options/nixos/services.vsftpd.userlistFile | Newline separated list of names to be allowed/denied if userlistEnable
is true
|
| options/nixos/services.cryptpad.settings.adminKeys | List of public signing keys of users that can access the admin panel
|
| options/nixos/services.dependency-track.oidc.userProvisioning | Specifies if mapped OpenID Connect accounts are automatically created upon successful
authentication
|
| options/nixos/environment.shellAliases | An attribute set that maps aliases (the top level attribute names in
this option) to command strings or directly to build outputs
|
| options/nixos/fonts.fontconfig.antialias | Enable font antialiasing
|
| options/nixos/programs.chromium.initialPrefs | Initial preferences are used to configure the browser for the first run
|
| options/nixos/security.pam.services.<name>.howdy.enable | Whether to enable the Howdy PAM module
|
| options/nixos/services.maubot.settings.admins | List of administrator users
|
| options/nixos/services.snapper.configs.<name>.ALLOW_USERS | List of users allowed to operate with the config. "root" is always
implicitly included
|
| options/nixos/services.vsftpd.anonymousUploadEnable | Whether any uploads are permitted to anonymous users.
|
| options/nixos/services.vsftpd.chrootlocalUser | Whether local users are confined to their home directory.
|
| options/nixos/programs.hyprland.withUWSM | Launch Hyprland with the UWSM (Universal Wayland Session Manager) session manager
|
| options/nixos/services.iperf3.authorizedUsersFile | Path to the configuration file containing authorized users credentials to run iperf tests.
|
| options/nixos/services.angrr.settings.owned-only | Only monitors owned symbolic link target of GC roots.
- "auto": behaves like true for normal users, false for root.
- "true": only monitor GC roots owned by the current user.
- "false": monitor all GC roots.
|
| options/nixos/services.userdbd.enableSSHSupport | Whether to enable exposing OpenSSH public keys defined in userdb
|
| packages/nixpkgs/caribou | Input assistive technology intended for switch and pointer users |
| options/nixos/services.pipewire.systemWide | If true, a system-wide PipeWire service and socket is enabled
allowing all users in the "pipewire" group to use it simultaneously
|
| options/nixos/services.openssh.settings.AllowGroups | If specified, login is allowed only for users part of the
listed groups
|
| options/nixos/services.thelounge.public | Make your The Lounge instance public
|
| options/nixos/services.buildbot-master.reporters | List of reporter objects used to present build status to various users.
|
| options/nixos/services.openssh.settings.DenyGroups | If specified, login is denied for all users part of the listed
groups
|
| options/nixos/services.grafana.settings.users.user_invite_max_lifetime_duration | The duration in time a user invitation remains valid before expiring
|
| options/nixos/virtualisation.virtualbox.host.enableHardening | Enable hardened VirtualBox, which ensures that only the binaries in the
system path get access to the devices exposed by the kernel modules
instead of all users in the vboxusers group.
Disabling this can put your system's security at risk, as local users
in the vboxusers group can tamper with the VirtualBox device files.
|
| options/nixos/services.systembus-notify.enable | Whether to enable System bus notification support
WARNING: enabling this option (while convenient) should not be done on a
machine where you do not trust the other users as it allows any other
local user to DoS your session by spamming notifications
.
|
| options/nixos/services.movim.minifyStaticFiles | Do minification on public static files which reduces the size of
assets — saving data for the server & users as well as offering a
performance improvement
|
| options/home-manager/accounts.email.accounts.<name>.getmail.readAll | Enable if you want to fetch all, even the read messages from the
server
|
| packages/nixpkgs/pam_krb5 | PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC |
| options/nixos/services.gitlab.secrets.jwsFile | A file containing the secret used to encrypt session
keys
|
| options/nixos/services.firezone.gui-client.allowedUsers | All listed users will become part of the firezone-client group so
they can control the tunnel service
|
| options/nixos/system.extraDependencies | A list of paths that should be included in the system
closure but generally not visible to users
|
| options/nixos/services.gitlab.secrets.otpFile | A file containing the secret used to encrypt secrets for OTP
tokens
|
| options/home-manager/accounts.email.accounts.<name>.getmail.delete | Enable if you want to delete read messages from the server
|
| packages/nixpkgs/kompose | Tool to help users who are familiar with docker-compose move to Kubernetes |
| options/nixos/services.cryptpad.settings.httpUnsafeOrigin | This is the URL that users will enter to load your instance
|
| options/nixos/fonts.fontconfig.hinting.enable | Enable font hinting
|
| options/nixos/services.tt-rss.registration.maxUsers | Maximum amount of users which will be allowed to register on this
system. 0 - no limit.
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| options/nixos/programs._1password-gui.polkitPolicyOwners | A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
|
| options/nixos/services.mtprotoproxy.secureOnly | Don't allow users to connect in non-secure mode (without random padding).
|
| options/nixos/services.hylafax.userAccessFile | The hosts.hfaxd
file entry in the spooling area
will be symlinked to the location given here
|
| packages/nixpkgs/sourcegit | Free & OpenSource GUI client for GIT users |
| options/nixos/services.sourcehut.settings."todo.sr.ht".notify-from | Outgoing email for notifications generated by users.
|
| options/nixos/security.pam.u2f.enable | Enables U2F PAM (pam-u2f) module
|
| packages/nixpkgs/mozwire | MozillaVPN configuration manager giving Linux, macOS users (among others), access to MozillaVPN |
| options/nixos/services.akkoma.config.":pleroma".":frontends" | Frontend configuration
|
| options/nixos/services.ntfy-sh.environmentFile | Path to a file containing extra ntfy environment variables in the systemd EnvironmentFile
format
|
| options/nixos/services.userborn.static | Whether to generate the password files at build time and store them directly
in the system closure, without requiring any services at boot time
|
| options/nixos/services.prometheus.remoteRead.*.name | Name of the remote read config, which if specified must be unique among remote read configs
|
| options/nixos/services.dependency-track.settings."alpine.oidc.user.provisioning" | Specifies if mapped OpenID Connect accounts are automatically created upon successful
authentication
|
| options/nixos/services.sourcehut.settings."lists.sr.ht".notify-from | Outgoing email for notifications generated by users.
|
| options/nixos/services.sourcehut.settings."builds.sr.ht".allow-free | Whether to enable nonpaying users to submit builds.
|
| options/nixos/environment.systemPackages | The set of packages that appear in
/run/current-system/sw
|
| options/darwin/environment.systemPackages | The set of packages that appear in
/run/current-system/sw
|
| options/nixos/services.pgbackrest.repos.<name>.sftp-private-key-file | SFTP private key file
|
| options/nixos/services.prometheus.remoteWrite.*.name | Name of the remote write config, which if specified must be unique among remote write configs
|
| packages/nixpkgs/deepin.deepin-draw | Lightweight drawing tool for users to freely draw and simply edit images |