| options/nixos/security.loginDefs.settings.SYS_GID_MAX | Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
|
| options/nixos/security.loginDefs.settings.SYS_GID_MIN | Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
|
| options/nixos/services.aria2.enable | Whether or not to enable the headless Aria2 daemon service
|
| options/nixos/services.mailman.ldap.superUserGroup | Group where a user must be a member of to gain superuser rights.
|
| options/nixos/services.dependency-track.oidc.teamSynchronization | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| options/nixos/services.grafana.provision.alerting.rules.settings.groups | List of rule groups to import or update.
|
| options/nixos/services.hologram-server.roleAttr | Which LDAP group attribute to search for authorized role ARNs
|
| options/nixos/security.sudo.defaultOptions | Options used for the default rules, granting root and the
wheel group permission to run any command as any user.
|
| options/nixos/networking.networkmanager.enable | Whether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured
|
| options/nixos/boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user | The user of the file
|
| options/nixos/security.sudo-rs.defaultOptions | Options used for the default rules, granting root and the
wheel group permission to run any command as any user.
|
| options/nixos/services.dokuwiki.sites.<name>.acl.*.actor | User or group to restrict
|
| options/nixos/programs.mouse-actions.enable | Whether to install and set up mouse-actions and it's udev rules
|
| options/nixos/users.extraUsers.<name>.isNormalUser | Indicates whether this is an account for a “real” user
|
| options/nixos/networking.wireless.networks.<name>.priority | By default, all networks will get same priority group (0)
|
| options/nixos/nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| options/darwin/nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| options/nixos/hardware.acpilight.enable | Enable acpilight
|
| options/nixos/services.quickwit.dataDir | Data directory for Quickwit
|
| options/nixos/services.temporal.dataDir | Data directory for Temporal
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.channels.<name>.patterns | Instead of synchronizing just the mailboxes that
match the farPattern, use it as a prefix which is
not matched against the patterns, and is not affected by mailbox list
overrides.
|
| options/nixos/virtualisation.podman.dockerSocket.enable | Make the Podman socket available in place of the Docker socket, so
Docker tools can find the Podman socket
|
| options/nixos/services.dovecot2.createMailUser | Whether to enable automatically creating the user
given in services.dovecot.user and the group
given in services.dovecot.group.
|
| options/nixos/programs.corectrl.enable | Whether to enable CoreCtrl, a tool to overclock amd graphics cards and processors
|
| options/nixos/services.sourcehut.settings."hg.sr.ht".changegroup-script | A changegroup script which is installed in every mercurial repo
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.channels.<name>.farPattern | IMAP4 patterns for which mailboxes on the remote mail server to sync
|
| options/nixos/hardware.sheep_net.enable | Enables sheep_net udev rules, ensures 'sheep_net' group exists, and adds
sheep-net to boot.kernelModules and boot.extraModulePackages
|
| options/nixos/security.run0.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via run0.
|
| options/nixos/services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.channels.<name>.nearPattern | Name for where mail coming from the remote (far) mail server will end up
locally
|
| options/nixos/security.sudo.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| options/nixos/security.doas.wheelNeedsPassword | Whether users of the wheel group must provide a password to
run commands as super user via doas.
|
| options/nixos/programs.feedbackd.enable | Whether to enable the feedbackd D-BUS service and udev rules
|
| options/nixos/security.sudo-rs.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| options/nixos/programs.mosh.withUtempter | Whether to enable libutempter for mosh
|
| options/nixos/programs.tmux.withUtempter | Whether to enable libutempter for tmux
|
| packages/nixpkgs/csa | Group of LADSPA Audio plugins for FM broadcast and more |
| options/nixos/services.mx-puppet-discord.enable | Whether to enable mx-puppet-discord is a discord puppeting bridge for matrix
|
| options/nixos/hardware.kryoflux.enable | Enables kryoflux udev rules, ensures 'floppy' group exists
|
| options/nixos/programs.idescriptor.users | Users to be added to the idevice group.
|
| options/nixos/services.terraria.enable | If enabled, starts a Terraria server
|
| packages/nixpkgs/sca2d | Experimental static code analyser for OpenSCAD |
| options/nixos/services.netbird.clients.<name>.bin.suffix | A system group name for this client instance.
|
| options/nixos/services.netbird.tunnels.<name>.bin.suffix | A system group name for this client instance.
|
| options/nixos/services.hardware.lcd.server.usbPermissions | Set group-write permissions on a USB device
|
| options/nixos/programs.soundmodem.enable | Whether to add Soundmodem to the global environment and configure a
wrapper for 'soundmodemconfig' for users in the 'soundmodem' group.
|
| packages/nixpkgs/sdbus-cpp | High-level C++ D-Bus library designed to provide easy-to-use yet powerful API |
| options/nixos/services.dependency-track.settings."alpine.oidc.team.synchronization" | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| options/nixos/security.pam.services.<name>.requireWheel | Whether to permit root access only to members of group wheel.
|
| options/nixos/services.netbird.tunnels.<name>.name | Primary name for use (as a suffix) in:
- systemd service name,
- hardened user name and group,
- systemd
*Directory= names,
- desktop application identification,
|
| options/nixos/services.netbird.clients.<name>.name | Primary name for use (as a suffix) in:
- systemd service name,
- hardened user name and group,
- systemd
*Directory= names,
- desktop application identification,
|
| options/nixos/services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| options/nixos/programs.benchexec.users | Users that intend to use BenchExec
|
| options/nixos/services.aria2.serviceUMask | The file mode creation mask for Aria2 service
|
| options/nixos/hardware.libjaylink.enable | Whether to enable udev rules for devices supported by libjaylink
|
| options/nixos/security.loginDefs.settings.TTYPERM | The terminal permissions: the login tty will be owned by the TTYGROUP group,
and the permissions will be set to TTYPERM
|
| options/nixos/security.please.wheelNeedsPassword | Whether users of the wheel group must provide a password to run
commands or edit files with please and
pleaseedit respectively.
|
| options/nixos/hardware.keyboard.uhk.enable | Whether to enable non-root access to the firmware of UHK keyboards
|
| options/nixos/services.borgbackup.jobs.<name>.user | The user borg is run as
|
| options/nixos/services.rke2.cisHardening | Enable CIS Hardening for RKE2
|
| packages/nixpkgs/ad-ldap-enum | LDAP based Active Directory user and group enumeration tool |
| packages/nixpkgs/libmsym | Molecular point group symmetry lib |
| options/nixos/services.hologram-server.enableLdapRoles | Whether to assign user roles based on the user's LDAP group memberships
|
| options/nixos/security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| packages/nixpkgs/fractal | Matrix group messaging app |
| options/nixos/services.beszel.agent.smartmon.enable | Include services.beszel.agent.smartmon.package in the Beszel agent path for disk monitoring and add the agent to the disk group.
|
| options/nixos/services.opensearch.dataDir | Data directory for OpenSearch
|
| options/nixos/services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| options/nixos/services.smartdns.settings | A set that will be generated into configuration file, see the SmartDNS README for details of configuration parameters
|
| packages/nixpkgs/sdbus-cpp_2 | High-level C++ D-Bus library designed to provide easy-to-use yet powerful API |
| options/nixos/security.loginDefs.settings.TTYGROUP | The terminal permissions: the login tty will be owned by the TTYGROUP group,
and the permissions will be set to TTYPERM
|
| options/nixos/services.pipewire.systemWide | If true, a system-wide PipeWire service and socket is enabled
allowing all users in the "pipewire" group to use it simultaneously
|
| options/nixos/security.polkit.adminIdentities | Specifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value)
|
| options/nixos/services.displayManager.lemurs.enable | Whether to enable lemurs, a customizable TUI display/login manager.
For Wayland compositors, your user must be in the "seat" group.
|
| options/nixos/virtualisation.virtualbox.host.enableHardening | Enable hardened VirtualBox, which ensures that only the binaries in the
system path get access to the devices exposed by the kernel modules
instead of all users in the vboxusers group.
Disabling this can put your system's security at risk, as local users
in the vboxusers group can tamper with the VirtualBox device files.
|
| options/nixos/services.firezone.gui-client.allowedUsers | All listed users will become part of the firezone-client group so
they can control the tunnel service
|
| options/nixos/services.nebula-lighthouse-service.user | The user and group to run nebula-lighthouse-service as.
|
| options/nixos/services.authelia.instances.<name>.name | Name is used as a suffix for the service name, user, and group
|
| options/home-manager/launchd.agents.<name>.config.AbandonProcessGroup | When a job dies, launchd kills any remaining processes with the same process group ID as the job
|
| options/nixos/services.multipath.devices.*.failback | Tell multipathd how to manage path group failback
|
| options/nixos/services.glusterfs.killMode | The systemd KillMode to use for glusterd.
glusterd spawns other daemons like gsyncd
|
| options/nixos/services.nominatim.database.superUser | Postgresql database superuser used to create Nominatim database and
import data
|
| options/nixos/security.googleOsLogin.enable | Whether to enable Google OS Login
|
| options/nixos/programs.firefox.policies | Group policies to install
|
| options/nixos/services.dnsdist.dnscrypt.providerKey | The filepath to the provider secret key
|
| options/nixos/services.lifecycled.cloudwatchGroup | Write logs to a specific Cloudwatch Logs group.
|
| options/nixos/programs.thunderbird.policies | Group policies to install
|
| options/nixos/services.roundcube.database.username | Username for the postgresql connection
|
| options/nixos/services.aria2.downloadDirPermission | The permission for settings.dir
|
| options/nixos/services.openssh.authorizedKeysCommand | Specifies a program to be used to look up the user's public
keys
|
| packages/nixpkgs/portunus | Self-contained user/group management and authentication service |
| options/darwin/launchd.agents.<name>.serviceConfig.AbandonProcessGroup | When a job dies, launchd kills any remaining processes with the same process group ID as the job
|
| options/nixos/services.pulseaudio.systemWide | If false, a PulseAudio server is launched automatically for
each user that tries to use the sound system
|
| options/nixos/services.kubo.settings.Addresses.API | Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on
|
| options/nixos/services.multipath.devices.*.rr_min_io | Number of I/O requests to route to a path before switching to the next in the
same path group
|
| packages/nixpkgs/tg-archive | Tool for exporting Telegram group chats into static websites like mailing list archives |
| options/nixos/services.varnish.listen.*.address | If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad
("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").
(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@"
followed by the name of an abstract socket ("@myvarnishd") accept connections
on a Unix domain socket
|
| options/nixos/services.prometheus.scrapeConfigs.*.triton_sd_configs.*.groups | A list of groups for which targets are retrieved, only supported when targeting the container role
|
| options/darwin/launchd.daemons.<name>.serviceConfig.AbandonProcessGroup | When a job dies, launchd kills any remaining processes with the same process group ID as the job
|
| packages/nixpkgs/libipfix | C library that implements the IPFIX protocol defined by the IP Flow Information Export working group of the IETF |