| options/nixos/services.bitwarden-directory-connector-cli.sync.groupFilter | LDAP filter for groups.
|
| options/nixos/services.infinoted.certificateFile | Server certificate to use for TLS
|
| options/nixos/users.extraGroups.<name>.gid | The group GID
|
| options/home-manager/accounts.email.accounts.<name>.mbsync.groups.<name>.channels | List of channels that should be grouped together into this group
|
| options/nixos/security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| options/nixos/services.grafana.settings.database.client_cert_path | The path to the client cert
|
| options/nixos/services.movim.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| options/nixos/programs.wireshark.enable | Whether to add Wireshark to the global environment and create a 'wireshark'
group
|
| options/nixos/services.sabnzbd.settings.misc.https_cert | Path to the TLS certificate for the web UI
|
| options/nixos/security.googleOsLogin.enable | Whether to enable Google OS Login
|
| options/nixos/services.rkvm.client.settings.certificate | TLS ceritficate path.
This should be generated with rkvm-certificate-gen.
|
| options/nixos/services.rkvm.server.settings.certificate | TLS certificate path.
This should be generated with rkvm-certificate-gen.
|
| options/nixos/security.loginDefs.settings.TTYGROUP | The terminal permissions: the login tty will be owned by the TTYGROUP group,
and the permissions will be set to TTYPERM
|
| options/nixos/services.bitwarden-directory-connector-cli.sync.groupObjectClass | A class that groups will have.
|
| options/nixos/services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| options/darwin/services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| options/nixos/services.infinoted.certificateChain | Chain of CA-certificates to which our certificateFile is relative
|
| options/nixos/users.extraGroups.<name>.name | The name of the group
|
| options/nixos/services.umurmur.settings.certificate | Path to your SSL certificate
|
| options/nixos/users.mutableUsers | If set to true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands
|
| options/nixos/services.warpgate.settings.http.sni_certificates.*.certificate | Path to certificate.
|
| options/nixos/programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| options/nixos/services.firezone.server.provision.accounts.<name>.groups.<name>.name | The name of this group
|
| options/nixos/programs.wireshark.dumpcap.enable | Whether to allow users in the 'wireshark' group to capture network traffic
|
| options/darwin/users.groups.<name>.description | The group's description.
|
| options/nixos/services.h2o.hosts.<name>.tls.identity.*.certificate-file | Path to certificate file
|
| options/nixos/services.kanidm.provision.groups | Provisioning of kanidm groups
|
| options/nixos/security.polkit.adminIdentities | Specifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value)
|
| options/nixos/services.grafana.provision.alerting.rules.settings.groups.*.name | Name of the rule group
|
| options/nixos/services.mqtt2influxdb.mqtt.certfile | Certificate file for MQTT
|
| options/nixos/services.warpgate.settings.http.certificate | Path to HTTPS listener certificate.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups | Authorization group memberships to require
|
| options/nixos/services.warpgate.settings.mysql.certificate | Path to MySQL listener certificate.
|
| options/nixos/security.agnos.settings.accounts.*.certificates.*.key_output_file | Output path for the certificate private key
|
| options/nixos/services.dolibarr.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| options/home-manager/programs.irssi.networks.<name>.server.ssl.certificateFile | Path to a file containing the certificate used for
client authentication to the server.
|
| options/nixos/services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| options/nixos/services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| options/nixos/users.users.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| options/nixos/services.prometheus.exporters.dovecot.socketPath | Path under which the stats socket is placed
|
| options/nixos/services.firezone.server.provision.accounts.<name>.groups.<name>.members | The members of this group
|
| options/nixos/users.users.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| options/nixos/users.users.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| options/nixos/services.taskserver.organisations.<name>.groups | A list of group names that belong to the organization.
|
| options/nixos/services.grafana.provision.alerting.rules.settings.groups.*.interval | Interval that the rule group should be evaluated at
|
| options/nixos/systemd.enableCgroupAccounting | Whether to enable cgroup accounting; see cgroups(7).
|
| options/nixos/services.trafficserver.sslMulticert | Configure SSL server certificates to terminate the SSL sessions
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.keystore | Path to keystore (combined PEM with cert/key, or PKCS12 keystore)
|
| options/nixos/virtualisation.podman.networkSocket.tls.cacert | Path to CA certificate to use for client authentication.
|
| options/nixos/services.diod.userdb | This option disables password/group lookups
|
| options/nixos/services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| options/nixos/programs.light.enable | Whether to install Light backlight control command
and udev rules granting access to members of the "video" group.
|
| options/home-manager/accounts.email.accounts.<name>.imap.tls.certificatesFile | Path to file containing certificate authorities that should
be used to validate the connection authenticity
|
| options/home-manager/accounts.email.accounts.<name>.smtp.tls.certificatesFile | Path to file containing certificate authorities that should
be used to validate the connection authenticity
|
| options/nixos/services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| options/nixos/services.warpgate.settings.postgres.certificate | Path to PostgreSQL listener certificate.
|
| options/nixos/services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers | Ensure that only the given members are part of this group at every server start.
|
| options/nixos/services.jack.jackd.enable | Whether to enable JACK Audio Connection Kit
|
| options/nixos/services.unbound.localControlSocketPath | When not set to null this option defines the path
at which the unbound remote control socket should be created at
|
| options/nixos/hardware.i2c.enable | Whether to enable i2c devices support
|
| options/nixos/users.users.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| options/nixos/services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| options/nixos/hardware.brillo.enable | Whether to enable brillo in userspace
|
| options/nixos/services.kubernetes.pki.genCfsslAPICerts | Whether to automatically generate cfssl API webserver TLS cert and key,
if they don't exist.
|
| options/nixos/services.kubernetes.pki.cfsslAPIExtraSANs | Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
|
| options/nixos/security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| options/nixos/users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| options/nixos/hardware.bladeRF.enable | Enables udev rules for BladeRF devices
|
| options/nixos/services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/users.extraUsers.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| options/nixos/services.headscale.settings.tls_cert_path | Path to already created certificate.
|
| options/nixos/services.kmonad.keyboards.<name>.extraGroups | Extra permission groups to attach to the KMonad instance for
this keyboard
|
| options/nixos/users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| options/nixos/services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| options/nixos/services.userdbd.enable | Whether to enable the systemd JSON user/group record lookup service
.
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cacert | Path to CA bundle file (PEM/X509)
|
| options/nixos/services.saned.enable | Enable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
|
| options/nixos/programs.tcpdump.enable | Whether to configure a setcap wrapper for tcpdump
|
| options/nixos/services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| options/nixos/services.cloudflared.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| options/nixos/services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.ghostunnel.servers.<name>.allowAll | If true, allow all clients, do not check client cert subject.
|
| options/nixos/services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| options/nixos/hardware.glasgow.enable | Enables Glasgow udev rules and ensures 'plugdev' group exists
|
| options/nixos/services.suricata.settings.vars.address-groups.HOME_NET | HOME_NET variable.
|
| options/nixos/users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| options/nixos/programs.minipro.enable | Whether to enable minipro and its udev rules
|
| options/nixos/services.unbound.checkconf | Whether to check the resulting config file with unbound checkconf for syntax errors
|
| options/nixos/services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.dovecot2.mailGroup | Default group to store mail for virtual users.
|
| options/nixos/programs.sedutil.enable | Whether to enable sedutil, to manage self encrypting drives that conform to the Trusted Computing Group OPAL 2.0 SSC specification.
|
| options/nixos/services.nginx.upstreams | Defines a group of servers to use as proxy target.
|
| options/nixos/services.pdfding.enable | Whether to enable PdfDing service
|