| users.groups | Additional groups to be created automatically by the system.
|
| users.groups.<name>.gid | The group GID
|
| users.groups.<name>.name | The name of the group
|
| boot.initrd.systemd.groups | Groups to include in initrd.
|
| users.groups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| security.doas.extraRules.*.groups | The groups / GIDs this rule should apply for.
|
| security.sudo.extraRules.*.groups | The groups / GIDs this rule should apply for.
|
| security.sudo-rs.extraRules.*.groups | The groups / GIDs this rule should apply for.
|
| services.oauth2-proxy.google.groups | Restrict logins to members of these Google groups.
|
| boot.initrd.systemd.groups.<name>.gid | ID of the group in initrd.
|
| security.duosec.groups | If specified, Duo authentication is required only for users
whose primary group or supplementary group list matches one
of the space-separated pattern lists
|
| services.kanidm.provision.groups | Provisioning of kanidm groups
|
| services.galene.groupsDir | Web server directory.
|
| services.prosody.modules.groups | Shared roster support
|
| services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.bitwarden-directory-connector-cli.sync.groups | Whether to sync ldap groups into BitWarden.
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.grafana.provision.alerting.rules.settings.groups | List of rule groups to import or update.
|
| services.suricata.settings.vars.port-groups | The port group variables for suricata.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.name | The name of this group
|
| services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| services.grafana.provision.alerting.rules.settings.groups.*.name | Name of the rule group
|
| services.taskserver.organisations.<name>.groups | A list of group names that belong to the organization.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.members | The members of this group
|
| services.suricata.settings.vars.address-groups.HOME_NET | HOME_NET variable.
|
| services.suricata.settings.vars.address-groups | The address group variables for suricata, if not defined the
default value of suricata (see example) will be used
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups | Authorization group memberships to require
|
| services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| services.suricata.settings.vars.address-groups.DNP3_SERVER | DNP3_SERVER variable.
|
| services.suricata.settings.vars.address-groups.DNP3_CLIENT | DNP3_CLIENT variable.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers | Ensure that only the given members are part of this group at every server start.
|
| services.suricata.settings.vars.address-groups.ENIP_CLIENT | ENIP_CLIENT variable.
|
| services.suricata.settings.vars.address-groups.ENIP_SERVER | ENIP_SERVER variable.
|
| services.grafana.provision.alerting.rules.settings.groups.*.interval | Interval that the rule group should be evaluated at
|
| services.suricata.settings.vars.address-groups.DC_SERVERS | DC_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.AIM_SERVERS | AIM_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.DNS_SERVERS | DNS_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.SQL_SERVERS | SQL_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.SMTP_SERVERS | SMTP_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.HTTP_SERVERS | HTTP_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.MODBUS_CLIENT | MODBUS_CLIENT variable
|
| services.suricata.settings.vars.address-groups.MODBUS_SERVER | MODBUS_SERVER variable.
|
| services.suricata.settings.vars.address-groups.EXTERNAL_NET | EXTERNAL_NET variable.
|
| services.suricata.settings.vars.address-groups.TELNET_SERVERS | TELNET_SERVERS variable.
|
| services.ananicy.extraCgroups | Cgroups to write in 'nixCgroups.cgroups'
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.groups | A list of groups for which targets are retrieved, only supported when targeting the container role
|
| users.users.<name>.extraGroups | The user's auxiliary groups.
|
| services.oauth2-proxy.nginx.virtualHosts.<name>.allowed_groups | List of groups to allow access to this vhost, or null to allow all.
|
| users.extraUsers.<name>.extraGroups | The user's auxiliary groups.
|
| services.mympd.extraGroups | Additional groups for the systemd service.
|
| services.diod.userdb | This option disables password/group lookups
|
| services.postgresql.systemCallFilter.<name>.priority | Set the priority of the system call filter setting
|
| services.pghero.extraGroups | Additional groups for the systemd service.
|
| services.fastnetmon-advanced.hostgroups | Hostgroups to declaratively load into FastNetMon Advanced
|
| services.tomcat.extraGroups | Defines extra groups to which the tomcat user belongs.
|
| services.gocd-agent.extraGroups | List of extra groups that the "gocd-agent" user should be a part of.
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services.polaris.extraGroups | Polaris' auxiliary groups.
|
| services.saned.enable | Enable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
|
| services.code-server.extraGroups | An array of additional groups for the code-server user.
|
| services.jenkins.extraGroups | List of extra groups that the "jenkins" user should be a part of.
|
| services.gocd-server.extraGroups | List of extra groups that the "gocd-server" user should be a part of.
|
| services.nagios.objectDefs | A list of Nagios object configuration files that must define
the hosts, host groups, services and contacts for the
network that you want Nagios to monitor.
|
| users.enforceIdUniqueness | Whether to require that no two users/groups share the same uid/gid.
|
| security.loginDefs.settings.GID_MAX | Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
|
| security.loginDefs.settings.GID_MIN | Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
|
| services.multipath.pathGroups | This option allows you to define multipath groups as described
in http://christophe.varoqui.free.fr/usage.html.
|
| nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| services.logcheck.extraGroups | Extra groups for the logcheck user, for example to be able to use sendmail,
or to access certain log files.
|
| services.multipath.devices | This option allows you to define arrays for use in multipath
groups.
|
| security.loginDefs.settings.SYS_GID_MAX | Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
|
| security.loginDefs.settings.SYS_GID_MIN | Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
|
| nix.settings.allowed-users | A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon
|
| services.portunus.seedSettings | Seed settings for users and groups
|
| services.hologram-server.groupClassAttr | The objectclass attribute to search for groups when enableLdapRoles is true
|
| services.buildbot-master.extraGroups | List of extra groups that the buildbot user should be a part of.
|
| services.nsd.zones.<name>.zoneStats | When set to something distinct to null NSD is able to collect
statistics per zone
|
| services.buildbot-worker.extraGroups | List of extra groups that the Buildbot Worker user should be a part of.
|
| services.centrifugo.extraGroups | Additional groups for the systemd service.
|
| security.pam.loginLimits | Define resource limits that should apply to users or groups
|
| services.collabora-online.aliasGroups | Alias groups to use.
|
| services.kanidm.provision.enable | Whether to enable provisioning of groups, users and oauth2 resource servers.
|
| services.synapse-auto-compressor.settings.chunk_size | The number of state groups to work on at once
|
| services.buildkite-agents.<name>.extraGroups | Groups the user for this buildkite agent should belong to
|
| services.snapper.configs.<name>.ALLOW_GROUPS | List of groups allowed to operate with the config
|
| services.pufferpanel.extraGroups | Additional groups for the systemd service.
|
| services.kanidm.unixSettings.pam_allowed_login_groups | Kanidm groups that are allowed to login using PAM.
|
| users.mutableUsers | If set to true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands
|
| services.openssh.settings.AllowGroups | If specified, login is allowed only for users part of the
listed groups
|
| services.openssh.settings.DenyGroups | If specified, login is denied for all users part of the listed
groups
|
| services.openvscode-server.extraGroups | An array of additional groups for the openvscode-server user.
|
| services.kanidm.unix.settings.kanidm.pam_allowed_login_groups | Kanidm groups that are allowed to login using PAM.
|
| services.kanidm.provision.extraJsonFile | A JSON file for provisioning persons, groups & systems
|
| services.woodpecker-agents.agents.<name>.extraGroups | Additional groups for the systemd service.
|
| services.scrutiny.collector.settings.host.id | Host ID for identifying/labelling groups of disks
|
| services.anuko-time-tracker.settings.multiorgMode | Defines whether users see the Register option in the menu of Time Tracker that allows them
to self-register and create new organizations (top groups).
|
| services.kmonad.keyboards.<name>.extraGroups | Extra permission groups to attach to the KMonad instance for
this keyboard
|
| services.crab-hole.supplementaryGroups | Adds additional groups to the crab-hole service
|
| services.kanidm.provision.systems.oauth2.<name>.scopeMaps | Maps kanidm groups to returned oauth scopes
|
| services.vdirsyncer.jobs.<name>.additionalGroups | additional groups to add the dynamic user to
|
| services.anuko-time-tracker.settings.defaultCurrency | Defines a default currency symbol for new groups
|
| services.thanos.compact.compact.concurrency | Number of goroutines to use when compacting groups
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps | Adds additional claims (and values) based on which kanidm groups an authenticating party belongs to
|
| services.bitwarden-directory-connector-cli.sync.groupFilter | LDAP filter for groups.
|
| services.taskserver.organisations | An attribute set where the keys name the organisation and the values
are a set of lists of users and
groups.
|
| services.bitwarden-directory-connector-cli.sync.largeImport | Enable if you are syncing more than 2000 users/groups.
|
| services.kanidm.provision.systems.oauth2.<name>.claimMaps.<name>.valuesByGroup | Maps kanidm groups to values for the claim.
|
| services.bitwarden-directory-connector-cli.sync.groupObjectClass | A class that groups will have.
|
| services.traefik.supplementaryGroups | Additional groups under which Traefik runs
|
| services.firezone.server.provision.accounts.<name>.relayGroups | All relay groups to provision
|
| networking.wireless.networks.<name>.priority | By default, all networks will get same priority group (0)
|
| services.firezone.server.provision.accounts.<name>.gatewayGroups | All gateway groups (sites) to provision
|
| services.bitwarden-directory-connector-cli.sync.removeDisabled | Remove users from bitwarden groups if no longer in the ldap group.
|
| services.prometheus.scrapeConfigs.*.static_configs | List of labeled target groups for this job.
|
| services.bitwarden-directory-connector-cli.sync.overwriteExisting | Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups | A list of gateway groups (sites) which can reach the resource and may be used to connect to it.
|
| services.kanidm.provision.systems.oauth2.<name>.supplementaryScopeMaps | Maps kanidm groups to additionally returned oauth scopes
|
| services.prometheus.scrapeConfigs.*.file_sd_configs.*.files | Patterns for files from which target groups are extracted
|
| services.dependency-track.oidc.teamSynchronization | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.separator | The string by which Uyuni group names are joined into the groups label
Defaults to , in prometheus
when set to null.
|
| services.dependency-track.settings."alpine.oidc.team.synchronization" | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| services.icingaweb2.groupBackends | groups.ini contents
|
| systemd.sysusers.enable | If enabled, users are created with systemd-sysusers instead of with
the custom update-users-groups.pl script
|