| services.honk.username | The admin account username.
|
| services.prometheus.exporters.unpoller.controllers.*.user | Unifi service user name.
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.emacs.install | Whether to install a user service for the Emacs daemon
|
| services.pgbouncer.settings.pgbouncer.max_user_connections | Do not allow more than this many server connections per user (regardless of database)
|
| users.ldap.daemon.extraConfig | Extra configuration options that will be added verbatim at
the end of the nslcd configuration file (nslcd.conf(5)).
|
| services.ttyd.username | Username for basic http authentication.
|
| users.manageLingering | Whether to manage whether users linger or not.
|
| services.vsftpd.userlist | See userlistFile.
|
| users.mysql.nss.memsbygid | SQL query for the memsbygid
syscall.
|
| users.mysql.nss.gidsbymem | SQL query for the gidsbymem
syscall.
|
| users.mysql.pam.logging.enable | Enables logging of authentication attempts in the MySQL database.
|
| services.hound.home | The path to use as hound's $HOME
|
| services.prometheus.exporters.mailman3.mailman.user | Mailman3 Core REST API username.
|
| users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| services.postsrsd.settings.unprivileged-user | Unprivileged user to drop privileges to.
Our systemd unit never runs postsrsd as a privileged process, so this option is read-only.
|
| security.sudo.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| users.extraUsers.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| security.sudo-rs.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| services.vsftpd.userlistFile | Newline separated list of names to be allowed/denied if userlistEnable
is true
|
| security.allowUserNamespaces | Whether to allow creation of user namespaces
|
| users.ldap.bind.policy | Specifies the policy to use for reconnecting to an unavailable
LDAP server
|
| services.iio-niri.niriUnit | The Niri user service unit to bind IIO-Niri's user service unit to.
|
| services.userborn.enable | Whether to enable userborn.
|
| services.pgbouncer.settings.users | Optional
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| security.doas.extraRules.*.users | The usernames / UIDs this rule should apply for.
|
| security.sudo.extraRules.*.users | The usernames / UIDs this rule should apply for.
|
| boot.loader.grub.users.<name>.hashedPasswordFile | Specifies the path to a file containing the password hash
for the account, generated with grub-mkpasswd-pbkdf2
|
| services.stargazer.allowCgiUser | When enabled, the stargazer process will be given CAP_SETGID
and CAP_SETUID so that it can run cgi processes as a different
user
|
| i18n.inputMethod.fcitx5.ignoreUserConfig | Ignore the user configures. Warning: When this is enabled, the
user config files are totally ignored and the user dict can't be saved
and loaded.
|
| services.bcg.mqtt.username | MQTT server access username.
|
| users.mysql.pam.logging.msgColumn | The name of the column in the log table to which the description
of the performed operation is stored.
|
| users.users.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| security.sudo-rs.extraRules.*.users | The usernames / UIDs this rule should apply for.
|
| services.gocd-agent.group | If the default user "gocd-agent" is configured then this is the primary
group of that user.
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| security.duosec.prompts | If a user fails to authenticate with a second factor, Duo
Unix will prompt the user to authenticate again
|
| services.stash.username | Username for login.
|
| users.mysql.pam.logging.pidColumn | The name of the column in the log table to which the pid of the
process utilising the pam_mysql authentication
service is stored.
|
| services.librenms.database.username | Name of the user on the MySQL/MariaDB server
|
| users.mysql.pam.logging.timeColumn | The name of the column in the log table to which the timestamp of the
log entry is stored.
|
| networking.wireless.userControlled.group | Members of this group can control wpa_supplicant.
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| boot.initrd.systemd.users.<name>.shell | The path to the user's shell in initrd.
|
| services.bitlbee.authMode | The following authentication modes are available:
Open -- Accept connections from anyone, use NickServ for user authentication
|
| services.userborn.package | The userborn package to use.
|
| services.cntlm.username | Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
|
| services.discourse.database.username | Discourse database user.
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| services.vsftpd.userlistEnable | Whether users are included.
|
| services.parsedmarc.settings.elasticsearch.user | Username to use when connecting to Elasticsearch, if
required.
|
| services.gocd-server.group | If the default user "gocd-server" is configured then this is the primary group of that user.
|
| services.jenkins.home | The path to use as JENKINS_HOME
|
| services.jenkins.group | If the default user "jenkins" is configured then this is the primary
group of that user.
|
| services.nntp-proxy.users.<name>.maxConnections | Maximum number of concurrent connections to the proxy for this user
|
| nix.sshServe.write | Whether to enable writing to the Nix store as a remote store via SSH
|
| services.yandex-disk.username | Your yandex.com login name.
|
| services.cloudlog.update-lotw-users.interval | Specification (in the format described by systemd.time(7)) of the
time at which the LoTW user update will occur.
|
| systemd.sysusers.enable | If enabled, users are created with systemd-sysusers instead of with
the custom update-users-groups.pl script
|
| services.dependency-track.settings."alpine.oidc.user.provisioning" | Specifies if mapped OpenID Connect accounts are automatically created upon successful
authentication
|
| services.etebase-server.enable | Whether to enable the Etebase server
|
| boot.initrd.network.ssh.shell | Login shell of the remote user
|
| networking.wireless.userControlled | Allow users of the wpa_supplicant group to control wpa_supplicant
through wpa_gui or wpa_cli
|
| services.roundcube.database.username | Username for the postgresql connection
|
| services.keycloak.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.gitlab.smtp.username | Username of the SMTP server for GitLab.
|
| users.mysql.pam.logging.rHostColumn | The name of the column in the log table to which the name of the remote
host that initiates the session is stored
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.nullidentdmod.userid | User ID to return
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| networking.supplicant.<name>.userControlled.group | Members of this group can control wpa_supplicant.
|
| services.grafana.settings.users.allow_sign_up | Set to false to prohibit users from being able to sign up / create user accounts
|
| hardware.openrazer.users | Usernames to be added to the "openrazer" group, so that they
can start and interact with the OpenRazer userspace daemon.
|
| virtualisation.lxc.usernetConfig | This is the config file for managing unprivileged user network
administration access in LXC
|
| services.outline.smtp.username | Username to authenticate with.
|
| networking.wireless.userControlled.enable | Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli
|
| users.enforceIdUniqueness | Whether to require that no two users/groups share the same uid/gid.
|
| services.bitwarden-directory-connector-cli.sync.userFilter | LDAP filter for users.
|
| nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| services.jenkinsSlave.home | The path to use as JENKINS_HOME
|
| services.samba.usershares.group | Name of the group members of which will be allowed to create usershares
|
| services.grafana.settings.users.hidden_users | This is a comma-separated list of usernames
|
| nix.settings.allowed-users | A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| services.xserver.displayManager.lightdm.greeters.slick.draw-user-backgrounds | Whether to enable draw user backgrounds.
|
| services.ncps.cache.redis.username | Redis username for authentication (for Redis ACL).
|
| services.saned.enable | Enable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
|
| networking.supplicant.<name>.userControlled.socketDir | Directory of sockets for controlling wpa_supplicant.
|
| services.paretosecurity.users | Per-user Pareto Security configuration.
|
| services.nextcloud.notify_push.dbuser | Database user.
|
| services.jenkinsSlave.group | If the default slave agent user "jenkins" is configured then this is
the primary group of that user.
|
| services.influxdb2.provision.users.<name>.present | Whether to ensure that this user is present or absent.
|
| services.inadyn.group | Group account under which inadyn runs.
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the inadyn service starts.
|
| services.bitwarden-directory-connector-cli.sync.userObjectClass | Class that users must have.
|
| programs.dconf.profiles | Attrset of dconf profiles
|
| programs.gphoto2.enable | Whether to configure system to use gphoto2
|
| services._3proxy.usersFile | Load users and passwords from this file
|
| services.factorio.username | Your factorio.com login credentials
|
| networking.supplicant.<name>.userControlled.enable | Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli
|