| security.pam.ussh.group | If set, then the authenticating user must be a member of this group
to use this module.
|
| services.prosody.muc | Multi User Chat (MUC) configuration
|
| services.newt.enable | Whether to enable Newt, user space tunnel client for Pangolin.
|
| services.nextcloud.config.adminuser | Username for the admin account
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.postgresql.ensureUsers.*.ensureClauses.superuser | Grants the user, created by the ensureUser attr, superuser permissions
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group | The group of the file
|
| services.logind.settings.Login.KillUserProcesses | Specifies whether the processes of a user should be killed
when the user logs out
|
| programs.nano.enable | Whether to enable nano, a small user-friendly console text editor.
|
| services.logind.killUserProcesses | Specifies whether the processes of a user should be killed
when the user logs out
|
| systemd.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.saunafs.sfsUser | Run daemons as user.
|
| services.grafana.settings.users.auto_assign_org | Set to true to automatically add new users to the main organization (id 1)
|
| services.kapacitor.defaultDatabase.username | The username to connect to the remote InfluxDB server
|
| security.pam.services.<name>.startSession | If set, the service will register a new session with
systemd's login manager
|
| services.grafana.settings.users.home_page | Path to a custom home page
|
| services.seafile.dataDir | Path in which to store user data
|
| services.homed.enable | Whether to enable systemd home area/user account manager.
|
| services.mailman.webUser | User to run mailman-web as
|
| services.rshim.enable | Whether to enable user-space rshim driver for the BlueField SoC.
|
| system.nixos.variantName | A string identifying a specific variant or edition of the operating system suitable for presentation to the user
|
| systemd.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| boot.crashDump.enable | If enabled, NixOS will set up a kernel that will
boot on crash, and leave the user in systemd rescue
to be able to save the crashed kernel dump at
/proc/vmcore
|
| services.monado.enable | Whether to enable Monado user service.
|
| services.botamusique.settings.bot.username | Name the bot should appear with.
|
| users.extraUsers.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| services.grafana.settings.users.login_hint | Text used as placeholder text on login page for login/username input.
|
| services.mqtt2influxdb.mqtt.username | Username used to connect to the MQTT server.
|
| services.postfix.recipientDelimiter | Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
|
| services.rshim.package | The rshim-user-space package to use.
|
| services.saunafs.chunkserver.hdds | Mount points to be used by chunkserver for storage (see sfshdd.cfg(5))
|
| services.lldap.settings.ldap_user_email | Admin email.
|
| services.davfs2.davUser | When invoked by root the mount.davfs daemon will run as this user
|
| security.pam.ussh.caFile | By default pam-ussh reads the trusted user CA keys
from /etc/ssh/trusted_user_ca
|
| services.librenms.database.passwordFile | A file containing the password for the user of the MySQL/MariaDB server
|
| services.umami.settings.APP_SECRET_FILE | A file containing a secure random string
|
| programs.rush.shell | The resolved shell path that users can inherit to set rush as their login shell
|
| services.lldap.settings.ldap_user_pass | Password for default admin password
|
| systemd.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| security.doas.extraRules.*.noPass | If true, the user is not required to enter a
password.
|
| security.pam.mount.enable | Enable PAM mount system to mount filesystems on user login.
|
| services.dwm-status.enable | Whether to enable dwm-status user service.
|
| services.rabbitmq.listenAddress | IP address on which RabbitMQ will listen for AMQP
connections
|
| services.glitchtip.settings.ENABLE_USER_REGISTRATION | When true, any user will be able to register
|
| services.mpdscribble.endpoints.<name>.username | Username for the scrobble service.
|
| networking.interfaces.<name>.virtualOwner | In case of a virtual device, the user who owns it.
null will not set owner, allowing access to any user.
|
| services.moosefs.runAsUser | Run daemons as moosefs user instead of root for better security.
|
| services.rsync.jobs.<name>.group | The name of an existing user group under which the rsync process should run.
|
| services.nvme-rs.settings.email.smtp_username | SMTP username
|
| services.influxdb2.provision.initialSetup.username | Primary username
|
| services.prometheus.exporters.dmarc.imap.username | Login username for the IMAP connection.
|
| services.openssh.authorizedKeysCommandUser | Specifies the user under whose account the AuthorizedKeysCommand
is run
|
| services.gitea.useWizard | Do not generate a configuration and use gitea' installation wizard instead
|
| security.pam.makeHomeDir.umask | The user file mode creation mask to use on home directories
newly created by pam_mkhomedir.
|
| services.lxd-image-server.group | Group assigned to the user and the webroot directory.
|
| services.unpoller.unifi.controllers.*.pass | Path of a file containing the password for the unifi service user
|
| services.emacs.enable | Whether to enable a user service for the Emacs daemon
|
| services.guix.stateDir | The state directory where Guix service will store its data such as its
user-specific profiles, cache, and state files.
Changing it to something other than the default will rebuild the
package.
|
| services.openssh.banner | Message to display to the remote user before authentication is allowed.
|
| services.zammad.enable | Whether to enable Zammad, a web-based, open source user support/ticketing solution.
|
| services.xtreemfs.homeDir | XtreemFS home dir for the xtreemfs user.
|
| services.grafana.settings.security.admin_user | Default admin username.
|
| services.bitwarden-directory-connector-cli.sync.users | Sync users.
|
| services.outline.oidcAuthentication.userinfoUrl | OIDC userinfo URL endpoint.
|
| hardware.i2c.enable | Whether to enable i2c devices support
|
| services.btrbk.sshAccess.*.key | SSH public key allowed to login as user btrbk to run remote backups.
|
| services.actual.group | Group account under which Actual runs
|
| services.gitolite.group | Primary group of the Gitolite user account.
|
| services.movim.runtimeDir | Runtime directory of the movim user which holds the application’s caches & temporary files.
|
| services.mysql.ensureUsers.*.name | Name of the user to ensure.
|
| security.please.enable | Whether to enable please, a Sudo clone which allows a users to execute a command or edit a
file as another user
.
|
| services.dovecot2.mailUser | Default user to store mail for virtual users.
|
| services.mqtt2influxdb.influxdb.username | Username for InfluxDB login.
|
| programs.gnupg.agent.enable | Enables GnuPG agent with socket-activation for every user session.
|
| services.klipper.group | Group account under which Klipper runs
|
| services.tomcat.extraGroups | Defines extra groups to which the tomcat user belongs.
|
| services.zitadel.enable | Whether to enable ZITADEL, a user and identity access management platform.
|
| services.prometheus.remoteRead.*.basic_auth.username | HTTP username
|
| services.lldap.settings.ldap_user_pass_file | Path to a file containing the default admin password
|
| systemd.automounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.gocd-agent.extraGroups | List of extra groups that the "gocd-agent" user should be a part of.
|
| programs.tmux.secureSocket | Store tmux socket under /run, which is more secure than /tmp, but as a
downside it doesn't survive user logout.
|
| services.mysql.group | Group account under which MySQL runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the MySQL service starts.
|
| services.pixelfed.dataDir | State directory of the pixelfed user which holds
the application's state and data.
|
| services.vault.extraSettingsPaths | Configuration files to load besides the immutable one defined by the NixOS module
|
| services.prometheus.remoteWrite.*.basic_auth.username | HTTP username
|
| services.printing.cups-pdf.instances.<name>.settings.Out | output directory;
${HOME} will be expanded to the user's home directory,
${USER} will be expanded to the user name.
|
| nix.buildMachines.*.sshUser | The username to log in as on the remote host
|
| services.dependency-track.settings."alpine.oidc.username.claim" | Defines the name of the claim that contains the username in the provider's userinfo endpoint
|
| services.syncoid.commands.<name>.localTargetAllow | Permissions granted for the services.syncoid.user user
for local target datasets
|
| programs.tcpdump.enable | Whether to configure a setcap wrapper for tcpdump
|
| services.bitlbee.configDir | Specify an alternative directory to store all the per-user configuration
files.
|
| security.rtkit.enable | Whether to enable the RealtimeKit system service, which hands
out realtime scheduling priority to user processes on
demand
|
| services.homed.promptOnFirstBoot | Whether to enable interactively prompting for user creation on first boot
.
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| services.omnom.passwordFile | File containing the password for the SMTP user.
|
| services.zeyple.group | Group to use to run Zeyple.
If left as the default value this group will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists.
|
| services.code-server.extraGroups | An array of additional groups for the code-server user.
|