| services.speechd.config | System wide configuration file for Speech Dispatcher
|
| services.nsd.keys.<name>.keyFile | Path to the file which contains the actual base64 encoded
key
|
| services.coturn.use-auth-secret | TURN REST API flag
|
| services.pgbouncer.settings.pgbouncer.max_client_conn | Maximum number of client connections allowed
|
| services.paretosecurity.users.<name>.inviteId | A unique ID that links the agent to Pareto Cloud
|
| services.prosody.uploadHttp | Configures the old Prosody builtin HTTP server to handle user uploads.
|
| services.gocd-server.extraGroups | List of extra groups that the "gocd-server" user should be a part of.
|
| services.bitmagnet.group | Group of user running bitmagnet
|
| services.jenkins.extraGroups | List of extra groups that the "jenkins" user should be a part of.
|
| hardware.alsa.enable | Whether to set up the user space part of the Advanced Linux Sound Architecture (ALSA)
Enable this option only if you want to use ALSA as your main sound system,
not if you're using a sound server (e.g
|
| security.acme.useRoot | Whether to use the root user when generating certs
|
| services.mainsail.enable | Whether to enable a modern and responsive user interface for Klipper.
|
| services.rethinkdb.group | Group which rethinkdb user belongs to.
|
| services.prometheus.scrapeConfigs.*.basic_auth.username | HTTP username
|
| services.incron.allow | Users allowed to use incrontab
|
| services.dovecot2.imapsieve.mailbox.*.after | When an IMAP event of interest occurs, this sieve script is executed after any user script respectively
|
| services.znapzend.zetup.<name>.destinations.<name>.host | Host to use for the destination dataset
|
| services.dependency-track.settings."alpine.database.username" | Specifies the username to use when authenticating to the database.
|
| services.slurm.procTrackType | Plugin to be used for process tracking on a job step basis
|
| services.prometheus.exporters.nextcloud.username | Username for connecting to Nextcloud
|
| services.grafana.settings.users.default_theme | Sets the default UI theme. system matches the user's system theme.
|
| services.anuko-time-tracker.settings.defaultLanguage | Defines Anuko Time Tracker default language
|
| services.diod.allsquash | Remap all users to "nobody"
|
| services.tt-rss.auth.autoLogin | Automatically login user on remote or other kind of externally supplied
authentication, otherwise redirect to login form as normal
|
| services.tt-rss.singleUserMode | Operate in single user mode, disables all functionality related to
multiple users and authentication
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| services.asusd.enableUserService | Activate the asusd-user service.
|
| services.davis.nginx.kTLS | Whether to enable kTLS support
|
| services.prosody.httpFileShare | Configures the http_file_share module to handle user uploads
|
| services.slskd.nginx.kTLS | Whether to enable kTLS support
|
| services.movim.nginx.kTLS | Whether to enable kTLS support
|
| services.pdfding.enable | Whether to enable PdfDing service
|
| services.dovecot2.imapsieve.mailbox.*.before | When an IMAP event of interest occurs, this sieve script is executed before any user script respectively
|
| services.grav.systemSettings | Settings written to user/config/system.yaml.
|
| services.disnix.enableMultiUser | Whether to support multi-user mode by enabling the Disnix D-Bus service
|
| security.doas.extraRules.*.persist | If true, do not ask for a password again for some
time after the user successfully authenticates.
|
| services.couchdb.configFile | Configuration file for persisting runtime changes
|
| services.infinoted.group | What to call the primary group of the dedicated user under which infinoted is run
|
| nix.channel.enable | Whether the nix-channel command and state files are made available on the machine
|
| services.snipe-it.nginx.kTLS | Whether to enable kTLS support
|
| services.unpoller.loki.pass | Path of a file containing the password for Loki
|
| services.buildbot-master.group | Primary group of buildbot user.
|
| security.doas.extraRules.*.cmd | The command the user is allowed to run
|
| services.couchdb.viewIndexDir | Specifies location of CouchDB view index files
|
| services.dovecot2.enablePAM | Whether to enable creating a own Dovecot PAM service and configure PAM user logins.
|
| services.riemann-dash.dataDir | Location of the riemann-base dir
|
| services.portunus.enable | Whether to enable Portunus, a self-contained user/group management and authentication service for LDAP.
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.firefox-syncserver.database.createLocally | Whether to create database and user on the local machine if they do not exist
|
| services.pgbackrest.stanzas.<name>.instances | An attribute set of database instances as described in:
https://pgbackrest.org/configuration.html#section-stanza
Each instance defaults to set pg-host to the attribute's name
|
| services.buildbot-worker.group | Primary group of buildbot Worker user.
|
| services.mjolnir.accessTokenFile | File containing the matrix access token for the mjolnir user.
|
| services.oauth2-proxy.passBasicAuth | Pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream.
|
| services.prefect.databaseUser | database user for postgres only
|
| services.syncthing.settings.options.urAccepted | Whether the user has accepted to submit anonymous usage data
|
| services.coturn.no-auth | This option is opposite to lt-cred-mech.
(TURN Server with no-auth option allows anonymous access)
|
| services.headscale.settings.oidc.allowed_users | Users allowed to authenticate even if not in allowedDomains.
|
| services.fluidd.nginx.kTLS | Whether to enable kTLS support
|
| services.gancio.nginx.kTLS | Whether to enable kTLS support
|
| services.graylog.rootUsername | Name of the default administrator user
|
| services.akkoma.nginx.kTLS | Whether to enable kTLS support
|
| environment.shells | A list of permissible login shells for user accounts
|
| services.matomo.nginx.kTLS | Whether to enable kTLS support
|
| services.monica.nginx.kTLS | Whether to enable kTLS support
|
| services.documize.db | Database specific connection string for example:
- MySQL/Percona/MariaDB:
user:password@tcp(host:3306)/documize
- MySQLv8+:
user:password@tcp(host:3306)/documize?allowNativePasswords=true
- PostgreSQL:
host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable
- MSSQL:
sqlserver://username:password@localhost:1433?database=Documize or
sqlserver://sa@localhost/SQLExpress?database=Documize
|
| security.loginDefs.settings.UID_MIN | Range of user IDs used for the creation of regular users by useradd or newusers.
|
| security.loginDefs.settings.UID_MAX | Range of user IDs used for the creation of regular users by useradd or newusers.
|
| services.siproxd.passwordFile | Path to per-user password file.
|
| programs.mouse-actions.autorun | Whether to start a user service to run mouse-actions on startup.
|
| services.gitlab.statePath | GitLab state directory
|
| programs.gnupg.dirmngr.enable | Enables GnuPG network certificate management daemon with socket-activation for every user session.
|
| services._3proxy.services.*.acl | Use this option to limit user access to resources.
|
| services.mailman.ldap.superUserGroup | Group where a user must be a member of to gain superuser rights.
|
| services.prometheus.exporters.fritz.settings.devices.*.username | Username to authenticate with the target device.
|
| security.pam.services.<name>.pamMount | Enable PAM mount (pam_mount) system to mount filesystems on user login.
|
| nix.buildMachines.*.sshKey | The path to the SSH private key with which to authenticate on
the build machine
|
| security.sudo.defaultOptions | Options used for the default rules, granting root and the
wheel group permission to run any command as any user.
|
| services.resilio.checkForUpdates | Determines whether to check for updates and alert the user
about them in the UI.
|
| services.dependency-track.oidc.teamSynchronization | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| services.davis.adminPasswordFile | The full path to a file that contains the admin's password
|
| services.dokuwiki.sites.<name>.acl.*.actor | User or group to restrict
|
| services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| services.librechat.dataDir | Absolute path for where the LibreChat server will use as its data directory to store logs, user uploads, and generated images.
|
| services.greetd.restart | Whether to restart greetd when it terminates (e.g. on failure)
|
| security.acme.defaults.postRun | Commands to run after new certificates go live
|
| security.sudo-rs.defaultOptions | Options used for the default rules, granting root and the
wheel group permission to run any command as any user.
|
| services.discourse.admin.email | The admin user email address.
|
| services.pixelfed.runtimeDir | Ruutime directory of the pixelfed user which holds
the application's caches and temporary files.
|
| services.smokeping.config | Full smokeping config supplied by the user
|
| services.vsftpd.anonymousUser | Whether to enable the anonymous FTP user.
|
| services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| security.loginDefs.settings.SYS_UID_MAX | Range of user IDs used for the creation of system users by useradd or newusers.
|
| security.loginDefs.settings.SYS_UID_MIN | Range of user IDs used for the creation of system users by useradd or newusers.
|
| hardware.hackrf.enable | Enables hackrf udev rules and ensures 'plugdev' group exists
|
| services.znc.confOptions.networks | IRC networks to connect the user to.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.username | If empty string mailaddress value is used
|
| programs.dsearch.systemd.enable | Whether to enable systemd user service for dsearch.
|
| services.gitolite.enable | Enable gitolite management under the
gitolite user
|
| services.pgmanage.loginTimeout | Number of seconds of inactivity before user is automatically logged
out.
|
| services.temporal.dataDir | Data directory for Temporal
|