| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.username | HTTP username
|
| services.nextcloud.settings."profile.enabled" | Makes user-profiles globally available under nextcloud.tld/u/user.name
|
| services.journald.remote.settings.Remote.ServerKeyFile | A path to a SSL secret key file in PEM format
|
| hardware.opentabletdriver.enable | Enable OpenTabletDriver udev rules, user service and blacklist kernel
modules known to conflict with OpenTabletDriver.
|
| services.libinput.touchpad.accelProfile | Sets the pointer acceleration profile to the given profile
|
| services.mysql.ensureUsers.*.ensurePermissions | Permissions to ensure for the user, specified as attribute set
|
| services.jibri.xmppEnvironments.<name>.control.login.passwordFile | File containing the password for the user.
|
| programs.thunderbird.preferencesStatus | The status of thunderbird.preferences.
status can assume the following values:
"default": Preferences appear as default."locked": Preferences appear as default and can't be changed."user": Preferences appear as changed."clear": Value has no effect
|
| services.xserver.displayManager.startx.generateScript | Whether to generate the system-wide xinitrc script (/etc/X11/xinit/xinitrc)
|
| services.magnetico.web.credentialsFile | The path to the file holding the credentials to access the web
interface
|
| services.netbird.server.management.disableSingleAccountMode | If set to true, disables single account mode
|
| services.waagent.settings.Provisioning.Enable | Whether to enable provisioning functionality in the agent
|
| services.archisteamfarm.bots.<name>.passwordFile | Path to a file containing the password
|
| services.bitwarden-directory-connector-cli.sync.useEmailPrefixSuffix | If a user has no email address, combine a username prefix with a suffix value to form an email.
|
| networking.resolvconf.dnsExtensionMechanism | Enable the edns0 option in resolv.conf
|
| services.prometheus.exporters.nextcloud.passwordFile | File containing the password for connecting to Nextcloud
|
| services.parsedmarc.provision.localMail.recipientName | The DMARC mail recipient name, i.e. the name part of the
email address which receives DMARC reports
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.username | HTTP username
|
| hardware.opentabletdriver.daemon.enable | Whether to start OpenTabletDriver daemon as a systemd user service.
|
| services.matrix-appservice-irc.settings.homeserver.domain | The 'domain' part for user IDs on this home server
|
| services.kerberos_server.settings.realms.<name>.acl | The privileges granted to a user.
|
| services.prometheus.exporters.collectd.collectdBinary.authFile | File mapping user names to pre-shared keys (passwords).
|
| services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| services.postgresql.ensureUsers.*.ensureClauses.inherit | Grants the user created inherit permissions
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| services.suricata.settings.dpdk | Data Plane Development Kit is a framework for fast packet processing in data plane applications running on a wide variety of CPU architectures
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.username | HTTP username
|
| services.syncthing.settings.folders.<name>.copyOwnershipFromParent | On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in)
|
| systemd.services.<name>.confinement.mode | The value full-apivfs (the default) sets up
private /dev, /proc,
/sys, /tmp and /var/tmp file systems
in a separate user name space
|
| services.postgresql.ensureUsers.*.ensureClauses.createdb | Grants the user, created by the ensureUser attr, createdb permissions
|
| services.glitchtip.settings.ENABLE_ORGANIZATION_CREATION | When false, only superusers will be able to create new organizations after the first
|
| services.matrix-continuwuity.settings.global.server_name | The server_name is the name of this server
|
| virtualisation.directBoot.enable | If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| services.postgresql.ensureUsers.*.ensureClauses.bypassrls | Grants the user, created by the ensureUser attr, replication permissions
|
| services.neo4j.directories.certificates | Directory for storing certificates to be used by Neo4j for
TLS connections
|
| services.healthchecks.settings.REGISTRATION_OPEN | A boolean that controls whether site visitors can create new accounts
|
| services.biboumi.settings.realname_from_jid | Whether the realname and username of each biboumi
user will be extracted from their JID
|
| services.grafana.settings.security.disable_gravatar | Set to true to disable the use of Gravatar for user profile images.
|
| services.movim.podConfig.restrictsuggestions | Only suggest chatrooms, Communities and other contents that are available on the user XMPP server and related services
|
| services.transmission.downloadDirPermissions | If not null, is used as the permissions
set by system.activationScripts.transmission-daemon
on the directories services.transmission.settings.download-dir,
services.transmission.settings.incomplete-dir.
and services.transmission.settings.watch-dir
|
| services.amazon-cloudwatch-agent.configurationFile | Amazon CloudWatch Agent configuration file
|
| services.prometheus.exporters.pgbouncer.connectionString | Connection string for accessing pgBouncer
|
| services.postgresql.ensureUsers.*.ensureClauses.replication | Grants the user, created by the ensureUser attr, replication permissions
|
| services.postgresql.ensureUsers.*.ensureClauses.createrole | Grants the user, created by the ensureUser attr, createrole permissions
|
| services.warpgate.settings.ssh.inactivity_timeout | How long can user be inactive until Warpgate terminates the connection.
|
| services.prometheus.exporters.fritz.settings.devices.*.password_file | Path to a file which contains the password to authenticate with the target device
|
| services.prometheus.exporters.mail.configuration.servers.*.detectionDir | Directory in which new mails for the exporter user are placed
|
| services.doh-server.settings.ecs_use_precise_ip | If ECS is added to the request, let the full IP address or cap it to 24 or 128 mask
|
| services.pgbouncer.settings.pgbouncer.default_pool_size | How many server connections to allow per user/database pair
|
| services.movim.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.h2o.hosts.<name>.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| environment.memoryAllocator.provider | The system-wide memory allocator
|
| services.dolibarr.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.matrix-continuwuity.settings.global.unix_socket_path | Listen on a UNIX socket at the specified path
|
| services.mediagoblin.settings.mediagoblin.allow_registration | Whether to enable user self registration
|
| services.pgbouncer.settings.pgbouncer.max_db_connections | Do not allow more than this many server connections per database (regardless of user)
|
| services.dendrite.settings.client_api.registration_disabled | Whether to disable user registration to the server
without the shared secret.
|
| services.grafana.settings.security.csrf_additional_headers | List of allowed headers to be set by the user
|
| services.grafana.settings.security.content_security_policy | Set to true to add the Content-Security-Policy header to your requests
|
| services.buffyboard.settings.quirks.ignore_unused_terminals | If true, buffyboard won't automatically update the layout of a new terminal and
draw the keyboard, if the terminal is not opened by any process
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| services.stash.settings.show_one_time_moved_notification | Whether a small notification to inform the user that Stash will no longer show a terminal window, and instead will be available in the tray
|
| security.pam.u2f.enable | Enables U2F PAM (pam-u2f) module
|
| services.dante.config | Contents of Dante's configuration file
|
| services.magnetico.web.credentials | The credentials to access the web interface, in case authentication is
enabled, in the format username:hash
|
| security.pam.yubico.enable | Enables Yubico PAM (yubico-pam) module
|
| services.coturn.realm | The default realm to be used for the users when no explicit
origin/realm relationship was found in the database, or if the TURN
server is not using any database (just the commands-line settings
and the userdb file)
|
| virtualisation.kvmgt.enable | Whether to enable KVMGT (iGVT-g) VGPU support
|
| services.mchprs.whitelist.list | Whitelisted players, only has an effect when
services.mchprs.declarativeWhitelist is
true and the whitelist is enabled
via services.mchprs.whitelist.enable
|
| services.minecraft-server.whitelist | Whitelisted players, only has an effect when
services.minecraft-server.declarative is
true and the whitelist is enabled
via services.minecraft-server.serverProperties by
setting white-list to true
|
| hardware.brillo.enable | Whether to enable brillo in userspace
|
| services.memos.group | The group to run Memos as.
If changing the default value, you are responsible of creating the corresponding group with users.groups.
|
| services.yarr.authFilePath | Path to a file containing username:password. null means no authentication required to use the service.
|
| services.deluge.authFile | The file managing the authentication for deluge, the format of this
file is straightforward, each line contains a
username:password:level tuple in plaintext
|
| services.gpsd.devices | List of devices that gpsd should subscribe to
|
| boot.zfs.package | Configured ZFS userland tools package.
|
| programs.bash.enable | Whenever to configure Bash as an interactive shell
|
| programs.rust-motd.enableMotdInSSHD | Whether to let openssh print the
result when entering a new ssh-session
|
| services.dependency-track.oidc.teams.claim | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| services.silverbullet.envFile | File containing extra environment variables
|
| programs.wayland.miracle-wm.enable | Whether to enable miracle-wm, a tiling Mir based Wayland compositor
|
| services.bitwarden-directory-connector-cli.sync.emailPrefixAttribute | The attribute that contains the users username.
|
| services.dependency-track.settings."alpine.oidc.teams.claim" | Defines the name of the claim that contains group memberships or role assignments in the provider's userinfo endpoint
|
| hardware.nfc-nci.enable | Whether to enable PN5xx kernel module with udev rules, libnfc-nci userland, and optional ifdnfc-nci PC/SC driver.
|
| security.pam.u2f.settings.authfile | By default pam-u2f module reads the keys from
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set)
|
| security.pam.services.<name>.rootOK | If set, root doesn't need to authenticate (e.g. for the
useradd service).
|
| services.matrix-appservice-irc.localpart | The user_id localpart to assign to the appservice
|
| security.loginDefs.settings.GID_MIN | Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
|
| security.loginDefs.settings.GID_MAX | Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
|
| security.loginDefs.settings.SYS_GID_MAX | Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
|
| security.loginDefs.settings.SYS_GID_MIN | Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
|
| services.matrix-appservice-discord.localpart | The user_id localpart to assign to the AS.
|
| services.multipath.devices.*.alias_prefix | The user_friendly_names prefix to use for this device type, instead of the default mpath
|
| services.hologram-server.ldapUserAttr | The LDAP attribute for usernames
|
| services.biboumi.settings.realname_customization | Whether the users will be able to use
the ad-hoc commands that lets them configure
their realname and username.
|
| services.usbguard.IPCAllowedUsers | A list of usernames that the daemon will accept IPC connections from.
|
| services.openafsClient.packages.module | OpenAFS kernel module package
|
| security.pam.services.<name>.sshAgentAuth | If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
|