| services.dendrite.settings.global.server_name | The domain name of the server, with optional explicit port
|
| services.matrix-synapse.settings.server_name | The domain name of the server, with optional explicit port
|
| services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| services.icingaweb2.modules.monitoring.generalConfig.protectedVars | List of string patterns for custom variables which should be excluded from user’s view.
|
| services.gvfs.enable | Whether to enable GVfs, a userspace virtual filesystem.
|
| services.vsftpd.virtualUseLocalPrivs | If enabled, virtual users will use the same privileges as local
users
|
| services.iptsd.enable | Whether to enable the userspace daemon for Intel Precise Touch & Stylus.
|
| services.ulogd.enable | Whether to enable ulogd, a userspace logging daemon for netfilter/iptables related logging.
|
| programs.neovim.enable | Whether to enable Neovim
|
| security.tpm2.abrmd.enable | Whether to enable Trusted Platform 2 userspace resource manager daemon
.
|
| services.jitsi-meet.extraConfig | Text to append to config.js web application config file
|
| services.hledger-web.allow | User's access level for changing data.
- view: view only permission.
- add: view and add permissions.
- edit: view, add, and edit permissions.
- sandstorm: permissions from the
X-Sandstorm-Permissions request header.
|
| services.scx.enable | Whether to enable SCX service, a daemon to run schedulers from userspace.
This service requires a kernel with the Sched-ext feature
|
| services.discourse.admin.fullName | The admin user's full name.
|
| services.webdav.settings | Attrset that is converted and passed as config file
|
| services.tt-rss.database.password | The database user's password.
|
| services.tt-rss.database.passwordFile | The database user's password.
|
| networking.ucarp.enable | Whether to enable ucarp, userspace implementation of CARP.
|
| security.pam.services.<name>.rssh | If set, the calling user's SSH agent is used to authenticate
against the configured keys
|
| services.davis.adminLogin | Username for the admin account.
|
| security.pam.zfs.homes | Prefix of home datasets
|
| hardware.openrazer.enable | Whether to enable OpenRazer drivers and userspace daemon
.
|
| services.flarum.adminUser | Username for first web application administrator
|
| services.selfoss.database.password | The database user's password (has no effect if type is "sqlite").
|
| services.athens.basicAuthUser | Username for basic auth.
|
| services.resilio.httpLogin | HTTP web login username.
|
| services.xserver.windowManager.exwm.loadScript | Emacs lisp code to be run after loading the user's init
file.
|
| services.kmscon.enable | Whether to enable kmscon as the virtual console instead of gettys.
kmscon is a kms/dri-based userspace virtual terminal implementation
|
| services.tee-supplicant.enable | Whether to enable OP-TEE userspace supplicant.
|
| services.hardware.bolt.enable | Whether to enable Bolt, a userspace daemon to enable
security levels for Thunderbolt 3 on GNU/Linux
|
| services.ncdns.enable | Whether to enable ncdns, a Go daemon to bridge Namecoin to DNS
|
| services.discourse.admin.passwordFile | A path to a file containing the admin user's password
|
| security.pam.loginLimits.*.domain | Username, groupname, or wildcard this limit applies to
|
| services.mongodb.enableAuth | Enable client authentication
|
| services.nntp-proxy.upstreamUser | Upstream server username
|
| services.sniproxy.config | sniproxy.conf configuration excluding the daemon username and pid file.
|
| nix.sshServe.trusted | Whether to add nix-ssh to the nix.settings.trusted-users
|
| services.esdm.enableLinuxCompatServices | Enable /dev/random, /dev/urandom and /proc/sys/kernel/random/* userspace wrapper.
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| services.openssh.authorizedKeysCommand | Specifies a program to be used to look up the user's public
keys
|
| services.freshrss.defaultUser | Default username for FreshRSS.
|
| services.tailscale.interfaceName | The interface name for tunnel traffic
|
| services.fcron.deny | Users forbidden from using fcron.
|
| services.displayManager.dms-greeter.configHome | Path to a user's home directory from which to copy DankMaterialShell
configuration files
|
| services.wasabibackend.customConfigFile | Defines the path to a custom configuration file that is copied to the user's directory
|
| services.davis.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.movim.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| hardware.i2c.group | Grant access to i2c devices (/dev/i2c-*) to users in this group.
|
| services.getty.autologinUser | Username of the account that will be automatically logged in at the console
|
| services.snipe-it.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.resilio.storagePath | Where BitTorrent Sync will store it's database files (containing
things like username info and licenses)
|
| programs.wireshark.enable | Whether to add Wireshark to the global environment and create a 'wireshark'
group
|
| services.logrotate.checkConfig | Whether the config should be checked at build time
|
| services.gancio.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.fluidd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.akkoma.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.matomo.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.monica.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.incron.deny | Users forbidden from using incrontab.
|
| services.prosody.modules.blocklist | Allow users to block communications with other users
|
| services.kmscon.autologinUser | Username of the account that will be automatically logged in at the console
|
| programs.cdemu.group | Group that users must be in to use cdemu.
|
| services.moodle.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.nagios.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.libinput.mouse.buttonMapping | Sets the logical button mapping for this device, see XSetPointerMapping(3)
|
| services.grafana.settings.database.password | The database user's password (not applicable for sqlite3)
|
| services.cadvisor.storageDriverUser | Cadvisor storage driver username.
|
| programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| programs.wireshark.dumpcap.enable | Whether to allow users in the 'wireshark' group to capture network traffic
|
| services.tor.relay.role | Your role in Tor network
|
| services.httpd.virtualHosts.<name>.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| security.pam.services.<name>.limits.*.domain | Username, groupname, or wildcard this limit applies to
|
| services.znc.confOptions.passBlock | Generate with nix-shell -p znc --command "znc --makepass"
|
| programs.fuse.mountMax | Set the maximum number of FUSE mounts allowed to non-root users.
|
| services.oauth2-proxy.google.adminEmail | The Google Admin to impersonate for API calls
|
| programs.ryzen-monitor-ng.enable | Whether to enable ryzen_monitor_ng, a userspace application for setting and getting Ryzen SMU (System Management Unit) parameters via the ryzen_smu kernel driver
|
| services.syncplay.maxUsernameLength | Maximum number of characters in a username.
|
| services.fcron.allow | Users allowed to use fcrontab and fcrondyn (one name per
line, all for everyone).
|
| services.agorakit.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.kanboard.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.libinput.touchpad.buttonMapping | Sets the logical button mapping for this device, see XSetPointerMapping(3)
|
| services.guix.nrBuildUsers | Number of Guix build users to be used in the build pool.
|
| services.microsocks.authUsername | Optional username to use for authentication.
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| services.tor.torsocks.socks5Username | SOCKS5 username
|
| services.zabbixWeb.httpd.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.radicle.httpd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| security.sudo.enable | Whether to enable the sudo command, which
allows non-root users to execute commands as root.
|
| security.doas.enable | Whether to enable the doas command, which allows
non-root users to execute commands as root.
|
| services.deye-dummycloud.mqttUsername | MQTT username
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.anuko-time-tracker.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.nginx.virtualHosts.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.oauth2-proxy.htpasswd.displayForm | Display username / password login form if an htpasswd file is provided.
|