| users.ldap.bind.passwordFile | The path to a file containing the credentials to use when binding
to the LDAP server (if not binding anonymously).
|
| users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| services._3proxy.usersFile | Load users and passwords from this file
|
| users.mysql.nss.memsbygid | SQL query for the memsbygid
syscall.
|
| users.mysql.nss.gidsbymem | SQL query for the gidsbymem
syscall.
|
| users.ldap.daemon.extraConfig | Extra configuration options that will be added verbatim at
the end of the nslcd configuration file (nslcd.conf(5)).
|
| users.users.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| users.mysql.pam.logging.enable | Enables logging of authentication attempts in the MySQL database.
|
| users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| users.extraUsers.<name>.subUidRanges.*.count | Count of subordinate user ids
|
| users.users.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| boot.initrd.systemd.users.<name>.uid | ID of the user in initrd.
|
| users.extraUsers.<name>.useDefaultShell | If true, the user's shell will be set to
users.defaultUserShell.
|
| security.doas.extraRules.*.users | The usernames / UIDs this rule should apply for.
|
| security.sudo.extraRules.*.users | The usernames / UIDs this rule should apply for.
|
| users.users.<name>.password | Specifies the (clear text) password for the user
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|
| services.geoclue2.appConfig.<name>.users | List of UIDs of all users for which this application is allowed location
info access, Defaults to an empty string to allow it for all users.
|
| nix.settings.trusted-users | A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs
|
| users.mysql.pam.logging.msgColumn | The name of the column in the log table to which the description
of the performed operation is stored.
|
| users.ldap.bind.policy | Specifies the policy to use for reconnecting to an unavailable
LDAP server
|
| security.sudo-rs.extraRules.*.users | The usernames / UIDs this rule should apply for.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| users.users.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| users.mysql.pam.passwordColumn | The name of the column that contains a (encrypted) password string.
|
| services.anki-sync-server.users | List of user-password pairs to provide to the sync server.
|
| users.extraUsers.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| users.extraUsers.<name>.subUidRanges.*.startUid | Start of the range of subordinate user ids that user is
allowed to use.
|
| users.mysql.pam.logging.pidColumn | The name of the column in the log table to which the pid of the
process utilising the pam_mysql authentication
service is stored.
|
| users.mysql.pam.logging.timeColumn | The name of the column in the log table to which the timestamp of the
log entry is stored.
|
| users.mysql.pam.logging.userColumn | The name of the column in the log table to which the name of the
user being authenticated is stored.
|
| users.mysql.pam.logging.hostColumn | The name of the column in the log table to which the name of the user
being authenticated is stored.
|
| boot.initrd.systemd.users.<name>.shell | The path to the user's shell in initrd.
|
| boot.initrd.systemd.users.<name>.group | Group the user belongs to in initrd.
|
| users.extraUsers.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.crossmacro.users | List of users granted permission to use CrossMacro.
|
| power.ups.users.<name>.passwordFile | The full path to a file that contains the user's (clear text)
password
|
| power.ups.users.<name>.instcmds | Let the user initiate specific instant commands
|
| systemd.user.tmpfiles.users | Per-user rules for creation, deletion and cleaning of volatile and
temporary files automatically.
|
| users.ldap.daemon.enable | Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM
|
| services._3proxy.services.*.acl.*.users | List of users, use empty list for any.
|
| users.mysql.pam.logging.rHostColumn | The name of the column in the log table to which the name of the remote
host that initiates the session is stored
|
| programs.idescriptor.users | Users to be added to the idevice group.
|
| boot.loader.grub.users.<name>.hashedPassword | Specifies the password hash for the account,
generated with grub-mkpasswd-pbkdf2
|
| services.bitcoind.<name>.rpc.users | RPC user information for JSON-RPC connections.
|
| security.pam.oath.usersFile | Set the path to file where the user's credentials are
stored
|
| users.users.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| users.users.<name>.hashedPassword | Specifies the hashed password for the user
|
| hardware.openrazer.users | Usernames to be added to the "openrazer" group, so that they
can start and interact with the OpenRazer userspace daemon.
|
| services.dokuwiki.sites.<name>.usersFile | Location of the dokuwiki users file
|
| users.mysql.pam.statusColumn | The name of the column or an SQL expression that indicates the status of
the user
|
| users.users.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.nntp-proxy.users.<name>.username | Username
|
| services.anki-sync-server.users.*.password | Password accepted by anki-sync-server for the associated username.
WARNING: This option is not secure
|
| services.bitcoind.<name>.rpc.users.<name>.name | Username for JSON-RPC connections.
|
| systemd.sysusers.enable | If enabled, users are created with systemd-sysusers instead of with
the custom update-users-groups.pl script
|
| services.influxdb2.provision.users | Users to provision.
|
| boot.loader.grub.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the account
|
| services.mosquitto.listeners.*.users | A set of users and their passwords and ACLs.
|
| services.mtprotoproxy.users | Allowed users and their secrets
|
| systemd.user.tmpfiles.users.<name>.rules | Per-user rules for creation, deletion and cleaning of volatile and
temporary files automatically
|
| users.ldap.daemon.rootpwmoddn | The distinguished name to use to bind to the LDAP server
when the root user tries to modify a user's password.
|
| services.anki-sync-server.users.*.username | User name accepted by anki-sync-server.
|
| users.extraUsers.<name>.ignoreShellProgramCheck | By default, nixos will check that programs
|
| users.extraUsers.<name>.description | A short description of the user account, typically the
user's full name
|
| services.nntp-proxy.users.<name>.passwordHash | SHA-512 password hash (can be generated by
mkpasswd -m sha-512 <password>)
|
| users.users.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| users.ldap.daemon.rootpwmodpwFile | The path to a file containing the credentials with which to bind to
the LDAP server if the root user tries to change a user's password.
|
| services.grafana.settings.users.hidden_users | This is a comma-separated list of usernames
|
| services.anki-sync-server.users.*.passwordFile | File containing the password accepted by anki-sync-server for
the associated username
|
| boot.loader.grub.users.<name>.hashedPasswordFile | Specifies the path to a file containing the password hash
for the account, generated with grub-mkpasswd-pbkdf2
|
| services.pgbouncer.settings.users | Optional
|
| services.grafana.settings.users.home_page | Path to a custom home page
|
| services.cloudlog.update-lotw-users.enable | Whether to periodically update the list of LoTW users
|
| users.mysql.pam.passwordCrypt | The method to encrypt the user's password:
0 (or "plain"):
No encryption
|
| users.ldap.bind.distinguishedName | The distinguished name to bind to the LDAP server with
|
| services.samba.settings.global."invalid users" | List of users who are denied to login via Samba.
|
| services.nntp-proxy.users.<name>.maxConnections | Maximum number of concurrent connections to the proxy for this user
|
| services.mosquitto.listeners.*.users.<name>.acl | Control client access to topics on the broker.
|
| services.grafana.settings.users.allow_sign_up | Set to false to prohibit users from being able to sign up / create user accounts
|
| services.bitwarden-directory-connector-cli.sync.users | Sync users.
|
| users.mysql.pam.disconnectEveryOperation | By default, pam_mysql keeps the connection to the MySQL
database until the session is closed
|
| services.bitcoind.<name>.rpc.users.<name>.passwordHMAC | Password HMAC-SHA-256 for JSON-RPC connections
|
| services.clickhouse.usersConfig | Your users.yaml as a Nix attribute set
|
| users.extraUsers.<name>.openssh.authorizedKeys.keys | A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys
|
| users.extraUsers.<name>.openssh.authorizedKeys.keyFiles | A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys
|
| services.paretosecurity.users | Per-user Pareto Security configuration.
|
| services.influxdb2.provision.users.<name>.present | Whether to ensure that this user is present or absent.
|
| services.grafana.settings.users.login_hint | Text used as placeholder text on login page for login/username input.
|
| users.extraUsers.<name>.openssh.authorizedPrincipals | A list of verbatim principal names that should be added to the user's
authorized principals.
|
| users.extraUsers.<name>.password | Specifies the (clear text) password for the user
|
| services.mosquitto.listeners.*.users.<name>.password | Specifies the (clear text) password for the MQTT User.
|
| services.grafana.settings.users.auto_assign_org | Set to true to automatically add new users to the main organization (id 1)
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.vsftpd.virtualUseLocalPrivs | If enabled, virtual users will use the same privileges as local
users
|
| services.cloudlog.update-lotw-users.interval | Specification (in the format described by systemd.time(7)) of the
time at which the LoTW user update will occur.
|
| services.mysql.ensureUsers | Ensures that the specified users exist and have at least the ensured permissions
|
| services.mosquitto.listeners.*.users.<name>.passwordFile | Specifies the path to a file containing the
clear text password for the MQTT user
|
| services.paretosecurity.users.<name>.inviteId | A unique ID that links the agent to Pareto Cloud
|