| services.warpgate.databaseUrlFile | Path to file containing database connection string with credentials
|
| services.anuko-time-tracker.settings.email.smtpUser | MTA authentication username.
|
| services.ntopng.enable | Enable ntopng, a high-speed web-based traffic analysis and flow
collection tool
|
| programs.ydotool.group | Group which users must be in to use ydotool.
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| services.syncplay.chat | Chat with users in the same room.
|
| security.pam.services.<name>.googleAuthenticator.forwardPass | The authentication provides a single field requiring
the user's password followed by the one-time password (OTP).
|
| services.bookstack.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.onlyoffice.postgresUser | The username OnlyOffice should use to connect to Postgresql
|
| services.vsftpd.localUsers | Whether to enable FTP for local users.
|
| security.ipa.ifpAllowedUids | A list of users allowed to access the ifp dbus interface.
|
| hardware.sane.enable | Enable support for SANE scanners.
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.
|
| security.sudo-rs.enable | Whether to enable a memory-safe implementation of the sudo command,
which allows non-root users to execute commands as root
.
|
| services.vlagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.vmagent.remoteWrite.basicAuthUsername | Basic Auth username used to connect to remote_write endpoint
|
| services.jirafeau.nginxConfig.basicAuthFile | Basic Auth password file for a vhost
|
| programs.nix-required-mounts.presets.nvidia-gpu.enable | Whether to enable Declare the support for derivations that require an Nvidia GPU to be
available, e.g. derivations with requiredSystemFeatures = [ "cuda" ]
|
| services.syncplay.ready | Check readiness of users.
|
| services.weblate.smtp.port | SMTP port used when sending emails to users.
|
| services.weblate.smtp.host | SMTP host used when sending emails to users.
|
| services.mediagoblin.enable | Whether to enable MediaGoblin
|
| services.mattermost.database.host | Host to use for the database
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| services.zabbixWeb.nginx.virtualHost.basicAuthFile | Basic Auth password file for a vhost
|
| services.firezone.server.smtp.passwordFile | File containing the password for the given username
|
| services.bitwarden-directory-connector-cli.sync.creationDateAttribute | Attribute that lists a user's creation date.
|
| services.pyload.credentialsFile | File containing PYLOAD_DEFAULT_USERNAME and
PYLOAD_DEFAULT_PASSWORD in the format of an EnvironmentFile=,
as described by systemd.exec(5)
|
| security.pam.p11.enable | Enables P11 PAM (pam_p11) module
|
| services.vsftpd.writeEnable | Whether any write activity is permitted to users.
|
| services.postgresql.authentication | Defines how users authenticate themselves to the server
|
| hardware.bladeRF.enable | Enables udev rules for BladeRF devices
|
| services.ombi.enable | Whether to enable Ombi, a web application that automatically gives your shared Plex or
Emby users the ability to request content by themselves!
Optionally see https://docs.ombi.app/info/reverse-proxy
on how to set up a reverse proxy
.
|
| services.limesurvey.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.mediawiki.httpd.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.headscale.settings.oidc.allowed_domains | Allowed principal domains. if an authenticated user's domain
is not in this list authentication request will be rejected.
|
| programs.pmount.enable | Whether to enable pmount, a tool that allows normal users to mount removable devices
without requiring root privileges
.
|
| services.tt-rss.auth.autoCreate | Allow authentication modules to auto-create users in tt-rss internal
database when authenticated successfully.
|
| services.davis.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.movim.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.slskd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.sympa.listMasters | The list of the email addresses of the listmasters
(users authorized to perform global server commands).
|
| services.snipe-it.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dovecot2.mailGroup | Default group to store mail for virtual users.
|
| services.dawarich.smtp.port | SMTP port used when sending emails to users.
|
| services.dawarich.smtp.host | SMTP host used when sending emails to users.
|
| services.mastodon.smtp.host | SMTP host used when sending emails to users.
|
| services.mastodon.smtp.port | SMTP port used when sending emails to users.
|
| services.wordpress.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.matrix-synapse.settings.presence.enabled | Whether to enable presence tracking
|
| security.pam.howdy.enable | Whether to enable the Howdy PAM module
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.jupyter.group | Name of the group used to run the jupyter service
|
| security.sudo.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| security.pam.dp9ik.enable | Whether to enable the dp9ik pam module provided by tlsclient
|
| services.syncplay.motdFile | Path to text to display when users join
|
| services.fedimintd.<name>.nginx.config.basicAuthFile | Basic Auth password file for a vhost
|
| services.gancio.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fluidd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.akkoma.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.matomo.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.monica.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.zoneminder.database.password | Username for accessing the database
|
| services.mastodon.smtp.authenticate | Authenticate with the SMTP server using username and password.
|
| security.sudo-rs.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| services.sftpgo.loadDataFile | Path to a json file containing users and folders to load (or update) on startup
|
| services.doh-server.settings.log_guessed_client_ip | Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP
Note: http uri/useragent log cannot be controlled by this config
|
| services.limesurvey.httpd.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| programs.minipro.enable | Whether to enable minipro and its udev rules
|
| services.mchprs.settings.chat_format | How to format chat message interpolating username
and message with curly braces
|
| services.mjolnir.pantalaimon.enable | Whether to enable ignoring the accessToken
|
| services.drupal.sites.<name>.themesDir | The location for users to install Drupal themes.
|
| security.duosec.groups | If specified, Duo authentication is required only for users
whose primary group or supplementary group list matches one
of the space-separated pattern lists
|
| services.prosody.modules.motd | Send a message to users when they log in
|
| services.prosody.modules.mam | Store messages in an archive and allow users to access it
|
| virtualisation.incus.enable | Whether to enable incusd, a daemon that manages containers and virtual machines
|
| services.prosody.modules.pep | Enables users to publish their mood, activity, playing music and more
|
| services.umami.createPostgresqlDatabase | Whether to automatically create the database for Umami using PostgreSQL
|
| services.victorialogs.basicAuthUsername | Basic Auth username used to protect VictoriaLogs instance by authorization
|
| services.syncplay.motd | Text to display when users join
|
| services.timekpr.adminUsers | All listed users will become part of the timekpr group so they can manage timekpr settings without requiring sudo.
|
| virtualisation.qemu.networkingOptions | Networking-related command-line options that should be passed to qemu
|
| services.prosody.modules.vcard | Allow users to set vCards
|
| services.kea.dhcp6.configFile | Kea DHCP6 configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/dhcp6-srv.html
|
| services.kea.dhcp4.configFile | Kea DHCP4 configuration as a path, see https://kea.readthedocs.io/en/kea-3.0.2/arm/dhcp4-srv.html
|
| services.kanboard.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.fediwall.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.agorakit.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.librenms.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.mainsail.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.pixelfed.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.hologram-server.ldapBaseDN | The base DN for your Hologram users
|
| services.alerta.signupEnabled | Whether to prevent sign-up of new users via the web UI
|
| programs.flashrom.enable | Installs flashrom and configures udev rules for programmers
used by flashrom
|
| services.bitlbee.authBackend | How users are authenticated
storage -- save passwords internally
pam -- Linux PAM authentication
|
| services.limesurvey.nginx.virtualHost.basicAuthFile | Basic Auth password file for a vhost
|
| services.aria2.enable | Whether or not to enable the headless Aria2 daemon service
|
| security.pam.services.<name>.unixAuth | Whether users can log in with passwords defined in
/etc/shadow.
|
| services.drupal.sites.<name>.modulesDir | The location for users to install Drupal modules.
|
| services.radicle.httpd.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|