| services.mosquitto.listeners.*.users.<name>.hashedPassword | Specifies the hashed password for the MQTT User
|
| users.extraUsers.<name>.hashedPasswordFile | The full path to a file that contains the hash of the user's
password
|
| users.extraUsers.<name>.hashedPassword | Specifies the hashed password for the user
|
| services.taskserver.organisations.<name>.users | A list of user names that belong to the organization.
|
| services.grafana.settings.users.password_hint | Text used as placeholder text on login page for password input.
|
| services.grafana.settings.users.default_theme | Sets the default UI theme. system matches the user's system theme.
|
| services.grafana.settings.users.allow_org_create | Set to false to prohibit users from creating new organizations.
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.freeciv.settings.Newusers | Whether to enable new users to login if auth is enabled.
|
| services.mosquitto.listeners.*.users.<name>.hashedPasswordFile | Specifies the path to a file containing the
hashed password for the MQTT user
|
| services.samba.usershares.group | Name of the group members of which will be allowed to create usershares
|
| services.pgmanage.superOnly | This tells pgmanage whether or not to only allow super users to
login
|
| services.samba.usershares.enable | Whether to enable user-configurable Samba shares.
|
| users.extraUsers.<name>.initialHashedPassword | Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist
|
| services.grafana.settings.users.auto_assign_org_id | Set this value to automatically add new users to the provided org
|
| services.grafana.settings.users.default_language | This setting configures the default UI language, which must be a supported IETF language tag, such as en-US.
|
| services.grafana.settings.users.viewers_can_edit | Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to
|
| services.incron.allow | Users allowed to use incrontab
|
| services.grafana.settings.users.auto_assign_org_role | The role new users will be assigned for the main organization (if the auto_assign_org setting is set to true).
|
| nix.sshServe.trusted | Whether to add nix-ssh to the nix.settings.trusted-users
|
| services.postgresql.ensureUsers | Ensures that the specified users exist
|
| nix.nrBuildUsers | Number of nixbld user accounts created to
perform secure concurrent builds
|
| services.tt-rss.plugins | List of plugins to load automatically for all users
|
| services.calibre-server.auth.userDb | Choose users database file to use for authentication
|
| services.grafana.settings.users.verify_email_enabled | Require email validation before sign up completes.
|
| services.headscale.settings.oidc.allowed_users | Users allowed to authenticate even if not in allowedDomains.
|
| services.fcron.deny | Users forbidden from using fcron.
|
| services.umurmur.settings.max_users | Maximum number of concurrent clients allowed.
|
| hardware.i2c.group | Grant access to i2c devices (/dev/i2c-*) to users in this group.
|
| programs.wireshark.enable | Whether to add Wireshark to the global environment and create a 'wireshark'
group
|
| services.logrotate.checkConfig | Whether the config should be checked at build time
|
| services.incron.deny | Users forbidden from using incrontab.
|
| services.prosody.modules.blocklist | Allow users to block communications with other users
|
| programs.cdemu.group | Group that users must be in to use cdemu.
|
| security.polkit.adminIdentities | Specifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value)
|
| programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| programs.wireshark.dumpcap.enable | Whether to allow users in the 'wireshark' group to capture network traffic
|
| services.tor.relay.role | Your role in Tor network
|
| programs.fuse.mountMax | Set the maximum number of FUSE mounts allowed to non-root users.
|
| services.oauth2-proxy.google.adminEmail | The Google Admin to impersonate for API calls
|
| services.postgresql.identMap | Defines the mapping from system users to database users
|
| services.fcron.allow | Users allowed to use fcrontab and fcrondyn (one name per
line, all for everyone).
|
| services.guix.nrBuildUsers | Number of Guix build users to be used in the build pool.
|
| security.sudo.enable | Whether to enable the sudo command, which
allows non-root users to execute commands as root.
|
| security.doas.enable | Whether to enable the doas command, which allows
non-root users to execute commands as root.
|
| services.vsftpd.userDbPath | Only applies if enableVirtualUsers is true
|
| security.ipa.shells | List of shells which binaries should be installed to /bin/
|
| programs.ydotool.group | Group which users must be in to use ydotool.
|
| services.syncplay.chat | Chat with users in the same room.
|
| programs.rush.shell | The resolved shell path that users can inherit to set rush as their login shell
|
| services.vsftpd.localUsers | Whether to enable FTP for local users.
|
| security.ipa.ifpAllowedUids | A list of users allowed to access the ifp dbus interface.
|
| security.sudo-rs.enable | Whether to enable a memory-safe implementation of the sudo command,
which allows non-root users to execute commands as root
.
|
| hardware.sane.enable | Enable support for SANE scanners.
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.
|
| services.syncplay.ready | Check readiness of users.
|
| services.weblate.smtp.port | SMTP port used when sending emails to users.
|
| services.weblate.smtp.host | SMTP host used when sending emails to users.
|
| hardware.brillo.enable | Whether to enable brillo in userspace
|
| programs.fuse.userAllowOther | Allow non-root users to specify the allow_other or allow_root mount
options, see mount.fuse3(8).
|
| hardware.i2c.enable | Whether to enable i2c devices support
|
| security.pam.p11.enable | Enables P11 PAM (pam_p11) module
|
| services.exim.user | User to use when no root privileges are required
|
| services.vsftpd.writeEnable | Whether any write activity is permitted to users.
|
| services.postgresql.authentication | Defines how users authenticate themselves to the server
|
| hardware.bladeRF.enable | Enables udev rules for BladeRF devices
|
| services.dovecot2.mailUser | Default user to store mail for virtual users.
|
| security.please.enable | Whether to enable please, a Sudo clone which allows a users to execute a command or edit a
file as another user
.
|
| services.ombi.enable | Whether to enable Ombi, a web application that automatically gives your shared Plex or
Emby users the ability to request content by themselves!
Optionally see https://docs.ombi.app/info/reverse-proxy
on how to set up a reverse proxy
.
|
| programs.pmount.enable | Whether to enable pmount, a tool that allows normal users to mount removable devices
without requiring root privileges
.
|
| services.tt-rss.auth.autoCreate | Allow authentication modules to auto-create users in tt-rss internal
database when authenticated successfully.
|
| services.sympa.listMasters | The list of the email addresses of the listmasters
(users authorized to perform global server commands).
|
| nix.buildMachines.*.sshUser | The username to log in as on the remote host
|
| services.dovecot2.mailGroup | Default group to store mail for virtual users.
|
| services.dawarich.smtp.host | SMTP host used when sending emails to users.
|
| services.dawarich.smtp.port | SMTP port used when sending emails to users.
|
| services.mastodon.smtp.host | SMTP host used when sending emails to users.
|
| services.mastodon.smtp.port | SMTP port used when sending emails to users.
|
| services.matrix-synapse.settings.presence.enabled | Whether to enable presence tracking
|
| security.pam.dp9ik.enable | Whether to enable the dp9ik pam module provided by tlsclient
|
| services.jupyter.group | Name of the group used to run the jupyter service
|
| security.sudo.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| security.pam.howdy.enable | Whether to enable the Howdy PAM module
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.syncplay.motdFile | Path to text to display when users join
|
| security.sudo-rs.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| services.sftpgo.loadDataFile | Path to a json file containing users and folders to load (or update) on startup
|
| programs.minipro.enable | Whether to enable minipro and its udev rules
|
| security.duosec.groups | If specified, Duo authentication is required only for users
whose primary group or supplementary group list matches one
of the space-separated pattern lists
|
| services.drupal.sites.<name>.themesDir | The location for users to install Drupal themes.
|
| services.diod.allsquash | Remap all users to "nobody"
|
| services.prosody.modules.mam | Store messages in an archive and allow users to access it
|
| services.prosody.modules.motd | Send a message to users when they log in
|
| services.tt-rss.auth.autoLogin | Automatically login user on remote or other kind of externally supplied
authentication, otherwise redirect to login form as normal
|
| services.tt-rss.singleUserMode | Operate in single user mode, disables all functionality related to
multiple users and authentication
|
| networking.wireless.userControlled | Allow users of the wpa_supplicant group to control wpa_supplicant
through wpa_gui or wpa_cli
|
| virtualisation.incus.enable | Whether to enable incusd, a daemon that manages containers and virtual machines
|
| services.prosody.modules.pep | Enables users to publish their mood, activity, playing music and more
|
| services.timekpr.adminUsers | All listed users will become part of the timekpr group so they can manage timekpr settings without requiring sudo.
|
| services.syncplay.motd | Text to display when users join
|
| services.prosody.modules.vcard | Allow users to set vCards
|