| services.prometheus.exporters.wireguard.group | Group under which the wireguard exporter shall be run.
|
| services.prometheus.exporters.junos-czerwonk.group | Group under which the junos-czerwonk exporter shall be run.
|
| services.prometheus.exporters.buildkite-agent.group | Group under which the buildkite-agent exporter shall be run.
|
| services.prometheus.exporters.storagebox.group | Group under which the storagebox exporter shall be run.
|
| services.prometheus.exporters.scaphandre.group | Group under which the scaphandre exporter shall be run.
|
| services.prometheus.exporters.exportarr-lidarr.group | Group under which the exportarr-lidarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-sonarr.group | Group under which the exportarr-sonarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-bazarr.group | Group under which the exportarr-bazarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-radarr.group | Group under which the exportarr-radarr exporter shall be run.
|
| services.prometheus.exporters.exportarr-readarr.group | Group under which the exportarr-readarr exporter shall be run.
|
| services.prometheus.exporters.artifactory.group | Group under which the artifactory exporter shall be run.
|
| services.firezone.server.provision.accounts.<name>.policies.<name>.group | The group which should be allowed access to the given resource.
|
| services.prometheus.exporters.exportarr-prowlarr.group | Group under which the exportarr-prowlarr exporter shall be run.
|
| services.icingaweb2.groupBackends | groups.ini contents
|
| services.prometheus.exporters.modemmanager.group | Group under which the modemmanager exporter shall be run.
|
| services.bitwarden-directory-connector-cli.sync.groupPath | Group directory, relative to root.
|
| security.sudo.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| security.tpm2.tssGroup | Group of the tpm kernel resource manager (tpmrm) device-group, set if
applyUdevRules is set.
|
| services.resilio.sharedFolders | Shared folder list
|
| services.galene.groupsDir | Web server directory.
|
| security.sudo-rs.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| boot.initrd.systemd.groups | Groups to include in initrd.
|
| services.github-runners.<name>.user | User under which to run the service
|
| services.suricata.settings.vars.port-groups | The port group variables for suricata.
|
| hardware.sane.enable | Enable support for SANE scanners.
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.
|
| users.extraGroups.<name>.members | The user names of the group members, added to the
/etc/group file.
|
| services.outline.user | User under which the service should run
|
| services.public-inbox.inboxes.<name>.newsgroup | NNTP group name for the inbox.
|
| security.doas.extraRules.*.groups | The groups / GIDs this rule should apply for.
|
| security.sudo.extraRules.*.groups | The groups / GIDs this rule should apply for.
|
| services.bitwarden-directory-connector-cli.sync.groupNameAttribute | Attribute for a name of group.
|
| security.sudo-rs.extraRules.*.groups | The groups / GIDs this rule should apply for.
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.kanidm.provision.groups.<name>.present | Whether to ensure that this group is present or absent.
|
| services.kanidm.provision.groups.<name>.members | List of kanidm entities (persons, groups, ...) which are part of this group.
|
| services.below.cgroupFilterOut | A regexp matching the full paths of cgroups whose data shouldn't be collected
|
| services.davfs2.davGroup | The group of the running mount.davfs daemon
|
| services.multipath.devices.*.path_grouping_policy | The default path grouping policy to apply to unspecified multipaths
|
| services.bitwarden-directory-connector-cli.sync.groupFilter | LDAP filter for groups.
|
| services.postfix.setgidGroup | How to call postfix setgid group (for postdrop)
|
| services.ananicy.extraCgroups | Cgroups to write in 'nixCgroups.cgroups'
|
| services.suricata.settings.vars.address-groups | The address group variables for suricata, if not defined the
default value of suricata (see example) will be used
|
| services.slurm.extraCgroupConfig | Extra configuration for cgroup.conf
|
| services.bitwarden-directory-connector-cli.sync.groupObjectClass | A class that groups will have.
|
| services.oauth2-proxy.google.groups | Restrict logins to members of these Google groups.
|
| services.samba-wsdd.workgroup | Set workgroup name (default WORKGROUP).
|
| services.prosody.modules.groups | Shared roster support
|
| security.doas.extraRules.*.runAs | Which user or group the specified command is allowed to run as
|
| hardware.hackrf.enable | Enables hackrf udev rules and ensures 'plugdev' group exists
|
| services.kanidm.provision.groups | Provisioning of kanidm groups
|
| services.nsd.zones.<name>.zoneStats | When set to something distinct to null NSD is able to collect
statistics per zone
|
| services.pgmanage.loginGroup | This tells pgmanage to only allow users in a certain PostgreSQL group to
login to pgmanage
|
| services.hardware.lcd.server.usbGroup | The group to use for settings permissions
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.name | The name of this group
|
| hardware.ckb-next.gid | Limit access to the ckb daemon to a particular group.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups | Authorization group memberships to require
|
| systemd.enableCgroupAccounting | Whether to enable cgroup accounting; see cgroups(7).
|
| services.kanidm.provision.groups.<name>.overwriteMembers | Whether the member list should be overwritten each time (true) or appended
(false)
|
| services.grafana.provision.alerting.rules.settings.groups.*.name | Name of the rule group
|
| users.mutableUsers | If set to true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands
|
| services.taskserver.organisations.<name>.groups | A list of group names that belong to the organization.
|
| services.github-runners.<name>.runnerGroup | Name of the runner group to add this runner to (defaults to the default runner group)
|
| users.extraGroups.<name>.gid | The group GID
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.members | The members of this group
|
| programs.wireshark.enable | Whether to add Wireshark to the global environment and create a 'wireshark'
group
|
| users.extraGroups.<name>.name | The name of the group
|
| services.grafana.provision.alerting.rules.settings.groups.*.folder | Name of the folder the rule group will be stored in
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers | Ensure that only the given members are part of this group at every server start.
|
| programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| programs.wireshark.dumpcap.enable | Whether to allow users in the 'wireshark' group to capture network traffic
|
| services.grafana.provision.alerting.rules.settings.groups.*.interval | Interval that the rule group should be evaluated at
|
| services.kanidm.provision.persons.<name>.groups | List of groups this person should belong to.
|
| users.users.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| users.users.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| services.prometheus.exporters.dovecot.socketPath | Path under which the stats socket is placed
|
| services.reposilite.useACMEHost | Host of an existing Let's Encrypt certificate to use for SSL
|
| users.users.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.diod.userdb | This option disables password/group lookups
|
| users.users.<name>.subGidRanges.*.startGid | Start of the range of subordinate group ids that user is
allowed to use.
|
| services.unbound.localControlSocketPath | When not set to null this option defines the path
at which the unbound remote control socket should be created at
|
| services.suricata.settings.vars.address-groups.HOME_NET | HOME_NET variable.
|
| programs.light.enable | Whether to install Light backlight control command
and udev rules granting access to members of the "video" group.
|
| users.extraUsers.<name>.subGidRanges.*.count | Count of subordinate group ids
|
| services.kmonad.keyboards.<name>.extraGroups | Extra permission groups to attach to the KMonad instance for
this keyboard
|
| users.extraUsers.<name>.subGidRanges | Subordinate group ids that user is allowed to use
|
| hardware.brillo.enable | Whether to enable brillo in userspace
|
| users.extraUsers.<name>.autoSubUidGidRange | Automatically allocate subordinate user and group ids for this user
|
| services.suricata.settings.vars.address-groups.DNP3_SERVER | DNP3_SERVER variable.
|
| services.suricata.settings.vars.address-groups.DNP3_CLIENT | DNP3_CLIENT variable.
|
| services.jack.jackd.enable | Whether to enable JACK Audio Connection Kit
|
| hardware.i2c.enable | Whether to enable i2c devices support
|
| services.suricata.settings.vars.address-groups.ENIP_CLIENT | ENIP_CLIENT variable.
|
| services.suricata.settings.vars.address-groups.ENIP_SERVER | ENIP_SERVER variable.
|
| hardware.bladeRF.enable | Enables udev rules for BladeRF devices
|
| services.suricata.settings.vars.address-groups.DC_SERVERS | DC_SERVERS variable.
|
| services.userdbd.enable | Whether to enable the systemd JSON user/group record lookup service
.
|
| services.fastnetmon-advanced.hostgroups | Hostgroups to declaratively load into FastNetMon Advanced
|
| services.suricata.settings.vars.address-groups.AIM_SERVERS | AIM_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.DNS_SERVERS | DNS_SERVERS variable.
|
| services.suricata.settings.vars.address-groups.SQL_SERVERS | SQL_SERVERS variable.
|