extraUsers

`users.extraUsers.<name>.autoSubUidGidRange`

Automatically allocate subordinate user and group ids for this user. Allocated range is currently always of size 65536.

Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.createHome`

Whether to create the home directory and ensure ownership as well as permissions to match the user.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.cryptHomeLuks`

Path to encrypted luks device that contains the user's home directory.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.description`

A short description of the user account, typically the user's full name. This is actually the “GECOS” or “comment” field in {file}/etc/passwd.

Type: string, not containing newlines or colons

Default

""

Example

"Alice Q. User"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.expires`

Set the date on which the user's account will no longer be accessible. The date is expressed in the format YYYY-MM-DD, or null to disable the expiry. A user whose account is locked must contact the system administrator before being able to use the system again.

Type: null or string matching the pattern [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.extraGroups`

The user's auxiliary groups. Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.group`

The user's primary group. Type: string

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.hashedPassword`

Specifies the hashed password for the user. The options {option}hashedPassword, {option}password and {option}hashedPasswordFile controls what password is set for the user. {option}hashedPassword overrides both {option}password and {option}hashedPasswordFile. {option}password overrides {option}hashedPasswordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option {option}users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If {option}users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.

To generate a hashed password run mkpasswd.

If set to an empty string (""), this user will be able to log in without being asked for a password (but not via remote services such as SSH, or indirectly via {command}su or {command}sudo). This should only be used for e.g. bootable live systems. Note: this is different from setting an empty password, which can be achieved using {option}users.users.<name?>.password.

If set to null (default) this user will not be able to log in using a password (i.e. via {command}login command).

Type: null or (string, not containing newlines or colons)

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.hashedPasswordFile`

The full path to a file that contains the hash of the user's password. The password file is read on each system activation. The file should contain exactly one line, which should be the password in an encrypted form that is suitable for the chpasswd -e command. The options {option}hashedPassword, {option}password and {option}hashedPasswordFile controls what password is set for the user. {option}hashedPassword overrides both {option}password and {option}hashedPasswordFile. {option}password overrides {option}hashedPasswordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option {option}users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If {option}users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.home`

The user's home directory. Type: path, not containing newlines or colons

Default

"/var/empty"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.homeMode`

The user's home directory mode in numeric format. See chmod(1). The mode is only applied if {option}users.users.<name>.createHome is true. Type: string matching the pattern [0-7]{1,5}

Default

"700"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.ignoreShellProgramCheck`

By default, nixos will check that programs.SHELL.enable is set to true if the user has a custom shell specified. If that behavior isn't required and there are custom overrides in place to make sure that the shell is functional, set this to true.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.initialHashedPassword`

Specifies the initial hashed password for the user, i.e. the hashed password assigned if the user does not already exist. If {option}users.mutableUsers is true, the password can be changed subsequently using the {command}passwd command. Otherwise, it's equivalent to setting the {option}hashedPassword option.

Note that the {option}hashedPassword option will override this option if both are set.

To generate a hashed password run mkpasswd.

If set to an empty string (""), this user will be able to log in without being asked for a password (but not via remote services such as SSH, or indirectly via {command}su or {command}sudo). This should only be used for e.g. bootable live systems. Note: this is different from setting an empty password, which can be achieved using {option}users.users.<name?>.password.

If set to null (default) this user will not be able to log in using a password (i.e. via {command}login command).

Type: null or (string, not containing newlines or colons)

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.initialPassword`

Specifies the initial password for the user, i.e. the password assigned if the user does not already exist. If {option}users.mutableUsers is true, the password can be changed subsequently using the {command}passwd command. Otherwise, it's equivalent to setting the {option}password option. The same caveat applies: the password specified here is world-readable in the Nix store, so it should only be used for guest accounts or passwords that will be changed promptly.

Note that the {option}password option will override this option if both are set.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.isNormalUser`

Indicates whether this is an account for a “real” user. This automatically sets {option}group to users, {option}createHome to true, {option}home to {file}/home/«username», {option}useDefaultShell to true, and {option}isSystemUser to false. Exactly one of isNormalUser and isSystemUser must be true.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.isSystemUser`

Indicates if the user is a system user or not. This option only has an effect if {option}uid is {option}null, in which case it determines whether the user's UID is allocated in the range for system users (below 1000) or in the range for normal users (starting at 1000). Exactly one of isNormalUser and isSystemUser must be true.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.linger`

Whether to enable lingering for this user. If true, systemd user units will start at boot, rather than starting at login and stopping at logout. This is the declarative equivalent of running loginctl enable-linger for this user.

If false, user units will not be started until the user logs in, and may be stopped on logout depending on the settings in logind.conf.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.name`

The name of the user account. If undefined, the name of the attribute set will be used.

Type: string, not containing newlines or colons

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.openssh.authorizedKeys.keyFiles`

A list of files each containing one OpenSSH public key that should be added to the user's authorized keys. The contents of the files are read at build time and added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the keyFiles and keys options.

Type: list of path

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix

`users.extraUsers.<name>.openssh.authorizedKeys.keys`

A list of verbatim OpenSSH public keys that should be added to the user's authorized keys. The keys are added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the keys and keyFiles options. Warning: If you are using NixOps then don't use this option since it will replace the key required for deployment via ssh.

Type: list of (optionally newline-terminated) single-line string

Default

[ ]

Example

["ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host""ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix

`users.extraUsers.<name>.openssh.authorizedPrincipals`

A list of verbatim principal names that should be added to the user's authorized principals.

Type: list of (optionally newline-terminated) single-line string

Default

[ ]

Example

["example@host""foo@bar"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix

`users.extraUsers.<name>.packages`

The set of packages that should be made available to the user. This is in contrast to {option}environment.systemPackages, which adds packages to all users.

Type: list of package

Default

[ ]

Example

[ pkgs.firefox pkgs.thunderbird ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.pamMount`

Attributes for user's entry in {file}pam_mount.conf.xml. Useful attributes might include path, options, fstype, and server. See https://pam-mount.sourceforge.net/pam_mount.conf.5.html for more information.

Type: attribute set of string

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.password`

Specifies the (clear text) password for the user. Warning: do not set confidential information here because it is world-readable in the Nix store. This option should only be used for public accounts. The options {option}hashedPassword, {option}password and {option}hashedPasswordFile controls what password is set for the user. {option}hashedPassword overrides both {option}password and {option}hashedPasswordFile. {option}password overrides {option}hashedPasswordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option {option}users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If {option}users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/users-groups.nix

`users.extraUsers.<name>.shell`

The path to the user's shell. Can use shell derivations, like pkgs.bashInteractive. Don’t forget to enable your shell in programs if necessary, like programs.zsh.enable = true;.

Type: null or package or (path, not containing newlines or colons)