# This module defines the global list of uids and gids. We keep a
# central list to prevent id collisions.
# IMPORTANT!
# We only add static uids and gids for services where it is not feasible
# to change uids/gids on service start, in example a service with a lot of
# files. Please also check if the service is applicable for systemd's
# DynamicUser option and does not need a uid/gid allocation at all.
# Systemd can also change ownership of service directories using the
# RuntimeDirectory/StateDirectory options.
{ lib, ... }:
let
inherit (lib) types;
in
{
options = {
ids.uids = lib.mkOption {
internal = true;
description = ''
The user IDs used in NixOS.
'';
type = types.attrsOf types.int;
};
ids.gids = lib.mkOption {
internal = true;
description = ''
The group IDs used in NixOS.
'';
type = types.attrsOf types.int;
};
};
config = {
ids.uids = {
root = 0;
#wheel = 1; # unused
#kmem = 2; # unused
#tty = 3; # unused
messagebus = 4; # D-Bus
haldaemon = 5;
#disk = 6; # unused
vsftpd = 7;
ftp = 8;
bitlbee = 9;
#avahi = 10; # removed 2019-05-22
nagios = 11;
atd = 12;
postfix = 13;
#postdrop = 14; # unused
dovecot = 15;
tomcat = 16;
#audio = 17; # unused
#floppy = 18; # unused
uucp = 19;
#lp = 20; # unused
#proc = 21; # unused
pulseaudio = 22; # must match `pulseaudio' GID
gpsd = 23;
#cdrom = 24; # unused
#tape = 25; # unused
#video = 26; # unused
#dialout = 27; # unused
polkituser = 28;
#utmp = 29; # unused
# ddclient = 30; # converted to DynamicUser = true
davfs2 = 31;
#disnix = 33; # unused
osgi = 34;
tor = 35;
cups = 36;
foldingathome = 37;
sabnzbd = 38;
#kdm = 39; # dropped in 17.03
#ghostone = 40; # dropped in 18.03
git = 41;
#fourstore = 42; # dropped in 20.03
#fourstorehttp = 43; # dropped in 20.03
virtuoso = 44;
rtkit = 45;
dovecot2 = 46;
dovenull2 = 47;
prayer = 49;
mpd = 50;
clamav = 51;
fprot = 52;
bind = 53;
wwwrun = 54;
#adm = 55; # unused
spamd = 56;
#networkmanager = 57; # unused
nslcd = 58;
scanner = 59;
nginx = 60;
chrony = 61;
#systemd-journal = 62; # unused
smtpd = 63;
smtpq = 64;
supybot = 65;
iodined = 66;
#libvirtd = 67; # unused
graphite = 68;
#statsd = 69; # removed 2018-11-14
transmission = 70;
postgres = 71;
#vboxusers = 72; # unused
#vboxsf = 73; # unused
smbguest = 74; # unused
varnish = 75;
datadog = 76;
lighttpd = 77;
lightdm = 78;
freenet = 79;
ircd = 80;
bacula = 81;
#almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
deluge = 83;
mysql = 84;
rabbitmq = 85;
activemq = 86;
gnunet = 87;
oidentd = 88;
quassel = 89;
amule = 90;
minidlna = 91;
elasticsearch = 92;
tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
firebird = 95;
#keys = 96; # unused
#haproxy = 97; # dynamically allocated as of 2020-03-11
mongodb = 98;
openldap = 99;
#users = 100; # unused
cgminer = 101;
munin = 102;
logcheck = 103;
nix-ssh = 104;
dictd = 105;
couchdb = 106;
searx = 107;
kippo = 108;
jenkins = 109;
systemd-journal-gateway = 110;
#notbit = 111; # unused
aerospike = 111;
ngircd = 112;
#btsync = 113; # unused
minecraft = 114;
vault = 115;
rippled = 116;
murmur = 117;
foundationdb = 118;
newrelic = 119;
starbound = 120;
hydra = 122;
spiped = 123;
teamspeak = 124;
influxdb = 125;
nsd = 126;
gitolite = 127;
znc = 128;
polipo = 129;
mopidy = 130;
#docker = 131; # unused
gdm = 132;
dhcpd = 133;
siproxd = 134;
mlmmj = 135;
neo4j = 136;
riemann = 137;
riemanndash = 138;
radvd = 139;
zookeeper = 140;
dnsmasq = 141;
uhub = 142;
yandexdisk = 143;
mxisd = 144; # was once collectd
consul = 145;
mailpile = 146;
redmine = 147;
seeks = 148;
prosody = 149;
i2pd = 150;
systemd-network = 152;
systemd-resolve = 153;
systemd-timesync = 154;
liquidsoap = 155;
etcd = 156;
hbase = 158;
opentsdb = 159;
scollector = 160;
bosun = 161;
kubernetes = 162;
peerflix = 163;
#chronos = 164; # removed 2020-08-15
gitlab = 165;
tox-bootstrapd = 166;
cadvisor = 167;
nylon = 168;
apache-kafka = 169;
#panamax = 170; # unused
exim = 172;
#fleet = 173; # unused
#input = 174; # unused
sddm = 175;
tss = 176;
#memcached = 177; removed 2018-01-03
ntp = 179;
zabbix = 180;
#redis = 181; removed 2018-01-03
unifi = 183;
uptimed = 184;
zope2 = 185;
ripple-data-api = 186;
mediatomb = 187;
rdnssd = 188;
ihaskell = 189;
i2p = 190;
lambdabot = 191;
asterisk = 192;
plex = 193;
plexpy = 195;
grafana = 196;
skydns = 197;
# ripple-rest = 198; # unused, removed 2017-08-12
nix-serve = 199;
tvheadend = 200;
uwsgi = 201;
gitit = 202;
riemanntools = 203;
subsonic = 204;
riak = 205;
shout = 206;
gateone = 207;
namecoin = 208;
#lxd = 210; # unused
kibana = 211;
xtreemfs = 212;
calibre-server = 213;
heapster = 214;
bepasty = 215;
# pumpio = 216; # unused, removed 2018-02-24
nm-openvpn = 217;
# mathics = 218; # unused, removed 2020-08-15
ejabberd = 219;
postsrsd = 220;
opendkim = 221;
dspam = 222;
gale = 223;
matrix-synapse = 224;
rspamd = 225;
# rmilter = 226; # unused, removed 2019-08-22
cfdyndns = 227;
gammu-smsd = 228;
pdnsd = 229;
octoprint = 230;
avahi-autoipd = 231;
nntp-proxy = 232;
mjpg-streamer = 233;
radicale = 234;
hydra-queue-runner = 235;
hydra-www = 236;
syncthing = 237;
caddy = 239;
taskd = 240;
# factorio = 241; # DynamicUser = true
# emby = 242; # unusued, removed 2019-05-01
graylog = 243;
sniproxy = 244;
nzbget = 245;
mosquitto = 246;
toxvpn = 247;
# squeezelite = 248; # DynamicUser = true
turnserver = 249;
smokeping = 250;
gocd-agent = 251;
gocd-server = 252;
terraria = 253;
mattermost = 254;
prometheus = 255;
telegraf = 256;
gitlab-runner = 257;
postgrey = 258;
hound = 259;
leaps = 260;
ipfs = 261;
stanchion = 262;
riak-cs = 263;
infinoted = 264;
sickbeard = 265;
headphones = 266;
couchpotato = 267;
gogs = 268;
pdns-recursor = 269;
#kresd = 270; # switched to "knot-resolver" with dynamic ID
rpc = 271;
geoip = 272;
fcron = 273;
sonarr = 274;
radarr = 275;
jackett = 276;
aria2 = 277;
clickhouse = 278;
rslsync = 279;
minio = 280;
kanboard = 281;
# pykms = 282; # DynamicUser = true
kodi = 283;
restya-board = 284;
mighttpd2 = 285;
hass = 286;
monero = 287;
ceph = 288;
duplicati = 289;
monetdb = 290;
restic = 291;
openvpn = 292;
# meguca = 293; # removed 2020-08-21
yarn = 294;
hdfs = 295;
mapred = 296;
hadoop = 297;
hydron = 298;
cfssl = 299;
cassandra = 300;
qemu-libvirtd = 301;
# kvm = 302; # unused
# render = 303; # unused
# zeronet = 304; # removed 2019-01-03
lirc = 305;
lidarr = 306;
slurm = 307;
kapacitor = 308;
solr = 309;
alerta = 310;
minetest = 311;
rss2email = 312;
cockroachdb = 313;
zoneminder = 314;
paperless = 315;
#mailman = 316; # removed 2019-08-30
zigbee2mqtt = 317;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
nixbld = 30000; # start of range of uids
nobody = 65534;
};
ids.gids = {
root = 0;
wheel = 1;
kmem = 2;
tty = 3;
messagebus = 4; # D-Bus
haldaemon = 5;
disk = 6;
vsftpd = 7;
ftp = 8;
bitlbee = 9;
#avahi = 10; # removed 2019-05-22
#nagios = 11; # unused
atd = 12;
postfix = 13;
postdrop = 14;
dovecot = 15;
tomcat = 16;
audio = 17;
floppy = 18;
uucp = 19;
lp = 20;
proc = 21;
pulseaudio = 22; # must match `pulseaudio' UID
gpsd = 23;
cdrom = 24;
tape = 25;
video = 26;
dialout = 27;
#polkituser = 28; # currently unused, polkitd doesn't need a group
utmp = 29;
# ddclient = 30; # converted to DynamicUser = true
davfs2 = 31;
disnix = 33;
osgi = 34;
tor = 35;
#cups = 36; # unused
#foldingathome = 37; # unused
#sabnzd = 38; # unused
#kdm = 39; # unused, even before 17.03
#ghostone = 40; # dropped in 18.03
git = 41;
fourstore = 42;
fourstorehttp = 43;
virtuoso = 44;
#rtkit = 45; # unused
dovecot2 = 46;
dovenull2 = 47;
prayer = 49;
mpd = 50;
clamav = 51;
fprot = 52;
#bind = 53; # unused
wwwrun = 54;
adm = 55;
spamd = 56;
networkmanager = 57;
nslcd = 58;
scanner = 59;
nginx = 60;
chrony = 61;
systemd-journal = 62;
smtpd = 63;
smtpq = 64;
supybot = 65;
iodined = 66;
libvirtd = 67;
graphite = 68;
#statsd = 69; # removed 2018-11-14
transmission = 70;
postgres = 71;
vboxusers = 72;
vboxsf = 73;
smbguest = 74; # unused
varnish = 75;
datadog = 76;
lighttpd = 77;
lightdm = 78;
freenet = 79;
ircd = 80;
bacula = 81;
#almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
deluge = 83;
mysql = 84;
rabbitmq = 85;
activemq = 86;
gnunet = 87;
oidentd = 88;
quassel = 89;
amule = 90;
minidlna = 91;
elasticsearch = 92;
#tcpcryptd = 93; # unused
firebird = 95;
keys = 96;
#haproxy = 97; # dynamically allocated as of 2020-03-11
#mongodb = 98; # unused
openldap = 99;
munin = 102;
#logcheck = 103; # unused
#nix-ssh = 104; # unused
dictd = 105;
couchdb = 106;
searx = 107;
kippo = 108;
jenkins = 109;
systemd-journal-gateway = 110;
#notbit = 111; # unused
aerospike = 111;
#ngircd = 112; # unused
#btsync = 113; # unused
#minecraft = 114; # unused
vault = 115;
#ripped = 116; # unused
#murmur = 117; # unused
foundationdb = 118;
newrelic = 119;
starbound = 120;
hydra = 122;
spiped = 123;
teamspeak = 124;
influxdb = 125;
nsd = 126;
gitolite = 127;
znc = 128;
polipo = 129;
mopidy = 130;
docker = 131;
gdm = 132;
#dhcpcd = 133; # unused
siproxd = 134;
mlmmj = 135;
#neo4j = 136; # unused
riemann = 137;
riemanndash = 138;
#radvd = 139; # unused
#zookeeper = 140; # unused
#dnsmasq = 141; # unused
uhub = 142;
#yandexdisk = 143; # unused
mxisd = 144; # was once collectd
#consul = 145; # unused
mailpile = 146;
redmine = 147;
seeks = 148;
prosody = 149;
i2pd = 150;
systemd-network = 152;
systemd-resolve = 153;
systemd-timesync = 154;
liquidsoap = 155;
#etcd = 156; # unused
hbase = 158;
opentsdb = 159;
scollector = 160;
bosun = 161;
kubernetes = 162;
#peerflix = 163; # unused
#chronos = 164; # unused
gitlab = 165;
nylon = 168;
#panamax = 170; # unused
exim = 172;
#fleet = 173; # unused
input = 174;
sddm = 175;
tss = 176;
#memcached = 177; # unused, removed 2018-01-03
#ntp = 179; # unused
zabbix = 180;
#redis = 181; # unused, removed 2018-01-03
#unifi = 183; # unused
#uptimed = 184; # unused
#zope2 = 185; # unused
#ripple-data-api = 186; #unused
mediatomb = 187;
#rdnssd = 188; # unused
ihaskell = 189;
i2p = 190;
lambdabot = 191;
asterisk = 192;
plex = 193;
sabnzbd = 194;
#grafana = 196; #unused
#skydns = 197; #unused
# ripple-rest = 198; # unused, removed 2017-08-12
#nix-serve = 199; #unused
#tvheadend = 200; #unused
uwsgi = 201;
gitit = 202;
riemanntools = 203;
subsonic = 204;
riak = 205;
#shout = 206; #unused
gateone = 207;
namecoin = 208;
lxd = 210; # unused
#kibana = 211;
xtreemfs = 212;
calibre-server = 213;
bepasty = 215;
# pumpio = 216; # unused, removed 2018-02-24
nm-openvpn = 217;
mathics = 218;
ejabberd = 219;
postsrsd = 220;
opendkim = 221;
dspam = 222;
gale = 223;
matrix-synapse = 224;
rspamd = 225;
# rmilter = 226; # unused, removed 2019-08-22
cfdyndns = 227;
pdnsd = 229;
octoprint = 230;
radicale = 234;
syncthing = 237;
caddy = 239;
taskd = 240;
# factorio = 241; # unused
# emby = 242; # unused, removed 2019-05-01
sniproxy = 244;
nzbget = 245;
mosquitto = 246;
#toxvpn = 247; # unused
#squeezelite = 248; #unused
turnserver = 249;
smokeping = 250;
gocd-agent = 251;
gocd-server = 252;
terraria = 253;
mattermost = 254;
prometheus = 255;
#telegraf = 256; # unused
gitlab-runner = 257;
postgrey = 258;
hound = 259;
leaps = 260;
ipfs = 261;
stanchion = 262;
riak-cs = 263;
infinoted = 264;
sickbeard = 265;
headphones = 266;
couchpotato = 267;
gogs = 268;
#kresd = 270; # switched to "knot-resolver" with dynamic ID
#rpc = 271; # unused
#geoip = 272; # unused
fcron = 273;
sonarr = 274;
radarr = 275;
jackett = 276;
aria2 = 277;
clickhouse = 278;
rslsync = 279;
minio = 280;
kanboard = 281;
# pykms = 282; # DynamicUser = true
kodi = 283;
restya-board = 284;
mighttpd2 = 285;
hass = 286;
monero = 287;
ceph = 288;
duplicati = 289;
monetdb = 290;
restic = 291;
openvpn = 292;
# meguca = 293; # removed 2020-08-21
yarn = 294;
hdfs = 295;
mapred = 296;
hadoop = 297;
hydron = 298;
cfssl = 299;
cassandra = 300;
qemu-libvirtd = 301;
kvm = 302; # default udev rules from systemd requires these
render = 303; # default udev rules from systemd requires these
# zeronet = 304; # removed 2019-01-03
lirc = 305;
lidarr = 306;
slurm = 307;
kapacitor = 308;
solr = 309;
alerta = 310;
minetest = 311;
rss2email = 312;
cockroachdb = 313;
zoneminder = 314;
paperless = 315;
#mailman = 316; # removed 2019-08-30
zigbee2mqtt = 317;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal
# uids and gids. Also, don't use gids above 399!
users = 100;
nixbld = 30000;
nogroup = 65534;
};
};
}