summary refs log tree commit diff
path: root/nixos/modules/misc/ids.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/misc/ids.nix')
-rw-r--r--nixos/modules/misc/ids.nix677
1 files changed, 677 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
new file mode 100644
index 00000000000..7d1faa50f4b
--- /dev/null
+++ b/nixos/modules/misc/ids.nix
@@ -0,0 +1,677 @@
+# This module defines the global list of uids and gids.  We keep a
+# central list to prevent id collisions.
+
+# IMPORTANT!
+# We only add static uids and gids for services where it is not feasible
+# to change uids/gids on service start, in example a service with a lot of
+# files. Please also check if the service is applicable for systemd's
+# DynamicUser option and does not need a uid/gid allocation at all.
+# Systemd can also change ownership of service directories using the
+# RuntimeDirectory/StateDirectory options.
+
+{ lib, ... }:
+
+let
+  inherit (lib) types;
+in
+{
+  options = {
+
+    ids.uids = lib.mkOption {
+      internal = true;
+      description = ''
+        The user IDs used in NixOS.
+      '';
+      type = types.attrsOf types.int;
+    };
+
+    ids.gids = lib.mkOption {
+      internal = true;
+      description = ''
+        The group IDs used in NixOS.
+      '';
+      type = types.attrsOf types.int;
+    };
+
+  };
+
+
+  config = {
+
+    ids.uids = {
+      root = 0;
+      #wheel = 1; # unused
+      #kmem = 2; # unused
+      #tty = 3; # unused
+      messagebus = 4; # D-Bus
+      haldaemon = 5;
+      #disk = 6; # unused
+      #vsftpd = 7; # dynamically allocated ass of 2021-09-14
+      ftp = 8;
+      # bitlbee = 9; # removed 2021-10-05 #139765
+      #avahi = 10; # removed 2019-05-22
+      nagios = 11;
+      atd = 12;
+      postfix = 13;
+      #postdrop = 14; # unused
+      dovecot = 15;
+      tomcat = 16;
+      #audio = 17; # unused
+      #floppy = 18; # unused
+      uucp = 19;
+      #lp = 20; # unused
+      #proc = 21; # unused
+      pulseaudio = 22; # must match `pulseaudio' GID
+      gpsd = 23;
+      #cdrom = 24; # unused
+      #tape = 25; # unused
+      #video = 26; # unused
+      #dialout = 27; # unused
+      polkituser = 28;
+      #utmp = 29; # unused
+      # ddclient = 30; # converted to DynamicUser = true
+      davfs2 = 31;
+      disnix = 33;
+      osgi = 34;
+      tor = 35;
+      cups = 36;
+      foldingathome = 37;
+      sabnzbd = 38;
+      #kdm = 39; # dropped in 17.03
+      #ghostone = 40; # dropped in 18.03
+      git = 41;
+      #fourstore = 42; # dropped in 20.03
+      #fourstorehttp = 43; # dropped in 20.03
+      #virtuoso = 44;  dropped module
+      #rtkit = 45; # dynamically allocated 2021-09-03
+      dovecot2 = 46;
+      dovenull2 = 47;
+      prayer = 49;
+      mpd = 50;
+      clamav = 51;
+      #fprot = 52; # unused
+      # bind = 53; #dynamically allocated as of 2021-09-03
+      wwwrun = 54;
+      #adm = 55; # unused
+      spamd = 56;
+      #networkmanager = 57; # unused
+      nslcd = 58;
+      scanner = 59;
+      nginx = 60;
+      chrony = 61;
+      #systemd-journal = 62; # unused
+      smtpd = 63;
+      smtpq = 64;
+      supybot = 65;
+      iodined = 66;
+      #libvirtd = 67; # unused
+      graphite = 68;
+      #statsd = 69; # removed 2018-11-14
+      transmission = 70;
+      postgres = 71;
+      #vboxusers = 72; # unused
+      #vboxsf = 73; # unused
+      smbguest = 74;  # unused
+      varnish = 75;
+      datadog = 76;
+      lighttpd = 77;
+      lightdm = 78;
+      freenet = 79;
+      ircd = 80;
+      bacula = 81;
+      #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
+      deluge = 83;
+      mysql = 84;
+      rabbitmq = 85;
+      activemq = 86;
+      gnunet = 87;
+      oidentd = 88;
+      quassel = 89;
+      amule = 90;
+      minidlna = 91;
+      elasticsearch = 92;
+      tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
+      firebird = 95;
+      #keys = 96; # unused
+      #haproxy = 97; # dynamically allocated as of 2020-03-11
+      #mongodb = 98; #dynamically allocated as of 2021-09-03
+      #openldap = 99; # dynamically allocated as of PR#94610
+      #users = 100; # unused
+      # cgminer = 101; #dynamically allocated as of 2021-09-17
+      munin = 102;
+      #logcheck = 103; #dynamically allocated as of 2021-09-17
+      #nix-ssh = 104; #dynamically allocated as of 2021-09-03
+      dictd = 105;
+      couchdb = 106;
+      #searx = 107; # dynamically allocated as of 2020-10-27
+      #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04
+      jenkins = 109;
+      systemd-journal-gateway = 110;
+      #notbit = 111; # unused
+      aerospike = 111;
+      #ngircd = 112; #dynamically allocated as of 2021-09-03
+      #btsync = 113; # unused
+      #minecraft = 114; #dynamically allocated as of 2021-09-03
+      vault = 115;
+      # rippled = 116; #dynamically allocated as of 2021-09-18
+      murmur = 117;
+      foundationdb = 118;
+      newrelic = 119;
+      starbound = 120;
+      hydra = 122;
+      spiped = 123;
+      teamspeak = 124;
+      influxdb = 125;
+      nsd = 126;
+      gitolite = 127;
+      znc = 128;
+      polipo = 129;
+      mopidy = 130;
+      #docker = 131; # unused
+      gdm = 132;
+      #dhcpd = 133; # dynamically allocated as of 2021-09-03
+      siproxd = 134;
+      mlmmj = 135;
+      #neo4j = 136;# dynamically allocated as of 2021-09-03
+      riemann = 137;
+      riemanndash = 138;
+      #radvd = 139;# dynamically allocated as of 2021-09-03
+      #zookeeper = 140;# dynamically allocated as of 2021-09-03
+      #dnsmasq = 141;# dynamically allocated as of 2021-09-03
+      #uhub = 142; # unused
+      yandexdisk = 143;
+      mxisd = 144; # was once collectd
+      #consul = 145;# dynamically allocated as of 2021-09-03
+      #mailpile = 146; # removed 2022-01-12
+      redmine = 147;
+      #seeks = 148; # removed 2020-06-21
+      prosody = 149;
+      i2pd = 150;
+      systemd-coredump = 151;
+      systemd-network = 152;
+      systemd-resolve = 153;
+      systemd-timesync = 154;
+      liquidsoap = 155;
+      #etcd = 156;# dynamically allocated as of 2021-09-03
+      hbase = 158;
+      opentsdb = 159;
+      scollector = 160;
+      bosun = 161;
+      kubernetes = 162;
+      peerflix = 163;
+      #chronos = 164; # removed 2020-08-15
+      gitlab = 165;
+      # tox-bootstrapd = 166; removed 2021-09-15
+      cadvisor = 167;
+      nylon = 168;
+      #apache-kafka = 169;# dynamically allocated as of 2021-09-03
+      #panamax = 170; # unused
+      exim = 172;
+      #fleet = 173; # unused
+      #input = 174; # unused
+      sddm = 175;
+      #tss = 176; # dynamically allocated as of 2021-09-17
+      #memcached = 177; removed 2018-01-03
+      #ntp = 179; # dynamically allocated as of 2021-09-17
+      zabbix = 180;
+      #redis = 181; removed 2018-01-03
+      #unifi = 183; dynamically allocated as of 2021-09-17
+      uptimed = 184;
+      #zope2 = 185; # dynamically allocated as of 2021-09-18
+      #ripple-data-api = 186; dynamically allocated as of 2021-09-17
+      mediatomb = 187;
+      #rdnssd = 188; #dynamically allocated as of 2021-09-18
+      ihaskell = 189;
+      i2p = 190;
+      lambdabot = 191;
+      asterisk = 192;
+      plex = 193;
+      plexpy = 195;
+      grafana = 196;
+      skydns = 197;
+      # ripple-rest = 198; # unused, removed 2017-08-12
+      # nix-serve = 199; # unused, removed 2020-12-12
+      #tvheadend = 200; # dynamically allocated as of 2021-09-18
+      uwsgi = 201;
+      gitit = 202;
+      riemanntools = 203;
+      subsonic = 204;
+      riak = 205;
+      #shout = 206; # dynamically allocated as of 2021-09-18
+      gateone = 207;
+      namecoin = 208;
+      #lxd = 210; # unused
+      #kibana = 211;# dynamically allocated as of 2021-09-03
+      xtreemfs = 212;
+      calibre-server = 213;
+      #heapster = 214; #dynamically allocated as of 2021-09-17
+      bepasty = 215;
+      # pumpio = 216; # unused, removed 2018-02-24
+      nm-openvpn = 217;
+      # mathics = 218; # unused, removed 2020-08-15
+      ejabberd = 219;
+      postsrsd = 220;
+      opendkim = 221;
+      dspam = 222;
+      # gale = 223; removed 2021-06-10
+      matrix-synapse = 224;
+      rspamd = 225;
+      # rmilter = 226; # unused, removed 2019-08-22
+      cfdyndns = 227;
+      # gammu-smsd = 228; #dynamically allocated as of 2021-09-17
+      pdnsd = 229;
+      octoprint = 230;
+      avahi-autoipd = 231;
+      # nntp-proxy = 232; #dynamically allocated as of 2021-09-17
+      mjpg-streamer = 233;
+      #radicale = 234;# dynamically allocated as of 2021-09-03
+      hydra-queue-runner = 235;
+      hydra-www = 236;
+      syncthing = 237;
+      caddy = 239;
+      taskd = 240;
+      # factorio = 241; # DynamicUser = true
+      # emby = 242; # unusued, removed 2019-05-01
+      #graylog = 243;# dynamically allocated as of 2021-09-03
+      sniproxy = 244;
+      nzbget = 245;
+      mosquitto = 246;
+      #toxvpn = 247; # dynamically allocated as of 2021-09-18
+      # squeezelite = 248; # DynamicUser = true
+      turnserver = 249;
+      #smokeping = 250;# dynamically allocated as of 2021-09-03
+      gocd-agent = 251;
+      gocd-server = 252;
+      terraria = 253;
+      mattermost = 254;
+      prometheus = 255;
+      telegraf = 256;
+      gitlab-runner = 257;
+      postgrey = 258;
+      hound = 259;
+      leaps = 260;
+      ipfs  = 261;
+      # stanchion = 262; # unused, removed 2020-10-14
+      # riak-cs = 263; # unused, removed 2020-10-14
+      infinoted = 264;
+      sickbeard = 265;
+      headphones = 266;
+      # couchpotato = 267; # unused, removed 2022-01-01
+      gogs = 268;
+      #pdns-recursor = 269; # dynamically allocated as of 2020-20-18
+      #kresd = 270; # switched to "knot-resolver" with dynamic ID
+      rpc = 271;
+      #geoip = 272; # new module uses DynamicUser
+      fcron = 273;
+      sonarr = 274;
+      radarr = 275;
+      jackett = 276;
+      aria2 = 277;
+      clickhouse = 278;
+      rslsync = 279;
+      minio = 280;
+      kanboard = 281;
+      # pykms = 282; # DynamicUser = true
+      kodi = 283;
+      restya-board = 284;
+      mighttpd2 = 285;
+      hass = 286;
+      #monero = 287; # dynamically allocated as of 2021-05-08
+      ceph = 288;
+      duplicati = 289;
+      monetdb = 290;
+      restic = 291;
+      openvpn = 292;
+      # meguca = 293; # removed 2020-08-21
+      yarn = 294;
+      hdfs = 295;
+      mapred = 296;
+      hadoop = 297;
+      hydron = 298;
+      cfssl = 299;
+      cassandra = 300;
+      qemu-libvirtd = 301;
+      # kvm = 302; # unused
+      # render = 303; # unused
+      # zeronet = 304; # removed 2019-01-03
+      lirc = 305;
+      lidarr = 306;
+      slurm = 307;
+      kapacitor = 308;
+      solr = 309;
+      alerta = 310;
+      minetest = 311;
+      rss2email = 312;
+      cockroachdb = 313;
+      zoneminder = 314;
+      paperless = 315;
+      #mailman = 316;  # removed 2019-08-30
+      zigbee2mqtt = 317;
+      # shadow = 318; # unused
+      hqplayer = 319;
+      moonraker = 320;
+      distcc = 321;
+      webdav = 322;
+      pipewire = 323;
+      rstudio-server = 324;
+
+      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
+
+      nixbld = 30000; # start of range of uids
+      nobody = 65534;
+    };
+
+    ids.gids = {
+      root = 0;
+      wheel = 1;
+      kmem = 2;
+      tty = 3;
+      messagebus = 4; # D-Bus
+      haldaemon = 5;
+      disk = 6;
+      #vsftpd = 7; # dynamically allocated as of 2021-09-14
+      ftp = 8;
+      # bitlbee = 9; # removed 2021-10-05 #139765
+      #avahi = 10; # removed 2019-05-22
+      #nagios = 11; # unused
+      atd = 12;
+      postfix = 13;
+      postdrop = 14;
+      dovecot = 15;
+      tomcat = 16;
+      audio = 17;
+      floppy = 18;
+      uucp = 19;
+      lp = 20;
+      proc = 21;
+      pulseaudio = 22; # must match `pulseaudio' UID
+      gpsd = 23;
+      cdrom = 24;
+      tape = 25;
+      video = 26;
+      dialout = 27;
+      #polkituser = 28; # currently unused, polkitd doesn't need a group
+      utmp = 29;
+      # ddclient = 30; # converted to DynamicUser = true
+      davfs2 = 31;
+      disnix = 33;
+      osgi = 34;
+      tor = 35;
+      #cups = 36; # unused
+      #foldingathome = 37; # unused
+      #sabnzd = 38; # unused
+      #kdm = 39; # unused, even before 17.03
+      #ghostone = 40; # dropped in 18.03
+      git = 41;
+      fourstore = 42;
+      fourstorehttp = 43;
+      virtuoso = 44;
+      #rtkit = 45; # unused
+      dovecot2 = 46;
+      dovenull2 = 47;
+      prayer = 49;
+      mpd = 50;
+      clamav = 51;
+      #fprot = 52; # unused
+      #bind = 53; # unused
+      wwwrun = 54;
+      adm = 55;
+      spamd = 56;
+      networkmanager = 57;
+      nslcd = 58;
+      scanner = 59;
+      nginx = 60;
+      chrony = 61;
+      systemd-journal = 62;
+      smtpd = 63;
+      smtpq = 64;
+      supybot = 65;
+      iodined = 66;
+      libvirtd = 67;
+      graphite = 68;
+      #statsd = 69; # removed 2018-11-14
+      transmission = 70;
+      postgres = 71;
+      vboxusers = 72;
+      vboxsf = 73;
+      smbguest = 74;  # unused
+      varnish = 75;
+      datadog = 76;
+      lighttpd = 77;
+      lightdm = 78;
+      freenet = 79;
+      ircd = 80;
+      bacula = 81;
+      #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
+      deluge = 83;
+      mysql = 84;
+      rabbitmq = 85;
+      activemq = 86;
+      gnunet = 87;
+      oidentd = 88;
+      quassel = 89;
+      amule = 90;
+      minidlna = 91;
+      elasticsearch = 92;
+      #tcpcryptd = 93; # unused
+      firebird = 95;
+      keys = 96;
+      #haproxy = 97; # dynamically allocated as of 2020-03-11
+      #mongodb = 98; # unused
+      #openldap = 99; # dynamically allocated as of PR#94610
+      munin = 102;
+      #logcheck = 103; # unused
+      #nix-ssh = 104; # unused
+      dictd = 105;
+      couchdb = 106;
+      #searx = 107; # dynamically allocated as of 2020-10-27
+      #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04
+      jenkins = 109;
+      systemd-journal-gateway = 110;
+      #notbit = 111; # unused
+      aerospike = 111;
+      #ngircd = 112; # unused
+      #btsync = 113; # unused
+      #minecraft = 114; # unused
+      vault = 115;
+      #ripped = 116; # unused
+      murmur = 117;
+      foundationdb = 118;
+      newrelic = 119;
+      starbound = 120;
+      hydra = 122;
+      spiped = 123;
+      teamspeak = 124;
+      influxdb = 125;
+      nsd = 126;
+      gitolite = 127;
+      znc = 128;
+      polipo = 129;
+      mopidy = 130;
+      docker = 131;
+      gdm = 132;
+      #dhcpcd = 133; # unused
+      siproxd = 134;
+      mlmmj = 135;
+      #neo4j = 136; # unused
+      riemann = 137;
+      riemanndash = 138;
+      #radvd = 139; # unused
+      #zookeeper = 140; # unused
+      #dnsmasq = 141; # unused
+      uhub = 142;
+      #yandexdisk = 143; # unused
+      mxisd = 144; # was once collectd
+      #consul = 145; # unused
+      #mailpile = 146; # removed 2022-01-12
+      redmine = 147;
+      #seeks = 148; # removed 2020-06-21
+      prosody = 149;
+      i2pd = 150;
+      systemd-network = 152;
+      systemd-resolve = 153;
+      systemd-timesync = 154;
+      liquidsoap = 155;
+      #etcd = 156; # unused
+      hbase = 158;
+      opentsdb = 159;
+      scollector = 160;
+      bosun = 161;
+      kubernetes = 162;
+      #peerflix = 163; # unused
+      #chronos = 164; # unused
+      gitlab = 165;
+      nylon = 168;
+      #panamax = 170; # unused
+      exim = 172;
+      #fleet = 173; # unused
+      input = 174;
+      sddm = 175;
+      #tss = 176; #dynamically allocateda as of 2021-09-20
+      #memcached = 177; # unused, removed 2018-01-03
+      #ntp = 179; # unused
+      zabbix = 180;
+      #redis = 181; # unused, removed 2018-01-03
+      #unifi = 183; # unused
+      #uptimed = 184; # unused
+      #zope2 = 185; # unused
+      #ripple-data-api = 186; #unused
+      mediatomb = 187;
+      #rdnssd = 188; # unused
+      ihaskell = 189;
+      i2p = 190;
+      lambdabot = 191;
+      asterisk = 192;
+      plex = 193;
+      sabnzbd = 194;
+      #grafana = 196; #unused
+      #skydns = 197; #unused
+      # ripple-rest = 198; # unused, removed 2017-08-12
+      #nix-serve = 199; #unused
+      #tvheadend = 200; #unused
+      uwsgi = 201;
+      gitit = 202;
+      riemanntools = 203;
+      subsonic = 204;
+      riak = 205;
+      #shout = 206; #unused
+      gateone = 207;
+      namecoin = 208;
+      #lxd = 210; # unused
+      #kibana = 211;
+      xtreemfs = 212;
+      calibre-server = 213;
+      bepasty = 215;
+      # pumpio = 216; # unused, removed 2018-02-24
+      nm-openvpn = 217;
+      mathics = 218;
+      ejabberd = 219;
+      postsrsd = 220;
+      opendkim = 221;
+      dspam = 222;
+      # gale = 223; removed 2021-06-10
+      matrix-synapse = 224;
+      rspamd = 225;
+      # rmilter = 226; # unused, removed 2019-08-22
+      cfdyndns = 227;
+      pdnsd = 229;
+      octoprint = 230;
+      #radicale = 234;# dynamically allocated as of 2021-09-03
+      syncthing = 237;
+      caddy = 239;
+      taskd = 240;
+      # factorio = 241; # unused
+      # emby = 242; # unused, removed 2019-05-01
+      sniproxy = 244;
+      nzbget = 245;
+      mosquitto = 246;
+      #toxvpn = 247; # unused
+      #squeezelite = 248; #unused
+      turnserver = 249;
+      #smokeping = 250;# dynamically allocated as of 2021-09-03
+      gocd-agent = 251;
+      gocd-server = 252;
+      terraria = 253;
+      mattermost = 254;
+      prometheus = 255;
+      #telegraf = 256; # unused
+      gitlab-runner = 257;
+      postgrey = 258;
+      hound = 259;
+      leaps = 260;
+      ipfs = 261;
+      # stanchion = 262; # unused, removed 2020-10-14
+      # riak-cs = 263; # unused, removed 2020-10-14
+      infinoted = 264;
+      sickbeard = 265;
+      headphones = 266;
+      # couchpotato = 267; # unused, removed 2022-01-01
+      gogs = 268;
+      #kresd = 270; # switched to "knot-resolver" with dynamic ID
+      #rpc = 271; # unused
+      #geoip = 272; # unused
+      fcron = 273;
+      sonarr = 274;
+      radarr = 275;
+      jackett = 276;
+      aria2 = 277;
+      clickhouse = 278;
+      rslsync = 279;
+      minio = 280;
+      kanboard = 281;
+      # pykms = 282; # DynamicUser = true
+      kodi = 283;
+      restya-board = 284;
+      mighttpd2 = 285;
+      hass = 286;
+      # monero = 287; # dynamically allocated as of 2021-05-08
+      ceph = 288;
+      duplicati = 289;
+      monetdb = 290;
+      restic = 291;
+      openvpn = 292;
+      # meguca = 293; # removed 2020-08-21
+      yarn = 294;
+      hdfs = 295;
+      mapred = 296;
+      hadoop = 297;
+      hydron = 298;
+      cfssl = 299;
+      cassandra = 300;
+      qemu-libvirtd = 301;
+      kvm = 302; # default udev rules from systemd requires these
+      render = 303; # default udev rules from systemd requires these
+      sgx = 304; # default udev rules from systemd requires these
+      lirc = 305;
+      lidarr = 306;
+      slurm = 307;
+      kapacitor = 308;
+      solr = 309;
+      alerta = 310;
+      minetest = 311;
+      rss2email = 312;
+      cockroachdb = 313;
+      zoneminder = 314;
+      paperless = 315;
+      #mailman = 316;  # removed 2019-08-30
+      zigbee2mqtt = 317;
+      shadow = 318;
+      hqplayer = 319;
+      moonraker = 320;
+      distcc = 321;
+      webdav = 322;
+      pipewire = 323;
+      rstudio-server = 324;
+
+      # When adding a gid, make sure it doesn't match an existing
+      # uid. Users and groups with the same name should have equal
+      # uids and gids. Also, don't use gids above 399!
+
+      users = 100;
+      nixbld = 30000;
+      nogroup = 65534;
+    };
+
+  };
+
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-19 16:51:55 +0000