pyrox.dev
1# This module defines the global list of uids and gids. We keep a
2# central list to prevent id collisions.
3
4# IMPORTANT!
5# We only add static uids and gids for services where it is not feasible
6# to change uids/gids on service start, in example a service with a lot of
7# files. Please also check if the service is applicable for systemd's
8# DynamicUser option and does not need a uid/gid allocation at all.
9# Systemd can also change ownership of service directories using the
10# RuntimeDirectory/StateDirectory options.
11
12{ lib, ... }:
13
14{
15 options = {
16
17 ids.uids = lib.mkOption {
18 internal = true;
19 description = ''
20 The user IDs used in NixOS.
21 '';
22 };
23
24 ids.gids = lib.mkOption {
25 internal = true;
26 description = ''
27 The group IDs used in NixOS.
28 '';
29 };
30
31 };
32
33
34 config = {
35
36 ids.uids = {
37 root = 0;
38 #wheel = 1; # unused
39 #kmem = 2; # unused
40 #tty = 3; # unused
41 messagebus = 4; # D-Bus
42 haldaemon = 5;
43 #disk = 6; # unused
44 vsftpd = 7;
45 ftp = 8;
46 bitlbee = 9;
47 avahi = 10;
48 nagios = 11;
49 atd = 12;
50 postfix = 13;
51 #postdrop = 14; # unused
52 dovecot = 15;
53 tomcat = 16;
54 #audio = 17; # unused
55 #floppy = 18; # unused
56 #uucp = 19; # unused
57 #lp = 20; # unused
58 #proc = 21; # unused
59 pulseaudio = 22; # must match `pulseaudio' GID
60 gpsd = 23;
61 #cdrom = 24; # unused
62 #tape = 25; # unused
63 #video = 26; # unused
64 #dialout = 27; # unused
65 polkituser = 28;
66 #utmp = 29; # unused
67 # ddclient = 30; # converted to DynamicUser = true
68 davfs2 = 31;
69 #disnix = 33; # unused
70 osgi = 34;
71 tor = 35;
72 cups = 36;
73 foldingathome = 37;
74 sabnzbd = 38;
75 #kdm = 39; # dropped in 17.03
76 #ghostone = 40; # dropped in 18.03
77 git = 41;
78 fourstore = 42;
79 fourstorehttp = 43;
80 virtuoso = 44;
81 rtkit = 45;
82 dovecot2 = 46;
83 dovenull2 = 47;
84 prayer = 49;
85 mpd = 50;
86 clamav = 51;
87 fprot = 52;
88 bind = 53;
89 wwwrun = 54;
90 #adm = 55; # unused
91 spamd = 56;
92 #networkmanager = 57; # unused
93 nslcd = 58;
94 scanner = 59;
95 nginx = 60;
96 chrony = 61;
97 #systemd-journal = 62; # unused
98 smtpd = 63;
99 smtpq = 64;
100 supybot = 65;
101 iodined = 66;
102 #libvirtd = 67; # unused
103 graphite = 68;
104 statsd = 69;
105 transmission = 70;
106 postgres = 71;
107 #vboxusers = 72; # unused
108 #vboxsf = 73; # unused
109 smbguest = 74; # unused
110 varnish = 75;
111 datadog = 76;
112 lighttpd = 77;
113 lightdm = 78;
114 freenet = 79;
115 ircd = 80;
116 bacula = 81;
117 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
118 deluge = 83;
119 mysql = 84;
120 rabbitmq = 85;
121 activemq = 86;
122 gnunet = 87;
123 oidentd = 88;
124 quassel = 89;
125 amule = 90;
126 minidlna = 91;
127 elasticsearch = 92;
128 tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
129 firebird = 95;
130 #keys = 96; # unused
131 haproxy = 97;
132 mongodb = 98;
133 openldap = 99;
134 #users = 100; # unused
135 cgminer = 101;
136 munin = 102;
137 logcheck = 103;
138 nix-ssh = 104;
139 dictd = 105;
140 couchdb = 106;
141 searx = 107;
142 kippo = 108;
143 jenkins = 109;
144 systemd-journal-gateway = 110;
145 #notbit = 111; # unused
146 aerospike = 111;
147 ngircd = 112;
148 btsync = 113;
149 minecraft = 114;
150 vault = 115;
151 rippled = 116;
152 murmur = 117;
153 foundationdb = 118;
154 newrelic = 119;
155 starbound = 120;
156 hydra = 122;
157 spiped = 123;
158 teamspeak = 124;
159 influxdb = 125;
160 nsd = 126;
161 gitolite = 127;
162 znc = 128;
163 polipo = 129;
164 mopidy = 130;
165 #docker = 131; # unused
166 gdm = 132;
167 dhcpd = 133;
168 siproxd = 134;
169 mlmmj = 135;
170 neo4j = 136;
171 riemann = 137;
172 riemanndash = 138;
173 radvd = 139;
174 zookeeper = 140;
175 dnsmasq = 141;
176 uhub = 142;
177 yandexdisk = 143;
178 #collectd = 144; #unused
179 consul = 145;
180 mailpile = 146;
181 redmine = 147;
182 seeks = 148;
183 prosody = 149;
184 i2pd = 150;
185 systemd-network = 152;
186 systemd-resolve = 153;
187 systemd-timesync = 154;
188 liquidsoap = 155;
189 etcd = 156;
190 hbase = 158;
191 opentsdb = 159;
192 scollector = 160;
193 bosun = 161;
194 kubernetes = 162;
195 peerflix = 163;
196 chronos = 164;
197 gitlab = 165;
198 tox-bootstrapd = 166;
199 cadvisor = 167;
200 nylon = 168;
201 apache-kafka = 169;
202 #panamax = 170; # unused
203 exim = 172;
204 #fleet = 173; # unused
205 #input = 174; # unused
206 sddm = 175;
207 tss = 176;
208 #memcached = 177; removed 2018-01-03
209 ntp = 179;
210 zabbix = 180;
211 #redis = 181; removed 2018-01-03
212 unifi = 183;
213 uptimed = 184;
214 zope2 = 185;
215 ripple-data-api = 186;
216 mediatomb = 187;
217 rdnssd = 188;
218 ihaskell = 189;
219 i2p = 190;
220 lambdabot = 191;
221 asterisk = 192;
222 plex = 193;
223 plexpy = 195;
224 grafana = 196;
225 skydns = 197;
226 # ripple-rest = 198; # unused, removed 2017-08-12
227 nix-serve = 199;
228 tvheadend = 200;
229 uwsgi = 201;
230 gitit = 202;
231 riemanntools = 203;
232 subsonic = 204;
233 riak = 205;
234 shout = 206;
235 gateone = 207;
236 namecoin = 208;
237 dnschain = 209;
238 #lxd = 210; # unused
239 kibana = 211;
240 xtreemfs = 212;
241 calibre-server = 213;
242 heapster = 214;
243 bepasty = 215;
244 # pumpio = 216; # unused, removed 2018-02-24
245 nm-openvpn = 217;
246 mathics = 218;
247 ejabberd = 219;
248 postsrsd = 220;
249 opendkim = 221;
250 dspam = 222;
251 gale = 223;
252 matrix-synapse = 224;
253 rspamd = 225;
254 rmilter = 226;
255 cfdyndns = 227;
256 gammu-smsd = 228;
257 pdnsd = 229;
258 octoprint = 230;
259 avahi-autoipd = 231;
260 nntp-proxy = 232;
261 mjpg-streamer = 233;
262 radicale = 234;
263 hydra-queue-runner = 235;
264 hydra-www = 236;
265 syncthing = 237;
266 caddy = 239;
267 taskd = 240;
268 factorio = 241;
269 emby = 242;
270 graylog = 243;
271 sniproxy = 244;
272 nzbget = 245;
273 mosquitto = 246;
274 toxvpn = 247;
275 squeezelite = 248;
276 turnserver = 249;
277 smokeping = 250;
278 gocd-agent = 251;
279 gocd-server = 252;
280 terraria = 253;
281 mattermost = 254;
282 prometheus = 255;
283 telegraf = 256;
284 gitlab-runner = 257;
285 postgrey = 258;
286 hound = 259;
287 leaps = 260;
288 ipfs = 261;
289 stanchion = 262;
290 riak-cs = 263;
291 infinoted = 264;
292 # keystone = 265; # unused, removed 2017-12-13
293 # glance = 266; # unused, removed 2017-12-13
294 couchpotato = 267;
295 gogs = 268;
296 pdns-recursor = 269;
297 kresd = 270;
298 rpc = 271;
299 geoip = 272;
300 fcron = 273;
301 sonarr = 274;
302 radarr = 275;
303 jackett = 276;
304 aria2 = 277;
305 clickhouse = 278;
306 rslsync = 279;
307 minio = 280;
308 kanboard = 281;
309 pykms = 282;
310 kodi = 283;
311 restya-board = 284;
312 mighttpd2 = 285;
313 hass = 286;
314 monero = 287;
315 ceph = 288;
316 duplicati = 289;
317 monetdb = 290;
318 restic = 291;
319 openvpn = 292;
320 meguca = 293;
321 yarn = 294;
322 hdfs = 295;
323 mapred = 296;
324 hadoop = 297;
325 hydron = 298;
326 cfssl = 299;
327 cassandra = 300;
328 qemu-libvirtd = 301;
329 # kvm = 302; # unused
330 # render = 303; # unused
331 zeronet = 304;
332
333 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
334
335 nixbld = 30000; # start of range of uids
336 nobody = 65534;
337 };
338
339 ids.gids = {
340 root = 0;
341 wheel = 1;
342 kmem = 2;
343 tty = 3;
344 messagebus = 4; # D-Bus
345 haldaemon = 5;
346 disk = 6;
347 vsftpd = 7;
348 ftp = 8;
349 bitlbee = 9;
350 avahi = 10;
351 #nagios = 11; # unused
352 atd = 12;
353 postfix = 13;
354 postdrop = 14;
355 dovecot = 15;
356 tomcat = 16;
357 audio = 17;
358 floppy = 18;
359 uucp = 19;
360 lp = 20;
361 proc = 21;
362 pulseaudio = 22; # must match `pulseaudio' UID
363 gpsd = 23;
364 cdrom = 24;
365 tape = 25;
366 video = 26;
367 dialout = 27;
368 #polkituser = 28; # currently unused, polkitd doesn't need a group
369 utmp = 29;
370 # ddclient = 30; # converted to DynamicUser = true
371 davfs2 = 31;
372 disnix = 33;
373 osgi = 34;
374 tor = 35;
375 #cups = 36; # unused
376 #foldingathome = 37; # unused
377 #sabnzd = 38; # unused
378 #kdm = 39; # unused, even before 17.03
379 #ghostone = 40; # dropped in 18.03
380 git = 41;
381 fourstore = 42;
382 fourstorehttp = 43;
383 virtuoso = 44;
384 #rtkit = 45; # unused
385 dovecot2 = 46;
386 #dovenull = 47; # unused
387 prayer = 49;
388 mpd = 50;
389 clamav = 51;
390 fprot = 52;
391 #bind = 53; # unused
392 wwwrun = 54;
393 adm = 55;
394 spamd = 56;
395 networkmanager = 57;
396 nslcd = 58;
397 scanner = 59;
398 nginx = 60;
399 chrony = 61;
400 systemd-journal = 62;
401 smtpd = 63;
402 smtpq = 64;
403 supybot = 65;
404 iodined = 66;
405 libvirtd = 67;
406 graphite = 68;
407 #statsd = 69; # unused
408 transmission = 70;
409 postgres = 71;
410 vboxusers = 72;
411 vboxsf = 73;
412 smbguest = 74; # unused
413 varnish = 75;
414 datadog = 76;
415 lighttpd = 77;
416 lightdm = 78;
417 freenet = 79;
418 ircd = 80;
419 bacula = 81;
420 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
421 deluge = 83;
422 mysql = 84;
423 rabbitmq = 85;
424 activemq = 86;
425 gnunet = 87;
426 oidentd = 88;
427 quassel = 89;
428 amule = 90;
429 minidlna = 91;
430 elasticsearch = 92;
431 #tcpcryptd = 93; # unused
432 firebird = 95;
433 keys = 96;
434 haproxy = 97;
435 #mongodb = 98; # unused
436 openldap = 99;
437 munin = 102;
438 #logcheck = 103; # unused
439 #nix-ssh = 104; # unused
440 dictd = 105;
441 couchdb = 106;
442 searx = 107;
443 kippo = 108;
444 jenkins = 109;
445 systemd-journal-gateway = 110;
446 #notbit = 111; # unused
447 aerospike = 111;
448 #ngircd = 112; # unused
449 btsync = 113;
450 #minecraft = 114; # unused
451 vault = 115;
452 #ripped = 116; # unused
453 #murmur = 117; # unused
454 foundationdb = 118;
455 newrelic = 119;
456 starbound = 120;
457 hydra = 122;
458 spiped = 123;
459 teamspeak = 124;
460 influxdb = 125;
461 nsd = 126;
462 gitolite = 127;
463 znc = 128;
464 polipo = 129;
465 mopidy = 130;
466 docker = 131;
467 gdm = 132;
468 #dhcpcd = 133; # unused
469 siproxd = 134;
470 mlmmj = 135;
471 #neo4j = 136; # unused
472 riemann = 137;
473 riemanndash = 138;
474 #radvd = 139; # unused
475 #zookeeper = 140; # unused
476 #dnsmasq = 141; # unused
477 uhub = 142;
478 #yandexdisk = 143; # unused
479 #collectd = 144; # unused
480 #consul = 145; # unused
481 mailpile = 146;
482 redmine = 147;
483 seeks = 148;
484 prosody = 149;
485 i2pd = 150;
486 systemd-network = 152;
487 systemd-resolve = 153;
488 systemd-timesync = 154;
489 liquidsoap = 155;
490 #etcd = 156; # unused
491 hbase = 158;
492 opentsdb = 159;
493 scollector = 160;
494 bosun = 161;
495 kubernetes = 162;
496 #peerflix = 163; # unused
497 #chronos = 164; # unused
498 gitlab = 165;
499 nylon = 168;
500 #panamax = 170; # unused
501 exim = 172;
502 #fleet = 173; # unused
503 input = 174;
504 sddm = 175;
505 tss = 176;
506 #memcached = 177; # unused, removed 2018-01-03
507 #ntp = 179; # unused
508 #zabbix = 180; # unused
509 #redis = 181; # unused, removed 2018-01-03
510 #unifi = 183; # unused
511 #uptimed = 184; # unused
512 #zope2 = 185; # unused
513 #ripple-data-api = 186; #unused
514 mediatomb = 187;
515 #rdnssd = 188; # unused
516 ihaskell = 189;
517 i2p = 190;
518 lambdabot = 191;
519 asterisk = 192;
520 plex = 193;
521 sabnzbd = 194;
522 #grafana = 196; #unused
523 #skydns = 197; #unused
524 # ripple-rest = 198; # unused, removed 2017-08-12
525 #nix-serve = 199; #unused
526 #tvheadend = 200; #unused
527 uwsgi = 201;
528 gitit = 202;
529 riemanntools = 203;
530 subsonic = 204;
531 riak = 205;
532 #shout = 206; #unused
533 gateone = 207;
534 namecoin = 208;
535 #dnschain = 209; #unused
536 lxd = 210; # unused
537 #kibana = 211;
538 xtreemfs = 212;
539 calibre-server = 213;
540 bepasty = 215;
541 # pumpio = 216; # unused, removed 2018-02-24
542 nm-openvpn = 217;
543 mathics = 218;
544 ejabberd = 219;
545 postsrsd = 220;
546 opendkim = 221;
547 dspam = 222;
548 gale = 223;
549 matrix-synapse = 224;
550 rspamd = 225;
551 rmilter = 226;
552 cfdyndns = 227;
553 pdnsd = 229;
554 octoprint = 230;
555 radicale = 234;
556 syncthing = 237;
557 caddy = 239;
558 taskd = 240;
559 factorio = 241;
560 emby = 242;
561 sniproxy = 244;
562 nzbget = 245;
563 mosquitto = 246;
564 #toxvpn = 247; # unused
565 #squeezelite = 248; #unused
566 turnserver = 249;
567 smokeping = 250;
568 gocd-agent = 251;
569 gocd-server = 252;
570 terraria = 253;
571 mattermost = 254;
572 prometheus = 255;
573 #telegraf = 256; # unused
574 gitlab-runner = 257;
575 postgrey = 258;
576 hound = 259;
577 leaps = 260;
578 ipfs = 261;
579 stanchion = 262;
580 riak-cs = 263;
581 infinoted = 264;
582 # keystone = 265; # unused, removed 2017-12-13
583 # glance = 266; # unused, removed 2017-12-13
584 couchpotato = 267;
585 gogs = 268;
586 kresd = 270;
587 #rpc = 271; # unused
588 #geoip = 272; # unused
589 fcron = 273;
590 sonarr = 274;
591 radarr = 275;
592 jackett = 276;
593 aria2 = 277;
594 clickhouse = 278;
595 rslsync = 279;
596 minio = 280;
597 kanboard = 281;
598 pykms = 282;
599 kodi = 283;
600 restya-board = 284;
601 mighttpd2 = 285;
602 hass = 286;
603 monero = 287;
604 ceph = 288;
605 duplicati = 289;
606 monetdb = 290;
607 restic = 291;
608 openvpn = 292;
609 meguca = 293;
610 yarn = 294;
611 hdfs = 295;
612 mapred = 296;
613 hadoop = 297;
614 hydron = 298;
615 cfssl = 299;
616 cassandra = 300;
617 qemu-libvirtd = 301;
618 kvm = 302; # default udev rules from systemd requires these
619 render = 303; # default udev rules from systemd requires these
620 zeronet = 304;
621
622 # When adding a gid, make sure it doesn't match an existing
623 # uid. Users and groups with the same name should have equal
624 # uids and gids. Also, don't use gids above 399!
625
626 users = 100;
627 nixbld = 30000;
628 nogroup = 65534;
629 };
630
631 };
632
633}