pyrox.dev
1# This module defines the global list of uids and gids. We keep a
2# central list to prevent id collisions.
3
4# IMPORTANT!
5# We only add static uids and gids for services where it is not feasible
6# to change uids/gids on service start, in example a service with a lot of
7# files. Please also check if the service is applicable for systemd's
8# DynamicUser option and does not need a uid/gid allocation at all.
9# Systemd can also change ownership of service directories using the
10# RuntimeDirectory/StateDirectory options.
11
12{ lib, ... }:
13
14let
15 inherit (lib) types;
16in
17{
18 options = {
19
20 ids.uids = lib.mkOption {
21 internal = true;
22 description = ''
23 The user IDs used in NixOS.
24 '';
25 type = types.attrsOf types.int;
26 };
27
28 ids.gids = lib.mkOption {
29 internal = true;
30 description = ''
31 The group IDs used in NixOS.
32 '';
33 type = types.attrsOf types.int;
34 };
35
36 };
37
38
39 config = {
40
41 ids.uids = {
42 root = 0;
43 #wheel = 1; # unused
44 #kmem = 2; # unused
45 #tty = 3; # unused
46 messagebus = 4; # D-Bus
47 haldaemon = 5;
48 #disk = 6; # unused
49 #vsftpd = 7; # dynamically allocated ass of 2021-09-14
50 ftp = 8;
51 # bitlbee = 9; # removed 2021-10-05 #139765
52 #avahi = 10; # removed 2019-05-22
53 nagios = 11;
54 atd = 12;
55 postfix = 13;
56 #postdrop = 14; # unused
57 dovecot = 15;
58 tomcat = 16;
59 #audio = 17; # unused
60 #floppy = 18; # unused
61 uucp = 19;
62 #lp = 20; # unused
63 #proc = 21; # unused
64 pulseaudio = 22; # must match `pulseaudio' GID
65 gpsd = 23;
66 #cdrom = 24; # unused
67 #tape = 25; # unused
68 #video = 26; # unused
69 #dialout = 27; # unused
70 polkituser = 28;
71 #utmp = 29; # unused
72 # ddclient = 30; # converted to DynamicUser = true
73 davfs2 = 31;
74 disnix = 33;
75 osgi = 34;
76 tor = 35;
77 cups = 36;
78 foldingathome = 37;
79 sabnzbd = 38;
80 #kdm = 39; # dropped in 17.03
81 #ghostone = 40; # dropped in 18.03
82 git = 41;
83 #fourstore = 42; # dropped in 20.03
84 #fourstorehttp = 43; # dropped in 20.03
85 virtuoso = 44;
86 #rtkit = 45; # dynamically allocated 2021-09-03
87 dovecot2 = 46;
88 dovenull2 = 47;
89 prayer = 49;
90 mpd = 50;
91 clamav = 51;
92 fprot = 52;
93 # bind = 53; #dynamically allocated as of 2021-09-03
94 wwwrun = 54;
95 #adm = 55; # unused
96 spamd = 56;
97 #networkmanager = 57; # unused
98 nslcd = 58;
99 scanner = 59;
100 nginx = 60;
101 chrony = 61;
102 #systemd-journal = 62; # unused
103 smtpd = 63;
104 smtpq = 64;
105 supybot = 65;
106 iodined = 66;
107 #libvirtd = 67; # unused
108 graphite = 68;
109 #statsd = 69; # removed 2018-11-14
110 transmission = 70;
111 postgres = 71;
112 #vboxusers = 72; # unused
113 #vboxsf = 73; # unused
114 smbguest = 74; # unused
115 varnish = 75;
116 datadog = 76;
117 lighttpd = 77;
118 lightdm = 78;
119 freenet = 79;
120 ircd = 80;
121 bacula = 81;
122 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
123 deluge = 83;
124 mysql = 84;
125 rabbitmq = 85;
126 activemq = 86;
127 gnunet = 87;
128 oidentd = 88;
129 quassel = 89;
130 amule = 90;
131 minidlna = 91;
132 elasticsearch = 92;
133 tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
134 firebird = 95;
135 #keys = 96; # unused
136 #haproxy = 97; # dynamically allocated as of 2020-03-11
137 #mongodb = 98; #dynamically allocated as of 2021-09-03
138 #openldap = 99; # dynamically allocated as of PR#94610
139 #users = 100; # unused
140 # cgminer = 101; #dynamically allocated as of 2021-09-17
141 munin = 102;
142 #logcheck = 103; #dynamically allocated as of 2021-09-17
143 #nix-ssh = 104; #dynamically allocated as of 2021-09-03
144 dictd = 105;
145 couchdb = 106;
146 #searx = 107; # dynamically allocated as of 2020-10-27
147 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04
148 jenkins = 109;
149 systemd-journal-gateway = 110;
150 #notbit = 111; # unused
151 aerospike = 111;
152 #ngircd = 112; #dynamically allocated as of 2021-09-03
153 #btsync = 113; # unused
154 #minecraft = 114; #dynamically allocated as of 2021-09-03
155 vault = 115;
156 # rippled = 116; #dynamically allocated as of 2021-09-18
157 murmur = 117;
158 foundationdb = 118;
159 newrelic = 119;
160 starbound = 120;
161 hydra = 122;
162 spiped = 123;
163 teamspeak = 124;
164 influxdb = 125;
165 nsd = 126;
166 gitolite = 127;
167 znc = 128;
168 polipo = 129;
169 mopidy = 130;
170 #docker = 131; # unused
171 gdm = 132;
172 #dhcpd = 133; # dynamically allocated as of 2021-09-03
173 siproxd = 134;
174 mlmmj = 135;
175 #neo4j = 136;# dynamically allocated as of 2021-09-03
176 riemann = 137;
177 riemanndash = 138;
178 #radvd = 139;# dynamically allocated as of 2021-09-03
179 #zookeeper = 140;# dynamically allocated as of 2021-09-03
180 #dnsmasq = 141;# dynamically allocated as of 2021-09-03
181 #uhub = 142; # unused
182 yandexdisk = 143;
183 mxisd = 144; # was once collectd
184 #consul = 145;# dynamically allocated as of 2021-09-03
185 mailpile = 146;
186 redmine = 147;
187 #seeks = 148; # removed 2020-06-21
188 prosody = 149;
189 i2pd = 150;
190 systemd-coredump = 151;
191 systemd-network = 152;
192 systemd-resolve = 153;
193 systemd-timesync = 154;
194 liquidsoap = 155;
195 #etcd = 156;# dynamically allocated as of 2021-09-03
196 hbase = 158;
197 opentsdb = 159;
198 scollector = 160;
199 bosun = 161;
200 kubernetes = 162;
201 peerflix = 163;
202 #chronos = 164; # removed 2020-08-15
203 gitlab = 165;
204 # tox-bootstrapd = 166; removed 2021-09-15
205 cadvisor = 167;
206 nylon = 168;
207 #apache-kafka = 169;# dynamically allocated as of 2021-09-03
208 #panamax = 170; # unused
209 exim = 172;
210 #fleet = 173; # unused
211 #input = 174; # unused
212 sddm = 175;
213 #tss = 176; # dynamically allocated as of 2021-09-17
214 #memcached = 177; removed 2018-01-03
215 #ntp = 179; # dynamically allocated as of 2021-09-17
216 zabbix = 180;
217 #redis = 181; removed 2018-01-03
218 #unifi = 183; dynamically allocated as of 2021-09-17
219 uptimed = 184;
220 #zope2 = 185; # dynamically allocated as of 2021-09-18
221 #ripple-data-api = 186; dynamically allocated as of 2021-09-17
222 mediatomb = 187;
223 #rdnssd = 188; #dynamically allocated as of 2021-09-18
224 ihaskell = 189;
225 i2p = 190;
226 lambdabot = 191;
227 asterisk = 192;
228 plex = 193;
229 plexpy = 195;
230 grafana = 196;
231 skydns = 197;
232 # ripple-rest = 198; # unused, removed 2017-08-12
233 # nix-serve = 199; # unused, removed 2020-12-12
234 #tvheadend = 200; # dynamically allocated as of 2021-09-18
235 uwsgi = 201;
236 gitit = 202;
237 riemanntools = 203;
238 subsonic = 204;
239 riak = 205;
240 #shout = 206; # dynamically allocated as of 2021-09-18
241 gateone = 207;
242 namecoin = 208;
243 #lxd = 210; # unused
244 #kibana = 211;# dynamically allocated as of 2021-09-03
245 xtreemfs = 212;
246 calibre-server = 213;
247 #heapster = 214; #dynamically allocated as of 2021-09-17
248 bepasty = 215;
249 # pumpio = 216; # unused, removed 2018-02-24
250 nm-openvpn = 217;
251 # mathics = 218; # unused, removed 2020-08-15
252 ejabberd = 219;
253 postsrsd = 220;
254 opendkim = 221;
255 dspam = 222;
256 # gale = 223; removed 2021-06-10
257 matrix-synapse = 224;
258 rspamd = 225;
259 # rmilter = 226; # unused, removed 2019-08-22
260 cfdyndns = 227;
261 # gammu-smsd = 228; #dynamically allocated as of 2021-09-17
262 pdnsd = 229;
263 octoprint = 230;
264 avahi-autoipd = 231;
265 # nntp-proxy = 232; #dynamically allocated as of 2021-09-17
266 mjpg-streamer = 233;
267 #radicale = 234;# dynamically allocated as of 2021-09-03
268 hydra-queue-runner = 235;
269 hydra-www = 236;
270 syncthing = 237;
271 caddy = 239;
272 taskd = 240;
273 # factorio = 241; # DynamicUser = true
274 # emby = 242; # unusued, removed 2019-05-01
275 #graylog = 243;# dynamically allocated as of 2021-09-03
276 sniproxy = 244;
277 nzbget = 245;
278 mosquitto = 246;
279 #toxvpn = 247; # dynamically allocated as of 2021-09-18
280 # squeezelite = 248; # DynamicUser = true
281 turnserver = 249;
282 #smokeping = 250;# dynamically allocated as of 2021-09-03
283 gocd-agent = 251;
284 gocd-server = 252;
285 terraria = 253;
286 mattermost = 254;
287 prometheus = 255;
288 telegraf = 256;
289 gitlab-runner = 257;
290 postgrey = 258;
291 hound = 259;
292 leaps = 260;
293 ipfs = 261;
294 # stanchion = 262; # unused, removed 2020-10-14
295 # riak-cs = 263; # unused, removed 2020-10-14
296 infinoted = 264;
297 sickbeard = 265;
298 headphones = 266;
299 couchpotato = 267;
300 gogs = 268;
301 #pdns-recursor = 269; # dynamically allocated as of 2020-20-18
302 #kresd = 270; # switched to "knot-resolver" with dynamic ID
303 rpc = 271;
304 #geoip = 272; # new module uses DynamicUser
305 fcron = 273;
306 sonarr = 274;
307 radarr = 275;
308 jackett = 276;
309 aria2 = 277;
310 clickhouse = 278;
311 rslsync = 279;
312 minio = 280;
313 kanboard = 281;
314 # pykms = 282; # DynamicUser = true
315 kodi = 283;
316 restya-board = 284;
317 mighttpd2 = 285;
318 hass = 286;
319 #monero = 287; # dynamically allocated as of 2021-05-08
320 ceph = 288;
321 duplicati = 289;
322 monetdb = 290;
323 restic = 291;
324 openvpn = 292;
325 # meguca = 293; # removed 2020-08-21
326 yarn = 294;
327 hdfs = 295;
328 mapred = 296;
329 hadoop = 297;
330 hydron = 298;
331 cfssl = 299;
332 cassandra = 300;
333 qemu-libvirtd = 301;
334 # kvm = 302; # unused
335 # render = 303; # unused
336 # zeronet = 304; # removed 2019-01-03
337 lirc = 305;
338 lidarr = 306;
339 slurm = 307;
340 kapacitor = 308;
341 solr = 309;
342 alerta = 310;
343 minetest = 311;
344 rss2email = 312;
345 cockroachdb = 313;
346 zoneminder = 314;
347 paperless = 315;
348 #mailman = 316; # removed 2019-08-30
349 zigbee2mqtt = 317;
350 # shadow = 318; # unused
351 hqplayer = 319;
352 moonraker = 320;
353 distcc = 321;
354
355 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
356
357 nixbld = 30000; # start of range of uids
358 nobody = 65534;
359 };
360
361 ids.gids = {
362 root = 0;
363 wheel = 1;
364 kmem = 2;
365 tty = 3;
366 messagebus = 4; # D-Bus
367 haldaemon = 5;
368 disk = 6;
369 #vsftpd = 7; # dynamically allocated as of 2021-09-14
370 ftp = 8;
371 # bitlbee = 9; # removed 2021-10-05 #139765
372 #avahi = 10; # removed 2019-05-22
373 #nagios = 11; # unused
374 atd = 12;
375 postfix = 13;
376 postdrop = 14;
377 dovecot = 15;
378 tomcat = 16;
379 audio = 17;
380 floppy = 18;
381 uucp = 19;
382 lp = 20;
383 proc = 21;
384 pulseaudio = 22; # must match `pulseaudio' UID
385 gpsd = 23;
386 cdrom = 24;
387 tape = 25;
388 video = 26;
389 dialout = 27;
390 #polkituser = 28; # currently unused, polkitd doesn't need a group
391 utmp = 29;
392 # ddclient = 30; # converted to DynamicUser = true
393 davfs2 = 31;
394 disnix = 33;
395 osgi = 34;
396 tor = 35;
397 #cups = 36; # unused
398 #foldingathome = 37; # unused
399 #sabnzd = 38; # unused
400 #kdm = 39; # unused, even before 17.03
401 #ghostone = 40; # dropped in 18.03
402 git = 41;
403 fourstore = 42;
404 fourstorehttp = 43;
405 virtuoso = 44;
406 #rtkit = 45; # unused
407 dovecot2 = 46;
408 dovenull2 = 47;
409 prayer = 49;
410 mpd = 50;
411 clamav = 51;
412 fprot = 52;
413 #bind = 53; # unused
414 wwwrun = 54;
415 adm = 55;
416 spamd = 56;
417 networkmanager = 57;
418 nslcd = 58;
419 scanner = 59;
420 nginx = 60;
421 chrony = 61;
422 systemd-journal = 62;
423 smtpd = 63;
424 smtpq = 64;
425 supybot = 65;
426 iodined = 66;
427 libvirtd = 67;
428 graphite = 68;
429 #statsd = 69; # removed 2018-11-14
430 transmission = 70;
431 postgres = 71;
432 vboxusers = 72;
433 vboxsf = 73;
434 smbguest = 74; # unused
435 varnish = 75;
436 datadog = 76;
437 lighttpd = 77;
438 lightdm = 78;
439 freenet = 79;
440 ircd = 80;
441 bacula = 81;
442 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
443 deluge = 83;
444 mysql = 84;
445 rabbitmq = 85;
446 activemq = 86;
447 gnunet = 87;
448 oidentd = 88;
449 quassel = 89;
450 amule = 90;
451 minidlna = 91;
452 elasticsearch = 92;
453 #tcpcryptd = 93; # unused
454 firebird = 95;
455 keys = 96;
456 #haproxy = 97; # dynamically allocated as of 2020-03-11
457 #mongodb = 98; # unused
458 #openldap = 99; # dynamically allocated as of PR#94610
459 munin = 102;
460 #logcheck = 103; # unused
461 #nix-ssh = 104; # unused
462 dictd = 105;
463 couchdb = 106;
464 #searx = 107; # dynamically allocated as of 2020-10-27
465 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04
466 jenkins = 109;
467 systemd-journal-gateway = 110;
468 #notbit = 111; # unused
469 aerospike = 111;
470 #ngircd = 112; # unused
471 #btsync = 113; # unused
472 #minecraft = 114; # unused
473 vault = 115;
474 #ripped = 116; # unused
475 murmur = 117;
476 foundationdb = 118;
477 newrelic = 119;
478 starbound = 120;
479 hydra = 122;
480 spiped = 123;
481 teamspeak = 124;
482 influxdb = 125;
483 nsd = 126;
484 gitolite = 127;
485 znc = 128;
486 polipo = 129;
487 mopidy = 130;
488 docker = 131;
489 gdm = 132;
490 #dhcpcd = 133; # unused
491 siproxd = 134;
492 mlmmj = 135;
493 #neo4j = 136; # unused
494 riemann = 137;
495 riemanndash = 138;
496 #radvd = 139; # unused
497 #zookeeper = 140; # unused
498 #dnsmasq = 141; # unused
499 uhub = 142;
500 #yandexdisk = 143; # unused
501 mxisd = 144; # was once collectd
502 #consul = 145; # unused
503 mailpile = 146;
504 redmine = 147;
505 #seeks = 148; # removed 2020-06-21
506 prosody = 149;
507 i2pd = 150;
508 systemd-network = 152;
509 systemd-resolve = 153;
510 systemd-timesync = 154;
511 liquidsoap = 155;
512 #etcd = 156; # unused
513 hbase = 158;
514 opentsdb = 159;
515 scollector = 160;
516 bosun = 161;
517 kubernetes = 162;
518 #peerflix = 163; # unused
519 #chronos = 164; # unused
520 gitlab = 165;
521 nylon = 168;
522 #panamax = 170; # unused
523 exim = 172;
524 #fleet = 173; # unused
525 input = 174;
526 sddm = 175;
527 #tss = 176; #dynamically allocateda as of 2021-09-20
528 #memcached = 177; # unused, removed 2018-01-03
529 #ntp = 179; # unused
530 zabbix = 180;
531 #redis = 181; # unused, removed 2018-01-03
532 #unifi = 183; # unused
533 #uptimed = 184; # unused
534 #zope2 = 185; # unused
535 #ripple-data-api = 186; #unused
536 mediatomb = 187;
537 #rdnssd = 188; # unused
538 ihaskell = 189;
539 i2p = 190;
540 lambdabot = 191;
541 asterisk = 192;
542 plex = 193;
543 sabnzbd = 194;
544 #grafana = 196; #unused
545 #skydns = 197; #unused
546 # ripple-rest = 198; # unused, removed 2017-08-12
547 #nix-serve = 199; #unused
548 #tvheadend = 200; #unused
549 uwsgi = 201;
550 gitit = 202;
551 riemanntools = 203;
552 subsonic = 204;
553 riak = 205;
554 #shout = 206; #unused
555 gateone = 207;
556 namecoin = 208;
557 #lxd = 210; # unused
558 #kibana = 211;
559 xtreemfs = 212;
560 calibre-server = 213;
561 bepasty = 215;
562 # pumpio = 216; # unused, removed 2018-02-24
563 nm-openvpn = 217;
564 mathics = 218;
565 ejabberd = 219;
566 postsrsd = 220;
567 opendkim = 221;
568 dspam = 222;
569 # gale = 223; removed 2021-06-10
570 matrix-synapse = 224;
571 rspamd = 225;
572 # rmilter = 226; # unused, removed 2019-08-22
573 cfdyndns = 227;
574 pdnsd = 229;
575 octoprint = 230;
576 #radicale = 234;# dynamically allocated as of 2021-09-03
577 syncthing = 237;
578 caddy = 239;
579 taskd = 240;
580 # factorio = 241; # unused
581 # emby = 242; # unused, removed 2019-05-01
582 sniproxy = 244;
583 nzbget = 245;
584 mosquitto = 246;
585 #toxvpn = 247; # unused
586 #squeezelite = 248; #unused
587 turnserver = 249;
588 #smokeping = 250;# dynamically allocated as of 2021-09-03
589 gocd-agent = 251;
590 gocd-server = 252;
591 terraria = 253;
592 mattermost = 254;
593 prometheus = 255;
594 #telegraf = 256; # unused
595 gitlab-runner = 257;
596 postgrey = 258;
597 hound = 259;
598 leaps = 260;
599 ipfs = 261;
600 # stanchion = 262; # unused, removed 2020-10-14
601 # riak-cs = 263; # unused, removed 2020-10-14
602 infinoted = 264;
603 sickbeard = 265;
604 headphones = 266;
605 couchpotato = 267;
606 gogs = 268;
607 #kresd = 270; # switched to "knot-resolver" with dynamic ID
608 #rpc = 271; # unused
609 #geoip = 272; # unused
610 fcron = 273;
611 sonarr = 274;
612 radarr = 275;
613 jackett = 276;
614 aria2 = 277;
615 clickhouse = 278;
616 rslsync = 279;
617 minio = 280;
618 kanboard = 281;
619 # pykms = 282; # DynamicUser = true
620 kodi = 283;
621 restya-board = 284;
622 mighttpd2 = 285;
623 hass = 286;
624 # monero = 287; # dynamically allocated as of 2021-05-08
625 ceph = 288;
626 duplicati = 289;
627 monetdb = 290;
628 restic = 291;
629 openvpn = 292;
630 # meguca = 293; # removed 2020-08-21
631 yarn = 294;
632 hdfs = 295;
633 mapred = 296;
634 hadoop = 297;
635 hydron = 298;
636 cfssl = 299;
637 cassandra = 300;
638 qemu-libvirtd = 301;
639 kvm = 302; # default udev rules from systemd requires these
640 render = 303; # default udev rules from systemd requires these
641 # zeronet = 304; # removed 2019-01-03
642 lirc = 305;
643 lidarr = 306;
644 slurm = 307;
645 kapacitor = 308;
646 solr = 309;
647 alerta = 310;
648 minetest = 311;
649 rss2email = 312;
650 cockroachdb = 313;
651 zoneminder = 314;
652 paperless = 315;
653 #mailman = 316; # removed 2019-08-30
654 zigbee2mqtt = 317;
655 shadow = 318;
656 hqplayer = 319;
657 moonraker = 320;
658 distcc = 321;
659
660 # When adding a gid, make sure it doesn't match an existing
661 # uid. Users and groups with the same name should have equal
662 # uids and gids. Also, don't use gids above 399!
663
664 users = 100;
665 nixbld = 30000;
666 nogroup = 65534;
667 };
668
669 };
670
671}