pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / misc / ids.nix
at 24.11-pre 21 kB view raw
1# This module defines the global list of uids and gids. We keep a 2# central list to prevent id collisions. 3 4# IMPORTANT! 5# We only add static uids and gids for services where it is not feasible 6# to change uids/gids on service start, for example a service with a lot of 7# files. Please also check if the service is applicable for systemd's 8# DynamicUser option and does not need a uid/gid allocation at all. 9# Systemd can also change ownership of service directories using the 10# RuntimeDirectory/StateDirectory options. 11 12{ lib, ... }: 13 14let 15 inherit (lib) types; 16in 17{ 18 options = { 19 20 ids.uids = lib.mkOption { 21 internal = true; 22 description = '' 23 The user IDs used in NixOS. 24 ''; 25 type = types.attrsOf types.int; 26 }; 27 28 ids.gids = lib.mkOption { 29 internal = true; 30 description = '' 31 The group IDs used in NixOS. 32 ''; 33 type = types.attrsOf types.int; 34 }; 35 36 }; 37 38 39 config = { 40 41 ids.uids = { 42 root = 0; 43 #wheel = 1; # unused 44 #kmem = 2; # unused 45 #tty = 3; # unused 46 messagebus = 4; # D-Bus 47 haldaemon = 5; 48 #disk = 6; # unused 49 #vsftpd = 7; # dynamically allocated ass of 2021-09-14 50 ftp = 8; 51 # bitlbee = 9; # removed 2021-10-05 #139765 52 #avahi = 10; # removed 2019-05-22 53 nagios = 11; 54 atd = 12; 55 postfix = 13; 56 #postdrop = 14; # unused 57 dovecot = 15; 58 tomcat = 16; 59 #audio = 17; # unused 60 #floppy = 18; # unused 61 uucp = 19; 62 #lp = 20; # unused 63 #proc = 21; # unused 64 pulseaudio = 22; # must match `pulseaudio' GID 65 gpsd = 23; 66 #cdrom = 24; # unused 67 #tape = 25; # unused 68 #video = 26; # unused 69 #dialout = 27; # unused 70 polkituser = 28; 71 #utmp = 29; # unused 72 # ddclient = 30; # converted to DynamicUser = true 73 davfs2 = 31; 74 disnix = 33; 75 osgi = 34; 76 tor = 35; 77 cups = 36; 78 foldingathome = 37; 79 sabnzbd = 38; 80 #kdm = 39; # dropped in 17.03 81 #ghostone = 40; # dropped in 18.03 82 git = 41; 83 #fourstore = 42; # dropped in 20.03 84 #fourstorehttp = 43; # dropped in 20.03 85 #virtuoso = 44; dropped module 86 #rtkit = 45; # dynamically allocated 2021-09-03 87 dovecot2 = 46; 88 dovenull2 = 47; 89 # prayer = 49; # dropped in 23.11 90 mpd = 50; 91 clamav = 51; 92 #fprot = 52; # unused 93 # bind = 53; #dynamically allocated as of 2021-09-03 94 wwwrun = 54; 95 #adm = 55; # unused 96 spamd = 56; 97 #networkmanager = 57; # unused 98 nslcd = 58; 99 scanner = 59; 100 nginx = 60; 101 chrony = 61; 102 #systemd-journal = 62; # unused 103 smtpd = 63; 104 smtpq = 64; 105 supybot = 65; 106 iodined = 66; 107 #libvirtd = 67; # unused 108 graphite = 68; 109 #statsd = 69; # removed 2018-11-14 110 transmission = 70; 111 postgres = 71; 112 #vboxusers = 72; # unused 113 #vboxsf = 73; # unused 114 smbguest = 74; # unused 115 varnish = 75; 116 datadog = 76; 117 lighttpd = 77; 118 lightdm = 78; 119 freenet = 79; 120 ircd = 80; 121 bacula = 81; 122 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08 123 deluge = 83; 124 mysql = 84; 125 rabbitmq = 85; 126 activemq = 86; 127 gnunet = 87; 128 oidentd = 88; 129 quassel = 89; 130 amule = 90; 131 minidlna = 91; 132 elasticsearch = 92; 133 tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice. 134 firebird = 95; 135 #keys = 96; # unused 136 #haproxy = 97; # dynamically allocated as of 2020-03-11 137 #mongodb = 98; #dynamically allocated as of 2021-09-03 138 #openldap = 99; # dynamically allocated as of PR#94610 139 #users = 100; # unused 140 # cgminer = 101; #dynamically allocated as of 2021-09-17 141 munin = 102; 142 #logcheck = 103; #dynamically allocated as of 2021-09-17 143 #nix-ssh = 104; #dynamically allocated as of 2021-09-03 144 dictd = 105; 145 couchdb = 106; 146 #searx = 107; # dynamically allocated as of 2020-10-27 147 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 148 jenkins = 109; 149 systemd-journal-gateway = 110; 150 #notbit = 111; # unused 151 aerospike = 111; 152 #ngircd = 112; #dynamically allocated as of 2021-09-03 153 #btsync = 113; # unused 154 #minecraft = 114; #dynamically allocated as of 2021-09-03 155 vault = 115; 156 # rippled = 116; #dynamically allocated as of 2021-09-18 157 murmur = 117; 158 foundationdb = 118; 159 newrelic = 119; 160 starbound = 120; 161 hydra = 122; 162 spiped = 123; 163 teamspeak = 124; 164 influxdb = 125; 165 nsd = 126; 166 gitolite = 127; 167 znc = 128; 168 polipo = 129; 169 mopidy = 130; 170 #docker = 131; # unused 171 gdm = 132; 172 #dhcpd = 133; # dynamically allocated as of 2021-09-03 173 siproxd = 134; 174 mlmmj = 135; 175 #neo4j = 136;# dynamically allocated as of 2021-09-03 176 riemann = 137; 177 riemanndash = 138; 178 #radvd = 139;# dynamically allocated as of 2021-09-03 179 #zookeeper = 140;# dynamically allocated as of 2021-09-03 180 #dnsmasq = 141;# dynamically allocated as of 2021-09-03 181 #uhub = 142; # unused 182 yandexdisk = 143; 183 mxisd = 144; # was once collectd 184 #consul = 145;# dynamically allocated as of 2021-09-03 185 #mailpile = 146; # removed 2022-01-12 186 redmine = 147; 187 #seeks = 148; # removed 2020-06-21 188 prosody = 149; 189 i2pd = 150; 190 systemd-coredump = 151; 191 systemd-network = 152; 192 systemd-resolve = 153; 193 systemd-timesync = 154; 194 liquidsoap = 155; 195 #etcd = 156;# dynamically allocated as of 2021-09-03 196 hbase = 158; 197 opentsdb = 159; 198 scollector = 160; 199 bosun = 161; 200 kubernetes = 162; 201 peerflix = 163; 202 #chronos = 164; # removed 2020-08-15 203 gitlab = 165; 204 # tox-bootstrapd = 166; removed 2021-09-15 205 cadvisor = 167; 206 nylon = 168; 207 #apache-kafka = 169;# dynamically allocated as of 2021-09-03 208 #panamax = 170; # unused 209 exim = 172; 210 #fleet = 173; # unused 211 #input = 174; # unused 212 sddm = 175; 213 #tss = 176; # dynamically allocated as of 2021-09-17 214 #memcached = 177; removed 2018-01-03 215 #ntp = 179; # dynamically allocated as of 2021-09-17 216 zabbix = 180; 217 #redis = 181; removed 2018-01-03 218 #unifi = 183; dynamically allocated as of 2021-09-17 219 uptimed = 184; 220 #zope2 = 185; # dynamically allocated as of 2021-09-18 221 #ripple-data-api = 186; dynamically allocated as of 2021-09-17 222 mediatomb = 187; 223 #rdnssd = 188; #dynamically allocated as of 2021-09-18 224 ihaskell = 189; 225 i2p = 190; 226 lambdabot = 191; 227 asterisk = 192; 228 plex = 193; 229 plexpy = 195; 230 grafana = 196; 231 skydns = 197; 232 # ripple-rest = 198; # unused, removed 2017-08-12 233 # nix-serve = 199; # unused, removed 2020-12-12 234 #tvheadend = 200; # dynamically allocated as of 2021-09-18 235 uwsgi = 201; 236 # gitit = 202; # unused, module was removed 2023-04-03 237 riemanntools = 203; 238 subsonic = 204; 239 # riak = 205; # unused, remove 2022-07-22 240 #shout = 206; # dynamically allocated as of 2021-09-18 241 gateone = 207; 242 namecoin = 208; 243 #lxd = 210; # unused 244 #kibana = 211;# dynamically allocated as of 2021-09-03 245 xtreemfs = 212; 246 calibre-server = 213; 247 #heapster = 214; #dynamically allocated as of 2021-09-17 248 bepasty = 215; 249 # pumpio = 216; # unused, removed 2018-02-24 250 nm-openvpn = 217; 251 # mathics = 218; # unused, removed 2020-08-15 252 ejabberd = 219; 253 postsrsd = 220; 254 opendkim = 221; 255 dspam = 222; 256 # gale = 223; removed 2021-06-10 257 matrix-synapse = 224; 258 rspamd = 225; 259 # rmilter = 226; # unused, removed 2019-08-22 260 cfdyndns = 227; 261 # gammu-smsd = 228; #dynamically allocated as of 2021-09-17 262 pdnsd = 229; 263 octoprint = 230; 264 avahi-autoipd = 231; 265 # nntp-proxy = 232; #dynamically allocated as of 2021-09-17 266 mjpg-streamer = 233; 267 #radicale = 234;# dynamically allocated as of 2021-09-03 268 hydra-queue-runner = 235; 269 hydra-www = 236; 270 syncthing = 237; 271 caddy = 239; 272 taskd = 240; 273 # factorio = 241; # DynamicUser = true 274 # emby = 242; # unusued, removed 2019-05-01 275 #graylog = 243;# dynamically allocated as of 2021-09-03 276 sniproxy = 244; 277 nzbget = 245; 278 mosquitto = 246; 279 #toxvpn = 247; # dynamically allocated as of 2021-09-18 280 # squeezelite = 248; # DynamicUser = true 281 turnserver = 249; 282 #smokeping = 250;# dynamically allocated as of 2021-09-03 283 gocd-agent = 251; 284 gocd-server = 252; 285 terraria = 253; 286 mattermost = 254; 287 prometheus = 255; 288 telegraf = 256; 289 gitlab-runner = 257; 290 postgrey = 258; 291 # hound = 259; # unused, removed 2023-11-21 292 leaps = 260; 293 ipfs = 261; 294 # stanchion = 262; # unused, removed 2020-10-14 295 # riak-cs = 263; # unused, removed 2020-10-14 296 infinoted = 264; 297 sickbeard = 265; 298 headphones = 266; 299 # couchpotato = 267; # unused, removed 2022-01-01 300 gogs = 268; 301 #pdns-recursor = 269; # dynamically allocated as of 2020-20-18 302 #kresd = 270; # switched to "knot-resolver" with dynamic ID 303 rpc = 271; 304 #geoip = 272; # new module uses DynamicUser 305 fcron = 273; 306 sonarr = 274; 307 radarr = 275; 308 jackett = 276; 309 aria2 = 277; 310 clickhouse = 278; 311 rslsync = 279; 312 minio = 280; 313 kanboard = 281; 314 # pykms = 282; # DynamicUser = true 315 kodi = 283; 316 # restya-board = 284; # removed 2024-01-22 317 mighttpd2 = 285; 318 hass = 286; 319 #monero = 287; # dynamically allocated as of 2021-05-08 320 ceph = 288; 321 duplicati = 289; 322 monetdb = 290; 323 restic = 291; 324 openvpn = 292; 325 # meguca = 293; # removed 2020-08-21 326 yarn = 294; 327 hdfs = 295; 328 mapred = 296; 329 hadoop = 297; 330 hydron = 298; 331 cfssl = 299; 332 cassandra = 300; 333 qemu-libvirtd = 301; 334 # kvm = 302; # unused 335 # render = 303; # unused 336 # zeronet = 304; # removed 2019-01-03 337 lirc = 305; 338 lidarr = 306; 339 slurm = 307; 340 kapacitor = 308; 341 # solr = 309; removed 2023-03-16 342 alerta = 310; 343 minetest = 311; 344 rss2email = 312; 345 cockroachdb = 313; 346 zoneminder = 314; 347 paperless = 315; 348 #mailman = 316; # removed 2019-08-30 349 zigbee2mqtt = 317; 350 # shadow = 318; # unused 351 hqplayer = 319; 352 moonraker = 320; 353 distcc = 321; 354 webdav = 322; 355 pipewire = 323; 356 rstudio-server = 324; 357 localtimed = 325; 358 automatic-timezoned = 326; 359 360 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 361 362 nixbld = 30000; # start of range of uids 363 nobody = 65534; 364 }; 365 366 ids.gids = { 367 root = 0; 368 wheel = 1; 369 kmem = 2; 370 tty = 3; 371 messagebus = 4; # D-Bus 372 haldaemon = 5; 373 disk = 6; 374 #vsftpd = 7; # dynamically allocated as of 2021-09-14 375 ftp = 8; 376 # bitlbee = 9; # removed 2021-10-05 #139765 377 #avahi = 10; # removed 2019-05-22 378 #nagios = 11; # unused 379 atd = 12; 380 postfix = 13; 381 postdrop = 14; 382 dovecot = 15; 383 tomcat = 16; 384 audio = 17; 385 floppy = 18; 386 uucp = 19; 387 lp = 20; 388 proc = 21; 389 pulseaudio = 22; # must match `pulseaudio' UID 390 gpsd = 23; 391 cdrom = 24; 392 tape = 25; 393 video = 26; 394 dialout = 27; 395 #polkituser = 28; # currently unused, polkitd doesn't need a group 396 utmp = 29; 397 # ddclient = 30; # converted to DynamicUser = true 398 davfs2 = 31; 399 disnix = 33; 400 osgi = 34; 401 tor = 35; 402 #cups = 36; # unused 403 #foldingathome = 37; # unused 404 #sabnzd = 38; # unused 405 #kdm = 39; # unused, even before 17.03 406 #ghostone = 40; # dropped in 18.03 407 git = 41; 408 fourstore = 42; 409 fourstorehttp = 43; 410 virtuoso = 44; 411 #rtkit = 45; # unused 412 dovecot2 = 46; 413 dovenull2 = 47; 414 # prayer = 49; # dropped in 23.11 415 mpd = 50; 416 clamav = 51; 417 #fprot = 52; # unused 418 #bind = 53; # unused 419 wwwrun = 54; 420 adm = 55; 421 spamd = 56; 422 networkmanager = 57; 423 nslcd = 58; 424 scanner = 59; 425 nginx = 60; 426 chrony = 61; 427 systemd-journal = 62; 428 smtpd = 63; 429 smtpq = 64; 430 supybot = 65; 431 iodined = 66; 432 libvirtd = 67; 433 graphite = 68; 434 #statsd = 69; # removed 2018-11-14 435 transmission = 70; 436 postgres = 71; 437 vboxusers = 72; 438 vboxsf = 73; 439 smbguest = 74; # unused 440 varnish = 75; 441 datadog = 76; 442 lighttpd = 77; 443 lightdm = 78; 444 freenet = 79; 445 ircd = 80; 446 bacula = 81; 447 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08 448 deluge = 83; 449 mysql = 84; 450 rabbitmq = 85; 451 activemq = 86; 452 gnunet = 87; 453 oidentd = 88; 454 quassel = 89; 455 amule = 90; 456 minidlna = 91; 457 elasticsearch = 92; 458 #tcpcryptd = 93; # unused 459 firebird = 95; 460 keys = 96; 461 #haproxy = 97; # dynamically allocated as of 2020-03-11 462 #mongodb = 98; # unused 463 #openldap = 99; # dynamically allocated as of PR#94610 464 munin = 102; 465 #logcheck = 103; # unused 466 #nix-ssh = 104; # unused 467 dictd = 105; 468 couchdb = 106; 469 #searx = 107; # dynamically allocated as of 2020-10-27 470 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 471 jenkins = 109; 472 systemd-journal-gateway = 110; 473 #notbit = 111; # unused 474 aerospike = 111; 475 #ngircd = 112; # unused 476 #btsync = 113; # unused 477 #minecraft = 114; # unused 478 vault = 115; 479 #ripped = 116; # unused 480 murmur = 117; 481 foundationdb = 118; 482 newrelic = 119; 483 starbound = 120; 484 hydra = 122; 485 spiped = 123; 486 teamspeak = 124; 487 influxdb = 125; 488 nsd = 126; 489 gitolite = 127; 490 znc = 128; 491 polipo = 129; 492 mopidy = 130; 493 docker = 131; 494 gdm = 132; 495 #dhcpcd = 133; # unused 496 siproxd = 134; 497 mlmmj = 135; 498 #neo4j = 136; # unused 499 riemann = 137; 500 riemanndash = 138; 501 #radvd = 139; # unused 502 #zookeeper = 140; # unused 503 #dnsmasq = 141; # unused 504 uhub = 142; 505 #yandexdisk = 143; # unused 506 mxisd = 144; # was once collectd 507 #consul = 145; # unused 508 #mailpile = 146; # removed 2022-01-12 509 redmine = 147; 510 #seeks = 148; # removed 2020-06-21 511 prosody = 149; 512 i2pd = 150; 513 systemd-network = 152; 514 systemd-resolve = 153; 515 systemd-timesync = 154; 516 liquidsoap = 155; 517 #etcd = 156; # unused 518 hbase = 158; 519 opentsdb = 159; 520 scollector = 160; 521 bosun = 161; 522 kubernetes = 162; 523 #peerflix = 163; # unused 524 #chronos = 164; # unused 525 gitlab = 165; 526 nylon = 168; 527 #panamax = 170; # unused 528 exim = 172; 529 #fleet = 173; # unused 530 input = 174; 531 sddm = 175; 532 #tss = 176; #dynamically allocateda as of 2021-09-20 533 #memcached = 177; # unused, removed 2018-01-03 534 #ntp = 179; # unused 535 zabbix = 180; 536 #redis = 181; # unused, removed 2018-01-03 537 #unifi = 183; # unused 538 #uptimed = 184; # unused 539 #zope2 = 185; # unused 540 #ripple-data-api = 186; #unused 541 mediatomb = 187; 542 #rdnssd = 188; # unused 543 ihaskell = 189; 544 i2p = 190; 545 lambdabot = 191; 546 asterisk = 192; 547 plex = 193; 548 sabnzbd = 194; 549 #grafana = 196; #unused 550 #skydns = 197; #unused 551 # ripple-rest = 198; # unused, removed 2017-08-12 552 #nix-serve = 199; #unused 553 #tvheadend = 200; #unused 554 uwsgi = 201; 555 gitit = 202; 556 riemanntools = 203; 557 subsonic = 204; 558 # riak = 205;#unused, removed 2022-06-22 559 #shout = 206; #unused 560 gateone = 207; 561 namecoin = 208; 562 #lxd = 210; # unused 563 #kibana = 211; 564 xtreemfs = 212; 565 calibre-server = 213; 566 bepasty = 215; 567 # pumpio = 216; # unused, removed 2018-02-24 568 nm-openvpn = 217; 569 mathics = 218; 570 ejabberd = 219; 571 postsrsd = 220; 572 opendkim = 221; 573 dspam = 222; 574 # gale = 223; removed 2021-06-10 575 matrix-synapse = 224; 576 rspamd = 225; 577 # rmilter = 226; # unused, removed 2019-08-22 578 cfdyndns = 227; 579 pdnsd = 229; 580 octoprint = 230; 581 #radicale = 234;# dynamically allocated as of 2021-09-03 582 syncthing = 237; 583 caddy = 239; 584 taskd = 240; 585 # factorio = 241; # unused 586 # emby = 242; # unused, removed 2019-05-01 587 sniproxy = 244; 588 nzbget = 245; 589 mosquitto = 246; 590 #toxvpn = 247; # unused 591 #squeezelite = 248; #unused 592 turnserver = 249; 593 #smokeping = 250;# dynamically allocated as of 2021-09-03 594 gocd-agent = 251; 595 gocd-server = 252; 596 terraria = 253; 597 mattermost = 254; 598 prometheus = 255; 599 #telegraf = 256; # unused 600 gitlab-runner = 257; 601 postgrey = 258; 602 # hound = 259; # unused, removed 2023-11-21 603 leaps = 260; 604 ipfs = 261; 605 # stanchion = 262; # unused, removed 2020-10-14 606 # riak-cs = 263; # unused, removed 2020-10-14 607 infinoted = 264; 608 sickbeard = 265; 609 headphones = 266; 610 # couchpotato = 267; # unused, removed 2022-01-01 611 gogs = 268; 612 #kresd = 270; # switched to "knot-resolver" with dynamic ID 613 #rpc = 271; # unused 614 #geoip = 272; # unused 615 fcron = 273; 616 sonarr = 274; 617 radarr = 275; 618 jackett = 276; 619 aria2 = 277; 620 clickhouse = 278; 621 rslsync = 279; 622 minio = 280; 623 kanboard = 281; 624 # pykms = 282; # DynamicUser = true 625 kodi = 283; 626 # restya-board = 284; # removed 2024-01-22 627 mighttpd2 = 285; 628 hass = 286; 629 # monero = 287; # dynamically allocated as of 2021-05-08 630 ceph = 288; 631 duplicati = 289; 632 monetdb = 290; 633 restic = 291; 634 openvpn = 292; 635 # meguca = 293; # removed 2020-08-21 636 yarn = 294; 637 hdfs = 295; 638 mapred = 296; 639 hadoop = 297; 640 hydron = 298; 641 cfssl = 299; 642 cassandra = 300; 643 qemu-libvirtd = 301; 644 kvm = 302; # default udev rules from systemd requires these 645 render = 303; # default udev rules from systemd requires these 646 sgx = 304; # default udev rules from systemd requires these 647 lirc = 305; 648 lidarr = 306; 649 slurm = 307; 650 kapacitor = 308; 651 # solr = 309; removed 2023-03-16 652 alerta = 310; 653 minetest = 311; 654 rss2email = 312; 655 cockroachdb = 313; 656 zoneminder = 314; 657 paperless = 315; 658 #mailman = 316; # removed 2019-08-30 659 zigbee2mqtt = 317; 660 shadow = 318; 661 hqplayer = 319; 662 moonraker = 320; 663 distcc = 321; 664 webdav = 322; 665 pipewire = 323; 666 rstudio-server = 324; 667 localtimed = 325; 668 automatic-timezoned = 326; 669 670 # When adding a gid, make sure it doesn't match an existing 671 # uid. Users and groups with the same name should have equal 672 # uids and gids. Also, don't use gids above 399! 673 674 # For exceptional cases where you really need a gid above 399, leave a 675 # comment stating why. 676 # 677 # Also, avoid the following GID ranges: 678 # 679 # 1000 - 29999: user accounts (see ../config/update-users-groups.pl) 680 # 30000 - 31000: nixbld users (the upper limit is arbitrarily chosen) 681 # 61184 - 65519: systemd DynamicUser (see systemd.exec(5)) 682 # 65535: the error return sentinel value when uid_t was 16 bits 683 # 684 # 100000 - 6653600: subgid allocated for user namespaces 685 # (see ../config/update-users-groups.pl) 686 # 4294967294: unauthenticated user in some NFS implementations 687 # 4294967295: error return sentinel value 688 # 689 # References: 690 # https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes 691 692 onepassword = 31001; # 1Password requires that its GID be larger than 1000 693 onepassword-cli = 31002; # 1Password requires that its GID be larger than 1000 694 695 users = 100; 696 nixbld = 30000; 697 nogroup = 65534; 698 }; 699 700 }; 701 702}