pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / misc / ids.nix
at 25.11-pre 23 kB view raw
1# This module defines the global list of uids and gids. We keep a 2# central list to prevent id collisions. 3 4# IMPORTANT! 5# 6# https://github.com/NixOS/rfcs/blob/master/rfcs/0052-dynamic-ids.md 7# 8# Use of static ids is deprecated within NixOS. Dynamic allocation is 9# required, barring special circumstacnes. Please check if the service 10# is applicable for systemd's DynamicUser option and does not need a 11# uid/gid allocation at all. Systemd can also change ownership of 12# service directories using the RuntimeDirectory/StateDirectory 13# options. 14 15{ lib, ... }: 16 17let 18 inherit (lib) types; 19in 20{ 21 options = { 22 23 ids.uids = lib.mkOption { 24 internal = true; 25 description = '' 26 The user IDs used in NixOS. 27 ''; 28 type = types.attrsOf types.int; 29 }; 30 31 ids.gids = lib.mkOption { 32 internal = true; 33 description = '' 34 The group IDs used in NixOS. 35 ''; 36 type = types.attrsOf types.int; 37 }; 38 39 }; 40 41 config = { 42 43 ids.uids = { 44 root = 0; 45 #wheel = 1; # unused 46 #kmem = 2; # unused 47 #tty = 3; # unused 48 messagebus = 4; # D-Bus 49 haldaemon = 5; 50 #disk = 6; # unused 51 #vsftpd = 7; # dynamically allocated ass of 2021-09-14 52 ftp = 8; 53 # bitlbee = 9; # removed 2021-10-05 #139765 54 #avahi = 10; # removed 2019-05-22 55 nagios = 11; 56 atd = 12; 57 postfix = 13; 58 #postdrop = 14; # unused 59 dovecot = 15; 60 tomcat = 16; 61 #audio = 17; # unused 62 #floppy = 18; # unused 63 uucp = 19; 64 #lp = 20; # unused 65 #proc = 21; # unused 66 pulseaudio = 22; # must match `pulseaudio' GID 67 gpsd = 23; 68 #cdrom = 24; # unused 69 #tape = 25; # unused 70 #video = 26; # unused 71 #dialout = 27; # unused 72 polkituser = 28; 73 #utmp = 29; # unused 74 # ddclient = 30; # converted to DynamicUser = true 75 davfs2 = 31; 76 disnix = 33; 77 osgi = 34; 78 tor = 35; 79 cups = 36; 80 foldingathome = 37; 81 sabnzbd = 38; 82 #kdm = 39; # dropped in 17.03 83 #ghostone = 40; # dropped in 18.03 84 git = 41; 85 #fourstore = 42; # dropped in 20.03 86 #fourstorehttp = 43; # dropped in 20.03 87 #virtuoso = 44; dropped module 88 #rtkit = 45; # dynamically allocated 2021-09-03 89 dovecot2 = 46; 90 dovenull2 = 47; 91 # prayer = 49; # dropped in 23.11 92 mpd = 50; 93 clamav = 51; 94 #fprot = 52; # unused 95 # bind = 53; #dynamically allocated as of 2021-09-03 96 wwwrun = 54; 97 #adm = 55; # unused 98 spamd = 56; 99 #networkmanager = 57; # unused 100 nslcd = 58; 101 scanner = 59; 102 nginx = 60; 103 chrony = 61; 104 #systemd-journal = 62; # unused 105 smtpd = 63; 106 smtpq = 64; 107 supybot = 65; 108 iodined = 66; 109 #libvirtd = 67; # unused 110 graphite = 68; 111 #statsd = 69; # removed 2018-11-14 112 transmission = 70; 113 postgres = 71; 114 #vboxusers = 72; # unused 115 #vboxsf = 73; # unused 116 smbguest = 74; # unused 117 varnish = 75; 118 datadog = 76; 119 lighttpd = 77; 120 lightdm = 78; 121 freenet = 79; 122 ircd = 80; 123 bacula = 81; 124 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08 125 deluge = 83; 126 mysql = 84; 127 rabbitmq = 85; 128 activemq = 86; 129 gnunet = 87; 130 oidentd = 88; 131 quassel = 89; 132 amule = 90; 133 minidlna = 91; 134 elasticsearch = 92; 135 tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice. 136 firebird = 95; 137 #keys = 96; # unused 138 #haproxy = 97; # dynamically allocated as of 2020-03-11 139 #mongodb = 98; #dynamically allocated as of 2021-09-03 140 #openldap = 99; # dynamically allocated as of PR#94610 141 #users = 100; # unused 142 # cgminer = 101; #dynamically allocated as of 2021-09-17 143 munin = 102; 144 #logcheck = 103; #dynamically allocated as of 2021-09-17 145 #nix-ssh = 104; #dynamically allocated as of 2021-09-03 146 dictd = 105; 147 couchdb = 106; 148 #searx = 107; # dynamically allocated as of 2020-10-27 149 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 150 jenkins = 109; 151 systemd-journal-gateway = 110; 152 #notbit = 111; # unused 153 aerospike = 111; 154 #ngircd = 112; #dynamically allocated as of 2021-09-03 155 #btsync = 113; # unused 156 #minecraft = 114; #dynamically allocated as of 2021-09-03 157 vault = 115; 158 # rippled = 116; #dynamically allocated as of 2021-09-18 159 murmur = 117; 160 foundationdb = 118; 161 newrelic = 119; 162 starbound = 120; 163 hydra = 122; 164 spiped = 123; 165 teamspeak = 124; 166 influxdb = 125; 167 nsd = 126; 168 gitolite = 127; 169 znc = 128; 170 polipo = 129; 171 mopidy = 130; 172 #docker = 131; # unused 173 gdm = 132; 174 #dhcpd = 133; # dynamically allocated as of 2021-09-03 175 siproxd = 134; 176 mlmmj = 135; 177 #neo4j = 136;# dynamically allocated as of 2021-09-03 178 riemann = 137; 179 riemanndash = 138; 180 #radvd = 139;# dynamically allocated as of 2021-09-03 181 #zookeeper = 140;# dynamically allocated as of 2021-09-03 182 #dnsmasq = 141;# dynamically allocated as of 2021-09-03 183 #uhub = 142; # unused 184 yandexdisk = 143; 185 # mxisd = 144; # removed 2024-07-10 186 #consul = 145;# dynamically allocated as of 2021-09-03 187 #mailpile = 146; # removed 2022-01-12 188 redmine = 147; 189 #seeks = 148; # removed 2020-06-21 190 prosody = 149; 191 i2pd = 150; 192 systemd-coredump = 151; 193 systemd-network = 152; 194 systemd-resolve = 153; 195 systemd-timesync = 154; 196 liquidsoap = 155; 197 #etcd = 156;# dynamically allocated as of 2021-09-03 198 hbase = 158; 199 opentsdb = 159; 200 scollector = 160; 201 bosun = 161; 202 kubernetes = 162; 203 peerflix = 163; 204 #chronos = 164; # removed 2020-08-15 205 gitlab = 165; 206 # tox-bootstrapd = 166; removed 2021-09-15 207 cadvisor = 167; 208 nylon = 168; 209 #apache-kafka = 169;# dynamically allocated as of 2021-09-03 210 #panamax = 170; # unused 211 exim = 172; 212 #fleet = 173; # unused 213 #input = 174; # unused 214 sddm = 175; 215 #tss = 176; # dynamically allocated as of 2021-09-17 216 #memcached = 177; removed 2018-01-03 217 #ntp = 179; # dynamically allocated as of 2021-09-17 218 zabbix = 180; 219 #redis = 181; removed 2018-01-03 220 #unifi = 183; dynamically allocated as of 2021-09-17 221 uptimed = 184; 222 #zope2 = 185; # dynamically allocated as of 2021-09-18 223 #ripple-data-api = 186; dynamically allocated as of 2021-09-17 224 mediatomb = 187; 225 #rdnssd = 188; #dynamically allocated as of 2021-09-18 226 ihaskell = 189; 227 i2p = 190; 228 lambdabot = 191; 229 asterisk = 192; 230 plex = 193; 231 plexpy = 195; 232 grafana = 196; 233 skydns = 197; 234 # ripple-rest = 198; # unused, removed 2017-08-12 235 # nix-serve = 199; # unused, removed 2020-12-12 236 #tvheadend = 200; # dynamically allocated as of 2021-09-18 237 uwsgi = 201; 238 # gitit = 202; # unused, module was removed 2023-04-03 239 riemanntools = 203; 240 subsonic = 204; 241 # riak = 205; # unused, remove 2022-07-22 242 #shout = 206; # dynamically allocated as of 2021-09-18, module removed 2024-10-19 243 gateone = 207; 244 namecoin = 208; 245 #lxd = 210; # unused 246 #kibana = 211;# dynamically allocated as of 2021-09-03 247 xtreemfs = 212; 248 calibre-server = 213; 249 #heapster = 214; #dynamically allocated as of 2021-09-17 250 bepasty = 215; 251 # pumpio = 216; # unused, removed 2018-02-24 252 nm-openvpn = 217; 253 # mathics = 218; # unused, removed 2020-08-15 254 ejabberd = 219; 255 postsrsd = 220; 256 opendkim = 221; 257 dspam = 222; 258 # gale = 223; removed 2021-06-10 259 matrix-synapse = 224; 260 rspamd = 225; 261 # rmilter = 226; # unused, removed 2019-08-22 262 cfdyndns = 227; 263 # gammu-smsd = 228; #dynamically allocated as of 2021-09-17 264 pdnsd = 229; 265 octoprint = 230; 266 avahi-autoipd = 231; 267 # nntp-proxy = 232; #dynamically allocated as of 2021-09-17 268 mjpg-streamer = 233; 269 #radicale = 234;# dynamically allocated as of 2021-09-03 270 hydra-queue-runner = 235; 271 hydra-www = 236; 272 syncthing = 237; 273 caddy = 239; 274 taskd = 240; 275 # factorio = 241; # DynamicUser = true 276 # emby = 242; # unusued, removed 2019-05-01 277 #graylog = 243;# dynamically allocated as of 2021-09-03 278 sniproxy = 244; 279 nzbget = 245; 280 mosquitto = 246; 281 #toxvpn = 247; # dynamically allocated as of 2021-09-18 282 # squeezelite = 248; # DynamicUser = true 283 turnserver = 249; 284 #smokeping = 250;# dynamically allocated as of 2021-09-03 285 gocd-agent = 251; 286 gocd-server = 252; 287 terraria = 253; 288 mattermost = 254; 289 prometheus = 255; 290 telegraf = 256; 291 gitlab-runner = 257; 292 postgrey = 258; 293 # hound = 259; # unused, removed 2023-11-21 294 leaps = 260; 295 ipfs = 261; 296 # stanchion = 262; # unused, removed 2020-10-14 297 # riak-cs = 263; # unused, removed 2020-10-14 298 infinoted = 264; 299 sickbeard = 265; 300 headphones = 266; 301 # couchpotato = 267; # unused, removed 2022-01-01 302 # gogs = 268; # unused, removed in 2024-10-12 303 #pdns-recursor = 269; # dynamically allocated as of 2020-20-18 304 #kresd = 270; # switched to "knot-resolver" with dynamic ID 305 rpc = 271; 306 #geoip = 272; # new module uses DynamicUser 307 fcron = 273; 308 sonarr = 274; 309 radarr = 275; 310 jackett = 276; 311 aria2 = 277; 312 clickhouse = 278; 313 rslsync = 279; 314 minio = 280; 315 kanboard = 281; 316 # pykms = 282; # DynamicUser = true 317 kodi = 283; 318 # restya-board = 284; # removed 2024-01-22 319 mighttpd2 = 285; 320 hass = 286; 321 #monero = 287; # dynamically allocated as of 2021-05-08 322 ceph = 288; 323 duplicati = 289; 324 monetdb = 290; 325 restic = 291; 326 openvpn = 292; 327 # meguca = 293; # removed 2020-08-21 328 yarn = 294; 329 hdfs = 295; 330 mapred = 296; 331 hadoop = 297; 332 #hydron = 298; # removed 2024-08-03 333 cfssl = 299; 334 cassandra = 300; 335 qemu-libvirtd = 301; 336 # kvm = 302; # unused 337 # render = 303; # unused 338 # zeronet = 304; # removed 2019-01-03 339 lirc = 305; 340 lidarr = 306; 341 slurm = 307; 342 kapacitor = 308; 343 # solr = 309; removed 2023-03-16 344 alerta = 310; 345 minetest = 311; 346 rss2email = 312; 347 cockroachdb = 313; 348 zoneminder = 314; 349 paperless = 315; 350 #mailman = 316; # removed 2019-08-30 351 zigbee2mqtt = 317; 352 # shadow = 318; # unused 353 hqplayer = 319; 354 moonraker = 320; 355 distcc = 321; 356 webdav = 322; 357 pipewire = 323; 358 rstudio-server = 324; 359 localtimed = 325; 360 automatic-timezoned = 326; 361 362 # When adding a uid, make sure it doesn't match an existing gid. 363 # 364 # !!! Don't use uids above "399"! !!! 365 # 366 # The reason behind this restriction is that, NixOS by default allocates 367 # system user UIDs/GIDs in the range of `400..999`. System users/groups 368 # created using command like `useradd` will have UID and GID in this range[1]. 369 # 370 # If a newly added ID goes beyond "399", it may conflict with existing 371 # system user or group of the same id in someone else's NixOS. 372 # This could break their system and make that person upset for a whole day. 373 # 374 # Sidenote: the default is defined in `shadow` module[2], and the relavent change 375 # was made way back in 2014[3]. 376 # 377 # [1]: https://man7.org/linux/man-pages/man5/login.defs.5.html#:~:text=SYS_UID_MAX%20(number)%2C%20SYS_UID_MIN%20(number) 378 # [2]: <nixos/modules/programs/shadow.nix> 379 # [3]: https://github.com/NixOS/nixpkgs/commit/0e23a175de3687df8232fe118cbe87f04228ff28 380 381 nixbld = 30000; # start of range of uids 382 nobody = 65534; 383 }; 384 385 ids.gids = { 386 root = 0; 387 wheel = 1; 388 kmem = 2; 389 tty = 3; 390 messagebus = 4; # D-Bus 391 haldaemon = 5; 392 disk = 6; 393 #vsftpd = 7; # dynamically allocated as of 2021-09-14 394 ftp = 8; 395 # bitlbee = 9; # removed 2021-10-05 #139765 396 #avahi = 10; # removed 2019-05-22 397 #nagios = 11; # unused 398 atd = 12; 399 postfix = 13; 400 postdrop = 14; 401 dovecot = 15; 402 tomcat = 16; 403 audio = 17; 404 floppy = 18; 405 uucp = 19; 406 lp = 20; 407 proc = 21; 408 pulseaudio = 22; # must match `pulseaudio' UID 409 gpsd = 23; 410 cdrom = 24; 411 tape = 25; 412 video = 26; 413 dialout = 27; 414 #polkituser = 28; # currently unused, polkitd doesn't need a group 415 utmp = 29; 416 # ddclient = 30; # converted to DynamicUser = true 417 davfs2 = 31; 418 disnix = 33; 419 osgi = 34; 420 tor = 35; 421 #cups = 36; # unused 422 #foldingathome = 37; # unused 423 #sabnzd = 38; # unused 424 #kdm = 39; # unused, even before 17.03 425 #ghostone = 40; # dropped in 18.03 426 git = 41; 427 fourstore = 42; 428 fourstorehttp = 43; 429 virtuoso = 44; 430 #rtkit = 45; # unused 431 dovecot2 = 46; 432 dovenull2 = 47; 433 # prayer = 49; # dropped in 23.11 434 mpd = 50; 435 clamav = 51; 436 #fprot = 52; # unused 437 #bind = 53; # unused 438 wwwrun = 54; 439 adm = 55; 440 spamd = 56; 441 networkmanager = 57; 442 nslcd = 58; 443 scanner = 59; 444 nginx = 60; 445 chrony = 61; 446 systemd-journal = 62; 447 smtpd = 63; 448 smtpq = 64; 449 supybot = 65; 450 iodined = 66; 451 libvirtd = 67; 452 graphite = 68; 453 #statsd = 69; # removed 2018-11-14 454 transmission = 70; 455 postgres = 71; 456 vboxusers = 72; 457 vboxsf = 73; 458 smbguest = 74; # unused 459 varnish = 75; 460 datadog = 76; 461 lighttpd = 77; 462 lightdm = 78; 463 freenet = 79; 464 ircd = 80; 465 bacula = 81; 466 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08 467 deluge = 83; 468 mysql = 84; 469 rabbitmq = 85; 470 activemq = 86; 471 gnunet = 87; 472 oidentd = 88; 473 quassel = 89; 474 amule = 90; 475 minidlna = 91; 476 elasticsearch = 92; 477 #tcpcryptd = 93; # unused 478 firebird = 95; 479 keys = 96; 480 #haproxy = 97; # dynamically allocated as of 2020-03-11 481 #mongodb = 98; # unused 482 #openldap = 99; # dynamically allocated as of PR#94610 483 munin = 102; 484 #logcheck = 103; # unused 485 #nix-ssh = 104; # unused 486 dictd = 105; 487 couchdb = 106; 488 #searx = 107; # dynamically allocated as of 2020-10-27 489 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 490 jenkins = 109; 491 systemd-journal-gateway = 110; 492 #notbit = 111; # unused 493 aerospike = 111; 494 #ngircd = 112; # unused 495 #btsync = 113; # unused 496 #minecraft = 114; # unused 497 vault = 115; 498 #ripped = 116; # unused 499 murmur = 117; 500 foundationdb = 118; 501 newrelic = 119; 502 starbound = 120; 503 hydra = 122; 504 spiped = 123; 505 teamspeak = 124; 506 influxdb = 125; 507 nsd = 126; 508 gitolite = 127; 509 znc = 128; 510 polipo = 129; 511 mopidy = 130; 512 docker = 131; 513 gdm = 132; 514 #dhcpcd = 133; # unused 515 siproxd = 134; 516 mlmmj = 135; 517 #neo4j = 136; # unused 518 riemann = 137; 519 riemanndash = 138; 520 #radvd = 139; # unused 521 #zookeeper = 140; # unused 522 #dnsmasq = 141; # unused 523 uhub = 142; 524 #yandexdisk = 143; # unused 525 # mxisd = 144; # removed 2024-07-10 526 #consul = 145; # unused 527 #mailpile = 146; # removed 2022-01-12 528 redmine = 147; 529 #seeks = 148; # removed 2020-06-21 530 prosody = 149; 531 i2pd = 150; 532 systemd-network = 152; 533 systemd-resolve = 153; 534 systemd-timesync = 154; 535 liquidsoap = 155; 536 #etcd = 156; # unused 537 hbase = 158; 538 opentsdb = 159; 539 scollector = 160; 540 bosun = 161; 541 kubernetes = 162; 542 #peerflix = 163; # unused 543 #chronos = 164; # unused 544 gitlab = 165; 545 nylon = 168; 546 #panamax = 170; # unused 547 exim = 172; 548 #fleet = 173; # unused 549 input = 174; 550 sddm = 175; 551 #tss = 176; #dynamically allocateda as of 2021-09-20 552 #memcached = 177; # unused, removed 2018-01-03 553 #ntp = 179; # unused 554 zabbix = 180; 555 #redis = 181; # unused, removed 2018-01-03 556 #unifi = 183; # unused 557 #uptimed = 184; # unused 558 #zope2 = 185; # unused 559 #ripple-data-api = 186; #unused 560 mediatomb = 187; 561 #rdnssd = 188; # unused 562 ihaskell = 189; 563 i2p = 190; 564 lambdabot = 191; 565 asterisk = 192; 566 plex = 193; 567 sabnzbd = 194; 568 #grafana = 196; #unused 569 #skydns = 197; #unused 570 # ripple-rest = 198; # unused, removed 2017-08-12 571 #nix-serve = 199; #unused 572 #tvheadend = 200; #unused 573 uwsgi = 201; 574 gitit = 202; 575 riemanntools = 203; 576 subsonic = 204; 577 # riak = 205;#unused, removed 2022-06-22 578 #shout = 206; #unused 579 gateone = 207; 580 namecoin = 208; 581 #lxd = 210; # unused 582 #kibana = 211; 583 xtreemfs = 212; 584 calibre-server = 213; 585 bepasty = 215; 586 # pumpio = 216; # unused, removed 2018-02-24 587 nm-openvpn = 217; 588 mathics = 218; 589 ejabberd = 219; 590 postsrsd = 220; 591 opendkim = 221; 592 dspam = 222; 593 # gale = 223; removed 2021-06-10 594 matrix-synapse = 224; 595 rspamd = 225; 596 # rmilter = 226; # unused, removed 2019-08-22 597 cfdyndns = 227; 598 pdnsd = 229; 599 octoprint = 230; 600 #radicale = 234;# dynamically allocated as of 2021-09-03 601 syncthing = 237; 602 caddy = 239; 603 taskd = 240; 604 # factorio = 241; # unused 605 # emby = 242; # unused, removed 2019-05-01 606 sniproxy = 244; 607 nzbget = 245; 608 mosquitto = 246; 609 #toxvpn = 247; # unused 610 #squeezelite = 248; #unused 611 turnserver = 249; 612 #smokeping = 250;# dynamically allocated as of 2021-09-03 613 gocd-agent = 251; 614 gocd-server = 252; 615 terraria = 253; 616 mattermost = 254; 617 prometheus = 255; 618 #telegraf = 256; # unused 619 gitlab-runner = 257; 620 postgrey = 258; 621 # hound = 259; # unused, removed 2023-11-21 622 leaps = 260; 623 ipfs = 261; 624 # stanchion = 262; # unused, removed 2020-10-14 625 # riak-cs = 263; # unused, removed 2020-10-14 626 infinoted = 264; 627 sickbeard = 265; 628 headphones = 266; 629 # couchpotato = 267; # unused, removed 2022-01-01 630 # gogs = 268; # unused, removed in 2024-10-12 631 #kresd = 270; # switched to "knot-resolver" with dynamic ID 632 #rpc = 271; # unused 633 #geoip = 272; # unused 634 fcron = 273; 635 sonarr = 274; 636 radarr = 275; 637 jackett = 276; 638 aria2 = 277; 639 clickhouse = 278; 640 rslsync = 279; 641 minio = 280; 642 kanboard = 281; 643 # pykms = 282; # DynamicUser = true 644 kodi = 283; 645 # restya-board = 284; # removed 2024-01-22 646 mighttpd2 = 285; 647 hass = 286; 648 # monero = 287; # dynamically allocated as of 2021-05-08 649 ceph = 288; 650 duplicati = 289; 651 monetdb = 290; 652 restic = 291; 653 openvpn = 292; 654 # meguca = 293; # removed 2020-08-21 655 yarn = 294; 656 hdfs = 295; 657 mapred = 296; 658 hadoop = 297; 659 #hydron = 298; # removed 2024-08-03 660 cfssl = 299; 661 cassandra = 300; 662 qemu-libvirtd = 301; 663 kvm = 302; # default udev rules from systemd requires these 664 render = 303; # default udev rules from systemd requires these 665 sgx = 304; # default udev rules from systemd requires these 666 lirc = 305; 667 lidarr = 306; 668 slurm = 307; 669 kapacitor = 308; 670 # solr = 309; removed 2023-03-16 671 alerta = 310; 672 minetest = 311; 673 rss2email = 312; 674 cockroachdb = 313; 675 zoneminder = 314; 676 paperless = 315; 677 #mailman = 316; # removed 2019-08-30 678 zigbee2mqtt = 317; 679 shadow = 318; 680 hqplayer = 319; 681 moonraker = 320; 682 distcc = 321; 683 webdav = 322; 684 pipewire = 323; 685 rstudio-server = 324; 686 localtimed = 325; 687 automatic-timezoned = 326; 688 689 # When adding a gid, make sure it doesn't match an existing 690 # uid. Users and groups with the same name should have equal 691 # uids and gids. 692 # 693 # !!! Don't use gids above "399"! !!! 694 # 695 # The reason behind this restriction is that, NixOS by default allocates 696 # system user UIDs/GIDs in the range of `400..999`. System users/groups 697 # created using command like `useradd` will have UID and GID in this range[1]. 698 # 699 # If a newly added ID goes beyond "399", it may conflict with existing 700 # system user or group of the same id in someone else's NixOS. 701 # This could break their system and make that person upset for a whole day. 702 # 703 # Sidenote: the default is defined in `shadow` module[2], and the relavent change 704 # was made way back in 2014[3]. 705 # 706 # [1]: https://man7.org/linux/man-pages/man5/login.defs.5.html#:~:text=SYS_UID_MAX%20(number)%2C%20SYS_UID_MIN%20(number) 707 # [2]: <nixos/modules/programs/shadow.nix> 708 # [3]: https://github.com/NixOS/nixpkgs/commit/0e23a175de3687df8232fe118cbe87f04228ff28 709 710 # For exceptional cases where you really need a gid above 399, leave a 711 # comment stating why. 712 # 713 # Also, avoid the following GID ranges: 714 # 715 # 1000 - 29999: user accounts (see ../config/update-users-groups.pl) 716 # 30000 - 31000: nixbld users (the upper limit is arbitrarily chosen) 717 # 61184 - 65519: systemd DynamicUser (see systemd.exec(5)) 718 # 65535: the error return sentinel value when uid_t was 16 bits 719 # 720 # 100000 - 6653600: subgid allocated for user namespaces 721 # (see ../config/update-users-groups.pl) 722 # 4294967294: unauthenticated user in some NFS implementations 723 # 4294967295: error return sentinel value 724 # 725 # References: 726 # https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes 727 728 onepassword = 31001; # 1Password requires that its GID be larger than 1000 729 onepassword-cli = 31002; # 1Password requires that its GID be larger than 1000 730 731 users = 100; 732 nixbld = 30000; 733 nogroup = 65534; 734 }; 735 736 }; 737 738}