pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / misc / ids.nix
at master 23 kB view raw
1# This module defines the global list of uids and gids. We keep a 2# central list to prevent id collisions. 3 4# IMPORTANT! 5# 6# https://github.com/NixOS/rfcs/blob/master/rfcs/0052-dynamic-ids.md 7# 8# Use of static ids is deprecated within NixOS. Dynamic allocation is 9# required, barring special circumstances. Please check if the service 10# is applicable for systemd's DynamicUser option and does not need a 11# uid/gid allocation at all. If DynamicUser is problematic consider 12# making a `isSystemUser=true` user with the uid and gid unset and let 13# NixOS pick dynamic persistent ids on activation. These IDs are persisted 14# locally on the host in the event that the user is removed and added back. 15# Systemd will also change ownership of service directories using the 16# RuntimeDirectory/StateDirectory options just in case a change happens. 17# It's only for special circumstances like for example the ids being hardcoded 18# in the application or the ids having to be consistent across multiple hosts 19# that configuring static ids in this file makes sense. 20 21{ lib, ... }: 22 23let 24 inherit (lib) types; 25in 26{ 27 options = { 28 29 ids.uids = lib.mkOption { 30 internal = true; 31 description = '' 32 The user IDs used in NixOS. 33 ''; 34 type = types.attrsOf types.ints.u32; 35 }; 36 37 ids.gids = lib.mkOption { 38 internal = true; 39 description = '' 40 The group IDs used in NixOS. 41 ''; 42 type = types.attrsOf types.ints.u32; 43 }; 44 45 }; 46 47 config = { 48 49 ids.uids = { 50 root = 0; 51 #wheel = 1; # unused 52 #kmem = 2; # unused 53 #tty = 3; # unused 54 messagebus = 4; # D-Bus 55 haldaemon = 5; 56 #disk = 6; # unused 57 #vsftpd = 7; # dynamically allocated ass of 2021-09-14 58 ftp = 8; 59 # bitlbee = 9; # removed 2021-10-05 #139765 60 #avahi = 10; # removed 2019-05-22 61 nagios = 11; 62 atd = 12; 63 postfix = 13; 64 #postdrop = 14; # unused 65 dovecot = 15; 66 tomcat = 16; 67 #audio = 17; # unused 68 #floppy = 18; # unused 69 uucp = 19; 70 #lp = 20; # unused 71 #proc = 21; # unused 72 pulseaudio = 22; # must match `pulseaudio' GID 73 gpsd = 23; 74 #cdrom = 24; # unused 75 #tape = 25; # unused 76 #video = 26; # unused 77 #dialout = 27; # unused 78 polkituser = 28; 79 #utmp = 29; # unused 80 # ddclient = 30; # converted to DynamicUser = true 81 davfs2 = 31; 82 disnix = 33; 83 osgi = 34; 84 tor = 35; 85 cups = 36; 86 foldingathome = 37; 87 sabnzbd = 38; 88 #kdm = 39; # dropped in 17.03 89 #ghostone = 40; # dropped in 18.03 90 git = 41; 91 #fourstore = 42; # dropped in 20.03 92 #fourstorehttp = 43; # dropped in 20.03 93 #virtuoso = 44; dropped module 94 #rtkit = 45; # dynamically allocated 2021-09-03 95 dovecot2 = 46; 96 dovenull2 = 47; 97 # prayer = 49; # dropped in 23.11 98 mpd = 50; 99 clamav = 51; 100 #fprot = 52; # unused 101 # bind = 53; #dynamically allocated as of 2021-09-03 102 wwwrun = 54; 103 #adm = 55; # unused 104 spamd = 56; 105 #networkmanager = 57; # unused 106 nslcd = 58; 107 scanner = 59; 108 nginx = 60; 109 chrony = 61; 110 #systemd-journal = 62; # unused 111 smtpd = 63; 112 smtpq = 64; 113 supybot = 65; 114 iodined = 66; 115 #libvirtd = 67; # unused 116 graphite = 68; 117 #statsd = 69; # removed 2018-11-14 118 transmission = 70; 119 postgres = 71; 120 #vboxusers = 72; # unused 121 #vboxsf = 73; # unused 122 smbguest = 74; # unused 123 varnish = 75; 124 datadog = 76; 125 lighttpd = 77; 126 lightdm = 78; 127 freenet = 79; 128 ircd = 80; 129 bacula = 81; 130 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08 131 deluge = 83; 132 mysql = 84; 133 rabbitmq = 85; 134 activemq = 86; 135 gnunet = 87; 136 oidentd = 88; 137 quassel = 89; 138 amule = 90; 139 minidlna = 91; 140 elasticsearch = 92; 141 tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice. 142 firebird = 95; 143 #keys = 96; # unused 144 #haproxy = 97; # dynamically allocated as of 2020-03-11 145 #mongodb = 98; #dynamically allocated as of 2021-09-03 146 #openldap = 99; # dynamically allocated as of PR#94610 147 #users = 100; # unused 148 # cgminer = 101; #dynamically allocated as of 2021-09-17 149 munin = 102; 150 #logcheck = 103; #dynamically allocated as of 2021-09-17 151 #nix-ssh = 104; #dynamically allocated as of 2021-09-03 152 dictd = 105; 153 couchdb = 106; 154 #searx = 107; # dynamically allocated as of 2020-10-27 155 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 156 jenkins = 109; 157 systemd-journal-gateway = 110; 158 #notbit = 111; # unused 159 aerospike = 111; 160 #ngircd = 112; #dynamically allocated as of 2021-09-03 161 #btsync = 113; # unused 162 #minecraft = 114; #dynamically allocated as of 2021-09-03 163 vault = 115; 164 # rippled = 116; #dynamically allocated as of 2021-09-18 165 murmur = 117; 166 foundationdb = 118; 167 newrelic = 119; 168 starbound = 120; 169 hydra = 122; 170 spiped = 123; 171 teamspeak = 124; 172 influxdb = 125; 173 nsd = 126; 174 gitolite = 127; 175 znc = 128; 176 # polipo = 129; removed 2025-05-18 177 mopidy = 130; 178 #docker = 131; # unused 179 gdm = 132; 180 #dhcpd = 133; # dynamically allocated as of 2021-09-03 181 siproxd = 134; 182 mlmmj = 135; 183 #neo4j = 136;# dynamically allocated as of 2021-09-03 184 riemann = 137; 185 riemanndash = 138; 186 #radvd = 139;# dynamically allocated as of 2021-09-03 187 #zookeeper = 140;# dynamically allocated as of 2021-09-03 188 #dnsmasq = 141;# dynamically allocated as of 2021-09-03 189 #uhub = 142; # unused 190 yandexdisk = 143; 191 # mxisd = 144; # removed 2024-07-10 192 #consul = 145;# dynamically allocated as of 2021-09-03 193 #mailpile = 146; # removed 2022-01-12 194 redmine = 147; 195 #seeks = 148; # removed 2020-06-21 196 prosody = 149; 197 i2pd = 150; 198 systemd-coredump = 151; 199 systemd-network = 152; 200 systemd-resolve = 153; 201 systemd-timesync = 154; 202 liquidsoap = 155; 203 #etcd = 156;# dynamically allocated as of 2021-09-03 204 hbase = 158; 205 opentsdb = 159; 206 scollector = 160; 207 bosun = 161; 208 kubernetes = 162; 209 peerflix = 163; 210 #chronos = 164; # removed 2020-08-15 211 gitlab = 165; 212 # tox-bootstrapd = 166; removed 2021-09-15 213 cadvisor = 167; 214 nylon = 168; 215 #apache-kafka = 169;# dynamically allocated as of 2021-09-03 216 #panamax = 170; # unused 217 exim = 172; 218 #fleet = 173; # unused 219 #input = 174; # unused 220 sddm = 175; 221 #tss = 176; # dynamically allocated as of 2021-09-17 222 #memcached = 177; removed 2018-01-03 223 #ntp = 179; # dynamically allocated as of 2021-09-17 224 zabbix = 180; 225 #redis = 181; removed 2018-01-03 226 #unifi = 183; dynamically allocated as of 2021-09-17 227 uptimed = 184; 228 #zope2 = 185; # dynamically allocated as of 2021-09-18 229 #ripple-data-api = 186; dynamically allocated as of 2021-09-17 230 mediatomb = 187; 231 #rdnssd = 188; #dynamically allocated as of 2021-09-18 232 ihaskell = 189; 233 i2p = 190; 234 lambdabot = 191; 235 asterisk = 192; 236 plex = 193; 237 plexpy = 195; 238 grafana = 196; 239 skydns = 197; 240 # ripple-rest = 198; # unused, removed 2017-08-12 241 # nix-serve = 199; # unused, removed 2020-12-12 242 #tvheadend = 200; # dynamically allocated as of 2021-09-18 243 uwsgi = 201; 244 # gitit = 202; # unused, module was removed 2023-04-03 245 riemanntools = 203; 246 subsonic = 204; 247 # riak = 205; # unused, remove 2022-07-22 248 #shout = 206; # dynamically allocated as of 2021-09-18, module removed 2024-10-19 249 #gateone = 207; # removed 2025-08-21 250 namecoin = 208; 251 #lxd = 210; # unused 252 #kibana = 211;# dynamically allocated as of 2021-09-03 253 xtreemfs = 212; 254 calibre-server = 213; 255 #heapster = 214; #dynamically allocated as of 2021-09-17 256 bepasty = 215; 257 # pumpio = 216; # unused, removed 2018-02-24 258 nm-openvpn = 217; 259 # mathics = 218; # unused, removed 2020-08-15 260 ejabberd = 219; 261 postsrsd = 220; 262 opendkim = 221; 263 dspam = 222; 264 # gale = 223; removed 2021-06-10 265 matrix-synapse = 224; 266 rspamd = 225; 267 # rmilter = 226; # unused, removed 2019-08-22 268 cfdyndns = 227; 269 # gammu-smsd = 228; #dynamically allocated as of 2021-09-17 270 pdnsd = 229; 271 octoprint = 230; 272 avahi-autoipd = 231; 273 # nntp-proxy = 232; #dynamically allocated as of 2021-09-17 274 mjpg-streamer = 233; 275 #radicale = 234;# dynamically allocated as of 2021-09-03 276 hydra-queue-runner = 235; 277 hydra-www = 236; 278 syncthing = 237; 279 caddy = 239; 280 taskd = 240; 281 # factorio = 241; # DynamicUser = true 282 # emby = 242; # unused, removed 2019-05-01 283 #graylog = 243;# dynamically allocated as of 2021-09-03 284 sniproxy = 244; 285 nzbget = 245; 286 mosquitto = 246; 287 #toxvpn = 247; # dynamically allocated as of 2021-09-18 288 # squeezelite = 248; # DynamicUser = true 289 turnserver = 249; 290 #smokeping = 250;# dynamically allocated as of 2021-09-03 291 gocd-agent = 251; 292 gocd-server = 252; 293 terraria = 253; 294 mattermost = 254; 295 prometheus = 255; 296 telegraf = 256; 297 gitlab-runner = 257; 298 postgrey = 258; 299 # hound = 259; # unused, removed 2023-11-21 300 leaps = 260; 301 ipfs = 261; 302 # stanchion = 262; # unused, removed 2020-10-14 303 # riak-cs = 263; # unused, removed 2020-10-14 304 infinoted = 264; 305 sickbeard = 265; 306 headphones = 266; 307 # couchpotato = 267; # unused, removed 2022-01-01 308 # gogs = 268; # unused, removed in 2024-10-12 309 #pdns-recursor = 269; # dynamically allocated as of 2020-20-18 310 #kresd = 270; # switched to "knot-resolver" with dynamic ID 311 rpc = 271; 312 #geoip = 272; # new module uses DynamicUser 313 fcron = 273; 314 sonarr = 274; 315 radarr = 275; 316 jackett = 276; 317 aria2 = 277; 318 clickhouse = 278; 319 rslsync = 279; 320 minio = 280; 321 kanboard = 281; 322 # pykms = 282; # DynamicUser = true 323 kodi = 283; 324 # restya-board = 284; # removed 2024-01-22 325 mighttpd2 = 285; 326 hass = 286; 327 #monero = 287; # dynamically allocated as of 2021-05-08 328 ceph = 288; 329 duplicati = 289; 330 monetdb = 290; 331 restic = 291; 332 openvpn = 292; 333 # meguca = 293; # removed 2020-08-21 334 yarn = 294; 335 hdfs = 295; 336 mapred = 296; 337 hadoop = 297; 338 #hydron = 298; # removed 2024-08-03 339 cfssl = 299; 340 cassandra = 300; 341 qemu-libvirtd = 301; 342 # kvm = 302; # unused 343 # render = 303; # unused 344 # zeronet = 304; # removed 2019-01-03 345 lirc = 305; 346 lidarr = 306; 347 slurm = 307; 348 kapacitor = 308; 349 # solr = 309; removed 2023-03-16 350 alerta = 310; 351 minetest = 311; 352 rss2email = 312; 353 cockroachdb = 313; 354 zoneminder = 314; 355 paperless = 315; 356 #mailman = 316; # removed 2019-08-30 357 zigbee2mqtt = 317; 358 # shadow = 318; # unused 359 hqplayer = 319; 360 moonraker = 320; 361 distcc = 321; 362 webdav = 322; 363 pipewire = 323; 364 rstudio-server = 324; 365 localtimed = 325; 366 automatic-timezoned = 326; 367 368 # When adding a uid, make sure it doesn't match an existing gid. 369 # 370 # !!! Don't use uids above "399"! !!! 371 # 372 # The reason behind this restriction is that, NixOS by default allocates 373 # system user UIDs/GIDs in the range of `400..999`. System users/groups 374 # created using command like `useradd` will have UID and GID in this range[1]. 375 # 376 # If a newly added ID goes beyond "399", it may conflict with existing 377 # system user or group of the same id in someone else's NixOS. 378 # This could break their system and make that person upset for a whole day. 379 # 380 # Sidenote: the default is defined in `shadow` module[2], and the relevant change 381 # was made way back in 2014[3]. 382 # 383 # [1]: https://man7.org/linux/man-pages/man5/login.defs.5.html#:~:text=SYS_UID_MAX%20(number)%2C%20SYS_UID_MIN%20(number) 384 # [2]: <nixos/modules/programs/shadow.nix> 385 # [3]: https://github.com/NixOS/nixpkgs/commit/0e23a175de3687df8232fe118cbe87f04228ff28 386 387 nixbld = 30000; # start of range of uids 388 nobody = 65534; 389 }; 390 391 ids.gids = { 392 root = 0; 393 wheel = 1; 394 kmem = 2; 395 tty = 3; 396 messagebus = 4; # D-Bus 397 haldaemon = 5; 398 disk = 6; 399 #vsftpd = 7; # dynamically allocated as of 2021-09-14 400 ftp = 8; 401 # bitlbee = 9; # removed 2021-10-05 #139765 402 #avahi = 10; # removed 2019-05-22 403 #nagios = 11; # unused 404 atd = 12; 405 postfix = 13; 406 postdrop = 14; 407 dovecot = 15; 408 tomcat = 16; 409 audio = 17; 410 floppy = 18; 411 uucp = 19; 412 lp = 20; 413 proc = 21; 414 pulseaudio = 22; # must match `pulseaudio' UID 415 gpsd = 23; 416 cdrom = 24; 417 tape = 25; 418 video = 26; 419 dialout = 27; 420 #polkituser = 28; # currently unused, polkitd doesn't need a group 421 utmp = 29; 422 # ddclient = 30; # converted to DynamicUser = true 423 davfs2 = 31; 424 disnix = 33; 425 osgi = 34; 426 tor = 35; 427 #cups = 36; # unused 428 #foldingathome = 37; # unused 429 #sabnzd = 38; # unused 430 #kdm = 39; # unused, even before 17.03 431 #ghostone = 40; # dropped in 18.03 432 git = 41; 433 fourstore = 42; 434 fourstorehttp = 43; 435 virtuoso = 44; 436 #rtkit = 45; # unused 437 dovecot2 = 46; 438 dovenull2 = 47; 439 # prayer = 49; # dropped in 23.11 440 mpd = 50; 441 clamav = 51; 442 #fprot = 52; # unused 443 #bind = 53; # unused 444 wwwrun = 54; 445 adm = 55; 446 spamd = 56; 447 networkmanager = 57; 448 nslcd = 58; 449 scanner = 59; 450 nginx = 60; 451 chrony = 61; 452 systemd-journal = 62; 453 smtpd = 63; 454 smtpq = 64; 455 supybot = 65; 456 iodined = 66; 457 libvirtd = 67; 458 graphite = 68; 459 #statsd = 69; # removed 2018-11-14 460 transmission = 70; 461 postgres = 71; 462 vboxusers = 72; 463 vboxsf = 73; 464 smbguest = 74; # unused 465 varnish = 75; 466 datadog = 76; 467 lighttpd = 77; 468 lightdm = 78; 469 freenet = 79; 470 ircd = 80; 471 bacula = 81; 472 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08 473 deluge = 83; 474 mysql = 84; 475 rabbitmq = 85; 476 activemq = 86; 477 gnunet = 87; 478 oidentd = 88; 479 quassel = 89; 480 amule = 90; 481 minidlna = 91; 482 elasticsearch = 92; 483 #tcpcryptd = 93; # unused 484 firebird = 95; 485 keys = 96; 486 #haproxy = 97; # dynamically allocated as of 2020-03-11 487 #mongodb = 98; # unused 488 #openldap = 99; # dynamically allocated as of PR#94610 489 munin = 102; 490 #logcheck = 103; # unused 491 #nix-ssh = 104; # unused 492 dictd = 105; 493 couchdb = 106; 494 #searx = 107; # dynamically allocated as of 2020-10-27 495 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04 496 jenkins = 109; 497 systemd-journal-gateway = 110; 498 #notbit = 111; # unused 499 aerospike = 111; 500 #ngircd = 112; # unused 501 #btsync = 113; # unused 502 #minecraft = 114; # unused 503 vault = 115; 504 #ripped = 116; # unused 505 murmur = 117; 506 foundationdb = 118; 507 newrelic = 119; 508 starbound = 120; 509 hydra = 122; 510 spiped = 123; 511 teamspeak = 124; 512 influxdb = 125; 513 nsd = 126; 514 gitolite = 127; 515 znc = 128; 516 # polipo = 129; removed 2025-05-18 517 mopidy = 130; 518 docker = 131; 519 gdm = 132; 520 #dhcpcd = 133; # unused 521 siproxd = 134; 522 mlmmj = 135; 523 #neo4j = 136; # unused 524 riemann = 137; 525 riemanndash = 138; 526 #radvd = 139; # unused 527 #zookeeper = 140; # unused 528 #dnsmasq = 141; # unused 529 uhub = 142; 530 #yandexdisk = 143; # unused 531 # mxisd = 144; # removed 2024-07-10 532 #consul = 145; # unused 533 #mailpile = 146; # removed 2022-01-12 534 redmine = 147; 535 #seeks = 148; # removed 2020-06-21 536 prosody = 149; 537 i2pd = 150; 538 systemd-network = 152; 539 systemd-resolve = 153; 540 systemd-timesync = 154; 541 liquidsoap = 155; 542 #etcd = 156; # unused 543 hbase = 158; 544 opentsdb = 159; 545 scollector = 160; 546 bosun = 161; 547 kubernetes = 162; 548 #peerflix = 163; # unused 549 #chronos = 164; # unused 550 gitlab = 165; 551 nylon = 168; 552 #panamax = 170; # unused 553 exim = 172; 554 #fleet = 173; # unused 555 input = 174; 556 sddm = 175; 557 #tss = 176; #dynamically allocateda as of 2021-09-20 558 #memcached = 177; # unused, removed 2018-01-03 559 #ntp = 179; # unused 560 zabbix = 180; 561 #redis = 181; # unused, removed 2018-01-03 562 #unifi = 183; # unused 563 #uptimed = 184; # unused 564 #zope2 = 185; # unused 565 #ripple-data-api = 186; #unused 566 mediatomb = 187; 567 #rdnssd = 188; # unused 568 ihaskell = 189; 569 i2p = 190; 570 lambdabot = 191; 571 asterisk = 192; 572 plex = 193; 573 sabnzbd = 194; 574 #grafana = 196; #unused 575 #skydns = 197; #unused 576 # ripple-rest = 198; # unused, removed 2017-08-12 577 #nix-serve = 199; #unused 578 #tvheadend = 200; #unused 579 uwsgi = 201; 580 gitit = 202; 581 riemanntools = 203; 582 subsonic = 204; 583 # riak = 205;#unused, removed 2022-06-22 584 #shout = 206; #unused 585 #gateone = 207; #removed 2025-08-21 586 namecoin = 208; 587 #kibana = 211; 588 xtreemfs = 212; 589 calibre-server = 213; 590 bepasty = 215; 591 # pumpio = 216; # unused, removed 2018-02-24 592 nm-openvpn = 217; 593 mathics = 218; 594 ejabberd = 219; 595 postsrsd = 220; 596 opendkim = 221; 597 dspam = 222; 598 # gale = 223; removed 2021-06-10 599 matrix-synapse = 224; 600 rspamd = 225; 601 # rmilter = 226; # unused, removed 2019-08-22 602 cfdyndns = 227; 603 pdnsd = 229; 604 octoprint = 230; 605 #radicale = 234;# dynamically allocated as of 2021-09-03 606 syncthing = 237; 607 caddy = 239; 608 taskd = 240; 609 # factorio = 241; # unused 610 # emby = 242; # unused, removed 2019-05-01 611 sniproxy = 244; 612 nzbget = 245; 613 mosquitto = 246; 614 #toxvpn = 247; # unused 615 #squeezelite = 248; #unused 616 turnserver = 249; 617 #smokeping = 250;# dynamically allocated as of 2021-09-03 618 gocd-agent = 251; 619 gocd-server = 252; 620 terraria = 253; 621 mattermost = 254; 622 prometheus = 255; 623 #telegraf = 256; # unused 624 gitlab-runner = 257; 625 postgrey = 258; 626 # hound = 259; # unused, removed 2023-11-21 627 leaps = 260; 628 ipfs = 261; 629 # stanchion = 262; # unused, removed 2020-10-14 630 # riak-cs = 263; # unused, removed 2020-10-14 631 infinoted = 264; 632 sickbeard = 265; 633 headphones = 266; 634 # couchpotato = 267; # unused, removed 2022-01-01 635 # gogs = 268; # unused, removed in 2024-10-12 636 #kresd = 270; # switched to "knot-resolver" with dynamic ID 637 #rpc = 271; # unused 638 #geoip = 272; # unused 639 fcron = 273; 640 sonarr = 274; 641 radarr = 275; 642 jackett = 276; 643 aria2 = 277; 644 clickhouse = 278; 645 rslsync = 279; 646 minio = 280; 647 kanboard = 281; 648 # pykms = 282; # DynamicUser = true 649 kodi = 283; 650 # restya-board = 284; # removed 2024-01-22 651 mighttpd2 = 285; 652 hass = 286; 653 # monero = 287; # dynamically allocated as of 2021-05-08 654 ceph = 288; 655 duplicati = 289; 656 monetdb = 290; 657 restic = 291; 658 openvpn = 292; 659 # meguca = 293; # removed 2020-08-21 660 yarn = 294; 661 hdfs = 295; 662 mapred = 296; 663 hadoop = 297; 664 #hydron = 298; # removed 2024-08-03 665 cfssl = 299; 666 cassandra = 300; 667 qemu-libvirtd = 301; 668 kvm = 302; # default udev rules from systemd requires these 669 render = 303; # default udev rules from systemd requires these 670 sgx = 304; # default udev rules from systemd requires these 671 lirc = 305; 672 lidarr = 306; 673 slurm = 307; 674 kapacitor = 308; 675 # solr = 309; removed 2023-03-16 676 alerta = 310; 677 minetest = 311; 678 rss2email = 312; 679 cockroachdb = 313; 680 zoneminder = 314; 681 paperless = 315; 682 #mailman = 316; # removed 2019-08-30 683 zigbee2mqtt = 317; 684 shadow = 318; 685 hqplayer = 319; 686 moonraker = 320; 687 distcc = 321; 688 webdav = 322; 689 pipewire = 323; 690 rstudio-server = 324; 691 localtimed = 325; 692 automatic-timezoned = 326; 693 694 # When adding a gid, make sure it doesn't match an existing 695 # uid. Users and groups with the same name should have equal 696 # uids and gids. 697 # 698 # !!! Don't use gids above "399"! !!! 699 # 700 # The reason behind this restriction is that, NixOS by default allocates 701 # system user UIDs/GIDs in the range of `400..999`. System users/groups 702 # created using command like `useradd` will have UID and GID in this range[1]. 703 # 704 # If a newly added ID goes beyond "399", it may conflict with existing 705 # system user or group of the same id in someone else's NixOS. 706 # This could break their system and make that person upset for a whole day. 707 # 708 # Sidenote: the default is defined in `shadow` module[2], and the relevant change 709 # was made way back in 2014[3]. 710 # 711 # [1]: https://man7.org/linux/man-pages/man5/login.defs.5.html#:~:text=SYS_UID_MAX%20(number)%2C%20SYS_UID_MIN%20(number) 712 # [2]: <nixos/modules/programs/shadow.nix> 713 # [3]: https://github.com/NixOS/nixpkgs/commit/0e23a175de3687df8232fe118cbe87f04228ff28 714 715 # For exceptional cases where you really need a gid above 399, leave a 716 # comment stating why. 717 # 718 # Also, avoid the following GID ranges: 719 # 720 # 1000 - 29999: user accounts (see ../config/update-users-groups.pl) 721 # 30000 - 31000: nixbld users (the upper limit is arbitrarily chosen) 722 # 61184 - 65519: systemd DynamicUser (see systemd.exec(5)) 723 # 65535: the error return sentinel value when uid_t was 16 bits 724 # 725 # 100000 - 6653600: subgid allocated for user namespaces 726 # (see ../config/update-users-groups.pl) 727 # 4294967294: unauthenticated user in some NFS implementations 728 # 4294967295: error return sentinel value 729 # 730 # References: 731 # https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes 732 733 onepassword = 31001; # 1Password requires that its GID be larger than 1000 734 onepassword-cli = 31002; # 1Password requires that its GID be larger than 1000 735 736 users = 100; 737 nixbld = 30000; 738 nogroup = 65534; 739 }; 740 741 }; 742 743}