commit bc3bca822a32fbbc73a9d55394991cef92dba3b9 · pyrox.dev/nixpkgs

+21 -21

nixos/modules/misc/ids.nix

···

       83
       83
        
             #fourstore = 42; # dropped in 20.03

     

       84
       84
        
             #fourstorehttp = 43; # dropped in 20.03

     

       85
       85
        
             virtuoso = 44;

     

       86
       86
       -
             rtkit = 45;

     

       86
       86
       +
             #rtkit = 45; # dynamically allocated 2021-09-03

     

       87
       87
        
             dovecot2 = 46;

     

       88
       88
        
             dovenull2 = 47;

     

       89
       89
        
             prayer = 49;

     

       90
       90
        
             mpd = 50;

     

       91
       91
        
             clamav = 51;

     

       92
       92
        
             fprot = 52;

     

       93
       93
       -
             bind = 53;

     

       93
       93
       +
             # bind = 53; #dynamically allocated as of 2021-09-03

     

       94
       94
        
             wwwrun = 54;

     

       95
       95
        
             #adm = 55; # unused

     

       96
       96
        
             spamd = 56;

     
···

       134
       134
        
             firebird = 95;

     

       135
       135
        
             #keys = 96; # unused

     

       136
       136
        
             #haproxy = 97; # dynamically allocated as of 2020-03-11

     

       137
       137
       -
             mongodb = 98;

     

       137
       137
       +
             #mongodb = 98; #dynamically allocated as of 2021-09-03

     

       138
       138
        
             #openldap = 99; # dynamically allocated as of PR#94610

     

       139
       139
        
             #users = 100; # unused

     

       140
       140
        
             cgminer = 101;

     

       141
       141
        
             munin = 102;

     

       142
       142
        
             logcheck = 103;

     

       143
       143
       -
             nix-ssh = 104;

     

       143
       143
       +
             #nix-ssh = 104; #dynamically allocated as of 2021-09-03

     

       144
       144
        
             dictd = 105;

     

       145
       145
        
             couchdb = 106;

     

       146
       146
        
             #searx = 107; # dynamically allocated as of 2020-10-27

     
···

       149
       149
        
             systemd-journal-gateway = 110;

     

       150
       150
        
             #notbit = 111; # unused

     

       151
       151
        
             aerospike = 111;

     

       152
       152
       -
             ngircd = 112;

     

       152
       152
       +
             #ngircd = 112; #dynamically allocated as of 2021-09-03

     

       153
       153
        
             #btsync = 113; # unused

     

       154
       154
       -
             minecraft = 114;

     

       154
       154
       +
             #minecraft = 114; #dynamically allocated as of 2021-09-03

     

       155
       155
        
             vault = 115;

     

       156
       156
        
             rippled = 116;

     

       157
       157
        
             murmur = 117;

     
···

       169
       169
        
             mopidy = 130;

     

       170
       170
        
             #docker = 131; # unused

     

       171
       171
        
             gdm = 132;

     

       172
       172
       -
             dhcpd = 133;

     

       172
       172
       +
             #dhcpd = 133; # dynamically allocated as of 2021-09-03

     

       173
       173
        
             siproxd = 134;

     

       174
       174
        
             mlmmj = 135;

     

       175
       175
       -
             neo4j = 136;

     

       175
       175
       +
             #neo4j = 136;# dynamically allocated as of 2021-09-03

     

       176
       176
        
             riemann = 137;

     

       177
       177
        
             riemanndash = 138;

     

       178
       178
       -
             radvd = 139;

     

       179
       179
       -
             zookeeper = 140;

     

       180
       180
       -
             dnsmasq = 141;

     

       178
       178
       +
             #radvd = 139;# dynamically allocated as of 2021-09-03

     

       179
       179
       +
             #zookeeper = 140;# dynamically allocated as of 2021-09-03

     

       180
       180
       +
             #dnsmasq = 141;# dynamically allocated as of 2021-09-03

     

       181
       181
        
             #uhub = 142; # unused

     

       182
       182
        
             yandexdisk = 143;

     

       183
       183
        
             mxisd = 144; # was once collectd

     

       184
       184
       -
             consul = 145;

     

       184
       184
       +
             #consul = 145;# dynamically allocated as of 2021-09-03

     

       185
       185
        
             mailpile = 146;

     

       186
       186
        
             redmine = 147;

     

       187
       187
        
             #seeks = 148; # removed 2020-06-21

     
···

       192
       192
        
             systemd-resolve = 153;

     

       193
       193
        
             systemd-timesync = 154;

     

       194
       194
        
             liquidsoap = 155;

     

       195
       195
       -
             etcd = 156;

     

       195
       195
       +
             #etcd = 156;# dynamically allocated as of 2021-09-03

     

       196
       196
        
             hbase = 158;

     

       197
       197
        
             opentsdb = 159;

     

       198
       198
        
             scollector = 160;

     
···

       204
       204
        
             tox-bootstrapd = 166;

     

       205
       205
        
             cadvisor = 167;

     

       206
       206
        
             nylon = 168;

     

       207
       207
       -
             apache-kafka = 169;

     

       207
       207
       +
             #apache-kafka = 169;# dynamically allocated as of 2021-09-03

     

       208
       208
        
             #panamax = 170; # unused

     

       209
       209
        
             exim = 172;

     

       210
       210
        
             #fleet = 173; # unused

     
···

       241
       241
        
             gateone = 207;

     

       242
       242
        
             namecoin = 208;

     

       243
       243
        
             #lxd = 210; # unused

     

       244
       244
       -
             kibana = 211;

     

       244
       244
       +
             #kibana = 211;# dynamically allocated as of 2021-09-03

     

       245
       245
        
             xtreemfs = 212;

     

       246
       246
        
             calibre-server = 213;

     

       247
       247
        
             heapster = 214;

     
···

       264
       264
        
             avahi-autoipd = 231;

     

       265
       265
        
             nntp-proxy = 232;

     

       266
       266
        
             mjpg-streamer = 233;

     

       267
       267
       -
             radicale = 234;

     

       267
       267
       +
             #radicale = 234;# dynamically allocated as of 2021-09-03

     

       268
       268
        
             hydra-queue-runner = 235;

     

       269
       269
        
             hydra-www = 236;

     

       270
       270
        
             syncthing = 237;

     
···

       272
       272
        
             taskd = 240;

     

       273
       273
        
             # factorio = 241; # DynamicUser = true

     

       274
       274
        
             # emby = 242; # unusued, removed 2019-05-01

     

       275
       275
       -
             graylog = 243;

     

       275
       275
       +
             #graylog = 243;# dynamically allocated as of 2021-09-03

     

       276
       276
        
             sniproxy = 244;

     

       277
       277
        
             nzbget = 245;

     

       278
       278
        
             mosquitto = 246;

     

       279
       279
        
             toxvpn = 247;

     

       280
       280
        
             # squeezelite = 248; # DynamicUser = true

     

       281
       281
        
             turnserver = 249;

     

       282
       282
       -
             smokeping = 250;

     

       282
       282
       +
             #smokeping = 250;# dynamically allocated as of 2021-09-03

     

       283
       283
        
             gocd-agent = 251;

     

       284
       284
        
             gocd-server = 252;

     

       285
       285
        
             terraria = 253;

     
···

       553
       553
        
             #shout = 206; #unused

     

       554
       554
        
             gateone = 207;

     

       555
       555
        
             namecoin = 208;

     

       556
       556
       -
             lxd = 210; # unused

     

       556
       556
       +
             #lxd = 210; # unused

     

       557
       557
        
             #kibana = 211;

     

       558
       558
        
             xtreemfs = 212;

     

       559
       559
        
             calibre-server = 213;

     
···

       572
       572
        
             cfdyndns = 227;

     

       573
       573
        
             pdnsd = 229;

     

       574
       574
        
             octoprint = 230;

     

       575
       575
       -
             radicale = 234;

     

       575
       575
       +
             #radicale = 234;# dynamically allocated as of 2021-09-03

     

       576
       576
        
             syncthing = 237;

     

       577
       577
        
             caddy = 239;

     

       578
       578
        
             taskd = 240;

     
···

       584
       584
        
             #toxvpn = 247; # unused

     

       585
       585
        
             #squeezelite = 248; #unused

     

       586
       586
        
             turnserver = 249;

     

       587
       587
       -
             smokeping = 250;

     

       587
       587
       +
             #smokeping = 250;# dynamically allocated as of 2021-09-03

     

       588
       588
        
             gocd-agent = 251;

     

       589
       589
        
             gocd-server = 252;

     

       590
       590
        
             terraria = 253;

+4 -1

nixos/modules/security/rtkit.nix

···

       35
       35
        
           services.dbus.packages = [ pkgs.rtkit ];

     

       36
       36
        
       

     

       37
       37
        
           users.users.rtkit =

     

       38
       38
       -
             { uid = config.ids.uids.rtkit;

     

       38
       38
       +
             {

     

       39
       39
       +
               isSystemUser = true;

     

       40
       40
       +
               group = "rtkit";

     

       39
       41
        
               description = "RealtimeKit daemon";

     

       40
       42
        
             };

     

       43
       43
       +
           users.groups.rtkit = {};

     

       41
       44
        
       

     

       42
       45
        
         };

     

       43
       46

+1

nixos/modules/services/backup/borgbackup.nix

···

       169
       169
        
               (map (mkAuthorizedKey cfg false) cfg.authorizedKeys

     

       170
       170
        
               ++ map (mkAuthorizedKey cfg true) cfg.authorizedKeysAppendOnly);

     

       171
       171
        
             useDefaultShell = true;

     

       172
       172
       +
             group = cfg.group;

     

       172
       173
        
             isSystemUser = true;

     

       173
       174
        
           };

     

       174
       175
        
           groups.${cfg.group} = { };

+1

nixos/modules/services/databases/influxdb.nix

···

       185
       185
        
           users.users = optionalAttrs (cfg.user == "influxdb") {

     

       186
       186
        
             influxdb = {

     

       187
       187
        
               uid = config.ids.uids.influxdb;

     

       188
       188
       +
               group = "influxdb";

     

       188
       189
        
               description = "Influxdb daemon user";

     

       189
       190
        
             };

     

       190
       191
        
           };

+2

nixos/modules/services/databases/memcached.nix

···

       67
       67
        
           users.users = optionalAttrs (cfg.user == "memcached") {

     

       68
       68
        
             memcached.description = "Memcached server user";

     

       69
       69
        
             memcached.isSystemUser = true;

     

       70
       70
       +
             memcached.group = "memcached";

     

       70
       71
        
           };

     

       72
       72
       +
           users.groups = optionalAttrs (cfg.user == "memcached") { memcached = {}; };

     

       71
       73
        
       

     

       72
       74
        
           environment.systemPackages = [ memcached ];

     

       73
       75

+3 -1

nixos/modules/services/databases/mongodb.nix

···

       123
       123
        
       

     

       124
       124
        
           users.users.mongodb = mkIf (cfg.user == "mongodb")

     

       125
       125
        
             { name = "mongodb";

     

       126
       126
       -
               uid = config.ids.uids.mongodb;

     

       126
       126
       +
               isSystemUser = true;

     

       127
       127
       +
               group = "mongodb";

     

       127
       128
        
               description = "MongoDB server user";

     

       128
       129
        
             };

     

       130
       130
       +
           users.groups.mongodb = mkIf (cfg.user == "mongodb") {};

     

       129
       131
        
       

     

       130
       132
        
           environment.systemPackages = [ mongodb ];

     

       131
       133

+3 -1

nixos/modules/services/databases/neo4j.nix

···

       651
       651
        
             environment.systemPackages = [ cfg.package ];

     

       652
       652
        
       

     

       653
       653
        
             users.users.neo4j = {

     

       654
       654
       -
               uid = config.ids.uids.neo4j;

     

       654
       654
       +
               isSystemUser = true;

     

       655
       655
       +
               group = "neo4j";

     

       655
       656
        
               description = "Neo4j daemon user";

     

       656
       657
        
               home = cfg.directories.home;

     

       657
       658
        
             };

     

       659
       659
       +
             users.groups.neo4j = {};

     

       658
       660
        
           };

     

       659
       661
        
       

     

       660
       662
        
         meta = {

+1

nixos/modules/services/databases/redis.nix

···

       246
       246
        
       

     

       247
       247
        
           users.users.redis = {

     

       248
       248
        
             description = "Redis database user";

     

       249
       249
       +
             group = "redis";

     

       249
       250
        
             isSystemUser = true;

     

       250
       251
        
           };

     

       251
       252
        
           users.groups.redis = {};

+3 -1

nixos/modules/services/games/minecraft-server.nix

···

       167
       167
        
             description     = "Minecraft server service user";

     

       168
       168
        
             home            = cfg.dataDir;

     

       169
       169
        
             createHome      = true;

     

       170
       170
       -
             uid             = config.ids.uids.minecraft;

     

       170
       170
       +
             isSystemUser    = true;

     

       171
       171
       +
             group           = "minecraft";

     

       171
       172
        
           };

     

       173
       173
       +
           users.groups.minecraft = {};

     

       172
       174
        
       

     

       173
       175
        
           systemd.services.minecraft-server = {

     

       174
       176
        
             description   = "Minecraft Server Service";

+3 -1

nixos/modules/services/logging/graylog.nix

···

       128
       128
        
       

     

       129
       129
        
           users.users = mkIf (cfg.user == "graylog") {

     

       130
       130
        
             graylog = {

     

       131
       131
       -
               uid = config.ids.uids.graylog;

     

       131
       131
       +
               isSystemUser = true;

     

       132
       132
       +
               group = "graylog";

     

       132
       133
        
               description = "Graylog server daemon user";

     

       133
       134
        
             };

     

       134
       135
        
           };

     

       136
       136
       +
           users.groups = mkIf (cfg.user == "graylog") {};

     

       135
       137
        
       

     

       136
       138
        
           systemd.tmpfiles.rules = [

     

       137
       139
        
             "d '${cfg.messageJournalDir}' - ${cfg.user} - - -"

+2

nixos/modules/services/misc/airsonic.nix

···

       165
       165
        
       

     

       166
       166
        
           users.users.airsonic = {

     

       167
       167
        
             description = "Airsonic service user";

     

       168
       168
       +
             group = "airsonic";

     

       168
       169
        
             name = cfg.user;

     

       169
       170
        
             home = cfg.home;

     

       170
       171
        
             createHome = true;

     

       171
       172
        
             isSystemUser = true;

     

       172
       173
        
           };

     

       174
       174
       +
           users.groups.airsonic = {};

     

       173
       175
        
         };

     

       174
       176
        
       }

+3 -1

nixos/modules/services/misc/apache-kafka.nix

···

       120
       120
        
           environment.systemPackages = [cfg.package];

     

       121
       121
        
       

     

       122
       122
        
           users.users.apache-kafka = {

     

       123
       123
       -
             uid = config.ids.uids.apache-kafka;

     

       123
       123
       +
             isSystemUser = true;

     

       124
       124
       +
             group = "apache-kafka";

     

       124
       125
        
             description = "Apache Kafka daemon user";

     

       125
       126
        
             home = head cfg.logDirs;

     

       126
       127
        
           };

     

       128
       128
       +
           users.groups.apache-kafka = {};

     

       127
       129
        
       

     

       128
       130
        
           systemd.tmpfiles.rules = map (logDir: "d '${logDir}' 0700 apache-kafka - - -") cfg.logDirs;

     

       129
       131

+2

nixos/modules/services/misc/docker-registry.nix

···

       151
       151
        
               home = cfg.storagePath;

     

       152
       152
        
             }

     

       153
       153
        
             else {}) // {

     

       154
       154
       +
               group = "docker-registry";

     

       154
       155
        
               isSystemUser = true;

     

       155
       156
        
             };

     

       157
       157
       +
           users.groups.docker-registry = {};

     

       156
       158
        
         };

     

       157
       159
        
       }

+3 -1

nixos/modules/services/misc/etcd.nix

···

       187
       187
        
           environment.systemPackages = [ pkgs.etcd ];

     

       188
       188
        
       

     

       189
       189
        
           users.users.etcd = {

     

       190
       190
       -
             uid = config.ids.uids.etcd;

     

       190
       190
       +
             isSystemUser = true;

     

       191
       191
       +
             group = "etcd";

     

       191
       192
        
             description = "Etcd daemon user";

     

       192
       193
        
             home = cfg.dataDir;

     

       193
       194
        
           };

     

       195
       195
       +
           users.groups.etcd = {};

     

       194
       196
        
         };

     

       195
       197
        
       }

+3 -1

nixos/modules/services/misc/nix-ssh-serve.nix

···

       38
       38
        
       

     

       39
       39
        
           users.users.nix-ssh = {

     

       40
       40
        
             description = "Nix SSH store user";

     

       41
       41
       -
             uid = config.ids.uids.nix-ssh;

     

       41
       41
       +
             isSystemUser = true;

     

       42
       42
       +
             group = "nix-ssh";

     

       42
       43
        
             useDefaultShell = true;

     

       43
       44
        
           };

     

       45
       45
       +
           users.groups.nix-ssh = {};

     

       44
       46
        
       

     

       45
       47
        
           services.openssh.enable = true;

     

       46
       48

+3 -1

nixos/modules/services/misc/zookeeper.nix

···

       148
       148
        
           };

     

       149
       149
        
       

     

       150
       150
        
           users.users.zookeeper = {

     

       151
       151
       -
             uid = config.ids.uids.zookeeper;

     

       151
       151
       +
             isSystemUser = true;

     

       152
       152
       +
             group = "zookeeper";

     

       152
       153
        
             description = "Zookeeper daemon user";

     

       153
       154
        
             home = cfg.dataDir;

     

       154
       155
        
           };

     

       156
       156
       +
           users.groups.zookeeper = {};

     

       155
       157
        
         };

     

       156
       158
        
       }

+1

nixos/modules/services/monitoring/graphite.nix

···

       561
       561
        
            ) {

     

       562
       562
        
             users.users.graphite = {

     

       563
       563
        
               uid = config.ids.uids.graphite;

     

       564
       564
       +
               group = "graphite";

     

       564
       565
        
               description = "Graphite daemon user";

     

       565
       566
        
               home = dataDir;

     

       566
       567
        
             };

+1

nixos/modules/services/monitoring/netdata.nix

···

       258
       258
        
       

     

       259
       259
        
           users.users = optionalAttrs (cfg.user == defaultUser) {

     

       260
       260
        
             ${defaultUser} = {

     

       261
       261
       +
               group = defaultUser;

     

       261
       262
        
               isSystemUser = true;

     

       262
       263
        
             };

     

       263
       264
        
           };

+1

nixos/modules/services/monitoring/tuptime.nix

···

       36
       36
        
             groups._tuptime.members = [ "_tuptime" ];

     

       37
       37
        
             users._tuptime = {

     

       38
       38
        
               isSystemUser = true;

     

       39
       39
       +
               group = "_tuptime";

     

       39
       40
        
               description = "tuptime database owner";

     

       40
       41
        
             };

     

       41
       42
        
           };

+4 -1

nixos/modules/services/network-filesystems/orangefs/server.nix

···

       193
       193
        
           environment.systemPackages = [ pkgs.orangefs ];

     

       194
       194
        
       

     

       195
       195
        
           # orangefs daemon will run as user

     

       196
       196
       -
           users.users.orangefs.isSystemUser = true;

     

       196
       196
       +
           users.users.orangefs = {

     

       197
       197
       +
             isSystemUser = true;

     

       198
       198
       +
             group = "orangfs";

     

       199
       199
       +
           };

     

       197
       200
        
           users.groups.orangefs = {};

     

       198
       201
        
       

     

       199
       202
        
           # To format the file system the config file is needed.

+3 -1

nixos/modules/services/networking/bind.nix

···

       229
       229
        
       

     

       230
       230
        
           users.users.${bindUser} =

     

       231
       231
        
             {

     

       232
       232
       -
               uid = config.ids.uids.bind;

     

       232
       232
       +
               group = bindUser;

     

       233
       233
        
               description = "BIND daemon user";

     

       234
       234
       +
               isSystemUser = true;

     

       234
       235
        
             };

     

       236
       236
       +
           users.groups.${bindUser} = {};

     

       235
       237
        
       

     

       236
       238
        
           systemd.services.bind = {

     

       237
       239
        
             description = "BIND Domain Name Server";

+3 -1

nixos/modules/services/networking/consul.nix

···

       159
       159
        
       

     

       160
       160
        
             users.users.consul = {

     

       161
       161
        
               description = "Consul agent daemon user";

     

       162
       162
       -
               uid = config.ids.uids.consul;

     

       162
       162
       +
               isSystemUser = true;

     

       163
       163
       +
               group = "consul";

     

       163
       164
        
               # The shell is needed for health checks

     

       164
       165
        
               shell = "/run/current-system/sw/bin/bash";

     

       165
       166
        
             };

     

       167
       167
       +
             users.groups.consul = {};

     

       166
       168
        
       

     

       167
       169
        
             environment = {

     

       168
       170
        
               etc."consul.json".text = builtins.toJSON configOptions;

+1

nixos/modules/services/networking/coturn.nix

···

       311
       311
        
           {

     

       312
       312
        
             users.users.turnserver =

     

       313
       313
        
               { uid = config.ids.uids.turnserver;

     

       314
       314
       +
                 group = "turnserver";

     

       314
       315
        
                 description = "coturn TURN server user";

     

       315
       316
        
               };

     

       316
       317
        
             users.groups.turnserver =

+3 -1

nixos/modules/services/networking/dhcpd.nix

···

       212
       212
        
       

     

       213
       213
        
           users = {

     

       214
       214
        
             users.dhcpd = {

     

       215
       215
       -
               uid = config.ids.uids.dhcpd;

     

       215
       215
       +
               isSystemUser = true;

     

       216
       216
       +
               group = "dhcpd";

     

       216
       217
        
               description = "DHCP daemon user";

     

       217
       218
        
             };

     

       219
       219
       +
             groups.dhcpd = {};

     

       218
       220
        
           };

     

       219
       221
        
       

     

       220
       222
        
           systemd.services = dhcpdService "4" cfg4 // dhcpdService "6" cfg6;

+3 -1

nixos/modules/services/networking/dnsmasq.nix

···

       87
       87
        
           services.dbus.packages = [ dnsmasq ];

     

       88
       88
        
       

     

       89
       89
        
           users.users.dnsmasq = {

     

       90
       90
       -
             uid = config.ids.uids.dnsmasq;

     

       90
       90
       +
             isSystemUser = true;

     

       91
       91
       +
             group = "dnsmasq";

     

       91
       92
        
             description = "Dnsmasq daemon user";

     

       92
       93
        
           };

     

       94
       94
       +
           users.groups.dnsmasq = {};

     

       93
       95
        
       

     

       94
       96
        
           networking.resolvconf = mkIf cfg.resolveLocalQueries {

     

       95
       97
        
             useLocalResolver = mkDefault true;

+1

nixos/modules/services/networking/git-daemon.nix

···

       107
       107
        
           users.users = optionalAttrs (cfg.user == "git") {

     

       108
       108
        
             git = {

     

       109
       109
        
               uid = config.ids.uids.git;

     

       110
       110
       +
               group = "git";

     

       110
       111
        
               description = "Git daemon user";

     

       111
       112
        
             };

     

       112
       113
        
           };

+1

nixos/modules/services/networking/iodine.nix

···

       190
       190
        
       

     

       191
       191
        
           users.users.${iodinedUser} = {

     

       192
       192
        
             uid = config.ids.uids.iodined;

     

       193
       193
       +
             group = "iodined";

     

       193
       194
        
             description = "Iodine daemon user";

     

       194
       195
        
           };

     

       195
       196
        
           users.groups.iodined.gid = config.ids.gids.iodined;

+2

nixos/modules/services/networking/morty.nix

···

       77
       77
        
               createHome = true;

     

       78
       78
        
               home = "/var/lib/morty";

     

       79
       79
        
               isSystemUser = true;

     

       80
       80
       +
               group = "morty";

     

       80
       81
        
             };

     

       82
       82
       +
           users.groups.morty = {};

     

       81
       83
        
       

     

       82
       84
        
           systemd.services.morty =

     

       83
       85
        
             {

+2

nixos/modules/services/networking/ncdns.nix

···

       245
       245
        
       

     

       246
       246
        
           users.users.ncdns = {

     

       247
       247
        
             isSystemUser = true;

     

       248
       248
       +
             group = "ncdns";

     

       248
       249
        
             description = "ncdns daemon user";

     

       249
       250
        
           };

     

       251
       251
       +
           users.groups.ncdns = {};

     

       250
       252
        
       

     

       251
       253
        
           systemd.services.ncdns = {

     

       252
       254
        
             description = "ncdns daemon";

+1

nixos/modules/services/networking/networkmanager.nix

···

       464
       464
        
           users.users = {

     

       465
       465
        
             nm-openvpn = {

     

       466
       466
        
               uid = config.ids.uids.nm-openvpn;

     

       467
       467
       +
               group = "nm-openvpn";

     

       467
       468
        
               extraGroups = [ "networkmanager" ];

     

       468
       469
        
             };

     

       469
       470
        
             nm-iodine = {

+4 -1

nixos/modules/services/networking/ngircd.nix

···

       52
       52
        
           };

     

       53
       53
        
       

     

       54
       54
        
           users.users.ngircd = {

     

       55
       55
       -
             uid = config.ids.uids.ngircd;

     

       55
       55
       +
             isSystemUser = true;

     

       56
       56
       +
             group = "ngircd";

     

       56
       57
        
             description = "ngircd user.";

     

       57
       58
        
           };

     

       59
       59
       +
           users.groups.ngircd = {};

     

       60
       60
       +
       

     

       58
       61
        
         };

     

       59
       62
        
       }

+1 -1

nixos/modules/services/networking/pleroma.nix

···

       74
       74
        
             users."${cfg.user}" = {

     

       75
       75
        
               description = "Pleroma user";

     

       76
       76
        
               home = cfg.stateDir;

     

       77
       77
       -
               extraGroups = [ cfg.group ];

     

       77
       77
       +
               group = cfg.group;

     

       78
       78
        
               isSystemUser = true;

     

       79
       79
        
             };

     

       80
       80
        
             groups."${cfg.group}" = {};

+5 -2

nixos/modules/services/networking/radicale.nix

···

       140
       140
        
       

     

       141
       141
        
           environment.systemPackages = [ pkg ];

     

       142
       142
        
       

     

       143
       143
       -
           users.users.radicale.uid = config.ids.uids.radicale;

     

       143
       143
       +
           users.users.radicale = {

     

       144
       144
       +
             isSystemUser = true;

     

       145
       145
       +
             group = "radicale";

     

       146
       146
       +
           };

     

       144
       147
        
       

     

       145
       145
       -
           users.groups.radicale.gid = config.ids.gids.radicale;

     

       148
       148
       +
           users.groups.radicale = {};

     

       146
       149
        
       

     

       147
       150
        
           systemd.services.radicale = {

     

       148
       151
        
             description = "A Simple Calendar and Contact Server";

+4 -1

nixos/modules/services/networking/radvd.nix

···

       55
       55
        
         config = mkIf cfg.enable {

     

       56
       56
        
       

     

       57
       57
        
           users.users.radvd =

     

       58
       58
       -
             { uid = config.ids.uids.radvd;

     

       58
       58
       +
             {

     

       59
       59
       +
               isSystemUser = true;

     

       60
       60
       +
               group = "radvd";

     

       59
       61
        
               description = "Router Advertisement Daemon User";

     

       60
       62
        
             };

     

       63
       63
       +
           users.groups.radvd = {};

     

       61
       64
        
       

     

       62
       65
        
           systemd.services.radvd =

     

       63
       66
        
             { description = "IPv6 Router Advertisement Daemon";

+3 -2

nixos/modules/services/networking/smokeping.nix

···

       259
       259
        
             user = mkOption {

     

       260
       260
        
               type = types.str;

     

       261
       261
        
               default = "smokeping";

     

       262
       262
       -
               description = "User that runs smokeping and (optionally) thttpd";

     

       262
       262
       +
               description = "User that runs smokeping and (optionally) thttpd. A group of the same name will be created as well.";

     

       263
       263
        
             };

     

       264
       264
        
             webService = mkOption {

     

       265
       265
        
               type = types.bool;

     
···

       285
       285
        
           users.users.${cfg.user} = {

     

       286
       286
        
             isNormalUser = false;

     

       287
       287
        
             isSystemUser = true;

     

       288
       288
       -
             uid = config.ids.uids.smokeping;

     

       288
       288
       +
             group = cfg.user;

     

       289
       289
        
             description = "smokeping daemon user";

     

       290
       290
        
             home = smokepingHome;

     

       291
       291
        
             createHome = true;

     

       292
       292
        
           };

     

       293
       293
       +
           users.groups.${cfg.user} = {};

     

       293
       294
        
           systemd.services.smokeping = {

     

       294
       295
        
             wantedBy = [ "multi-user.target"];

     

       295
       296
        
             serviceConfig = {

+4 -1

nixos/modules/services/networking/ssh/sshd.nix

···

       401
       401
        
         config = mkIf cfg.enable {

     

       402
       402
        
       

     

       403
       403
        
           users.users.sshd =

     

       404
       404
       -
             { isSystemUser = true;

     

       404
       404
       +
             {

     

       405
       405
       +
               isSystemUser = true;

     

       406
       406
       +
               group = "sshd";

     

       405
       407
        
               description = "SSH privilege separation user";

     

       406
       408
        
             };

     

       409
       409
       +
           users.groups.sshd = {};

     

       407
       410
        
       

     

       408
       411
        
           services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli";

     

       409
       412
        
           services.openssh.sftpServerExecutable = mkDefault "${cfgc.package}/libexec/sftp-server";

+5 -1

nixos/modules/services/networking/tinydns.nix

···

       32
       32
        
         config = mkIf config.services.tinydns.enable {

     

       33
       33
        
           environment.systemPackages = [ pkgs.djbdns ];

     

       34
       34
        
       

     

       35
       35
       -
           users.users.tinydns.isSystemUser = true;

     

       35
       35
       +
           users.users.tinydns = {

     

       36
       36
       +
             isSystemUser = true;

     

       37
       37
       +
             group = "tinydns";

     

       38
       38
       +
           };

     

       39
       39
       +
           users.groups.tinydns = {};

     

       36
       40
        
       

     

       37
       41
        
           systemd.services.tinydns = {

     

       38
       42
        
             description = "djbdns tinydns server";

+3 -1

nixos/modules/services/scheduling/atd.nix

···

       58
       58
        
           security.pam.services.atd = {};

     

       59
       59
        
       

     

       60
       60
        
           users.users.atd =

     

       61
       61
       -
             { uid = config.ids.uids.atd;

     

       61
       61
       +
             {

     

       62
       62
       +
               uid = config.ids.uids.atd;

     

       63
       63
       +
               group = "atd";

     

       62
       64
        
               description = "atd user";

     

       63
       65
        
               home = "/var/empty";

     

       64
       66
        
             };

+3 -1

nixos/modules/services/search/kibana.nix

···

       199
       199
        
           environment.systemPackages = [ cfg.package ];

     

       200
       200
        
       

     

       201
       201
        
           users.users.kibana = {

     

       202
       202
       -
             uid = config.ids.uids.kibana;

     

       202
       202
       +
             isSystemUser = true;

     

       203
       203
        
             description = "Kibana service user";

     

       204
       204
        
             home = cfg.dataDir;

     

       205
       205
        
             createHome = true;

     

       206
       206
       +
             group = "kibana";

     

       206
       207
        
           };

     

       208
       208
       +
           users.groups.kibana = {};

     

       207
       209
        
         };

     

       208
       210
        
       }

+2

nixos/modules/services/security/hockeypuck.nix

···

       82
       82
        
       

     

       83
       83
        
           users.users.hockeypuck = {

     

       84
       84
        
             isSystemUser = true;

     

       85
       85
       +
             group = "hockeypuck";

     

       85
       86
        
             description = "Hockeypuck user";

     

       86
       87
        
           };

     

       88
       88
       +
           users.groups.hockeypuck = {};

     

       87
       89
        
       

     

       88
       90
        
           systemd.services.hockeypuck = {

     

       89
       91
        
             description = "Hockeypuck OpenPGP Key Server";

+2

nixos/modules/services/torrent/magnetico.nix

···

       172
       172
        
       

     

       173
       173
        
           users.users.magnetico = {

     

       174
       174
        
             description = "Magnetico daemons user";

     

       175
       175
       +
             group = "magnetico";

     

       175
       176
        
             isSystemUser = true;

     

       176
       177
        
           };

     

       178
       178
       +
           users.groups.magnetico = {};

     

       177
       179
        
       

     

       178
       180
        
           systemd.services.magneticod = {

     

       179
       181
        
             description = "Magnetico DHT crawler";

+5 -1

nixos/modules/services/torrent/peerflix.nix

···

       60
       60
        
             };

     

       61
       61
        
           };

     

       62
       62
        
       

     

       63
       63
       -
           users.users.peerflix.uid = config.ids.uids.peerflix;

     

       63
       63
       +
           users.users.peerflix = {

     

       64
       64
       +
             isSystemUser = true;

     

       65
       65
       +
             group = "peerflix";

     

       66
       66
       +
           };

     

       67
       67
       +
           users.groups.peerflix = {};

     

       64
       68
        
         };

     

       65
       69
        
       }

+1

nixos/modules/services/web-apps/node-red.nix

···

       114
       114
        
           users.users = optionalAttrs (cfg.user == defaultUser) {

     

       115
       115
        
             ${defaultUser} = {

     

       116
       116
        
               isSystemUser = true;

     

       117
       117
       +
               group = defaultUser;

     

       117
       118
        
             };

     

       118
       119
        
           };

     

       119
       120

+12 -3

nixos/modules/system/boot/systemd.nix

···

       1056
       1056
        
       

     

       1057
       1057
        
           services.dbus.enable = true;

     

       1058
       1058
        
       

     

       1059
       1059
       -
           users.users.systemd-coredump.uid = config.ids.uids.systemd-coredump;

     

       1060
       1060
       -
           users.users.systemd-network.uid = config.ids.uids.systemd-network;

     

       1059
       1059
       +
           users.users.systemd-coredump = {

     

       1060
       1060
       +
             uid = config.ids.uids.systemd-coredump;

     

       1061
       1061
       +
             group = "systemd-coredump";

     

       1062
       1062
       +
           };

     

       1063
       1063
       +
           users.users.systemd-network = {

     

       1064
       1064
       +
             uid = config.ids.uids.systemd-network;

     

       1065
       1065
       +
             group = "systemd-network";

     

       1066
       1066
       +
           };

     

       1061
       1067
        
           users.groups.systemd-network.gid = config.ids.gids.systemd-network;

     

       1062
       1062
       -
           users.users.systemd-resolve.uid = config.ids.uids.systemd-resolve;

     

       1068
       1068
       +
           users.users.systemd-resolve = {

     

       1069
       1069
       +
             uid = config.ids.uids.systemd-resolve;

     

       1070
       1070
       +
             group = "systemd-resolve";

     

       1071
       1071
       +
           };

     

       1063
       1072
        
           users.groups.systemd-resolve.gid = config.ids.gids.systemd-resolve;

     

       1064
       1073
        
       

     

       1065
       1074
        
           # Target for ‘charon send-keys’ to hook into.

+1 -1

nixos/modules/virtualisation/lxd.nix

···

       158
       158
        
             };

     

       159
       159
        
           };

     

       160
       160
        
       

     

       161
       161
       -
           users.groups.lxd.gid = config.ids.gids.lxd;

     

       161
       161
       +
           users.groups.lxd = {};

     

       162
       162
        
       

     

       163
       163
        
           users.users.root = {

     

       164
       164
        
             subUidRanges = [ { startUid = 1000000; count = 65536; } ];

+10 -1

nixos/tests/unbound.nix

···

       145
       145
        
                 # user that is permitted to access the unix socket

     

       146
       146
        
                 someuser = {

     

       147
       147
        
                   isSystemUser = true;

     

       148
       148
       +
                   group = "someuser";

     

       148
       149
        
                   extraGroups = [

     

       149
       150
        
                     config.users.users.unbound.group

     

       150
       151
        
                   ];

     

       151
       152
        
                 };

     

       152
       153
        
       

     

       153
       154
        
                 # user that is not permitted to access the unix socket

     

       154
       154
       -
                 unauthorizeduser = { isSystemUser = true; };

     

       155
       155
       +
                 unauthorizeduser = {

     

       156
       156
       +
                   isSystemUser = true;

     

       157
       157
       +
                   group = "unauthorizeduser";

     

       158
       158
       +
                 };

     

       159
       159
       +
       

     

       160
       160
       +
               };

     

       161
       161
       +
               users.groups = {

     

       162
       162
       +
                 someuser = {};

     

       163
       163
       +
                 unauthorizeduser = {};

     

       155
       164
        
               };

     

       156
       165
        
       

     

       157
       166
        
               # Used for testing configuration reloading