| blob | 8b0127dc29f745999233be99395a8782042c3f60 |
1 # This module defines the global list of uids and gids. We keep a
2 # central list to prevent id collisions.
4 # IMPORTANT!
5 # We only add static uids and gids for services where it is not feasible
6 # to change uids/gids on service start, for example a service with a lot of
7 # files. Please also check if the service is applicable for systemd's
8 # DynamicUser option and does not need a uid/gid allocation at all.
9 # Systemd can also change ownership of service directories using the
10 # RuntimeDirectory/StateDirectory options.
12 { lib, ... }:
14 let
15 inherit (lib) types;
16 in
17 {
18 options = {
20 ids.uids = lib.mkOption {
21 internal = true;
22 description = ''
23 The user IDs used in NixOS.
24 '';
25 type = types.attrsOf types.int;
26 };
28 ids.gids = lib.mkOption {
29 internal = true;
30 description = ''
31 The group IDs used in NixOS.
32 '';
33 type = types.attrsOf types.int;
34 };
36 };
38 config = {
40 ids.uids = {
41 root = 0;
42 #wheel = 1; # unused
43 #kmem = 2; # unused
44 #tty = 3; # unused
45 messagebus = 4; # D-Bus
46 haldaemon = 5;
47 #disk = 6; # unused
48 #vsftpd = 7; # dynamically allocated ass of 2021-09-14
49 ftp = 8;
50 # bitlbee = 9; # removed 2021-10-05 #139765
51 #avahi = 10; # removed 2019-05-22
52 nagios = 11;
53 atd = 12;
54 postfix = 13;
55 #postdrop = 14; # unused
56 dovecot = 15;
57 tomcat = 16;
58 #audio = 17; # unused
59 #floppy = 18; # unused
60 uucp = 19;
61 #lp = 20; # unused
62 #proc = 21; # unused
63 pulseaudio = 22; # must match `pulseaudio' GID
64 gpsd = 23;
65 #cdrom = 24; # unused
66 #tape = 25; # unused
67 #video = 26; # unused
68 #dialout = 27; # unused
69 polkituser = 28;
70 #utmp = 29; # unused
71 # ddclient = 30; # converted to DynamicUser = true
72 davfs2 = 31;
73 disnix = 33;
74 osgi = 34;
75 tor = 35;
76 cups = 36;
77 foldingathome = 37;
78 sabnzbd = 38;
79 #kdm = 39; # dropped in 17.03
80 #ghostone = 40; # dropped in 18.03
81 git = 41;
82 #fourstore = 42; # dropped in 20.03
83 #fourstorehttp = 43; # dropped in 20.03
84 #virtuoso = 44; dropped module
85 #rtkit = 45; # dynamically allocated 2021-09-03
86 dovecot2 = 46;
87 dovenull2 = 47;
88 # prayer = 49; # dropped in 23.11
89 mpd = 50;
90 clamav = 51;
91 #fprot = 52; # unused
92 # bind = 53; #dynamically allocated as of 2021-09-03
93 wwwrun = 54;
94 #adm = 55; # unused
95 spamd = 56;
96 #networkmanager = 57; # unused
97 nslcd = 58;
98 scanner = 59;
99 nginx = 60;
100 chrony = 61;
101 #systemd-journal = 62; # unused
102 smtpd = 63;
103 smtpq = 64;
104 supybot = 65;
105 iodined = 66;
106 #libvirtd = 67; # unused
107 graphite = 68;
108 #statsd = 69; # removed 2018-11-14
109 transmission = 70;
110 postgres = 71;
111 #vboxusers = 72; # unused
112 #vboxsf = 73; # unused
113 smbguest = 74; # unused
114 varnish = 75;
115 datadog = 76;
116 lighttpd = 77;
117 lightdm = 78;
118 freenet = 79;
119 ircd = 80;
120 bacula = 81;
121 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
122 deluge = 83;
123 mysql = 84;
124 rabbitmq = 85;
125 activemq = 86;
126 gnunet = 87;
127 oidentd = 88;
128 quassel = 89;
129 amule = 90;
130 minidlna = 91;
131 elasticsearch = 92;
132 tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
133 firebird = 95;
134 #keys = 96; # unused
135 #haproxy = 97; # dynamically allocated as of 2020-03-11
136 #mongodb = 98; #dynamically allocated as of 2021-09-03
137 #openldap = 99; # dynamically allocated as of PR#94610
138 #users = 100; # unused
139 # cgminer = 101; #dynamically allocated as of 2021-09-17
140 munin = 102;
141 #logcheck = 103; #dynamically allocated as of 2021-09-17
142 #nix-ssh = 104; #dynamically allocated as of 2021-09-03
143 dictd = 105;
144 couchdb = 106;
145 #searx = 107; # dynamically allocated as of 2020-10-27
146 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04
147 jenkins = 109;
148 systemd-journal-gateway = 110;
149 #notbit = 111; # unused
150 aerospike = 111;
151 #ngircd = 112; #dynamically allocated as of 2021-09-03
152 #btsync = 113; # unused
153 #minecraft = 114; #dynamically allocated as of 2021-09-03
154 vault = 115;
155 # rippled = 116; #dynamically allocated as of 2021-09-18
156 murmur = 117;
157 foundationdb = 118;
158 newrelic = 119;
159 starbound = 120;
160 hydra = 122;
161 spiped = 123;
162 teamspeak = 124;
163 influxdb = 125;
164 nsd = 126;
165 gitolite = 127;
166 znc = 128;
167 polipo = 129;
168 mopidy = 130;
169 #docker = 131; # unused
170 gdm = 132;
171 #dhcpd = 133; # dynamically allocated as of 2021-09-03
172 siproxd = 134;
173 mlmmj = 135;
174 #neo4j = 136;# dynamically allocated as of 2021-09-03
175 riemann = 137;
176 riemanndash = 138;
177 #radvd = 139;# dynamically allocated as of 2021-09-03
178 #zookeeper = 140;# dynamically allocated as of 2021-09-03
179 #dnsmasq = 141;# dynamically allocated as of 2021-09-03
180 #uhub = 142; # unused
181 yandexdisk = 143;
182 # mxisd = 144; # removed 2024-07-10
183 #consul = 145;# dynamically allocated as of 2021-09-03
184 #mailpile = 146; # removed 2022-01-12
185 redmine = 147;
186 #seeks = 148; # removed 2020-06-21
187 prosody = 149;
188 i2pd = 150;
189 systemd-coredump = 151;
190 systemd-network = 152;
191 systemd-resolve = 153;
192 systemd-timesync = 154;
193 liquidsoap = 155;
194 #etcd = 156;# dynamically allocated as of 2021-09-03
195 hbase = 158;
196 opentsdb = 159;
197 scollector = 160;
198 bosun = 161;
199 kubernetes = 162;
200 peerflix = 163;
201 #chronos = 164; # removed 2020-08-15
202 gitlab = 165;
203 # tox-bootstrapd = 166; removed 2021-09-15
204 cadvisor = 167;
205 nylon = 168;
206 #apache-kafka = 169;# dynamically allocated as of 2021-09-03
207 #panamax = 170; # unused
208 exim = 172;
209 #fleet = 173; # unused
210 #input = 174; # unused
211 sddm = 175;
212 #tss = 176; # dynamically allocated as of 2021-09-17
213 #memcached = 177; removed 2018-01-03
214 #ntp = 179; # dynamically allocated as of 2021-09-17
215 zabbix = 180;
216 #redis = 181; removed 2018-01-03
217 #unifi = 183; dynamically allocated as of 2021-09-17
218 uptimed = 184;
219 #zope2 = 185; # dynamically allocated as of 2021-09-18
220 #ripple-data-api = 186; dynamically allocated as of 2021-09-17
221 mediatomb = 187;
222 #rdnssd = 188; #dynamically allocated as of 2021-09-18
223 ihaskell = 189;
224 i2p = 190;
225 lambdabot = 191;
226 asterisk = 192;
227 plex = 193;
228 plexpy = 195;
229 grafana = 196;
230 skydns = 197;
231 # ripple-rest = 198; # unused, removed 2017-08-12
232 # nix-serve = 199; # unused, removed 2020-12-12
233 #tvheadend = 200; # dynamically allocated as of 2021-09-18
234 uwsgi = 201;
235 # gitit = 202; # unused, module was removed 2023-04-03
236 riemanntools = 203;
237 subsonic = 204;
238 # riak = 205; # unused, remove 2022-07-22
239 #shout = 206; # dynamically allocated as of 2021-09-18
240 gateone = 207;
241 namecoin = 208;
242 #lxd = 210; # unused
243 #kibana = 211;# dynamically allocated as of 2021-09-03
244 xtreemfs = 212;
245 calibre-server = 213;
246 #heapster = 214; #dynamically allocated as of 2021-09-17
247 bepasty = 215;
248 # pumpio = 216; # unused, removed 2018-02-24
249 nm-openvpn = 217;
250 # mathics = 218; # unused, removed 2020-08-15
251 ejabberd = 219;
252 postsrsd = 220;
253 opendkim = 221;
254 dspam = 222;
255 # gale = 223; removed 2021-06-10
256 matrix-synapse = 224;
257 rspamd = 225;
258 # rmilter = 226; # unused, removed 2019-08-22
259 cfdyndns = 227;
260 # gammu-smsd = 228; #dynamically allocated as of 2021-09-17
261 pdnsd = 229;
262 octoprint = 230;
263 avahi-autoipd = 231;
264 # nntp-proxy = 232; #dynamically allocated as of 2021-09-17
265 mjpg-streamer = 233;
266 #radicale = 234;# dynamically allocated as of 2021-09-03
267 hydra-queue-runner = 235;
268 hydra-www = 236;
269 syncthing = 237;
270 caddy = 239;
271 taskd = 240;
272 # factorio = 241; # DynamicUser = true
273 # emby = 242; # unusued, removed 2019-05-01
274 #graylog = 243;# dynamically allocated as of 2021-09-03
275 sniproxy = 244;
276 nzbget = 245;
277 mosquitto = 246;
278 #toxvpn = 247; # dynamically allocated as of 2021-09-18
279 # squeezelite = 248; # DynamicUser = true
280 turnserver = 249;
281 #smokeping = 250;# dynamically allocated as of 2021-09-03
282 gocd-agent = 251;
283 gocd-server = 252;
284 terraria = 253;
285 mattermost = 254;
286 prometheus = 255;
287 telegraf = 256;
288 gitlab-runner = 257;
289 postgrey = 258;
290 # hound = 259; # unused, removed 2023-11-21
291 leaps = 260;
292 ipfs = 261;
293 # stanchion = 262; # unused, removed 2020-10-14
294 # riak-cs = 263; # unused, removed 2020-10-14
295 infinoted = 264;
296 sickbeard = 265;
297 headphones = 266;
298 # couchpotato = 267; # unused, removed 2022-01-01
299 # gogs = 268; # unused, removed in 2024-10-12
300 #pdns-recursor = 269; # dynamically allocated as of 2020-20-18
301 #kresd = 270; # switched to "knot-resolver" with dynamic ID
302 rpc = 271;
303 #geoip = 272; # new module uses DynamicUser
304 fcron = 273;
305 sonarr = 274;
306 radarr = 275;
307 jackett = 276;
308 aria2 = 277;
309 clickhouse = 278;
310 rslsync = 279;
311 minio = 280;
312 kanboard = 281;
313 # pykms = 282; # DynamicUser = true
314 kodi = 283;
315 # restya-board = 284; # removed 2024-01-22
316 mighttpd2 = 285;
317 hass = 286;
318 #monero = 287; # dynamically allocated as of 2021-05-08
319 ceph = 288;
320 duplicati = 289;
321 monetdb = 290;
322 restic = 291;
323 openvpn = 292;
324 # meguca = 293; # removed 2020-08-21
325 yarn = 294;
326 hdfs = 295;
327 mapred = 296;
328 hadoop = 297;
329 #hydron = 298; # removed 2024-08-03
330 cfssl = 299;
331 cassandra = 300;
332 qemu-libvirtd = 301;
333 # kvm = 302; # unused
334 # render = 303; # unused
335 # zeronet = 304; # removed 2019-01-03
336 lirc = 305;
337 lidarr = 306;
338 slurm = 307;
339 kapacitor = 308;
340 # solr = 309; removed 2023-03-16
341 alerta = 310;
342 minetest = 311;
343 rss2email = 312;
344 cockroachdb = 313;
345 zoneminder = 314;
346 paperless = 315;
347 #mailman = 316; # removed 2019-08-30
348 zigbee2mqtt = 317;
349 # shadow = 318; # unused
350 hqplayer = 319;
351 moonraker = 320;
352 distcc = 321;
353 webdav = 322;
354 pipewire = 323;
355 rstudio-server = 324;
356 localtimed = 325;
357 automatic-timezoned = 326;
359 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
361 nixbld = 30000; # start of range of uids
362 nobody = 65534;
363 };
365 ids.gids = {
366 root = 0;
367 wheel = 1;
368 kmem = 2;
369 tty = 3;
370 messagebus = 4; # D-Bus
371 haldaemon = 5;
372 disk = 6;
373 #vsftpd = 7; # dynamically allocated as of 2021-09-14
374 ftp = 8;
375 # bitlbee = 9; # removed 2021-10-05 #139765
376 #avahi = 10; # removed 2019-05-22
377 #nagios = 11; # unused
378 atd = 12;
379 postfix = 13;
380 postdrop = 14;
381 dovecot = 15;
382 tomcat = 16;
383 audio = 17;
384 floppy = 18;
385 uucp = 19;
386 lp = 20;
387 proc = 21;
388 pulseaudio = 22; # must match `pulseaudio' UID
389 gpsd = 23;
390 cdrom = 24;
391 tape = 25;
392 video = 26;
393 dialout = 27;
394 #polkituser = 28; # currently unused, polkitd doesn't need a group
395 utmp = 29;
396 # ddclient = 30; # converted to DynamicUser = true
397 davfs2 = 31;
398 disnix = 33;
399 osgi = 34;
400 tor = 35;
401 #cups = 36; # unused
402 #foldingathome = 37; # unused
403 #sabnzd = 38; # unused
404 #kdm = 39; # unused, even before 17.03
405 #ghostone = 40; # dropped in 18.03
406 git = 41;
407 fourstore = 42;
408 fourstorehttp = 43;
409 virtuoso = 44;
410 #rtkit = 45; # unused
411 dovecot2 = 46;
412 dovenull2 = 47;
413 # prayer = 49; # dropped in 23.11
414 mpd = 50;
415 clamav = 51;
416 #fprot = 52; # unused
417 #bind = 53; # unused
418 wwwrun = 54;
419 adm = 55;
420 spamd = 56;
421 networkmanager = 57;
422 nslcd = 58;
423 scanner = 59;
424 nginx = 60;
425 chrony = 61;
426 systemd-journal = 62;
427 smtpd = 63;
428 smtpq = 64;
429 supybot = 65;
430 iodined = 66;
431 libvirtd = 67;
432 graphite = 68;
433 #statsd = 69; # removed 2018-11-14
434 transmission = 70;
435 postgres = 71;
436 vboxusers = 72;
437 vboxsf = 73;
438 smbguest = 74; # unused
439 varnish = 75;
440 datadog = 76;
441 lighttpd = 77;
442 lightdm = 78;
443 freenet = 79;
444 ircd = 80;
445 bacula = 81;
446 #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
447 deluge = 83;
448 mysql = 84;
449 rabbitmq = 85;
450 activemq = 86;
451 gnunet = 87;
452 oidentd = 88;
453 quassel = 89;
454 amule = 90;
455 minidlna = 91;
456 elasticsearch = 92;
457 #tcpcryptd = 93; # unused
458 firebird = 95;
459 keys = 96;
460 #haproxy = 97; # dynamically allocated as of 2020-03-11
461 #mongodb = 98; # unused
462 #openldap = 99; # dynamically allocated as of PR#94610
463 munin = 102;
464 #logcheck = 103; # unused
465 #nix-ssh = 104; # unused
466 dictd = 105;
467 couchdb = 106;
468 #searx = 107; # dynamically allocated as of 2020-10-27
469 #kippo = 108; # removed 2021-10-07, the kippo package was removed in 1b213f321cdbfcf868b96fd9959c24207ce1b66a during 2021-04
470 jenkins = 109;
471 systemd-journal-gateway = 110;
472 #notbit = 111; # unused
473 aerospike = 111;
474 #ngircd = 112; # unused
475 #btsync = 113; # unused
476 #minecraft = 114; # unused
477 vault = 115;
478 #ripped = 116; # unused
479 murmur = 117;
480 foundationdb = 118;
481 newrelic = 119;
482 starbound = 120;
483 hydra = 122;
484 spiped = 123;
485 teamspeak = 124;
486 influxdb = 125;
487 nsd = 126;
488 gitolite = 127;
489 znc = 128;
490 polipo = 129;
491 mopidy = 130;
492 docker = 131;
493 gdm = 132;
494 #dhcpcd = 133; # unused
495 siproxd = 134;
496 mlmmj = 135;
497 #neo4j = 136; # unused
498 riemann = 137;
499 riemanndash = 138;
500 #radvd = 139; # unused
501 #zookeeper = 140; # unused
502 #dnsmasq = 141; # unused
503 uhub = 142;
504 #yandexdisk = 143; # unused
505 # mxisd = 144; # removed 2024-07-10
506 #consul = 145; # unused
507 #mailpile = 146; # removed 2022-01-12
508 redmine = 147;
509 #seeks = 148; # removed 2020-06-21
510 prosody = 149;
511 i2pd = 150;
512 systemd-network = 152;
513 systemd-resolve = 153;
514 systemd-timesync = 154;
515 liquidsoap = 155;
516 #etcd = 156; # unused
517 hbase = 158;
518 opentsdb = 159;
519 scollector = 160;
520 bosun = 161;
521 kubernetes = 162;
522 #peerflix = 163; # unused
523 #chronos = 164; # unused
524 gitlab = 165;
525 nylon = 168;
526 #panamax = 170; # unused
527 exim = 172;
528 #fleet = 173; # unused
529 input = 174;
530 sddm = 175;
531 #tss = 176; #dynamically allocateda as of 2021-09-20
532 #memcached = 177; # unused, removed 2018-01-03
533 #ntp = 179; # unused
534 zabbix = 180;
535 #redis = 181; # unused, removed 2018-01-03
536 #unifi = 183; # unused
537 #uptimed = 184; # unused
538 #zope2 = 185; # unused
539 #ripple-data-api = 186; #unused
540 mediatomb = 187;
541 #rdnssd = 188; # unused
542 ihaskell = 189;
543 i2p = 190;
544 lambdabot = 191;
545 asterisk = 192;
546 plex = 193;
547 sabnzbd = 194;
548 #grafana = 196; #unused
549 #skydns = 197; #unused
550 # ripple-rest = 198; # unused, removed 2017-08-12
551 #nix-serve = 199; #unused
552 #tvheadend = 200; #unused
553 uwsgi = 201;
554 gitit = 202;
555 riemanntools = 203;
556 subsonic = 204;
557 # riak = 205;#unused, removed 2022-06-22
558 #shout = 206; #unused
559 gateone = 207;
560 namecoin = 208;
561 #lxd = 210; # unused
562 #kibana = 211;
563 xtreemfs = 212;
564 calibre-server = 213;
565 bepasty = 215;
566 # pumpio = 216; # unused, removed 2018-02-24
567 nm-openvpn = 217;
568 mathics = 218;
569 ejabberd = 219;
570 postsrsd = 220;
571 opendkim = 221;
572 dspam = 222;
573 # gale = 223; removed 2021-06-10
574 matrix-synapse = 224;
575 rspamd = 225;
576 # rmilter = 226; # unused, removed 2019-08-22
577 cfdyndns = 227;
578 pdnsd = 229;
579 octoprint = 230;
580 #radicale = 234;# dynamically allocated as of 2021-09-03
581 syncthing = 237;
582 caddy = 239;
583 taskd = 240;
584 # factorio = 241; # unused
585 # emby = 242; # unused, removed 2019-05-01
586 sniproxy = 244;
587 nzbget = 245;
588 mosquitto = 246;
589 #toxvpn = 247; # unused
590 #squeezelite = 248; #unused
591 turnserver = 249;
592 #smokeping = 250;# dynamically allocated as of 2021-09-03
593 gocd-agent = 251;
594 gocd-server = 252;
595 terraria = 253;
596 mattermost = 254;
597 prometheus = 255;
598 #telegraf = 256; # unused
599 gitlab-runner = 257;
600 postgrey = 258;
601 # hound = 259; # unused, removed 2023-11-21
602 leaps = 260;
603 ipfs = 261;
604 # stanchion = 262; # unused, removed 2020-10-14
605 # riak-cs = 263; # unused, removed 2020-10-14
606 infinoted = 264;
607 sickbeard = 265;
608 headphones = 266;
609 # couchpotato = 267; # unused, removed 2022-01-01
610 # gogs = 268; # unused, removed in 2024-10-12
611 #kresd = 270; # switched to "knot-resolver" with dynamic ID
612 #rpc = 271; # unused
613 #geoip = 272; # unused
614 fcron = 273;
615 sonarr = 274;
616 radarr = 275;
617 jackett = 276;
618 aria2 = 277;
619 clickhouse = 278;
620 rslsync = 279;
621 minio = 280;
622 kanboard = 281;
623 # pykms = 282; # DynamicUser = true
624 kodi = 283;
625 # restya-board = 284; # removed 2024-01-22
626 mighttpd2 = 285;
627 hass = 286;
628 # monero = 287; # dynamically allocated as of 2021-05-08
629 ceph = 288;
630 duplicati = 289;
631 monetdb = 290;
632 restic = 291;
633 openvpn = 292;
634 # meguca = 293; # removed 2020-08-21
635 yarn = 294;
636 hdfs = 295;
637 mapred = 296;
638 hadoop = 297;
639 #hydron = 298; # removed 2024-08-03
640 cfssl = 299;
641 cassandra = 300;
642 qemu-libvirtd = 301;
643 kvm = 302; # default udev rules from systemd requires these
644 render = 303; # default udev rules from systemd requires these
645 sgx = 304; # default udev rules from systemd requires these
646 lirc = 305;
647 lidarr = 306;
648 slurm = 307;
649 kapacitor = 308;
650 # solr = 309; removed 2023-03-16
651 alerta = 310;
652 minetest = 311;
653 rss2email = 312;
654 cockroachdb = 313;
655 zoneminder = 314;
656 paperless = 315;
657 #mailman = 316; # removed 2019-08-30
658 zigbee2mqtt = 317;
659 shadow = 318;
660 hqplayer = 319;
661 moonraker = 320;
662 distcc = 321;
663 webdav = 322;
664 pipewire = 323;
665 rstudio-server = 324;
666 localtimed = 325;
667 automatic-timezoned = 326;
668 uinput = 327;
670 # When adding a gid, make sure it doesn't match an existing
671 # uid. Users and groups with the same name should have equal
672 # uids and gids. Also, don't use gids above 399!
674 # For exceptional cases where you really need a gid above 399, leave a
675 # comment stating why.
676 #
677 # Also, avoid the following GID ranges:
678 #
679 # 1000 - 29999: user accounts (see ../config/update-users-groups.pl)
680 # 30000 - 31000: nixbld users (the upper limit is arbitrarily chosen)
681 # 61184 - 65519: systemd DynamicUser (see systemd.exec(5))
682 # 65535: the error return sentinel value when uid_t was 16 bits
683 #
684 # 100000 - 6653600: subgid allocated for user namespaces
685 # (see ../config/update-users-groups.pl)
686 # 4294967294: unauthenticated user in some NFS implementations
687 # 4294967295: error return sentinel value
688 #
689 # References:
690 # https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
692 onepassword = 31001; # 1Password requires that its GID be larger than 1000
693 onepassword-cli = 31002; # 1Password requires that its GID be larger than 1000
695 users = 100;
696 nixbld = 30000;
697 nogroup = 65534;
698 };
700 };
702 }