You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

ids.nix 15KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657
  1. # This module defines the global list of uids and gids. We keep a
  2. # central list to prevent id collisions.
  3. # IMPORTANT!
  4. # We only add static uids and gids for services where it is not feasible
  5. # to change uids/gids on service start, in example a service with a lot of
  6. # files. Please also check if the service is applicable for systemd's
  7. # DynamicUser option and does not need a uid/gid allocation at all.
  8. # Systemd can also change ownership of service directories using the
  9. # RuntimeDirectory/StateDirectory options.
  10. { lib, ... }:
  11. {
  12. options = {
  13. ids.uids = lib.mkOption {
  14. internal = true;
  15. description = ''
  16. The user IDs used in NixOS.
  17. '';
  18. };
  19. ids.gids = lib.mkOption {
  20. internal = true;
  21. description = ''
  22. The group IDs used in NixOS.
  23. '';
  24. };
  25. };
  26. config = {
  27. ids.uids = {
  28. root = 0;
  29. #wheel = 1; # unused
  30. #kmem = 2; # unused
  31. #tty = 3; # unused
  32. messagebus = 4; # D-Bus
  33. haldaemon = 5;
  34. #disk = 6; # unused
  35. vsftpd = 7;
  36. ftp = 8;
  37. bitlbee = 9;
  38. #avahi = 10; # removed 2019-05-22
  39. nagios = 11;
  40. atd = 12;
  41. postfix = 13;
  42. #postdrop = 14; # unused
  43. dovecot = 15;
  44. tomcat = 16;
  45. #audio = 17; # unused
  46. #floppy = 18; # unused
  47. uucp = 19;
  48. #lp = 20; # unused
  49. #proc = 21; # unused
  50. pulseaudio = 22; # must match `pulseaudio' GID
  51. gpsd = 23;
  52. #cdrom = 24; # unused
  53. #tape = 25; # unused
  54. #video = 26; # unused
  55. #dialout = 27; # unused
  56. polkituser = 28;
  57. #utmp = 29; # unused
  58. # ddclient = 30; # converted to DynamicUser = true
  59. davfs2 = 31;
  60. #disnix = 33; # unused
  61. osgi = 34;
  62. tor = 35;
  63. cups = 36;
  64. foldingathome = 37;
  65. sabnzbd = 38;
  66. #kdm = 39; # dropped in 17.03
  67. #ghostone = 40; # dropped in 18.03
  68. git = 41;
  69. fourstore = 42;
  70. fourstorehttp = 43;
  71. virtuoso = 44;
  72. rtkit = 45;
  73. dovecot2 = 46;
  74. dovenull2 = 47;
  75. prayer = 49;
  76. mpd = 50;
  77. clamav = 51;
  78. fprot = 52;
  79. bind = 53;
  80. wwwrun = 54;
  81. #adm = 55; # unused
  82. spamd = 56;
  83. #networkmanager = 57; # unused
  84. nslcd = 58;
  85. scanner = 59;
  86. nginx = 60;
  87. chrony = 61;
  88. #systemd-journal = 62; # unused
  89. smtpd = 63;
  90. smtpq = 64;
  91. supybot = 65;
  92. iodined = 66;
  93. #libvirtd = 67; # unused
  94. graphite = 68;
  95. #statsd = 69; # removed 2018-11-14
  96. transmission = 70;
  97. postgres = 71;
  98. #vboxusers = 72; # unused
  99. #vboxsf = 73; # unused
  100. smbguest = 74; # unused
  101. varnish = 75;
  102. datadog = 76;
  103. lighttpd = 77;
  104. lightdm = 78;
  105. freenet = 79;
  106. ircd = 80;
  107. bacula = 81;
  108. #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
  109. deluge = 83;
  110. mysql = 84;
  111. rabbitmq = 85;
  112. activemq = 86;
  113. gnunet = 87;
  114. oidentd = 88;
  115. quassel = 89;
  116. amule = 90;
  117. minidlna = 91;
  118. elasticsearch = 92;
  119. tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
  120. firebird = 95;
  121. #keys = 96; # unused
  122. haproxy = 97;
  123. mongodb = 98;
  124. openldap = 99;
  125. #users = 100; # unused
  126. cgminer = 101;
  127. munin = 102;
  128. logcheck = 103;
  129. nix-ssh = 104;
  130. dictd = 105;
  131. couchdb = 106;
  132. searx = 107;
  133. kippo = 108;
  134. jenkins = 109;
  135. systemd-journal-gateway = 110;
  136. #notbit = 111; # unused
  137. aerospike = 111;
  138. ngircd = 112;
  139. #btsync = 113; # unused
  140. minecraft = 114;
  141. vault = 115;
  142. rippled = 116;
  143. murmur = 117;
  144. foundationdb = 118;
  145. newrelic = 119;
  146. starbound = 120;
  147. hydra = 122;
  148. spiped = 123;
  149. teamspeak = 124;
  150. influxdb = 125;
  151. nsd = 126;
  152. gitolite = 127;
  153. znc = 128;
  154. polipo = 129;
  155. mopidy = 130;
  156. #docker = 131; # unused
  157. gdm = 132;
  158. dhcpd = 133;
  159. siproxd = 134;
  160. mlmmj = 135;
  161. neo4j = 136;
  162. riemann = 137;
  163. riemanndash = 138;
  164. radvd = 139;
  165. zookeeper = 140;
  166. dnsmasq = 141;
  167. uhub = 142;
  168. yandexdisk = 143;
  169. mxisd = 144; # was once collectd
  170. consul = 145;
  171. mailpile = 146;
  172. redmine = 147;
  173. seeks = 148;
  174. prosody = 149;
  175. i2pd = 150;
  176. systemd-network = 152;
  177. systemd-resolve = 153;
  178. systemd-timesync = 154;
  179. liquidsoap = 155;
  180. etcd = 156;
  181. hbase = 158;
  182. opentsdb = 159;
  183. scollector = 160;
  184. bosun = 161;
  185. kubernetes = 162;
  186. peerflix = 163;
  187. chronos = 164;
  188. gitlab = 165;
  189. tox-bootstrapd = 166;
  190. cadvisor = 167;
  191. nylon = 168;
  192. apache-kafka = 169;
  193. #panamax = 170; # unused
  194. exim = 172;
  195. #fleet = 173; # unused
  196. #input = 174; # unused
  197. sddm = 175;
  198. tss = 176;
  199. #memcached = 177; removed 2018-01-03
  200. ntp = 179;
  201. zabbix = 180;
  202. #redis = 181; removed 2018-01-03
  203. unifi = 183;
  204. uptimed = 184;
  205. zope2 = 185;
  206. ripple-data-api = 186;
  207. mediatomb = 187;
  208. rdnssd = 188;
  209. ihaskell = 189;
  210. i2p = 190;
  211. lambdabot = 191;
  212. asterisk = 192;
  213. plex = 193;
  214. plexpy = 195;
  215. grafana = 196;
  216. skydns = 197;
  217. # ripple-rest = 198; # unused, removed 2017-08-12
  218. nix-serve = 199;
  219. tvheadend = 200;
  220. uwsgi = 201;
  221. gitit = 202;
  222. riemanntools = 203;
  223. subsonic = 204;
  224. riak = 205;
  225. shout = 206;
  226. gateone = 207;
  227. namecoin = 208;
  228. dnschain = 209;
  229. #lxd = 210; # unused
  230. kibana = 211;
  231. xtreemfs = 212;
  232. calibre-server = 213;
  233. heapster = 214;
  234. bepasty = 215;
  235. # pumpio = 216; # unused, removed 2018-02-24
  236. nm-openvpn = 217;
  237. mathics = 218;
  238. ejabberd = 219;
  239. postsrsd = 220;
  240. opendkim = 221;
  241. dspam = 222;
  242. gale = 223;
  243. matrix-synapse = 224;
  244. rspamd = 225;
  245. # rmilter = 226; # unused, removed 2019-08-22
  246. cfdyndns = 227;
  247. gammu-smsd = 228;
  248. pdnsd = 229;
  249. octoprint = 230;
  250. avahi-autoipd = 231;
  251. nntp-proxy = 232;
  252. mjpg-streamer = 233;
  253. radicale = 234;
  254. hydra-queue-runner = 235;
  255. hydra-www = 236;
  256. syncthing = 237;
  257. caddy = 239;
  258. taskd = 240;
  259. # factorio = 241; # DynamicUser = true
  260. # emby = 242; # unusued, removed 2019-05-01
  261. graylog = 243;
  262. sniproxy = 244;
  263. nzbget = 245;
  264. mosquitto = 246;
  265. toxvpn = 247;
  266. # squeezelite = 248; # DynamicUser = true
  267. turnserver = 249;
  268. smokeping = 250;
  269. gocd-agent = 251;
  270. gocd-server = 252;
  271. terraria = 253;
  272. mattermost = 254;
  273. prometheus = 255;
  274. telegraf = 256;
  275. gitlab-runner = 257;
  276. postgrey = 258;
  277. hound = 259;
  278. leaps = 260;
  279. ipfs = 261;
  280. stanchion = 262;
  281. riak-cs = 263;
  282. infinoted = 264;
  283. sickbeard = 265;
  284. headphones = 266;
  285. couchpotato = 267;
  286. gogs = 268;
  287. pdns-recursor = 269;
  288. kresd = 270;
  289. rpc = 271;
  290. geoip = 272;
  291. fcron = 273;
  292. sonarr = 274;
  293. radarr = 275;
  294. jackett = 276;
  295. aria2 = 277;
  296. clickhouse = 278;
  297. rslsync = 279;
  298. minio = 280;
  299. kanboard = 281;
  300. # pykms = 282; # DynamicUser = true
  301. kodi = 283;
  302. restya-board = 284;
  303. mighttpd2 = 285;
  304. hass = 286;
  305. monero = 287;
  306. ceph = 288;
  307. duplicati = 289;
  308. monetdb = 290;
  309. restic = 291;
  310. openvpn = 292;
  311. meguca = 293;
  312. yarn = 294;
  313. hdfs = 295;
  314. mapred = 296;
  315. hadoop = 297;
  316. hydron = 298;
  317. cfssl = 299;
  318. cassandra = 300;
  319. qemu-libvirtd = 301;
  320. # kvm = 302; # unused
  321. # render = 303; # unused
  322. # zeronet = 304; # removed 2019-01-03
  323. lirc = 305;
  324. lidarr = 306;
  325. slurm = 307;
  326. kapacitor = 308;
  327. solr = 309;
  328. alerta = 310;
  329. minetest = 311;
  330. rss2email = 312;
  331. cockroachdb = 313;
  332. zoneminder = 314;
  333. paperless = 315;
  334. #mailman = 316; # removed 2019-08-30
  335. # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
  336. nixbld = 30000; # start of range of uids
  337. nobody = 65534;
  338. };
  339. ids.gids = {
  340. root = 0;
  341. wheel = 1;
  342. kmem = 2;
  343. tty = 3;
  344. messagebus = 4; # D-Bus
  345. haldaemon = 5;
  346. disk = 6;
  347. vsftpd = 7;
  348. ftp = 8;
  349. bitlbee = 9;
  350. #avahi = 10; # removed 2019-05-22
  351. #nagios = 11; # unused
  352. atd = 12;
  353. postfix = 13;
  354. postdrop = 14;
  355. dovecot = 15;
  356. tomcat = 16;
  357. audio = 17;
  358. floppy = 18;
  359. uucp = 19;
  360. lp = 20;
  361. proc = 21;
  362. pulseaudio = 22; # must match `pulseaudio' UID
  363. gpsd = 23;
  364. cdrom = 24;
  365. tape = 25;
  366. video = 26;
  367. dialout = 27;
  368. #polkituser = 28; # currently unused, polkitd doesn't need a group
  369. utmp = 29;
  370. # ddclient = 30; # converted to DynamicUser = true
  371. davfs2 = 31;
  372. disnix = 33;
  373. osgi = 34;
  374. tor = 35;
  375. #cups = 36; # unused
  376. #foldingathome = 37; # unused
  377. #sabnzd = 38; # unused
  378. #kdm = 39; # unused, even before 17.03
  379. #ghostone = 40; # dropped in 18.03
  380. git = 41;
  381. fourstore = 42;
  382. fourstorehttp = 43;
  383. virtuoso = 44;
  384. #rtkit = 45; # unused
  385. dovecot2 = 46;
  386. dovenull2 = 47;
  387. prayer = 49;
  388. mpd = 50;
  389. clamav = 51;
  390. fprot = 52;
  391. #bind = 53; # unused
  392. wwwrun = 54;
  393. adm = 55;
  394. spamd = 56;
  395. networkmanager = 57;
  396. nslcd = 58;
  397. scanner = 59;
  398. nginx = 60;
  399. chrony = 61;
  400. systemd-journal = 62;
  401. smtpd = 63;
  402. smtpq = 64;
  403. supybot = 65;
  404. iodined = 66;
  405. libvirtd = 67;
  406. graphite = 68;
  407. #statsd = 69; # removed 2018-11-14
  408. transmission = 70;
  409. postgres = 71;
  410. vboxusers = 72;
  411. vboxsf = 73;
  412. smbguest = 74; # unused
  413. varnish = 75;
  414. datadog = 76;
  415. lighttpd = 77;
  416. lightdm = 78;
  417. freenet = 79;
  418. ircd = 80;
  419. bacula = 81;
  420. #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
  421. deluge = 83;
  422. mysql = 84;
  423. rabbitmq = 85;
  424. activemq = 86;
  425. gnunet = 87;
  426. oidentd = 88;
  427. quassel = 89;
  428. amule = 90;
  429. minidlna = 91;
  430. elasticsearch = 92;
  431. #tcpcryptd = 93; # unused
  432. firebird = 95;
  433. keys = 96;
  434. haproxy = 97;
  435. #mongodb = 98; # unused
  436. openldap = 99;
  437. munin = 102;
  438. #logcheck = 103; # unused
  439. #nix-ssh = 104; # unused
  440. dictd = 105;
  441. couchdb = 106;
  442. searx = 107;
  443. kippo = 108;
  444. jenkins = 109;
  445. systemd-journal-gateway = 110;
  446. #notbit = 111; # unused
  447. aerospike = 111;
  448. #ngircd = 112; # unused
  449. #btsync = 113; # unused
  450. #minecraft = 114; # unused
  451. vault = 115;
  452. #ripped = 116; # unused
  453. #murmur = 117; # unused
  454. foundationdb = 118;
  455. newrelic = 119;
  456. starbound = 120;
  457. hydra = 122;
  458. spiped = 123;
  459. teamspeak = 124;
  460. influxdb = 125;
  461. nsd = 126;
  462. gitolite = 127;
  463. znc = 128;
  464. polipo = 129;
  465. mopidy = 130;
  466. docker = 131;
  467. gdm = 132;
  468. #dhcpcd = 133; # unused
  469. siproxd = 134;
  470. mlmmj = 135;
  471. #neo4j = 136; # unused
  472. riemann = 137;
  473. riemanndash = 138;
  474. #radvd = 139; # unused
  475. #zookeeper = 140; # unused
  476. #dnsmasq = 141; # unused
  477. uhub = 142;
  478. #yandexdisk = 143; # unused
  479. mxisd = 144; # was once collectd
  480. #consul = 145; # unused
  481. mailpile = 146;
  482. redmine = 147;
  483. seeks = 148;
  484. prosody = 149;
  485. i2pd = 150;
  486. systemd-network = 152;
  487. systemd-resolve = 153;
  488. systemd-timesync = 154;
  489. liquidsoap = 155;
  490. #etcd = 156; # unused
  491. hbase = 158;
  492. opentsdb = 159;
  493. scollector = 160;
  494. bosun = 161;
  495. kubernetes = 162;
  496. #peerflix = 163; # unused
  497. #chronos = 164; # unused
  498. gitlab = 165;
  499. nylon = 168;
  500. #panamax = 170; # unused
  501. exim = 172;
  502. #fleet = 173; # unused
  503. input = 174;
  504. sddm = 175;
  505. tss = 176;
  506. #memcached = 177; # unused, removed 2018-01-03
  507. #ntp = 179; # unused
  508. zabbix = 180;
  509. #redis = 181; # unused, removed 2018-01-03
  510. #unifi = 183; # unused
  511. #uptimed = 184; # unused
  512. #zope2 = 185; # unused
  513. #ripple-data-api = 186; #unused
  514. mediatomb = 187;
  515. #rdnssd = 188; # unused
  516. ihaskell = 189;
  517. i2p = 190;
  518. lambdabot = 191;
  519. asterisk = 192;
  520. plex = 193;
  521. sabnzbd = 194;
  522. #grafana = 196; #unused
  523. #skydns = 197; #unused
  524. # ripple-rest = 198; # unused, removed 2017-08-12
  525. #nix-serve = 199; #unused
  526. #tvheadend = 200; #unused
  527. uwsgi = 201;
  528. gitit = 202;
  529. riemanntools = 203;
  530. subsonic = 204;
  531. riak = 205;
  532. #shout = 206; #unused
  533. gateone = 207;
  534. namecoin = 208;
  535. #dnschain = 209; #unused
  536. lxd = 210; # unused
  537. #kibana = 211;
  538. xtreemfs = 212;
  539. calibre-server = 213;
  540. bepasty = 215;
  541. # pumpio = 216; # unused, removed 2018-02-24
  542. nm-openvpn = 217;
  543. mathics = 218;
  544. ejabberd = 219;
  545. postsrsd = 220;
  546. opendkim = 221;
  547. dspam = 222;
  548. gale = 223;
  549. matrix-synapse = 224;
  550. rspamd = 225;
  551. # rmilter = 226; # unused, removed 2019-08-22
  552. cfdyndns = 227;
  553. pdnsd = 229;
  554. octoprint = 230;
  555. radicale = 234;
  556. syncthing = 237;
  557. caddy = 239;
  558. taskd = 240;
  559. # factorio = 241; # unused
  560. # emby = 242; # unused, removed 2019-05-01
  561. sniproxy = 244;
  562. nzbget = 245;
  563. mosquitto = 246;
  564. #toxvpn = 247; # unused
  565. #squeezelite = 248; #unused
  566. turnserver = 249;
  567. smokeping = 250;
  568. gocd-agent = 251;
  569. gocd-server = 252;
  570. terraria = 253;
  571. mattermost = 254;
  572. prometheus = 255;
  573. #telegraf = 256; # unused
  574. gitlab-runner = 257;
  575. postgrey = 258;
  576. hound = 259;
  577. leaps = 260;
  578. ipfs = 261;
  579. stanchion = 262;
  580. riak-cs = 263;
  581. infinoted = 264;
  582. sickbeard = 265;
  583. headphones = 266;
  584. couchpotato = 267;
  585. gogs = 268;
  586. kresd = 270;
  587. #rpc = 271; # unused
  588. #geoip = 272; # unused
  589. fcron = 273;
  590. sonarr = 274;
  591. radarr = 275;
  592. jackett = 276;
  593. aria2 = 277;
  594. clickhouse = 278;
  595. rslsync = 279;
  596. minio = 280;
  597. kanboard = 281;
  598. # pykms = 282; # DynamicUser = true
  599. kodi = 283;
  600. restya-board = 284;
  601. mighttpd2 = 285;
  602. hass = 286;
  603. monero = 287;
  604. ceph = 288;
  605. duplicati = 289;
  606. monetdb = 290;
  607. restic = 291;
  608. openvpn = 292;
  609. meguca = 293;
  610. yarn = 294;
  611. hdfs = 295;
  612. mapred = 296;
  613. hadoop = 297;
  614. hydron = 298;
  615. cfssl = 299;
  616. cassandra = 300;
  617. qemu-libvirtd = 301;
  618. kvm = 302; # default udev rules from systemd requires these
  619. render = 303; # default udev rules from systemd requires these
  620. # zeronet = 304; # removed 2019-01-03
  621. lirc = 305;
  622. lidarr = 306;
  623. slurm = 307;
  624. kapacitor = 308;
  625. solr = 309;
  626. alerta = 310;
  627. minetest = 311;
  628. rss2email = 312;
  629. cockroachdb = 313;
  630. zoneminder = 314;
  631. paperless = 315;
  632. #mailman = 316; # removed 2019-08-30
  633. # When adding a gid, make sure it doesn't match an existing
  634. # uid. Users and groups with the same name should have equal
  635. # uids and gids. Also, don't use gids above 399!
  636. users = 100;
  637. nixbld = 30000;
  638. nogroup = 65534;
  639. };
  640. };
  641. }