6b87772ca4
Any system uid will do, so we let the system allocate one for us. The 'mailman' group is gone entirely since we don't need it. Users who wish to run the 'mailman' administration utility can do so via 'sudo': $ sudo -u mailman mailman info Also, simplify the syntax of our user.users entry to rely on an attribute set rather than a list.
657 lines
15 KiB
Nix
657 lines
15 KiB
Nix
# This module defines the global list of uids and gids. We keep a
|
|
# central list to prevent id collisions.
|
|
|
|
# IMPORTANT!
|
|
# We only add static uids and gids for services where it is not feasible
|
|
# to change uids/gids on service start, in example a service with a lot of
|
|
# files. Please also check if the service is applicable for systemd's
|
|
# DynamicUser option and does not need a uid/gid allocation at all.
|
|
# Systemd can also change ownership of service directories using the
|
|
# RuntimeDirectory/StateDirectory options.
|
|
|
|
{ lib, ... }:
|
|
|
|
{
|
|
options = {
|
|
|
|
ids.uids = lib.mkOption {
|
|
internal = true;
|
|
description = ''
|
|
The user IDs used in NixOS.
|
|
'';
|
|
};
|
|
|
|
ids.gids = lib.mkOption {
|
|
internal = true;
|
|
description = ''
|
|
The group IDs used in NixOS.
|
|
'';
|
|
};
|
|
|
|
};
|
|
|
|
|
|
config = {
|
|
|
|
ids.uids = {
|
|
root = 0;
|
|
#wheel = 1; # unused
|
|
#kmem = 2; # unused
|
|
#tty = 3; # unused
|
|
messagebus = 4; # D-Bus
|
|
haldaemon = 5;
|
|
#disk = 6; # unused
|
|
vsftpd = 7;
|
|
ftp = 8;
|
|
bitlbee = 9;
|
|
#avahi = 10; # removed 2019-05-22
|
|
nagios = 11;
|
|
atd = 12;
|
|
postfix = 13;
|
|
#postdrop = 14; # unused
|
|
dovecot = 15;
|
|
tomcat = 16;
|
|
#audio = 17; # unused
|
|
#floppy = 18; # unused
|
|
uucp = 19;
|
|
#lp = 20; # unused
|
|
#proc = 21; # unused
|
|
pulseaudio = 22; # must match `pulseaudio' GID
|
|
gpsd = 23;
|
|
#cdrom = 24; # unused
|
|
#tape = 25; # unused
|
|
#video = 26; # unused
|
|
#dialout = 27; # unused
|
|
polkituser = 28;
|
|
#utmp = 29; # unused
|
|
# ddclient = 30; # converted to DynamicUser = true
|
|
davfs2 = 31;
|
|
#disnix = 33; # unused
|
|
osgi = 34;
|
|
tor = 35;
|
|
cups = 36;
|
|
foldingathome = 37;
|
|
sabnzbd = 38;
|
|
#kdm = 39; # dropped in 17.03
|
|
#ghostone = 40; # dropped in 18.03
|
|
git = 41;
|
|
fourstore = 42;
|
|
fourstorehttp = 43;
|
|
virtuoso = 44;
|
|
rtkit = 45;
|
|
dovecot2 = 46;
|
|
dovenull2 = 47;
|
|
prayer = 49;
|
|
mpd = 50;
|
|
clamav = 51;
|
|
fprot = 52;
|
|
bind = 53;
|
|
wwwrun = 54;
|
|
#adm = 55; # unused
|
|
spamd = 56;
|
|
#networkmanager = 57; # unused
|
|
nslcd = 58;
|
|
scanner = 59;
|
|
nginx = 60;
|
|
chrony = 61;
|
|
#systemd-journal = 62; # unused
|
|
smtpd = 63;
|
|
smtpq = 64;
|
|
supybot = 65;
|
|
iodined = 66;
|
|
#libvirtd = 67; # unused
|
|
graphite = 68;
|
|
#statsd = 69; # removed 2018-11-14
|
|
transmission = 70;
|
|
postgres = 71;
|
|
#vboxusers = 72; # unused
|
|
#vboxsf = 73; # unused
|
|
smbguest = 74; # unused
|
|
varnish = 75;
|
|
datadog = 76;
|
|
lighttpd = 77;
|
|
lightdm = 78;
|
|
freenet = 79;
|
|
ircd = 80;
|
|
bacula = 81;
|
|
#almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
|
|
deluge = 83;
|
|
mysql = 84;
|
|
rabbitmq = 85;
|
|
activemq = 86;
|
|
gnunet = 87;
|
|
oidentd = 88;
|
|
quassel = 89;
|
|
amule = 90;
|
|
minidlna = 91;
|
|
elasticsearch = 92;
|
|
tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
|
|
firebird = 95;
|
|
#keys = 96; # unused
|
|
haproxy = 97;
|
|
mongodb = 98;
|
|
openldap = 99;
|
|
#users = 100; # unused
|
|
cgminer = 101;
|
|
munin = 102;
|
|
logcheck = 103;
|
|
nix-ssh = 104;
|
|
dictd = 105;
|
|
couchdb = 106;
|
|
searx = 107;
|
|
kippo = 108;
|
|
jenkins = 109;
|
|
systemd-journal-gateway = 110;
|
|
#notbit = 111; # unused
|
|
aerospike = 111;
|
|
ngircd = 112;
|
|
#btsync = 113; # unused
|
|
minecraft = 114;
|
|
vault = 115;
|
|
rippled = 116;
|
|
murmur = 117;
|
|
foundationdb = 118;
|
|
newrelic = 119;
|
|
starbound = 120;
|
|
hydra = 122;
|
|
spiped = 123;
|
|
teamspeak = 124;
|
|
influxdb = 125;
|
|
nsd = 126;
|
|
gitolite = 127;
|
|
znc = 128;
|
|
polipo = 129;
|
|
mopidy = 130;
|
|
#docker = 131; # unused
|
|
gdm = 132;
|
|
dhcpd = 133;
|
|
siproxd = 134;
|
|
mlmmj = 135;
|
|
neo4j = 136;
|
|
riemann = 137;
|
|
riemanndash = 138;
|
|
radvd = 139;
|
|
zookeeper = 140;
|
|
dnsmasq = 141;
|
|
uhub = 142;
|
|
yandexdisk = 143;
|
|
mxisd = 144; # was once collectd
|
|
consul = 145;
|
|
mailpile = 146;
|
|
redmine = 147;
|
|
seeks = 148;
|
|
prosody = 149;
|
|
i2pd = 150;
|
|
systemd-network = 152;
|
|
systemd-resolve = 153;
|
|
systemd-timesync = 154;
|
|
liquidsoap = 155;
|
|
etcd = 156;
|
|
hbase = 158;
|
|
opentsdb = 159;
|
|
scollector = 160;
|
|
bosun = 161;
|
|
kubernetes = 162;
|
|
peerflix = 163;
|
|
chronos = 164;
|
|
gitlab = 165;
|
|
tox-bootstrapd = 166;
|
|
cadvisor = 167;
|
|
nylon = 168;
|
|
apache-kafka = 169;
|
|
#panamax = 170; # unused
|
|
exim = 172;
|
|
#fleet = 173; # unused
|
|
#input = 174; # unused
|
|
sddm = 175;
|
|
tss = 176;
|
|
#memcached = 177; removed 2018-01-03
|
|
ntp = 179;
|
|
zabbix = 180;
|
|
#redis = 181; removed 2018-01-03
|
|
unifi = 183;
|
|
uptimed = 184;
|
|
zope2 = 185;
|
|
ripple-data-api = 186;
|
|
mediatomb = 187;
|
|
rdnssd = 188;
|
|
ihaskell = 189;
|
|
i2p = 190;
|
|
lambdabot = 191;
|
|
asterisk = 192;
|
|
plex = 193;
|
|
plexpy = 195;
|
|
grafana = 196;
|
|
skydns = 197;
|
|
# ripple-rest = 198; # unused, removed 2017-08-12
|
|
nix-serve = 199;
|
|
tvheadend = 200;
|
|
uwsgi = 201;
|
|
gitit = 202;
|
|
riemanntools = 203;
|
|
subsonic = 204;
|
|
riak = 205;
|
|
shout = 206;
|
|
gateone = 207;
|
|
namecoin = 208;
|
|
dnschain = 209;
|
|
#lxd = 210; # unused
|
|
kibana = 211;
|
|
xtreemfs = 212;
|
|
calibre-server = 213;
|
|
heapster = 214;
|
|
bepasty = 215;
|
|
# pumpio = 216; # unused, removed 2018-02-24
|
|
nm-openvpn = 217;
|
|
mathics = 218;
|
|
ejabberd = 219;
|
|
postsrsd = 220;
|
|
opendkim = 221;
|
|
dspam = 222;
|
|
gale = 223;
|
|
matrix-synapse = 224;
|
|
rspamd = 225;
|
|
# rmilter = 226; # unused, removed 2019-08-22
|
|
cfdyndns = 227;
|
|
gammu-smsd = 228;
|
|
pdnsd = 229;
|
|
octoprint = 230;
|
|
avahi-autoipd = 231;
|
|
nntp-proxy = 232;
|
|
mjpg-streamer = 233;
|
|
radicale = 234;
|
|
hydra-queue-runner = 235;
|
|
hydra-www = 236;
|
|
syncthing = 237;
|
|
caddy = 239;
|
|
taskd = 240;
|
|
# factorio = 241; # DynamicUser = true
|
|
# emby = 242; # unusued, removed 2019-05-01
|
|
graylog = 243;
|
|
sniproxy = 244;
|
|
nzbget = 245;
|
|
mosquitto = 246;
|
|
toxvpn = 247;
|
|
# squeezelite = 248; # DynamicUser = true
|
|
turnserver = 249;
|
|
smokeping = 250;
|
|
gocd-agent = 251;
|
|
gocd-server = 252;
|
|
terraria = 253;
|
|
mattermost = 254;
|
|
prometheus = 255;
|
|
telegraf = 256;
|
|
gitlab-runner = 257;
|
|
postgrey = 258;
|
|
hound = 259;
|
|
leaps = 260;
|
|
ipfs = 261;
|
|
stanchion = 262;
|
|
riak-cs = 263;
|
|
infinoted = 264;
|
|
sickbeard = 265;
|
|
headphones = 266;
|
|
couchpotato = 267;
|
|
gogs = 268;
|
|
pdns-recursor = 269;
|
|
kresd = 270;
|
|
rpc = 271;
|
|
geoip = 272;
|
|
fcron = 273;
|
|
sonarr = 274;
|
|
radarr = 275;
|
|
jackett = 276;
|
|
aria2 = 277;
|
|
clickhouse = 278;
|
|
rslsync = 279;
|
|
minio = 280;
|
|
kanboard = 281;
|
|
# pykms = 282; # DynamicUser = true
|
|
kodi = 283;
|
|
restya-board = 284;
|
|
mighttpd2 = 285;
|
|
hass = 286;
|
|
monero = 287;
|
|
ceph = 288;
|
|
duplicati = 289;
|
|
monetdb = 290;
|
|
restic = 291;
|
|
openvpn = 292;
|
|
meguca = 293;
|
|
yarn = 294;
|
|
hdfs = 295;
|
|
mapred = 296;
|
|
hadoop = 297;
|
|
hydron = 298;
|
|
cfssl = 299;
|
|
cassandra = 300;
|
|
qemu-libvirtd = 301;
|
|
# kvm = 302; # unused
|
|
# render = 303; # unused
|
|
zeronet = 304;
|
|
lirc = 305;
|
|
lidarr = 306;
|
|
slurm = 307;
|
|
kapacitor = 308;
|
|
solr = 309;
|
|
alerta = 310;
|
|
minetest = 311;
|
|
rss2email = 312;
|
|
cockroachdb = 313;
|
|
zoneminder = 314;
|
|
paperless = 315;
|
|
#mailman = 316; # removed 2019-08-30
|
|
|
|
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
|
|
|
nixbld = 30000; # start of range of uids
|
|
nobody = 65534;
|
|
};
|
|
|
|
ids.gids = {
|
|
root = 0;
|
|
wheel = 1;
|
|
kmem = 2;
|
|
tty = 3;
|
|
messagebus = 4; # D-Bus
|
|
haldaemon = 5;
|
|
disk = 6;
|
|
vsftpd = 7;
|
|
ftp = 8;
|
|
bitlbee = 9;
|
|
#avahi = 10; # removed 2019-05-22
|
|
#nagios = 11; # unused
|
|
atd = 12;
|
|
postfix = 13;
|
|
postdrop = 14;
|
|
dovecot = 15;
|
|
tomcat = 16;
|
|
audio = 17;
|
|
floppy = 18;
|
|
uucp = 19;
|
|
lp = 20;
|
|
proc = 21;
|
|
pulseaudio = 22; # must match `pulseaudio' UID
|
|
gpsd = 23;
|
|
cdrom = 24;
|
|
tape = 25;
|
|
video = 26;
|
|
dialout = 27;
|
|
#polkituser = 28; # currently unused, polkitd doesn't need a group
|
|
utmp = 29;
|
|
# ddclient = 30; # converted to DynamicUser = true
|
|
davfs2 = 31;
|
|
disnix = 33;
|
|
osgi = 34;
|
|
tor = 35;
|
|
#cups = 36; # unused
|
|
#foldingathome = 37; # unused
|
|
#sabnzd = 38; # unused
|
|
#kdm = 39; # unused, even before 17.03
|
|
#ghostone = 40; # dropped in 18.03
|
|
git = 41;
|
|
fourstore = 42;
|
|
fourstorehttp = 43;
|
|
virtuoso = 44;
|
|
#rtkit = 45; # unused
|
|
dovecot2 = 46;
|
|
dovenull2 = 47;
|
|
prayer = 49;
|
|
mpd = 50;
|
|
clamav = 51;
|
|
fprot = 52;
|
|
#bind = 53; # unused
|
|
wwwrun = 54;
|
|
adm = 55;
|
|
spamd = 56;
|
|
networkmanager = 57;
|
|
nslcd = 58;
|
|
scanner = 59;
|
|
nginx = 60;
|
|
chrony = 61;
|
|
systemd-journal = 62;
|
|
smtpd = 63;
|
|
smtpq = 64;
|
|
supybot = 65;
|
|
iodined = 66;
|
|
libvirtd = 67;
|
|
graphite = 68;
|
|
#statsd = 69; # removed 2018-11-14
|
|
transmission = 70;
|
|
postgres = 71;
|
|
vboxusers = 72;
|
|
vboxsf = 73;
|
|
smbguest = 74; # unused
|
|
varnish = 75;
|
|
datadog = 76;
|
|
lighttpd = 77;
|
|
lightdm = 78;
|
|
freenet = 79;
|
|
ircd = 80;
|
|
bacula = 81;
|
|
#almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
|
|
deluge = 83;
|
|
mysql = 84;
|
|
rabbitmq = 85;
|
|
activemq = 86;
|
|
gnunet = 87;
|
|
oidentd = 88;
|
|
quassel = 89;
|
|
amule = 90;
|
|
minidlna = 91;
|
|
elasticsearch = 92;
|
|
#tcpcryptd = 93; # unused
|
|
firebird = 95;
|
|
keys = 96;
|
|
haproxy = 97;
|
|
#mongodb = 98; # unused
|
|
openldap = 99;
|
|
munin = 102;
|
|
#logcheck = 103; # unused
|
|
#nix-ssh = 104; # unused
|
|
dictd = 105;
|
|
couchdb = 106;
|
|
searx = 107;
|
|
kippo = 108;
|
|
jenkins = 109;
|
|
systemd-journal-gateway = 110;
|
|
#notbit = 111; # unused
|
|
aerospike = 111;
|
|
#ngircd = 112; # unused
|
|
#btsync = 113; # unused
|
|
#minecraft = 114; # unused
|
|
vault = 115;
|
|
#ripped = 116; # unused
|
|
#murmur = 117; # unused
|
|
foundationdb = 118;
|
|
newrelic = 119;
|
|
starbound = 120;
|
|
hydra = 122;
|
|
spiped = 123;
|
|
teamspeak = 124;
|
|
influxdb = 125;
|
|
nsd = 126;
|
|
gitolite = 127;
|
|
znc = 128;
|
|
polipo = 129;
|
|
mopidy = 130;
|
|
docker = 131;
|
|
gdm = 132;
|
|
#dhcpcd = 133; # unused
|
|
siproxd = 134;
|
|
mlmmj = 135;
|
|
#neo4j = 136; # unused
|
|
riemann = 137;
|
|
riemanndash = 138;
|
|
#radvd = 139; # unused
|
|
#zookeeper = 140; # unused
|
|
#dnsmasq = 141; # unused
|
|
uhub = 142;
|
|
#yandexdisk = 143; # unused
|
|
mxisd = 144; # was once collectd
|
|
#consul = 145; # unused
|
|
mailpile = 146;
|
|
redmine = 147;
|
|
seeks = 148;
|
|
prosody = 149;
|
|
i2pd = 150;
|
|
systemd-network = 152;
|
|
systemd-resolve = 153;
|
|
systemd-timesync = 154;
|
|
liquidsoap = 155;
|
|
#etcd = 156; # unused
|
|
hbase = 158;
|
|
opentsdb = 159;
|
|
scollector = 160;
|
|
bosun = 161;
|
|
kubernetes = 162;
|
|
#peerflix = 163; # unused
|
|
#chronos = 164; # unused
|
|
gitlab = 165;
|
|
nylon = 168;
|
|
#panamax = 170; # unused
|
|
exim = 172;
|
|
#fleet = 173; # unused
|
|
input = 174;
|
|
sddm = 175;
|
|
tss = 176;
|
|
#memcached = 177; # unused, removed 2018-01-03
|
|
#ntp = 179; # unused
|
|
zabbix = 180;
|
|
#redis = 181; # unused, removed 2018-01-03
|
|
#unifi = 183; # unused
|
|
#uptimed = 184; # unused
|
|
#zope2 = 185; # unused
|
|
#ripple-data-api = 186; #unused
|
|
mediatomb = 187;
|
|
#rdnssd = 188; # unused
|
|
ihaskell = 189;
|
|
i2p = 190;
|
|
lambdabot = 191;
|
|
asterisk = 192;
|
|
plex = 193;
|
|
sabnzbd = 194;
|
|
#grafana = 196; #unused
|
|
#skydns = 197; #unused
|
|
# ripple-rest = 198; # unused, removed 2017-08-12
|
|
#nix-serve = 199; #unused
|
|
#tvheadend = 200; #unused
|
|
uwsgi = 201;
|
|
gitit = 202;
|
|
riemanntools = 203;
|
|
subsonic = 204;
|
|
riak = 205;
|
|
#shout = 206; #unused
|
|
gateone = 207;
|
|
namecoin = 208;
|
|
#dnschain = 209; #unused
|
|
lxd = 210; # unused
|
|
#kibana = 211;
|
|
xtreemfs = 212;
|
|
calibre-server = 213;
|
|
bepasty = 215;
|
|
# pumpio = 216; # unused, removed 2018-02-24
|
|
nm-openvpn = 217;
|
|
mathics = 218;
|
|
ejabberd = 219;
|
|
postsrsd = 220;
|
|
opendkim = 221;
|
|
dspam = 222;
|
|
gale = 223;
|
|
matrix-synapse = 224;
|
|
rspamd = 225;
|
|
# rmilter = 226; # unused, removed 2019-08-22
|
|
cfdyndns = 227;
|
|
pdnsd = 229;
|
|
octoprint = 230;
|
|
radicale = 234;
|
|
syncthing = 237;
|
|
caddy = 239;
|
|
taskd = 240;
|
|
# factorio = 241; # unused
|
|
# emby = 242; # unused, removed 2019-05-01
|
|
sniproxy = 244;
|
|
nzbget = 245;
|
|
mosquitto = 246;
|
|
#toxvpn = 247; # unused
|
|
#squeezelite = 248; #unused
|
|
turnserver = 249;
|
|
smokeping = 250;
|
|
gocd-agent = 251;
|
|
gocd-server = 252;
|
|
terraria = 253;
|
|
mattermost = 254;
|
|
prometheus = 255;
|
|
#telegraf = 256; # unused
|
|
gitlab-runner = 257;
|
|
postgrey = 258;
|
|
hound = 259;
|
|
leaps = 260;
|
|
ipfs = 261;
|
|
stanchion = 262;
|
|
riak-cs = 263;
|
|
infinoted = 264;
|
|
sickbeard = 265;
|
|
headphones = 266;
|
|
couchpotato = 267;
|
|
gogs = 268;
|
|
kresd = 270;
|
|
#rpc = 271; # unused
|
|
#geoip = 272; # unused
|
|
fcron = 273;
|
|
sonarr = 274;
|
|
radarr = 275;
|
|
jackett = 276;
|
|
aria2 = 277;
|
|
clickhouse = 278;
|
|
rslsync = 279;
|
|
minio = 280;
|
|
kanboard = 281;
|
|
# pykms = 282; # DynamicUser = true
|
|
kodi = 283;
|
|
restya-board = 284;
|
|
mighttpd2 = 285;
|
|
hass = 286;
|
|
monero = 287;
|
|
ceph = 288;
|
|
duplicati = 289;
|
|
monetdb = 290;
|
|
restic = 291;
|
|
openvpn = 292;
|
|
meguca = 293;
|
|
yarn = 294;
|
|
hdfs = 295;
|
|
mapred = 296;
|
|
hadoop = 297;
|
|
hydron = 298;
|
|
cfssl = 299;
|
|
cassandra = 300;
|
|
qemu-libvirtd = 301;
|
|
kvm = 302; # default udev rules from systemd requires these
|
|
render = 303; # default udev rules from systemd requires these
|
|
zeronet = 304;
|
|
lirc = 305;
|
|
lidarr = 306;
|
|
slurm = 307;
|
|
kapacitor = 308;
|
|
solr = 309;
|
|
alerta = 310;
|
|
minetest = 311;
|
|
rss2email = 312;
|
|
cockroachdb = 313;
|
|
zoneminder = 314;
|
|
paperless = 315;
|
|
#mailman = 316; # removed 2019-08-30
|
|
|
|
# When adding a gid, make sure it doesn't match an existing
|
|
# uid. Users and groups with the same name should have equal
|
|
# uids and gids. Also, don't use gids above 399!
|
|
|
|
users = 100;
|
|
nixbld = 30000;
|
|
nogroup = 65534;
|
|
};
|
|
|
|
};
|
|
|
|
}
|