Are system services UID and GID pre-defined,

In Nixos are the UID and GID for system services users pre-defined, or is the next available one just selected the first time it is set up? I have noted that Nginx always seem to be 60:60 which make me think some of them must be predefined. If they are predefined, what is the best way to look this up? Freebsd has these nice lists, is there something like this for Nixos?

https://svnweb.freebsd.org/ports/head/UIDs?view=co
https://svnweb.freebsd.org/ports/head/GIDs?view=co

Is there an ideal rang for selecting UID and GID for your own system services users that you want to keep consistent so that you don’t have to worry about conflicts with something already predefined?

Thank you

The (internal) nixos options ids.uids and ids.gids are predefined in the nixos/modules/misc/ids.nix.

That file also defines that UID/GIDs 400+ are ok: nixpkgs/ids.nix at b2444828a1a6682a3976d8ab9758b26bca9a7592 · NixOS/nixpkgs · GitHub

I think there’s also a value in the kernel config somewhere that defines what “system” users are, and you’re supposed to stick in that range. There should be some space left for user-defined system users in the range, I think it goes up to 800 or something.

That said, a much nicer alternative IMO is using systemd’s DynamicUser. Some NixOS services have migrated to this already, as well, so for some services you’ll see changing IDs.

Good info, thank you

Hosted by Flying Circus.