modules/by-name/co/constants/module.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

# This file is inspired by the `nixos/modules/misc/ids.nix`
# file in nixpkgs.
{
  lib,
  config,
  ...
}: {
  options.vhack.constants = {
    ids.uids = lib.mkOption {
      internal = true;
      description = ''
        The user IDs used in the vhack.eu nixos config.
      '';
      type = lib.types.attrsOf (lib.types.ints.between 0 400);
    };
    ids.gids = lib.mkOption {
      internal = true;
      description = ''
        The group IDs used in the vhack.eu nixos config.
      '';
      type = lib.types.attrsOf (lib.types.ints.between 0 400);
    };
  };

  config.vhack.constants = {
    ids.uids = {
      # Keep this sorted with `!sort --numeric-sort --key=2 --field-separator="="`
      systemd-coredump = 151; # GROUP
      opendkim = 221;
      mautrix-whatsapp = 222;
      etebase-server = 223;
      matrix-synapse = 224;
      rspamd = 225;
      knot-resolver = 226;
      peertube = 231;
      redis-mastodon = 232;
      redis-peertube = 233;
      redis-rspamd = 234;
      redis-stalwart-mail = 235;
      mastodon = 236;
      stalwart-mail = 238;
      acme = 328;
      dhcpcd = 329;
      nscd = 330;
      sshd = 331;
      systemd-oom = 332;
      resolvconf = 333; # GROUP
      nix-sync = 334;
      nextcloud = 335;
      redis-nextcloud = 336;
      taskchampion = 337;
      stalwart-mail-certificates = 338; # GROUP
      sharkey = 339;
      redis-sharkey = 340;

      # As per the NixOS file, the uids should not be greater or equal to 400;
    };
    ids.gids = let
      inherit (config.vhack.constants.ids) uids;
    in {
      # Please add your groups to the users and inherit them here.
      # This avoids having an user/group id mismatch.
      inherit
        (uids)
        acme
        dhcpcd
        etebase-server
        knot-resolver
        mastodon
        matrix-synapse
        mautrix-whatsapp
        nextcloud
        nix-sync
        nscd
        opendkim
        peertube
        redis-mastodon
        redis-nextcloud
        redis-peertube
        redis-rspamd
        redis-stalwart-mail
        rspamd
        sshd
        stalwart-mail
        systemd-oom
        sharkey
        redis-sharkey
        systemd-coredump # matches systemd-coredump user
        resolvconf # This group is not matched to an user?
        stalwart-mail-certificates # This group is used to connect nginx and stalwart-mail
        ;

      # The gid should match the uid. Thus should not be >= 400;
    };
  };
}