diff options
author | midchildan <git@midchildan.org> | 2022-05-08 19:48:29 +0900 |
---|---|---|
committer | midchildan <git@midchildan.org> | 2022-05-15 22:15:11 +0900 |
commit | 2a58907251af76c67c6d14c1e84e73f7eaeb95e8 (patch) | |
tree | db87614ad6b1017a25f76ebb889449009c9eb1d4 /nixos/modules/misc/ids.nix | |
parent | 3c8e6248cbb4b400c1b2b79d523e4b02b9a7ca40 (diff) |
nixos/_1password{,-gui}: use a static gid
Diffstat (limited to 'nixos/modules/misc/ids.nix')
-rw-r--r-- | nixos/modules/misc/ids.nix | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 7d1faa50f4bfa..7b0a3ab5c288a 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -667,6 +667,27 @@ in # uid. Users and groups with the same name should have equal # uids and gids. Also, don't use gids above 399! + # For exceptional cases where you really need a gid above 399, leave a + # comment stating why. + # + # Also, avoid the following GID ranges: + # + # 1000 - 29999: user accounts (see ../config/update-users-groups.pl) + # 30000 - 31000: nixbld users (the upper limit is arbitrarily chosen) + # 61184 - 65519: systemd DynamicUser (see systemd.exec(5)) + # 65535: the error return sentinel value when uid_t was 16 bits + # + # 100000 - 6653600: subgid allocated for user namespaces + # (see ../config/update-users-groups.pl) + # 4294967294: unauthenticated user in some NFS implementations + # 4294967295: error return sentinel value + # + # References: + # https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes + + onepassword = 31001; # 1Password requires that its GID be larger than 1000 + onepassword-cli = 31002; # 1Password requires that its GID be larger than 1000 + users = 100; nixbld = 30000; nogroup = 65534; |