diff --git a/modules/rosenthal/services/bittorrent.scm b/modules/rosenthal/services/bittorrent.scm
index 4db0e08..91e9d9e 100644
--- a/modules/rosenthal/services/bittorrent.scm
+++ b/modules/rosenthal/services/bittorrent.scm
@@ -6,6 +6,7 @@
   #:use-module (ice-9 format)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (rosenthal utils predicates)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages bittorrent)
   #:use-module (gnu services)
@@ -36,17 +37,30 @@
   (extra-options
    (list-of-strings '())
    "List of extra options.")
+  ;; Account
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (no-serialization))
 
-(define %qbittorrent-accounts
-  (list (user-group (name "qbittorrent") (system? #t))
-        (user-account
-         (name "qbittorrent")
-         (group "qbittorrent")
-         (system? #t)
-         (comment "qBittorrent user")
-         (home-directory "/var/empty")
-         (shell (file-append shadow "/sbin/nologin")))))
+(define qbittorrent-account
+  (match-record-lambda <qbittorrent-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "qbittorrent")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "qbittorrent")
+            (group "qbittorrent")
+            (uid user-id)
+            (system? #t)
+            (comment "qBittorrent user")
+            (home-directory "/var/empty")
+            (shell (file-append shadow "/sbin/nologin"))))))
 
 ;; Set default password to adminadmin
 (define %qbittorrent-default-config-file
@@ -106,7 +120,7 @@ WebUI\\Password_PBKDF2=\"@ByteArray(ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtH
           (service-extension activation-service-type
                              qbittorrent-activation)
           (service-extension account-service-type
-                             (const %qbittorrent-accounts))))
+                             qbittorrent-account)))
    (default-value (qbittorrent-configuration))
    (description "Run qBittorrent daemon.")))
 
diff --git a/modules/rosenthal/services/child-error.scm b/modules/rosenthal/services/child-error.scm
index 0972a9e..a5f593d 100644
--- a/modules/rosenthal/services/child-error.scm
+++ b/modules/rosenthal/services/child-error.scm
@@ -17,6 +17,7 @@
   #:use-module (gnu system shadow)
   #:use-module (rosenthal packages binaries)
   #:use-module (rosenthal packages networking)
+  #:use-module (rosenthal utils predicates)
   #:use-module (rosenthal utils serializers yaml)
   #:export (clash-configuration
             clash-service-type
@@ -60,14 +61,23 @@
   (config
    (file-like (plain-file "empty" ""))
    "Clash configuration file.")
-
+  ;; Account
+  (group-id
+   (user-and-group-id #f)
+   "")
+  ;; Shepherd
   (shepherd-provision
    (list '(clash))
    "A list of Shepherd service names (symbols) provided by this service.")
   (no-serialization))
 
-(define %clash-accounts
-  (list (user-group (name "clash") (system? #t))))
+(define clash-account
+  (match-record-lambda <clash-configuration>
+      (group-id)
+    (list (user-group
+            (name "clash")
+            (id group-id)
+            (system? #t)))))
 
 (define clash-activation
   (match-record-lambda <clash-configuration>
@@ -112,7 +122,7 @@
           (service-extension activation-service-type
                              clash-activation)
           (service-extension account-service-type
-                             (const %clash-accounts))
+                             clash-account)
           (service-extension log-rotation-service-type
                              (compose list clash-configuration-log-file))))
    (default-value (clash-configuration))
@@ -155,16 +165,23 @@ headers.  This can expose sensitive information in your logs.")
   (extra-options
    (list-of-strings '())
    "List of extra options.")
+  ;; Account
+  (user-id
+   (user-and-group-id #f)
+   "")
   (no-serialization))
 
-(define %cloudflare-tunnel-accounts
-  (list (user-account
-          (name "cloudflared")
-          (group "nogroup")
-          (system? #t)
-          (home-directory "/var/empty")
-          (create-home-directory? #f)
-          (shell (file-append shadow "/sbin/nologin")))))
+(define cloudflare-tunnel-account
+  (match-record-lambda <cloudflare-tunnel-configuration>
+      (user-id)
+    (list (user-account
+            (name "cloudflared")
+            (group "nogroup")
+            (uid user-id)
+            (system? #t)
+            (home-directory "/var/empty")
+            (create-home-directory? #f)
+            (shell (file-append shadow "/sbin/nologin"))))))
 
 (define cloudflare-tunnel-shepherd-service
   (match-record-lambda <cloudflare-tunnel-configuration>
@@ -203,7 +220,7 @@ headers.  This can expose sensitive information in your logs.")
     (list (service-extension shepherd-root-service-type
                              cloudflare-tunnel-shepherd-service)
           (service-extension account-service-type
-                             (const %cloudflare-tunnel-accounts))
+                             cloudflare-tunnel-account)
           (service-extension log-rotation-service-type
                              (compose list cloudflare-tunnel-configuration-log-file))))
    (default-value (cloudflare-tunnel-configuration))
diff --git a/modules/rosenthal/services/messaging.scm b/modules/rosenthal/services/messaging.scm
index 19f2d94..d0f15a4 100644
--- a/modules/rosenthal/services/messaging.scm
+++ b/modules/rosenthal/services/messaging.scm
@@ -12,6 +12,7 @@
   #:use-module (guix modules)
   #:use-module (guix records)
   #:use-module (rosenthal packages messaging)
+  #:use-module (rosenthal utils predicates)
   #:export (heisenbridge-service-type
             heisenbridge-configuration
 
@@ -32,6 +33,12 @@
   (config
    file-like
    "")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (shepherd-provision
    (list-of-symbols '(heisenbridge))
    "")
@@ -43,12 +50,18 @@
    ""))
 
 (define heisenbridge-account
-  (list (user-group (name "heisenbridge") (system? #t))
-        (user-account
-          (name "heisenbridge")
-          (group "heisenbridge")
-          (system? #t)
-          (home-directory "/var/empty"))))
+  (match-record-lambda <heisenbridge-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "heisenbridge")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "heisenbridge")
+            (group "heisenbridge")
+            (uid user-id)
+            (system? #t)
+            (home-directory "/var/empty")))))
 
 (define heisenbridge-shepherd
   (match-record-lambda <heisenbridge-configuration>
@@ -75,7 +88,7 @@
     (name 'heisenbridge)
     (extensions
      (list (service-extension account-service-type
-                              (const heisenbridge-account))
+                              heisenbridge-account)
            (service-extension shepherd-root-service-type
                               heisenbridge-shepherd)))
     (description "")))
@@ -92,6 +105,12 @@
   (config
    file-like
    "")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (shepherd-provision
    (list-of-symbols '(mautrix-telegram))
    "")
@@ -103,12 +122,18 @@
    ""))
 
 (define mautrix-telegram-account
-  (list (user-group (name "mautrix") (system? #t))
-        (user-account
-          (name "mautrix-telegram")
-          (group "mautrix")
-          (system? #t)
-          (home-directory "/var/lib/mautrix-telegram"))))
+  (match-record-lambda <mautrix-telegram-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "mautrix-telegram")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "mautrix-telegram")
+            (group "mautrix-telegram")
+            (uid user-id)
+            (system? #t)
+            (home-directory "/var/lib/mautrix-telegram")))))
 
 (define mautrix-telegram-activation
   (with-imported-modules (source-module-closure '((gnu build activation)))
@@ -134,7 +159,7 @@
                 (list #$(file-append mautrix-telegram "/bin/mautrix-telegram")
                       "--no-update" "--config" #$config)
                 #:user "mautrix-telegram"
-                #:group "mautrix"
+                #:group "mautrix-telegram"
                 #:directory "/var/lib/mautrix-telegram"))
             (stop #~(make-kill-destructor))
             (auto-start? auto-start?)
@@ -145,7 +170,7 @@
     (name 'mautrix-telegram)
     (extensions
      (list (service-extension account-service-type
-                              (const mautrix-telegram-account))
+                              mautrix-telegram-account)
            (service-extension activation-service-type
                               (const mautrix-telegram-activation))
            (service-extension postgresql-role-service-type
diff --git a/modules/rosenthal/services/monitoring.scm b/modules/rosenthal/services/monitoring.scm
index dc627b1..cbb153e 100644
--- a/modules/rosenthal/services/monitoring.scm
+++ b/modules/rosenthal/services/monitoring.scm
@@ -15,6 +15,7 @@
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages guile-xyz)
   #:use-module (rosenthal packages binaries)
+  #:use-module (rosenthal utils predicates)
   #:export (alloy-configuration
             alloy-service-type
 
@@ -99,6 +100,12 @@
   (postgresql-password-file
    string
    "")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (shepherd-provision
    (list-of-symbols '(grafana))
    "")
@@ -110,11 +117,16 @@
    ""))
 
 (define grafana-account
-  (lambda _
-    (list (user-group (name "grafana") (system? #t))
+  (match-record-lambda <grafana-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "grafana")
+            (id group-id)
+            (system? #t))
           (user-account
             (name "grafana")
             (group "grafana")
+            (uid user-id)
             (system? #t)
             (comment "Grafana user")
             (home-directory "/var/lib/grafana")))))
@@ -190,6 +202,12 @@
   (config
    yaml-config
    "")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (shepherd-provision
    (list-of-symbols '(loki))
    "")
@@ -201,11 +219,16 @@
    ""))
 
 (define loki-account
-  (lambda _
-    (list (user-group (name "loki") (system? #t))
+  (match-record-lambda <loki-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "loki")
+            (id group-id)
+            (system? #t))
           (user-account
             (name "loki")
             (group "loki")
+            (uid user-id)
             (system? #t)
             (comment "Loki user")
             (home-directory "/var/lib/loki")))))
@@ -272,6 +295,12 @@
   (config
    yaml-config
    "")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (shepherd-provision
    (list-of-symbols '(mimir))
    "")
@@ -283,11 +312,16 @@
    ""))
 
 (define mimir-account
-  (lambda _
-    (list (user-group (name "mimir") (system? #t))
+  (match-record-lambda <mimir-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "mimir")
+            (id group-id)
+            (system? #t))
           (user-account
             (name "mimir")
             (group "mimir")
+            (uid user-id)
             (system? #t)
             (comment "Mimir user")
             (home-directory "/var/lib/mimir")))))
@@ -357,6 +391,12 @@
   (config
    yaml-config
    "")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (shepherd-provision
    (list-of-symbols '(prometheus))
    "")
@@ -368,11 +408,16 @@
    ""))
 
 (define prometheus-account
-  (lambda _
-    (list (user-group (name "prometheus") (system? #t))
+  (match-record-lambda <prometheus-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "prometheus")
+            (id group-id)
+            (system? #t))
           (user-account
             (name "prometheus")
             (group "prometheus")
+            (uid user-id)
             (system? #t)
             (comment "Prometheus user")
             (home-directory "/var/lib/prometheus")))))
diff --git a/modules/rosenthal/services/networking.scm b/modules/rosenthal/services/networking.scm
index ce109b7..937b0ae 100644
--- a/modules/rosenthal/services/networking.scm
+++ b/modules/rosenthal/services/networking.scm
@@ -16,6 +16,7 @@
   #:use-module (gnu services dbus)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system shadow)
+  #:use-module (rosenthal utils predicates)
   #:export (sing-box-service-type
             sing-box-configuration
 
@@ -26,10 +27,6 @@
 ;;; sing-box
 ;;;
 
-(define (file-object? val)
-  (or (string? val)
-      (file-like? val)))
-
 (define-configuration/no-serialization sing-box-configuration
   (sing-box
    (file-like sing-box)
@@ -40,6 +37,10 @@
   (data-directory
    (string "/var/lib/sing-box")
    "")
+  ;; Account
+  (group-id
+   (user-and-group-id #f)
+   "")
   ;; Shepherd
   (shepherd-provision
    (list-of-symbols '(sing-box))
@@ -55,7 +56,12 @@
    ""))
 
 (define sing-box-account
-  (list (user-group (name "sing-box") (system? #t))))
+  (match-record-lambda <sing-box-configuration>
+      (group-id)
+    (list (user-group
+            (name "sing-box")
+            (id group-id)
+            (system? #t)))))
 
 (define sing-box-activation
   (match-record-lambda <sing-box-configuration>
@@ -87,7 +93,7 @@
     (name 'sing-box)
     (extensions
      (list (service-extension account-service-type
-                              (const sing-box-account))
+                              sing-box-account)
            (service-extension activation-service-type
                               sing-box-activation)
            (service-extension shepherd-root-service-type
diff --git a/modules/rosenthal/services/web.scm b/modules/rosenthal/services/web.scm
index c8f59f7..a91890f 100644
--- a/modules/rosenthal/services/web.scm
+++ b/modules/rosenthal/services/web.scm
@@ -22,6 +22,7 @@
   #:use-module (guix records)
   #:use-module (rosenthal packages binaries)
   #:use-module (rosenthal packages web)
+  #:use-module (rosenthal utils predicates)
   #:use-module (rosenthal utils serializers ini)
   #:use-module (rosenthal utils serializers yaml)
   #:export (caddy-configuration
@@ -62,6 +63,13 @@
   (caddyfile
    file-like
    "")
+  ;; User
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   ;; Shepherd
   (shepherd-provision
    (list-of-symbols '(caddy))
@@ -73,14 +81,20 @@
    (boolean #t)
    ""))
 
-(define (caddy-accounts config)
-  (list (user-group (name "caddy") (system? #t))
-        (user-account
-         (name "caddy")
-         (group "caddy")
-         (system? #t)
-         (comment "Caddy user")
-         (home-directory "/var/lib/caddy"))))
+(define caddy-accounts
+  (match-record-lambda <caddy-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "caddy")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "caddy")
+            (group "caddy")
+            (uid user-id)
+            (system? #t)
+            (comment "Caddy user")
+            (home-directory "/var/lib/caddy")))))
 
 (define caddy-privileged-programs
   (match-record-lambda <caddy-configuration>
@@ -171,6 +185,14 @@ reload its configuration file."))
   (config
    file-like
    "")
+  ;; Account
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
+  ;; Shepherd
   (auto-start?
    (boolean #t)
    "")
@@ -182,13 +204,19 @@ reload its configuration file."))
    ""))
 
 (define conduit-account
-  (list (user-group (name "conduit") (system? #t))
-        (user-account
-          (name "conduit")
-          (group "conduit")
-          (system? #t)
-          (comment "Conduit user")
-          (home-directory "/var/empty"))))
+  (match-record-lambda <conduit-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "conduit")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "conduit")
+            (group "conduit")
+            (uid user-id)
+            (system? #t)
+            (comment "Conduit user")
+            (home-directory "/var/empty")))))
 
 (define conduit-activation
   (match-record-lambda <conduit-configuration>
@@ -225,7 +253,7 @@ reload its configuration file."))
     (name 'conduit)
     (extensions
      (list (service-extension account-service-type
-                              (const conduit-account))
+                              conduit-account)
            (service-extension activation-service-type
                               conduit-activation)
            (service-extension shepherd-root-service-type
@@ -239,10 +267,6 @@ reload its configuration file."))
 ;;;
 
 
-(define (file-object? val)
-  (or (string? val)
-      (file-like? val)))
-
 (define list-of-file-likes?
   (list-of file-like?))
 
@@ -259,16 +283,28 @@ reload its configuration file."))
   (postgresql-password-file
    string
    "")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (no-serialization))
 
-(define %forgejo-accounts
-  (list (user-group (name "forgejo") (system? #t))
-        (user-account
-         (name "forgejo")
-         (group "forgejo")
-         (system? #t)
-         (comment "Forgejo user")
-         (home-directory "/var/lib/forgejo"))))
+(define forgejo-account
+  (match-record-lambda <forgejo-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "forgejo")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "forgejo")
+            (group "forgejo")
+            (uid user-id)
+            (system? #t)
+            (comment "Forgejo user")
+            (home-directory "/var/lib/forgejo")))))
 
 (define forgejo-postgresql-role
   (match-record-lambda <forgejo-configuration>
@@ -328,7 +364,7 @@ reload its configuration file."))
    (name 'forgejo)
    (extensions
     (list (service-extension account-service-type
-                             (const %forgejo-accounts))
+                             forgejo-account)
           (service-extension postgresql-role-service-type
                              forgejo-postgresql-role)
           (service-extension profile-service-type
@@ -357,6 +393,14 @@ reload its configuration file."))
   (log-file
    (string "/var/log/iocaine.log")
    "")
+  ;; Account
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
+  ;; Shepherd
   (shepherd-provision
    (list-of-symbols '(iocaine))
    "")
@@ -367,14 +411,20 @@ reload its configuration file."))
    (boolean #t)
    ""))
 
-(define iocaine-accounts
-  (list (user-group (name "iocaine") (system? #t))
-        (user-account
-          (name "iocaine")
-          (group "iocaine")
-          (system? #t)
-          (comment "Iocaine user")
-          (home-directory "/var/empty"))))
+(define iocaine-account
+  (match-record-lambda <iocaine-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "iocaine")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "iocaine")
+            (group "iocaine")
+            (uid user-id)
+            (system? #t)
+            (comment "Iocaine user")
+            (home-directory "/var/empty")))))
 
 (define iocaine-etc
   (match-record-lambda <iocaine-configuration>
@@ -417,7 +467,7 @@ test its configuration file."))
    (name 'iocaine)
    (extensions
     (list (service-extension account-service-type
-                             (const iocaine-accounts))
+                             iocaine-account)
           (service-extension etc-service-type
                              iocaine-etc)
           (service-extension shepherd-root-service-type
@@ -447,6 +497,9 @@ test its configuration file."))
   (log-file
    (string "/var/log/jellyfin.log")
    "Path to log file.")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (auto-start?
    (boolean #t)
    "Whether to start automatically.")
@@ -455,13 +508,16 @@ test its configuration file."))
    "List of extra options.")
   (no-serialization))
 
-(define %jellyfin-accounts
-  (list (user-account
-         (name "jellyfin")
-         (group "docker")
-         (system? #t)
-         (home-directory "/var/empty")
-         (shell (file-append shadow "/sbin/nologin")))))
+(define jellyfin-account
+  (match-record-lambda <jellyfin-configuration>
+      (user-id)
+    (list (user-account
+            (name "jellyfin")
+            (group "docker")
+            (uid user-id)
+            (system? #t)
+            (home-directory "/var/empty")
+            (shell (file-append shadow "/sbin/nologin"))))))
 
 (define jellyfin-activation
   (match-record-lambda <jellyfin-configuration>
@@ -504,7 +560,7 @@ test its configuration file."))
    (name 'jellyfin)
    (extensions
     (list (service-extension account-service-type
-                             (const %jellyfin-accounts))
+                             (const jellyfin-account))
           (service-extension activation-service-type
                              jellyfin-activation)
           (service-extension log-rotation-service-type
@@ -527,19 +583,31 @@ test its configuration file."))
   (port
    (integer 25600)
    "Port to listen to for the API and web interface.")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (auto-start?
    (boolean #t)
    "Whether to start automatically.")
   (no-serialization))
 
-(define %komga-accounts
-  (list (user-group (name "komga") (system? #t))
-        (user-account
-         (name "komga")
-         (group "komga")
-         (system? #t)
-         (comment "Komga user")
-         (home-directory "/var/lib/komga"))))
+(define komga-account
+  (match-record-lambda <komga-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "komga")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "komga")
+            (group "komga")
+            (uid user-id)
+            (system? #t)
+            (comment "Komga user")
+            (home-directory "/var/lib/komga")))))
 
 (define komga-shepherd-service
   (match-record-lambda <komga-configuration>
@@ -566,7 +634,7 @@ test its configuration file."))
    (name 'komga)
    (extensions
     (list (service-extension account-service-type
-                             (const %komga-accounts))
+                             komga-account)
           (service-extension shepherd-root-service-type
                              komga-shepherd-service)))
    (default-value (komga-configuration))
@@ -588,6 +656,9 @@ test its configuration file."))
   (data-directory
    (string "/var/lib/misskey")
    "Directory to store @file{files} in.")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (log-file
    (string "/var/log/misskey.log")
    "Log file to use.")
@@ -596,13 +667,16 @@ test its configuration file."))
    "")
   (no-serialization))
 
-(define %misskey-accounts
-  (list (user-account
-         (name "misskey")
-         (group "docker")
-         (system? #t)
-         (home-directory "/var/empty")
-         (shell (file-append shadow "/sbin/nologin")))))
+(define misskey-account
+  (match-record-lambda <misskey-configuration>
+      (user-id)
+    (list (user-account
+            (name "misskey")
+            (group "docker")
+            (uid user-id)
+            (system? #t)
+            (home-directory "/var/empty")
+            (shell (file-append shadow "/sbin/nologin"))))))
 
 (define misskey-postgresql-role
   (match-record-lambda <misskey-configuration>
@@ -655,7 +729,7 @@ test its configuration file."))
    (name 'misskey)
    (extensions
     (list (service-extension account-service-type
-                             (const %misskey-accounts))
+                             misskey-account)
           (service-extension postgresql-role-service-type
                              misskey-postgresql-role)
           (service-extension log-rotation-service-type
@@ -679,6 +753,12 @@ test its configuration file."))
   (ffmpeg
    (file-like ffmpeg)
    "")
+  (group-id
+   (user-and-group-id #f)
+   "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (auto-start?
    (boolean #t)
    "")
@@ -687,14 +767,20 @@ test its configuration file."))
    "")
   (no-serialization))
 
-(define %navidrome-accounts
-  (list (user-group (name "navidrome") (system? #t))
-        (user-account
-         (name "navidrome")
-         (group "navidrome")
-         (system? #t)
-         (comment "Navidrome user")
-         (home-directory "/var/lib/navidrome"))))
+(define navidrome-account
+  (match-record-lambda <navidrome-configuration>
+      (group-id user-id)
+    (list (user-group
+            (name "navidrome")
+            (id group-id)
+            (system? #t))
+          (user-account
+            (name "navidrome")
+            (group "navidrome")
+            (uid user-id)
+            (system? #t)
+            (comment "Navidrome user")
+            (home-directory "/var/lib/navidrome")))))
 
 (define navidrome-shepherd-service
   (match-record-lambda <navidrome-configuration>
@@ -731,7 +817,7 @@ test its configuration file."))
    (name 'navidrome)
    (extensions
     (list (service-extension account-service-type
-                             (const %navidrome-accounts))
+                             navidrome-account)
           (service-extension shepherd-root-service-type
                              navidrome-shepherd-service)))
    (default-value (navidrome-configuration))
@@ -768,15 +854,21 @@ test its configuration file."))
   (postgresql-password-file
    string
    "")
+  (user-id
+   (user-and-group-id #f)
+   "")
   (no-serialization))
 
-(define %vaultwarden-accounts
-  (list (user-account
-         (name "vaultwarden")
-         (group "docker")
-         (system? #t)
-         (home-directory "/var/empty")
-         (shell (file-append shadow "/sbin/nologin")))))
+(define vaultwarden-account
+  (match-record-lambda <vaultwarden-configuration>
+      (user-id)
+    (list (user-account
+            (name "vaultwarden")
+            (group "docker")
+            (uid user-id)
+            (system? #t)
+            (home-directory "/var/empty")
+            (shell (file-append shadow "/sbin/nologin"))))))
 
 (define vaultwarden-postgresql-role
   (match-record-lambda <vaultwarden-configuration>
@@ -842,7 +934,7 @@ test its configuration file."))
    (name 'vaultwarden)
    (extensions
     (list (service-extension account-service-type
-                             (const %vaultwarden-accounts))
+                             vaultwarden-account)
           (service-extension postgresql-role-service-type
                              vaultwarden-postgresql-role)
           (service-extension activation-service-type
diff --git a/modules/rosenthal/utils/predicates.scm b/modules/rosenthal/utils/predicates.scm
new file mode 100644
index 0000000..812f64a
--- /dev/null
+++ b/modules/rosenthal/utils/predicates.scm
@@ -0,0 +1,15 @@
+;;; SPDX-License-Identifier: GPL-3.0-or-later
+;;; Copyright © 2025 Hilton Chain <hako@ultrarare.space>
+
+(define-module (rosenthal utils predicates)
+  #:use-module (guix gexp)
+  #:export (file-object?
+            user-and-group-id?))
+
+(define (file-object? val)
+  (or (string? val)
+      (file-like? val)))
+
+(define (user-and-group-id? val)
+  (or (integer? val)
+      (eqv? val #f)))