try

hosts/fw.cloonar.com/configuration.nix

@@ -12,7 +12,6 @@
     ./utils/modules/netdata.nix
 
     # fw
-    ./modules/staticids.nix
     ./modules/networking.nix
     ./modules/firewall.nix
     ./modules/dhcp4.nix

hosts/fw.cloonar.com/modules/staticids.nix

@@ -1,35 +1,8 @@
-{ config, lib, ... }:
-with lib;
-let
-  cfg = config.cids;
-in
 {
-  
-  options.services.cids = {
-    uids = mkOption {
-      readOnly = true;
-      description = lib.mdDoc ''
-        The user IDs used for containers.
-      '';
-      type = types.attrsOf types.int;
-    };
-
-    gids = mkOption {
-      readOnly = true;
-      description = lib.mdDoc ''
-        The group IDs used for containers.
-      '';
-      type = types.attrsOf types.int;
-    };
-  };
-  config = {
-    services.cids = {
   uids = {
     unbound = 10001;
   };
   gids = {
     unbound = 10001;
   };
-    };
-  };
 }

hosts/fw.cloonar.com/modules/unbound.nix

@@ -1,5 +1,6 @@
 { config, ... }:
 let
+  cids = import ../modules/staticids.nix;
   domain = "ns.cloonar.com";
   cfg = {
     server = {
@@ -133,10 +134,10 @@ in {
   users.users.unbound = {
     group = "unbound";
     isSystemUser = true;
-    uid = config.services.cids.uids.unbound;
+    uid = cids.uids.unbound;
   };
   users.groups.unbound = {
-    gid = config.services.cids.gids.unbound;
+    gid = cids.gids.unbound;
   };
 
   security.acme.certs."${domain}" = {
@@ -175,10 +176,10 @@ in {
       users.users.unbound = {
         group = "unbound";
         isSystemUser = true;
-        uid = config.services.cids.uids.unbound;
+        uid = cids.uids.unbound;
       };
       users.groups.unbound = {
-        gid = config.services.cids.gids.unbound;
+        gid = cids.gids.unbound;
       };
       services.unbound = {
         enable = true;