diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix
index 13ebf954f32..eb78b32f542 100644
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@@ -72,6 +72,7 @@ in
     clamav = 51;
     fprot = 52;
     bind = 53;
+    wwwrun = 54;
 
     # When adding a uid, make sure it doesn't match an existing gid.
 
@@ -123,6 +124,9 @@ in
     mpd = 50;
     clamav = 51;
     fprot = 52;
+    # Group id 53 is still free! I didn't use it, because I wanted the
+    # the same numeric value for the 'wwwrun' user and group.
+    wwwrun = 54;
 
     # When adding a gid, make sure it doesn't match an existing uid.
 
diff --git a/modules/services/web-servers/apache-httpd/default.nix b/modules/services/web-servers/apache-httpd/default.nix
index 90c0adee2a7..248c013bf38 100644
--- a/modules/services/web-servers/apache-httpd/default.nix
+++ b/modules/services/web-servers/apache-httpd/default.nix
@@ -407,7 +407,7 @@ in
 
       package = mkOption {
         default = pkgs.apacheHttpd.override { mpm = mainCfg.multiProcessingModule; };
-	example = "pkgs.apacheHttpd_2_4";
+        example = "pkgs.apacheHttpd_2_4";
         description = "
           Overridable attribute of the Apache HTTP Server package to use.
         ";
@@ -415,7 +415,7 @@ in
 
       configFile = mkOption {
         default = confFile;
-	example = ''pkgs.writeText "httpd.conf" "# my custom config file ...";'';
+        example = ''pkgs.writeText "httpd.conf" "# my custom config file ...";'';
         description = "
           Overridable config file to use for Apache. By default, use the
           file automatically generated by nixos.
@@ -469,6 +469,18 @@ in
         ";
       };
 
+      fixUidAndGid = mkOption {
+        default = false;
+        description = "
+          Use a fixed numeric ID (54) for the <varname>wwwrun</varname> user
+          and group. This setting is disabled by default for the sake of
+          backwards compatibility: we don't want to break pre-existing
+          installations that alrady have a user/group for Apache with different
+          values for that ID. If you're installing a fresh server, however,
+          choosing the fixed numeric values for those IDs is safe.
+        ";
+      };
+
       logDir = mkOption {
         default = "/var/log/httpd";
         description = "
@@ -558,14 +570,14 @@ in
   config = mkIf config.services.httpd.enable {
 
     users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") singleton
-      { name = "wwwrun";
+      ({ name = "wwwrun";
         group = "wwwrun";
         description = "Apache httpd user";
-      };
+      } // (if mainCfg.fixUidAndGid then { uid = config.ids.uids.wwwrun; } else {}));
 
     users.extraGroups = optionalAttrs (mainCfg.group == "wwwrun") singleton
-      { name = "wwwrun";
-      };
+      ({ name = "wwwrun";
+      } // (if mainCfg.fixUidAndGid then { gid = config.ids.gids.wwwrun; } else {}));
 
     environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices;