From e380dbbda59503051433099cd137898c86607acb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 20 Jul 2023 12:21:48 +0200
Subject: [PATCH] nix-unstable-static: add an unprivileged nix user that can be
 used without entrypoint

---
 images/nix-unstable-static/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/images/nix-unstable-static/default.nix b/images/nix-unstable-static/default.nix
index 8a084f5..1f7f6ba 100644
--- a/images/nix-unstable-static/default.nix
+++ b/images/nix-unstable-static/default.nix
@@ -6,6 +6,7 @@
 , python3
 , removeReferencesTo
 , runCommand
+, buildPackages
 }:
 let
   inherit (pkgsStatic)
@@ -62,6 +63,11 @@ let
     # Add user home folder
     mkdir home
 
+    # Create an unpriveleged user that we can use also without the run-as-user.sh script
+    chmod +w $PWD/etc/group $PWD/etc/passwd
+    ${buildPackages.shadow}/bin/groupadd --prefix $PWD -g 9000 nixuser
+    ${buildPackages.shadow}/bin/useradd --prefix $PWD -m -d /tmp -u 9000 -g 9000 -G nixuser nixuser
+
     # Add SSL CA certs
     cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt