github-mirror/docker-nixpkgs
1
0
Fork 1
mirror of https://github.com/nix-community/docker-nixpkgs.git synced 2026-01-12 04:40:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

nix-unstable-static: add an unprivileged nix user that can be used without entrypoint

Browse Source
This commit is contained in:
Jörg Thalheim
2023-07-20 12:21:48 +02:00
parent 23c51fe60b
commit e380dbbda5
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
images/nix-unstable-static/default.nix
View File

@@ -6,6 +6,7 @@
, python3 , python3
, removeReferencesTo , removeReferencesTo
, runCommand , runCommand
, buildPackages
}: }:
let let
inherit (pkgsStatic) inherit (pkgsStatic)
@@ -62,6 +63,11 @@ let
# Add user home folder # Add user home folder
mkdir home mkdir home
# Create an unpriveleged user that we can use also without the run-as-user.sh script
chmod +w $PWD/etc/group $PWD/etc/passwd
${buildPackages.shadow}/bin/groupadd --prefix $PWD -g 9000 nixuser
${buildPackages.shadow}/bin/useradd --prefix $PWD -m -d /tmp -u 9000 -g 9000 -G nixuser nixuser
# Add SSL CA certs # Add SSL CA certs
cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt