nix-unstable-static: add an unprivileged nix user that can be used without entrypoint

2026-01-12 04:40:42 -05:00 · 2023-07-20 12:21:48 +02:00
parent 23c51fe60b
commit e380dbbda5
1 changed files with 6 additions and 0 deletions
--- a/images/nix-unstable-static/default.nix
+++ b/images/nix-unstable-static/default.nix
@@ -6,6 +6,7 @@
 , python3
 , removeReferencesTo
 , runCommand
+, buildPackages
 }:
 let
  inherit (pkgsStatic)
@@ -62,6 +63,11 @@ let
    # Add user home folder
    mkdir home

+    # Create an unpriveleged user that we can use also without the run-as-user.sh script
+    chmod +w $PWD/etc/group $PWD/etc/passwd
+    ${buildPackages.shadow}/bin/groupadd --prefix $PWD -g 9000 nixuser
+    ${buildPackages.shadow}/bin/useradd --prefix $PWD -m -d /tmp -u 9000 -g 9000 -G nixuser nixuser
+
    # Add SSL CA certs
    cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt