add a nix-flake runner

images/nix-flakes-runner/default.nix

@@ -0,0 +1,10 @@
+{ docker-nixpkgs
+, nodejs
+, extraContents ? [ ]
+}:
+docker-nixpkgs.nix-flakes.override {
+  extraContents = [
+    # nodejs for runner
+    nodejs
+  ] ++ extraContents;
+}

images/nix-unstable-static/default.nix

@@ -6,20 +6,21 @@
 , python3
 , removeReferencesTo
 , runCommand
-, buildPackages
 }:
 let
   inherit (pkgsStatic)
     bashInteractive
     busybox
-    cacert;
+    cacert
+    openssl
+    ;
 
   bash = bashInteractive;
 
   # Get nix from Hydra because the nixpkgs one is not fully static
   nixStaticBin = fetchurl {
-    url = "https://hydra.nixos.org/build/228458395/download/1/nix";
-    hash = "sha256-H361lUdMpBpBVwInBmpAXKAwjPIf740Jg9Nht0NV66s=";
+    url = "https://hydra.nixos.org/build/181573550/download/1/nix";
+    hash = "sha256-zO2xJhQIrLtL/ReTlcorjwsaTO1W5Rnr+sXwcLcujok=";
   };
 
   nixSymlinks = [
@@ -63,11 +64,6 @@ let
     # Add user home folder
     mkdir home
 
-    # Create an unpriveleged user that we can use also without the run-as-user.sh script
-    chmod +w $PWD/etc/group $PWD/etc/passwd
-    ${buildPackages.shadow}/bin/groupadd --prefix $PWD -g 9000 nixuser
-    ${buildPackages.shadow}/bin/useradd --prefix $PWD -m -d /tmp -u 9000 -g 9000 -G nixuser nixuser
-
     # Add SSL CA certs
     cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt
 
@@ -121,8 +117,7 @@ let
       Env = [
         "NIX_BUILD_SHELL=/bin/bash"
         "PAGER=cat"
-        # /host/bin can be used to extend the image with additional binaries
-        "PATH=/bin:/host/bin"
+        "PATH=/bin"
         "SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
       ];
     };