Add nobody user/group to Nix docker image

author: Rok Garbas <rok@garbas.si> 2022-11-29 10:01:46 +0000
committer: Rok Garbas <rok@garbas.si> 2022-11-29 10:01:46 +0000
commit: 46a6be28bef45640de5344a09d56add7068a9aa4 (patch)
tree: 5f0d4e9f225de520fc9329e35d717c30f2a09cd9 /docker.nix
parent: dbf78a7adacc6cf8e977901cfb6bdabfd80f1ab5 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/docker.nix b/docker.nix
index bb2b4e7ff..203a06b53 100644
--- a/docker.nix
+++ b/docker.nix
@@ -36,6 +36,17 @@ let
       shell = "${pkgs.bashInteractive}/bin/bash";
       home = "/root";
       gid = 0;
+      groups = [ "root" ];
+      description = "System administrator";
+    };
+
+    nobody = {
+      uid = 65534;
+      shell = "${pkgs.shadow}/bin/nologin";
+      home = "/var/empty";
+      gid = 65534;
+      groups = [ "nobody" ];
+      description = "Unprivileged account (don't use!)";
     };
 
   } // lib.listToAttrs (
@@ -57,6 +68,7 @@ let
   groups = {
     root.gid = 0;
     nixbld.gid = 30000;
+    nobody.gid = 65534;
   };
 
   userToPasswd = (
author	Rok Garbas <rok@garbas.si>	2022-11-29 10:01:46 +0000
committer	Rok Garbas <rok@garbas.si>	2022-11-29 10:01:46 +0000
commit	46a6be28bef45640de5344a09d56add7068a9aa4 (patch)
tree	5f0d4e9f225de520fc9329e35d717c30f2a09cd9 /docker.nix
parent	dbf78a7adacc6cf8e977901cfb6bdabfd80f1ab5 (diff)