From 46a6be28bef45640de5344a09d56add7068a9aa4 Mon Sep 17 00:00:00 2001
From: Rok Garbas <rok@garbas.si>
Date: Tue, 29 Nov 2022 10:01:46 +0000
Subject: [PATCH] Add nobody user/group to Nix docker image

---
 docker.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docker.nix b/docker.nix
index bb2b4e7ff..203a06b53 100644
--- a/docker.nix
+++ b/docker.nix
@@ -36,6 +36,17 @@ let
       shell = "${pkgs.bashInteractive}/bin/bash";
       home = "/root";
       gid = 0;
+      groups = [ "root" ];
+      description = "System administrator";
+    };
+
+    nobody = {
+      uid = 65534;
+      shell = "${pkgs.shadow}/bin/nologin";
+      home = "/var/empty";
+      gid = 65534;
+      groups = [ "nobody" ];
+      description = "Unprivileged account (don't use!)";
     };
 
   } // lib.listToAttrs (
@@ -57,6 +68,7 @@ let
   groups = {
     root.gid = 0;
     nixbld.gid = 30000;
+    nobody.gid = 65534;
   };
 
   userToPasswd = (