Helpful, thanks! I should have suspected the repo uses nix itself for building the image, instead of a Dockerfile.
Here’s the actual source: https://github.com/NixOS/nix/blob/6524eb4b770380b5a2f17e87a7d1b99a47dbb8f8/docker.nix
I don’t understand much of it, but it doesn’t seem super easy to add an extra user and have it support multi platforms. I don’t actually see how multiplatform images are built with docker, but there’s some background here: Is there a `docker buildx` command on NixOS?