Hi there - can’t seem to find any info on how to add a user specification to a docker image built with nix. I’d like to add a custom user that will be used to run the container instead of root. Any hints very much appreciated!
edit: I missed this part of the manual : NixOS - Nixpkgs 21.05 manual
This does require
runAsRoot which means I cannot build a layered image - is there some way to avoid this?
I’m not an expert on using Nix to produce Docker images, but the process is split into two operations, even with the standard Docker tools, i.e. first you create the new user so that you can configure the files to be owned by it, and then you have to configure the containers produced by this image to be run as that particular user by default.
The first setting can be done in a first layer of a multi layered image by using
shadowSetup then setting the runtime user by setting the corresponding entry into the
indeed I ended up solving it by having a small initial image that does the user configuration and using that as the
fromImage for the layered image build. It works quite well and self-optimizes by reusing tons of layers across my images.
Do you all have a code example you could share? I foolishly thought it would be as easy as specifying
config.User = "1000:1000" but I can see I was mistaken.