From 04dddc628fdf44faf5200b34ccfba0c189a0ce47 Mon Sep 17 00:00:00 2001
From: Joakim Repomaa <joakim.repomaa@mocoapp.com>
Date: Sun, 22 Feb 2026 16:59:21 +0200
Subject: [PATCH] fix image build

---
 .gitea/workflows/build-images.yml |  3 --
 flake.nix                         | 54 +++++++++++++++++--------------
 2 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/.gitea/workflows/build-images.yml b/.gitea/workflows/build-images.yml
index c5eae6f..6eff152 100644
--- a/.gitea/workflows/build-images.yml
+++ b/.gitea/workflows/build-images.yml
@@ -14,9 +14,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v6
 
-      - name: Install Skopeo
-        run: nix shell nixpkgs#skopeo -c echo "skopeo installed"
-
       - name: Build aarch64 Image
         run: nix build .#dockerImages.aarch64-linux.node --out-link ./image-aarch64.tar.gz
 
diff --git a/flake.nix b/flake.nix
index 750c4a6..e4efae6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -136,38 +136,42 @@
                 withSystem system (
                   { pkgs, ... }:
                   {
-                    node = pkgs.dockerTools.buildImage {
-                      name = "node";
-                      tag = "latest";
-                      runAsRoot = ''
-                        #!${pkgs.runtimeShell}
-                        set -e
-                        ${pkgs.dockerTools.shadowSetup}
-                        groupadd -r node
-                        useradd -r -g node -m -d /home/node node
-                        mkdir -p /nix
-                        chown node:node /nix
-                      '';
-                      copyToRoot = pkgs.buildEnv {
-                        name = "image-root";
-                        pathsToLink = [ "/" ];
-                        paths = with pkgs; [
+                    node =
+                      let
+                        setupDirs = pkgs.runCommand "setup-dirs" { } ''
+                          mkdir -p $out/tmp $out/root $out/var/tmp
+                          chmod 1777 $out/tmp $out/var/tmp
+                        '';
+                      in
+                      pkgs.dockerTools.buildLayeredImage {
+                        name = "node";
+                        tag = "latest";
+                        contents = with pkgs; [
                           nodejs
                           nix
                           busybox
                           bash
                           skopeo
+                          cacert
+                          git
+                          setupDirs
+                          (writeTextFile {
+                            name = "etc-nix-nix-conf";
+                            destination = "/etc/nix/nix.conf";
+                            text = ''
+                              build-users-group =
+                              experimental-features = nix-command flakes
+                            '';
+                          })
                         ];
+                        config = {
+                          Env = [
+                            "SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
+                            "NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-bundle.crt"
+                            "HOME=/root"
+                          ];
+                        };
                       };
-                      config = {
-                        User = "node";
-                        Env = [
-                          "NIX_CONFIG=experimental-features = nix-command flakes"
-                          "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
-                          "NODE_EXTRA_CA_CERTS=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
-                        ];
-                      };
-                    };
                   }
                 )
               );