From 0a0cbbfe6d9dc3bf85450e12cb8a8a385b90724e Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Wed, 10 Dec 2025 22:43:20 +0100
Subject: [PATCH] fix(init-nix): create 'nix' user with a valid shell across
 all distros

The init-nix.sh script previously hardcoded /usr/bin/bash as the login shell
for the 'nix' user, which exists on Arch but not on Debian. This caused the
Nix single-user installer (run via `su - nix`) to fail silently or break in
unpredictable ways on Debian-based images.

We now resolve the shell dynamically via `command -v bash` and fall back to
/bin/sh on minimal systems. This makes Nix installation deterministic across
Arch, Debian, Ubuntu, Fedora, CentOS and CI containers.

https://chatgpt.com/share/6939e97f-c93c-800f-887b-27c7e67ec46d
---
 scripts/init-nix.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/scripts/init-nix.sh b/scripts/init-nix.sh
index 8169e4f..b2c4d04 100755
--- a/scripts/init-nix.sh
+++ b/scripts/init-nix.sh
@@ -94,7 +94,15 @@ if [[ "${IN_CONTAINER}" -eq 1 && "${EUID:-0}" -eq 0 ]]; then
   # Ensure "nix" user (home at /home/nix)
   if ! id nix >/dev/null 2>&1; then
     echo "[init-nix] Creating user 'nix'..."
-    useradd -m -r -g nixbld -s /usr/bin/bash nix
+    # Resolve a valid shell path across distros:
+    # - Debian/Ubuntu: /bin/bash
+    # - Arch:          /usr/bin/bash (often symlinked)
+    # Fall back to /bin/sh on ultra-minimal systems.
+    BASH_SHELL="$(command -v bash || true)"
+    if [[ -z "${BASH_SHELL}" ]]; then
+      BASH_SHELL="/bin/sh"
+    fi
+    useradd -m -r -g nixbld -s "${BASH_SHELL}" nix
   fi
 
   # Ensure /nix exists and is writable by the "nix" user.