{
  lib,
  pkgs,
  ...
}:
pkgs.dockerTools.buildLayeredImage {
  name = "nix-coder";
  tag = "latest";

  contents = pkgs.buildEnv {
    name = "image-root";
    paths = [
      pkgs.bash
      pkgs.bashInteractive
      pkgs.nix
      pkgs.coreutils-full
      pkgs.openssh
      pkgs.git
      pkgs.curl
      (pkgs.writeShellScriptBin "reload-dotfiles" ''
        ${pkgs.home-manager}/bin/home-manager switch --flake ''${DOTFILES_REPO:-$1}
      '')
      (pkgs.writeTextDir "etc/nix/nix.conf" "experimental-features = nix-command flakes")
      (pkgs.writeTextDir "etc/passwd" "coder:x:1000:1000::/home/coder:/bin/bash")
      (pkgs.writeTextDir "etc/shadow" "coder:!:::::::")
      (pkgs.writeTextDir "etc/group" "coder:x:1000:")
      (pkgs.writeTextDir "etc/gshadow" "coder:x::")
    ];
    pathsToLink = ["/bin" "/etc"];
  };
  maxLayers = 5;

  fakeRootCommands = ''
    mkdir -p ./home/coder ./tmp ./nix/var/nix
  '';
  config = {
    Cmd = ["/bin/bash"];
    Env = [
      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
      "HOME=/home/coder"
      "USER=coder"
    ];
  };
}