{ config, pkgs, lib, ...}:
let
name = "node-red";
packages =
  with pkgs;
[
  neovim
  nodejs
  nodePackages.npm
  nodePackages.node-red
  #ungoogled-chromium
];
passportOIDC = pkgs.fetchFromGitHub {
  owner = "jaredhanson";
  repo = "passport-openidconnect";
  rev = "c69c2137c5b49534e93008aa0645a00aba1f7f0b";
  sha256 = "sha256-jaeEoJNcAoczZhcuhb2Uw2LKXXARBKkPDYhIDUblWRk=";
};
entrypoint = pkgs.writeShellApplication {
  name = "entrypoint";

  runtimeInputs = packages;

  text = ''
    DATA="''${DATA-/data}"
    cd "$DATA"
    node-red -u "$DATA" -s "''${SETTINGS-/data/settings.js}"
  '';
};
in pkgs.dockerTools.streamLayeredImage {
      inherit name;
      contents = pkgs.buildEnv {
        name = "imgroot";
        paths = (with pkgs; [
          shadow
          less
          bashInteractive
          coreutils
          findutils
          dockerTools.usrBinEnv
          dockerTools.binSh
          dockerTools.caCertificates
          #dockerTools.fakeNss
        ] ++ packages);
      };
      config.Cmd = [ "${entrypoint}/bin/entrypoint" ];
      config.WorkingDir = "/data";
      config.Env = with pkgs; [ "HOME=/data" ];

      enableFakechroot = true;
      fakeRootCommands = ''
        #    ${pkgs.runtimeShell}
        mkdir -p tmp
        chmod 1777 tmp
        ${pkgs.dockerTools.shadowSetup}
        groupadd -r node-red
        useradd -r -g node-red node-red
        id node-red 2>&1 > node-red.id
        mkdir -p /farts
        mkdir -p /farts/copy
        cp -a ${passportOIDC}/* /farts/copy/
        ${pkgs.nodejs}/bin/npm i --prefix /farts ${passportOIDC}
        mkdir -p /data
        (cd /data;${pkgs.nodejs}/bin/npm i passport-openidconnect)
        chown -R node-red:node-red data
        chmod -R 750 data
        date > build-date.txt
      '';
      extraCommands = ''
        #mkdir -p /data
        #cd /data;${pkgs.nodejs}/bin/npm i passport-openidconnect
        #(cd /data;${pkgs.nodejs}/bin/npm i passport-openidconnect)
      '';
}