Dockerfile

@@ -37,7 +37,7 @@ RUN pacman -S --noconfirm --needed \
     && pacman -Scc --noconfirm
 
 # ── Crown Jewel #2: AUR ───────────────────────────────────────────────────────
-RUN useradd -m -s /bin/zsh -G wheel aurbuild && \
+RUN useradd -m -s /bin/zsh -u 9001 -G wheel aurbuild && \
     echo 'aurbuild ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/aurbuild
 
 RUN cd /tmp && \
@@ -55,9 +55,16 @@ RUN sudo -u aurbuild yay -S --noconfirm --needed \
     && sudo -u aurbuild yay -Scc --noconfirm
 
 # ── Dev user with host-matching UID/GID ───────────────────────────────────────
-# UID/GID match host so /workspace bind mount has clean permissions both sides
+# UID/GID match host so /workspace bind mount has clean permissions both sides.
-RUN groupadd -g ${USER_GID} dev && \
+# aurbuild is parked at UID 9001 so there's no collision with host UID.
-    useradd -m -s /bin/zsh -u ${USER_UID} -g ${USER_GID} -G wheel dev && \
+RUN set -e; \
+    # Group: handle pre-existing GID gracefully (Arch base has users:1000)
+    if getent group ${USER_GID} >/dev/null; then \
+        groupmod -n dev "$(getent group ${USER_GID} | cut -d: -f1)"; \
+    else \
+        groupadd -g ${USER_GID} dev; \
+    fi; \
+    useradd -m -s /bin/zsh -u ${USER_UID} -g ${USER_GID} -G wheel dev; \
     echo 'dev ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/dev
 
 # ── Skeleton: bake dotfiles into /etc/skel-arch-dev/ ──────────────────────────