Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



85 Commits

Repository files navigation

Docker images for the Nix package manager

This repository contains nix expressions to build a minimal docker image for the nix package manager. The current official docker image for nix is based on alpine, this image that is build from scratch and looks a lot more like nixos.

  • nix, bash and coreutils are installed in a system profile that is linked to /run/current-system/sw, the only global paths are /bin/sh and /usr/bin/env

  • it's easy to build a new custom baseimage using a specific version of nixpkgs, this makes it a lot easier to create an image with a custom version of nix or nixpkgs.

  • the lnl7/nix:ssh image can be used to setup an image that can be used as a remote builder, this allows you to build expressions for x86_64-linux on other platforms (ex. building a new baseimage on a darwin machine)

Base Images

All the images are based on the latest baseimage, previous versions are available in my repository

  • lnl7/nix:2020-09-11 (2.3.7)
  • lnl7/nix:2020-06-07 (2.3.6)
  • lnl7/nix:2020-03-07 (2.3.3)
  • lnl7/nix:2019-03-01 (2.2)
  • lnl7/nix:2018-09-21 (2.1.2)
  • lnl7/nix:2018-07-17 (2.0.4)
  • lnl7/nix:2018-04-17 (2.0)
  • lnl7/nix:2018-03-13-patch1
  • lnl7/nix:2018-01-13 (1.11.16)
  • lnl7/nix:2017-10-07 (1.11.15)
  • lnl7/nix:2017-06-17 (1.11.10)
  • lnl7/nix:2017-06-09 (1.11.9)
  • lnl7/nix:2017-01-21 (1.11.6)
  • lnl7/nix:124f25b (1.11.4)
  • lnl7/nix:ea9d390 (1.11.2)
  • lnl7/nix:272cf5c

Default Image

The default image is intended for interactive use and includes some common and useful packages:

docker run --rm -it lnl7/nix nix repl '<nixpkgs>'

Building an Image

FROM lnl7/nix:2.3.7

RUN nix-env -iA \
 nixpkgs.curl \

Building a new Base Image

nix-shell -A env --run './result/bin/run-docker-build'

The src can also can be overridden to use a custom nixpkgs for the image.

nix-shell -A env --argstr src ./srcs/2018-03-13.nix

Running as a remote builder

docker run --restart always --name nix-docker -d -p 3022:22 lnl7/nix:ssh

If you have not setup a remote builder before you can follow these steps.

Configure SSH

An insecure rsa key is provided in the repo, the following assumes you are using it. Optional instructions for generating a fresh key are provided at the end.

Single User Mode

Copy the rsa key to your ssh folder

chmod 600 ssh/insecure_rsa
cp ssh/insecure_rsa ~/.ssh/docker_rsa

Add an entry for the container in your ~/.ssh/config

Host nix-docker
  User root
  Port 3022
  IdentityFile ~/.ssh/docker_rsa
Multi User Mode (Nix Daemon)

Copy the insecure rsa key to /etc/nix

sudo mkdir -p /etc/nix
chmod 600 ssh/insecure_rsa
sudo cp ssh/insecure_rsa /etc/nix/docker_rsa

Add an ssh entry to /var/root/.ssh/config if you are using nix daemon

Host nix-docker
  User root
  Port 3022
  IdentityFile /etc/nix/docker_rsa

Optional: setup your own ssh key, instead of using the insecure key.

ssh-keygen -t rsa -b 2048 -N "" -f docker_rsa
docker cp nix-docker:/root/.ssh/authorized_keys

Then copy the key to either /etc/nix or ~/.ssh depending on if you are running nix in single or multi user mode.

Create a signing keypair

openssl genrsa -out /etc/nix/signing-key.sec 2048
openssl rsa -in /etc/nix/signing-key.sec -pubout > /etc/nix/
chmod 600 /etc/nix/signing-key.sec
ssh nix-docker mkdir -p /etc/nix
docker cp /etc/nix/signing-key.sec nix-docker:/etc/nix/signing-key.sec

Setup the container as a remote builder

sudo cp ssh/remote-build-env /etc/nix/
sudo cp ssh/machines /etc/nix/

Build a linux derivation

nix-build -E 'with import <nixpkgs> { system = "x86_64-linux"; }; hello.overrideAttrs (drv: { REBUILD = builtins.currentTime; })'


Docker images for the Nix package manager








No releases published


No packages published