Docker Nix builder
I want a docker container, that uses nix to build my project, and outputs a
docker container with just that result (and some minimal OS with /bin/sh,
/etc/passwd, ... so I can
docker exec into it).
Using Nix directly would be better for caching but most users don't have Nix installed on their machines yet. So that solves that problem.
This presumes that the project has already been nixified with the usual
default.nix in it's root that can be used to build the project.
Then for non-nix users, add a Dockerfile that will look like this:
FROM numtide/nix-builder # optional nix-builder args ARG AWS_ACCESS_KEY_ID ARG AWS_SECRET_ACCESS_KEY ARG S3_BUCKET ARG S3_REGION ADD . /app RUN /nix-builder /app
The non-nix users will then build the project using
docker build ..
Binary cache is also available by setting up a S3 bucket on AWS and then passing the following options to the build:
$ docker build \ --build-arg S3_BUCKET=mycache \ --build-arg S3_REGION=us-east-1 \ --build-arg AWS_ACCESS_KEY_ID=XXXXXXXXX \ --build-arg AWS_SECRET_ACCESS_KEY=YYYYYYYYY \ .
NOTE: All uploaded artifacts are publicly readable if the hash is guessed.
nixpkgs has a
dockerTools.buildImage derivation that can be used to produce
docker load-compatible images. This works better when the developers have
nix installed on their systems and don't mind importing the images after the
- In lots of cases the cacert package is required to HTTPS clients
- Explore the docker 1.13+
--squashoption to make smaller images
- Find a way to make smaller images
- Minimize the build log outputs, they are quite large right now