Build using Docker

Hello there, I’m rather new in Nix and trying to create a package to “wrap” Discourse installation because I currently have a non-Nix managed Discourse in 3.3.0beta1 (that I would like to migrate to Nix) but Nixpkgs only provides 3.1.0, which doesn’t accept my backup.

So far I’ve created the following bash to try using Docker inside the building process:

builder.sh

export PATH="$docker/bin"
docker ps

But it fails

ERROR: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get “http://%2Fvar%2Frun%2Fdocker.sock/_ping”: dial unix /var/run/docker.sock: connect: permission denied

However, trying to use it directly with my user works:

$ /nix/store/956bjn9hvpvha1bs7pwq1nhpddbhjh03-docker-24.0.5/bin/docker ps                                 Fri May 17 13:29:55 2024
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

Or even with nix-shell it’s OK:

nix-shell --pure

[nix-shell:~/dev/nix-apprentissage/build-with-docker]$ source builder.sh 
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

What am I missing here?

I dont have much experience with docker and nix either. But just from reading i believe this happens because nix uses a so called sandbox for building. You cannot interact with anything your normal user can. I.e your Home directory or the docker daemon.
The only thing you can interact with is essentially the nix/store.
There are functions in nix to help you build (docker runnable) images

I recommend to start here:

Thank you. I did see this documentation, however the build process is managed by Discourse source code (´launcher’ script file) which is making explicit calls to various bash commands including the ‘docker’ one, so I guess I cannot use these Nix functions directly.

Or I must try to « wrap » the bash script, reproduce it but using the Nix functions. This may be a hard task, I will have a look.