Deploy .net app on NixOS from MacOS using Docker

arioh · January 8, 2025, 1:28pm

I’m developing a service which runs untrusted code on NixOS. I had 2 stage Dockerfile which compiled my .NET app, and then copied to nixos/nix:latest image. To install needed packages I used:

RUN nix-env -iA \
    nixpkgs.dotnet-runtime_9 \
    nixpkgs.clang 
....

that worked ok. But then I realized this is not the way I suppose to use NixOS. I need to add some additional users and with this approach I have to do it imperatively. I read docs: Building and running Docker images — nix.dev documentation and if I understand it correctly, I have to switch to NixOS to build Docker image + there are some complications due to MacOS. Is there a way to use Docker from MacOS, build .NET app, deploy it to NixOS image and give some configuration.nix or nix.conf to it to get the resulting docker image?

mark · January 9, 2025, 7:52am

I have not got as far as building a dockerfile from nix but I have run images from elsewhere.

colima which is open source and Orbstack which is proprietary will run docker containers and images and the docker command works - If using colima also install docker from nixpkgs, if Orbstack then it supplies docker.

From the nix.dev document you link to it does say you can build from macOS using linux-builder.

arioh · January 10, 2025, 11:46am

I didn’t find a way to do what I wanted with NixOS docker image, but since all I wanted was Nix package manager, I could just install it on Ubuntu or some other distro quite easily.
I followed How to use nix only in docker for a project? - #16 by rkochar and for my .NET app it looked something like this:

FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build
ARG TARGETARCH
WORKDIR /src
COPY --link *.csproj .
RUN dotnet restore -a $TARGETARCH
COPY --link . .
RUN dotnet publish -a $TARGETARCH --no-restore -c Release -o /app/publish

FROM mcr.microsoft.com/dotnet/aspnet:9.0

RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    xz-utils \
    sudo \
    passwd 

RUN useradd -m -s /bin/sh myuser

USER myuser

ENV USER=myuser
ENV PATH="/home/myuser/.nix-profile/bin:${PATH}"
RUN curl -sL https://nixos.org/nix/install | sh -s -- --no-daemon

RUN nix-channel --add https://nixos.org/channels/nixpkgs-unstable && \
    nix-channel --update && \
    nix-env -iA nixpkgs.gcc14 \
.....