I have been puzzled very often by the significantly larger sizes of dockerTools-generated images (compared to the non-nix standard Dockerfile approach). My standard suspicion is some/many of the packages use buildInputs/nativeBuildInputs/propagatedBuildInputs/etc. incorrectly which results in build-time-only dependencies being included in the image. If there is a reliable way to find those mistakes I would be very interested to know it.
My own quest in a similar direction so far resulted in finding (and fixing) this issue: Copies of shared libraries instead of symlinks in the store and docker. 1G reduction in the image size!