Hey y’all, just starting out on my nix journey here, would love advice on how to effectively leverage the dockerTools stuff to make production-quality images. My company uses a custom build system based on nix, and I would like to be able to build an image from existing targets, with ubuntu (or really any image) as a base. As a Minimum Viable Example, I am trying to replicate the following Dockerfile in nix:
FROM ubuntu:22.04
COPY service /bin/
CMD /bin/service
Here is what I have so far:
ubuntu-image = dockerTools.pullImage {
imageName = "ubuntu";
imageDigest =
"sha256:ac58ff7fe25edc58bdf0067ca99df00014dbd032e2246d30a722fa348fd799a5";
sha256 = "sha256-otbd3dIUm5D4NmXLaR8ed8v8YihjPBphndoFpGIbujw=";
finalImageName = "ubuntu";
finalImageTag = "22.04";
};
service-image = dockerTools.streamLayeredImage {
name = "service";
tag = "latest";
created = "now";
# Ubuntu base image.
fromImage = ref ":ubuntu-image";
contents = [ (ref ":service") ];
config.Cmd = [ "/bin/service" ];
};
This seems to work, and when loading this into docker I can get a working image that runs the service. However, none of the tools I would use for debugging were present, and some more digging showed that the entire /bin directory was “overwritten” and contained only the service executable.
Additional research showed that there was a way to get this to work with buildImage, but I would really like to use the layered image functionality due to the number of dependencies, and how often I want to build and push images, sometimes these images can be more than a GB.
Any help would be appreciated, thank you so much!