Minimal Docker image

Using a Dockerfile , you are responsible for:

cleaning up everything that is not needed at runtime

deciding how to split into layers for better caching

Writing a Dockerfile that would produce a minimal image is at best a very error prone process.

With Nix, only packages you define are included in the Docker image. No cleaning up needed. There are no build tools left in your Docker image, keeping it as small as possible.

Nix also knows how to layer your resulting Docker image, automatically. The resulting layers are optimized for caching as much as possible.

The following Nix expression ( default.nix ) defines a Docker image with only the hello package in it.

{ pkgs ? import <nixpkgs> {} }: pkgs.dockerTools.buildLayeredImage { name = "only-hello"; contents = [ pkgs.hello ]; }

To build and run the image you need to:

$ nix-build default.nix -o ./result ... /nix/store/…-docker-image-only-hello.tar.gz $ docker load -i ./result 1c31fbac2eb1: Loading layer [==================>] 1.649MB/1.649MB 03b22f688054: Loading layer [==================>] 256kB/256kB 29c350a9c392: Loading layer [==================>] 31.61MB/31.61MB 6a87e4d71e07: Loading layer [==================>] 266.2kB/266.2kB c09c43a6b910: Loading layer [==================>] 71.68kB/71.68kB Loaded image: only-hello:qn5x1pnk7d467jsl81jng7168qsks42l $ docker run only-hello:qn5x1pnk7d467jsl81jng7168qsks42l hello Hello, world

Learn more about how to build Docker images.