working static nix target

nix/Dockerfile

@@ -4,25 +4,28 @@ LABEL maintainer=heywoodlh
 RUN apk add --no-cache curl bash \
     && curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux --init none --no-confirm --extra-conf "filter-syscalls = false"
 
+COPY nix.conf /etc/nix/nix.conf
+
 ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
 VOLUME /nix
 
 # Target for building the static nix binaries
-FROM base AS static-builder
-RUN nix build -o /opt/nix nixpkgs#nixStatic
+FROM base AS static-fetcher
+
+# Hydra Nix project: https://hydra.nixos.org/project/nix
+# Example 2.24 version job list URL: https://hydra.nixos.org/jobset/nix/maintenance-2.24#tabs-jobs
+RUN curl -L https://hydra.nixos.org/job/nix/maintenance-$(nix --version | awk '{print $3}' | cut -d'.' -f1-2)/buildStatic.nix.$(arch)-linux/latest/download-by-type/file/binary-dist -o /opt/nix \
+    && chmod +x /opt/nix
 
 # static target
 FROM alpine:latest AS static
 
-COPY --from=static-builder /opt/nix /opt/nix
-ENV PATH="${PATH}:/opt/nix/bin"
+COPY --from=static-fetcher /opt/nix /usr/bin/nix
+COPY --from=base /etc/nix/nix.conf /etc/nix/nix.conf
 
 # Testing targets
 FROM base AS test
 RUN nix run nixpkgs#hello
 
 FROM static AS static-test
 RUN nix run nixpkgs#hello
-
-# Default target
-FROM base

nix/README.md

@@ -1,4 +1,25 @@
-If any issues are encountered with this Docker image (or help desired) please file an issue on Github: https://github.com/heywoodlh/dockerfiles/issues
-For ideas on usage, look at my Fish functions in my .dotfiles: https://github.com/heywoodlh/.dotfiles/tree/master/config/fish/functions
+Determinate Systems Nix image with Flakes enabled by default.
 
-Feel free to ask for any help and I will try to respond as quick and as kindly as I can but I make no guarantee that I will provide support.
+Dockerfile and build resources are here: https://github.com/heywoodlh/dockerfiles/tree/master/nix
+
+GitHub Action to build this on a recurring basis: https://github.com/heywoodlh/actions/blob/master/.github/workflows/nix-buildx.yml
+
+## Usage
+
+```
+docker run -it --rm docker.io/heywoodlh/nix:latest nix run nixpkgs#hello
+```
+
+There is also a static Nix image with the `static` tag:
+
+```
+docker run -it --rm docker.io/heywoodlh/nix:static nix run nixpkgs#hello
+```
+
+The `static` image can be used as a base to redistribute the static Nix binary for other Linux systems, as well:
+
+```
+mkdir -p /tmp/nix-bin
+docker run -it --rm -v /tmp/nix-bin:/tmp/nix-bin docker.io/heywoodlh/nix:static cp /usr/bin/nix /tmp/nix-bin/nix
+/tmp/nix-bin/nix --version
+```

nix/nix.conf

@@ -1,2 +1,5 @@
+trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+trusted-substituters = https://cache.nixos.org
+trusted-users = root @wheel @nix
 extra-experimental-features = nix-command flakes
 build-users-group =