From f58835f4ce4e1b10eeaa7f3cfe4f6948c2ae99ce Mon Sep 17 00:00:00 2001
From: h0nIg <h0nIg@users.noreply.github.com>
Date: Thu, 5 Jun 2025 23:28:47 +0200
Subject: [PATCH 1/4] docker: add docu references & remove duplicate code

(cherry picked from commit e72a0ad8c338be5573a295db62748bc88d7ea4a4)

# Conflicts:
#	docker.nix
---
 docker.nix | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/docker.nix b/docker.nix
index d52c317d6b1..95a0141590c 100644
--- a/docker.nix
+++ b/docker.nix
@@ -147,13 +147,8 @@ let
     "${k}:x:${toString gid}:${lib.concatStringsSep "," members}";
   groupContents = (lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs groupToGroup groups)));
 
-  defaultNixConf = {
-    sandbox = "false";
-    build-users-group = "nixbld";
-    trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
-  };
-
   nixConfContents =
+<<<<<<< HEAD
     (lib.concatStringsSep "\n" (
       lib.mapAttrsFlatten (
         n: v:
@@ -164,6 +159,12 @@ let
       ) (defaultNixConf // nixConf)
     ))
     + "\n";
+=======
+    pkgs.dockerTools.nixConf
+    {
+      build-users-group = "nixbld";
+    };
+>>>>>>> e72a0ad8c (docker: add docu references & remove duplicate code)
 
   userHome = if uid == 0 then "/root" else "/home/${uname}";
 
@@ -181,6 +182,8 @@ let
         name = "root-profile-env";
         paths = defaultPkgs;
       };
+      # doc/manual/source/command-ref/files/manifest.nix.md
+      # may get replaced by pkgs.buildEnv once manifest.json can get written
       manifest = pkgs.buildPackages.runCommand "manifest.nix" { } ''
         cat > $out <<EOF
         [
@@ -246,6 +249,7 @@ let
           set -x
           mkdir -p $out/etc
 
+          # may get replaced by pkgs.dockerTools.caCertificates
           mkdir -p $out/etc/ssl/certs
           ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs
 
@@ -273,17 +277,21 @@ let
           mkdir -p $out${userHome}
           mkdir -p $out/nix/var/nix/profiles/per-user/${uname}
 
+          # see doc/manual/source/command-ref/files/profiles.md
           ln -s ${profile} $out/nix/var/nix/profiles/default-1-link
           ln -s /nix/var/nix/profiles/default-1-link $out/nix/var/nix/profiles/default
           ln -s /nix/var/nix/profiles/default $out${userHome}/.nix-profile
 
+          # see doc/manual/source/command-ref/files/channels.md
           ln -s ${channel} $out/nix/var/nix/profiles/per-user/${uname}/channels-1-link
           ln -s /nix/var/nix/profiles/per-user/${uname}/channels-1-link $out/nix/var/nix/profiles/per-user/${uname}/channels
 
+          # see doc/manual/source/command-ref/files/default-nix-expression.md
           mkdir -p $out${userHome}/.nix-defexpr
           ln -s /nix/var/nix/profiles/per-user/${uname}/channels $out${userHome}/.nix-defexpr/channels
           echo "${channelURL} ${channelName}" > $out${userHome}/.nix-channels
 
+          # may get replaced by pkgs.dockerTools.binSh & pkgs.dockerTools.usrBinEnv
           mkdir -p $out/bin $out/usr/bin
           ln -s ${pkgs.coreutils}/bin/env $out/usr/bin/env
           ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/sh

From 3f937c25d25f794577bbfb20ea10f9194f0f2008 Mon Sep 17 00:00:00 2001
From: h0nIg <h0nIg@users.noreply.github.com>
Date: Fri, 6 Jun 2025 23:54:15 +0200
Subject: [PATCH 2/4] docker: shrink code - use buildenv.manifest

(cherry picked from commit 2caccbed11ed5a517ed3fee86f1da3cdbff60211)
---
 docker.nix | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/docker.nix b/docker.nix
index 95a0141590c..56c1e20bbfb 100644
--- a/docker.nix
+++ b/docker.nix
@@ -178,12 +178,7 @@ let
           echo "[]" > $out/manifest.nix
         fi
       '';
-      rootEnv = pkgs.buildPackages.buildEnv {
-        name = "root-profile-env";
-        paths = defaultPkgs;
-      };
       # doc/manual/source/command-ref/files/manifest.nix.md
-      # may get replaced by pkgs.buildEnv once manifest.json can get written
       manifest = pkgs.buildPackages.runCommand "manifest.nix" { } ''
         cat > $out <<EOF
         [
@@ -213,11 +208,15 @@ let
         ]
         EOF
       '';
-      profile = pkgs.buildPackages.runCommand "user-environment" { } ''
-        mkdir $out
-        cp -a ${rootEnv}/* $out/
-        ln -s ${manifest} $out/manifest.nix
-      '';
+      profile = pkgs.buildPackages.buildEnv {
+        name = "root-profile-env";
+        paths = defaultPkgs;
+
+        postBuild = ''
+          mv $out/manifest $out/manifest.nix
+        '';
+        inherit manifest;
+      };
       flake-registry-path =
         if (flake-registry == null) then
           null

From 2ac96c15833745cc7d659de77549edc778e6bc8a Mon Sep 17 00:00:00 2001
From: h0nIg <h0nIg@users.noreply.github.com>
Date: Thu, 26 Jun 2025 23:33:27 +0200
Subject: [PATCH 3/4] enhancements

(cherry picked from commit 8fbc27af46e49265691ca664e5705b043639c7ca)

# Conflicts:
#	docker.nix
---
 docker.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docker.nix b/docker.nix
index 56c1e20bbfb..06ec05a2ffb 100644
--- a/docker.nix
+++ b/docker.nix
@@ -147,6 +147,7 @@ let
     "${k}:x:${toString gid}:${lib.concatStringsSep "," members}";
   groupContents = (lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs groupToGroup groups)));
 
+<<<<<<< HEAD
   nixConfContents =
 <<<<<<< HEAD
     (lib.concatStringsSep "\n" (
@@ -165,6 +166,19 @@ let
       build-users-group = "nixbld";
     };
 >>>>>>> e72a0ad8c (docker: add docu references & remove duplicate code)
+=======
+  toConf = with pkgs.lib.generators; toKeyValue {
+    mkKeyValue = mkKeyValueDefault {
+      mkValueString = v: if lib.isList v then lib.concatStringsSep " " v else mkValueStringDefault { } v;
+    } " = ";
+  };
+
+  nixConfContents = toConf {
+    sandbox = false;
+    build-users-group = "nixbld";
+    trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
+  };
+>>>>>>> 8fbc27af4 (enhancements)
 
   userHome = if uid == 0 then "/root" else "/home/${uname}";
 

From 075baa475c3151f21b06989ecae0cd08436426f2 Mon Sep 17 00:00:00 2001
From: h0nIg <h0nIg@users.noreply.github.com>
Date: Thu, 26 Jun 2025 23:37:39 +0200
Subject: [PATCH 4/4] format

(cherry picked from commit ba12adc0f92396297b6c825690f3a3dfa8a9fbd5)

# Conflicts:
#	docker.nix
---
 docker.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docker.nix b/docker.nix
index 06ec05a2ffb..4456ff66bbe 100644
--- a/docker.nix
+++ b/docker.nix
@@ -147,6 +147,7 @@ let
     "${k}:x:${toString gid}:${lib.concatStringsSep "," members}";
   groupContents = (lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs groupToGroup groups)));
 
+<<<<<<< HEAD
 <<<<<<< HEAD
   nixConfContents =
 <<<<<<< HEAD
@@ -172,6 +173,15 @@ let
       mkValueString = v: if lib.isList v then lib.concatStringsSep " " v else mkValueStringDefault { } v;
     } " = ";
   };
+=======
+  toConf =
+    with pkgs.lib.generators;
+    toKeyValue {
+      mkKeyValue = mkKeyValueDefault {
+        mkValueString = v: if lib.isList v then lib.concatStringsSep " " v else mkValueStringDefault { } v;
+      } " = ";
+    };
+>>>>>>> ba12adc0f (format)
 
   nixConfContents = toConf {
     sandbox = false;