Yes but « docker build » already exists and can already be made deterministic so it’s indeed somewhat competing. Would anything be easier by using Nix?

Right now it seems to me like a large ordeal with little to no benefits and my interaction with the Nix community hasn’t been very convincing. A lot of Nix users seem to believe determinism and reproducibility of everything to be enough of a justification in itself. I don’t think it’s worth the pain.

The biggest limitation of using Docker for building images is that it does not allow for composition. You can't simply say you want to combine a Python and Rust image for example.

With dockerTools from nix (https://nix.dev/tutorials/building-and-running-docker-images), this kind of composition is easy. You also end up with significantly smaller image sizes - containing only exactly the dependencies needed for the image to work, which is also good from a security perspective - since it decreases the attack surface.

> « docker build » already exists and can already be made deterministic

Truly deterministic Dockerfiles are a rare thing to find among the ecosystem.

And we haven't even got into docker's poor support for unprivileged container building which leads to weird solutions using dind when you need to build an image from inside a container..