nix: redefine in terms of nix-container-images

images/nix/default.nix

@@ -1,56 +1,27 @@
-{ dockerTools
+{ path, lib, nix }:
-, bash
-, cacert
-, coreutils
-, curl
-, gitMinimal
-, gnutar
-, gzip
-, iana-etc
-, nix
-, xz
-}:
 let
-  image = dockerTools.buildImageWithNixDb {
+  channel =
-    inherit (nix) name;
+    builtins.replaceStrings
-
+      ["\n"]
-    contents = [
+      [""]
-      ./root
+      "nixos-${builtins.readFile "${path}/.version"}";
-      coreutils
-      # add /bin/sh
-      bash
-      nix
-
-      # runtime dependencies of nix
-      cacert
-      gitMinimal
-      gnutar
-      gzip
-      xz
-
-      # for haskell binaries
-      iana-etc
-    ];
-
-    extraCommands = ''
-      # for /usr/bin/env
-      mkdir usr
-      ln -s ../bin usr/bin
-
-      # make sure /tmp exists
-      mkdir -m 0777 tmp
-    '';
-
-    config = {
-      Cmd = [ "/bin/bash" ];
-      Env = [
-        "ENV=/etc/profile.d/nix.sh"
-        "NIX_PATH=nixpkgs=channel:nixpkgs-unstable"
-        "PAGER=cat"
-        "PATH=/usr/bin:/bin"
-        "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
-      ];
-    };
-  };
 in
-  image // { meta = nix.meta // image.meta; }
+  lib.makeImage {
+    image = {
+      name = "nix";
+      tag = "latest";
+
+      run = ''
+        chmod u+w root
+        echo 'https://nixos.org/channels/${channel} nixpkgs' > root/.nix-channels
+      '';
+
+      interactive = true;
+    };
+    environment.systemPackages = [ nix ];
+    nix = {
+      enable = true;
+      useSandbox = false;
+      package = nix;
+    };
+  }