3 files changed, 48 insertions, 0 deletions

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..0f5716e
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,3 @@
+*
+!flake.nix
+!flake.lock
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..cba9fcf
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,22 @@
+# hadolint ignore=DL3007
+FROM nixos/nix:latest AS builder
+
+COPY . /tmp/build
+WORKDIR /tmp/build
+
+RUN nix \
+    --extra-experimental-features "nix-command flakes" \
+    --option filter-syscalls false \
+    build .
+
+# we actually want to split
+# hadolint ignore=SC2046
+RUN mkdir /tmp/nix-store-closure && \
+  cp -R $(nix-store -qR result/) /tmp/nix-store-closure
+
+FROM scratch
+
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/build/result /
+ENV PATH=/bin
+ENTRYPOINT ["/bin/bash"]
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..b24d25d
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,23 @@
+{
+  description = "Various Nix utilities for CI";
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (
+      system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+        deps = with pkgs; [ statix deadnix nixpkgs-fmt alejandra ];
+      in
+      with pkgs; rec {
+        packages.ci = symlinkJoin {
+          name = "nixci";
+          paths = deps ++ [ bashInteractive coreutils ];
+          meta.priority = 5;
+        };
+        defaultPackage = packages.ci;
+      }
+    );
+}