FROM nixos/nix:latest AS builder

COPY . /tmp/build
WORKDIR /tmp/build

RUN nix \
    --extra-experimental-features "nix-command flakes" \
    --option filter-syscalls false \
    build -L .#docker

# no quotes, we actually want to split
RUN mkdir /tmp/nix-store-closure && \
  cp -R $(nix-store -qR result/) /tmp/nix-store-closure

WORKDIR /tmp/app

FROM scratch

COPY --from=builder /tmp/nix-store-closure /nix/store
COPY --from=builder /tmp/build/result /
USER 1000
ENV PATH=/bin
ENTRYPOINT ["perl", "/bin/sync"]