From 38c1400f67f6af73821d5be82f0ddab548e707e2 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sun, 1 Jan 2023 23:43:00 +0000
Subject: [PATCH 1/2] dockerTools: use makeOverridable for buildImage family of
 functions

this allows nix users to modify existing images without having
to rely on container image inheritance mechanisms via fromImage
---
 pkgs/build-support/docker/default.nix | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 9f57804e957d..1ac0a69f7451 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -487,7 +487,7 @@ rec {
       '';
     };
 
-  buildLayeredImage = { name, ... }@args:
+  buildLayeredImage = lib.makeOverridable ({ name, ... }@args:
     let
       stream = streamLayeredImage args;
     in
@@ -496,7 +496,8 @@ rec {
         inherit (stream) imageName;
         passthru = { inherit (stream) imageTag; };
         nativeBuildInputs = [ pigz ];
-      } "${stream} | pigz -nTR > $out";
+      } "${stream} | pigz -nTR > $out"
+  );
 
   # 1. extract the base image
   # 2. create the layer
@@ -504,7 +505,7 @@ rec {
   # 4. compute the layer id
   # 5. put the layer in the image
   # 6. repack the image
-  buildImage =
+  buildImage = lib.makeOverridable (
     args@{
       # Image name.
       name
@@ -751,7 +752,8 @@ rec {
       '';
 
     in
-    checked result;
+    checked result
+  );
 
   # Merge the tarballs of images built with buildImage into a single
   # tarball that contains all images. Running `docker load` on the resulting
@@ -837,7 +839,7 @@ rec {
     })
   );
 
-  streamLayeredImage =
+  streamLayeredImage = lib.makeOverridable (
     {
       # Image Name
       name
@@ -1046,7 +1048,8 @@ rec {
           makeWrapper ${streamScript} $out --add-flags ${conf}
         '';
       in
-      result;
+      result
+  );
 
   # This function streams a docker image that behaves like a nix-shell for a derivation
   streamNixShellImage =

From 680dfee1714545c59edcc8a7755755f5164f5307 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sun, 10 Sep 2023 22:05:48 +0100
Subject: [PATCH 2/2] 23.11 release notes: add note on dockerTools &
 makeOverridable

---
 nixos/doc/manual/release-notes/rl-2311.section.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md
index 307aeee6020a..952ccc9a5b06 100644
--- a/nixos/doc/manual/release-notes/rl-2311.section.md
+++ b/nixos/doc/manual/release-notes/rl-2311.section.md
@@ -249,6 +249,8 @@ The module update takes care of the new config syntax and the data itself (user
 
 - `programs.gnupg.agent.pinentryFlavor` is now set in `/etc/gnupg/gpg-agent.conf`, and will no longer take precedence over a `pinentry-program` set in `~/.gnupg/gpg-agent.conf`.
 
+- `dockerTools.buildImage`, `dockerTools.buildLayeredImage` and `dockerTools.streamLayeredImage` now use `lib.makeOverridable` to allow `dockerTools`-based images to be customized more efficiently at the nix-level.
+
 - `services.influxdb2` now supports doing an automatic initial setup and provisioning of users, organizations, buckets and authentication tokens, see [#249502](https://github.com/NixOS/nixpkgs/pull/249502) for more details.
 
 - `wrapHelm` now exposes `passthru.pluginsDir` which can be passed to `helmfile`. For convenience, a top-level package `helmfile-wrapped` has been added, which inherits `passthru.pluginsDir` from `kubernetes-helm-wrapped`. See [#217768](https://github.com/NixOS/nixpkgs/issues/217768) for details.