They are using a Docker multi-stage build in the very Dockerfile they showed..

Yes - but then their final stage is built on top of an Alpine container, and they complain about Alpine's package manager + OS files being included in the image.

If their final stage was based on scratch or distroless, the Docker file size would have come out to the minimal ~90MB result too.

Yeah, I don't understand that part either. If you want to be able to shell into the container and poke around, use Alpine by all means, but then don't complain about a C runtime being included. If you want a minimal container for your static executable, use scratch.

Docker isn't comparable to Nix. Similar but it really doesn't give you the same stuff. On a few dimensions they overlap for sure though.

OP is using Nix to build a Docker container.

Exactly my point! (Maybe expressed poorly) .. They're not mutually exclusive solutions in any way.

Care to elaborate?

You don’t typically include the entire toolchain in a container with docker because of the size. You also want to construct things a bit carefully so you get proper build caching, but it’s doable.

Here is an example of this pattern with Go:

https://github.com/pusher/oauth2_proxy/blob/master/Dockerfil...

    FROM xena/go:1.13.6 AS build
    ENV GOPROXY https://cache.greedo.xeserv.us
    COPY . /site
    WORKDIR /site
    RUN CGO_ENABLED=0 go test -v ./...
    RUN CGO_ENABLED=0 GOBIN=/root go install -v ./cmd/site

    FROM xena/alpine
    EXPOSE 5000
    WORKDIR /site
    COPY --from=build /root/site .
    COPY ./static /site/static
    COPY ./templates /site/templates
    COPY ./blog /site/blog
    COPY ./talks /site/talks
    COPY ./gallery /site/gallery
    COPY ./css /site/css
    HEALTHCHECK CMD wget --spider http://127.0.0.1:5000/.within/health || exit 1
    CMD ./site

As far as I understand, this is a multi-stage build.

Right, but how does that relate to OP?