Comment on Should I move to Docker?
fruitycoder@sh.itjust.works 11 months agoBoth! Sandboxing from containers and configuration control from nix go well together!
Comment on Should I move to Docker?
fruitycoder@sh.itjust.works 11 months agoBoth! Sandboxing from containers and configuration control from nix go well together!
Gooey0210@sh.itjust.works 10 months ago
You can use the sandboxing of nixos
You get better performance, nixos level reproducibility, and it’s not docker which is not foss and running with root
fruitycoder@sh.itjust.works 10 months ago
I’m not sure honestly if we are agreeing or disagree lol
Nix for building OCI containers is great and Nixos seems like a great base system too. It seems like a natural step to take that and use it to define our a k8s system in the future as well.
I’m currently doing that with OpenTofu (Terraforms opensource successor) and Ansible but I feel like replacing those with nix may provide a real completeness to the codification of the OS.
purelynonfunctional@programming.dev 10 months ago
The Nix daemon itself still uses root at build/install time for now. NixOS doesn’t have any built-in sandboxing for running applications à la Docker, though it does have AppArmor support.
Gooey0210@sh.itjust.works 10 months ago
You don’t need to build/install with root, you can do home-manager
And for isolation there’s one good module, I forgot its name
And if just easier but less reproducible, you can do the containers, but with nixos’ podman, and this is of course builtin