The Nix daemon itself still uses root at build/install time for now. NixOS doesn’t have any built-in sandboxing for running applications à la Docker, though it does have AppArmor support.
Comment on Should I move to Docker?
Gooey0210@sh.itjust.works 6 months agoYou can use the sandboxing of nixos
You get better performance, nixos level reproducibility, and it’s not docker which is not foss and running with root
purelynonfunctional@programming.dev 6 months ago
Gooey0210@sh.itjust.works 6 months ago
You don’t need to build/install with root, you can do home-manager
And for isolation there’s one good module, I forgot its name
And if just easier but less reproducible, you can do the containers, but with nixos’ podman, and this is of course builtin
fruitycoder@sh.itjust.works 6 months ago
I’m not sure honestly if we are agreeing or disagree lol
Nix for building OCI containers is great and Nixos seems like a great base system too. It seems like a natural step to take that and use it to define our a k8s system in the future as well.
I’m currently doing that with OpenTofu (Terraforms opensource successor) and Ansible but I feel like replacing those with nix may provide a real completeness to the codification of the OS.