Let’s make managing infrastructure on your own machine less cumbersome. Simplify it with NixOS and containers.

  • Laser@feddit.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    9 days ago

    NixOS is probably the or one of the distributions where you need docker the least.

    That’s not to say you shouldn’t use it, but it makes less sense to me than on other systems, and you lose out on some of the good stuff from what I understand (no module system configuration for imported docker containers for example? I have never tried this).

    You can already manage your dependencies very accurately with Nix, no need to ship them all in a container; and if you use containers for isolation, there are stronger mechanisms available, e.g. MicroVM.nix.

    • demesisx@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      11
      ·
      9 days ago

      I know. I pasted this from Reddit. We have like 0 articles here. In fact, if you’re doing it this way, you are doing it wrong.

    • Chewy@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 days ago

      Podman provides stronger isolation than nixos-containers because the latter only supports rootful containers. Losing access to nixos modules is a disadvantage, altough most services I’d use podman containers for don’t have any modules anyway.

      E.g. I’ve used nixos container as a stop gap to use a major beta, because I didn’t manage to adapt the nixos package accordingly.

  • Blastboom Strice@mander.xyz
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 days ago

    I was specifically looking to create podman containers the previous week, thank you for this! (Even if I eventually figured that I don’t really need them that much now.😅)

  • flashgnash@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 days ago

    Way I see it the only reasons to use docker on nixos is if:

    • you need many instances of the same service running on the same hw for some reason
    • you’re trying to run a service that’s only packaged as a docker image

    That said using nixos inside a docker container is an appealing proposition in that you get all the usual advantages of nix but can run it anywhere you can run docker images

    • demesisx@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      13
      ·
      9 days ago

      I’d definitely use it (and I do) for deploying remote software and for the use cases you mentioned. Still, we can all agree that, in the context of Nixos, native derivations are superior and almost always preferred. I am currently using a flatpak of zen-browser until the derivations can get added to nixpkgs. But that’s just a temporary patch that I will remove soon. I have also seen containers outperform Nix in software that strictly enforces the FHS style and doesn’t play nicely in the immutable world.