• Atemu@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    17 hours ago

    You’re comparing apples to oranges. One is a declarative Linux system environment creation solution and the other a daemon that starts sub-system environments using Linux namespaces.

    You could in theory use NixOS to define a system environment that you’d run inside of a docker container. It’s a bit harder to get systemd running inside of Docker which NixOS heavily relies on but that’s beside the point. Easier integrations exist for LXD and systemd-nspawn which actually fulfil an equivalent purpose to Docker. The single component that is most comparable to Docker in a typical NixOS deployment would arguably be its init process (systemd), though its use extends far beyond setting up the namespace (the root namespace in this case).

    • SavvyWolf@pawb.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      12 hours ago

      As I understand it, the problem that both Nix and Docker try to solve is “How do I bundle and run this application in such a way that its dependencies are explicitly specified and don’t interfere with anything installed on the host system”.

      They have different approaches, but I think that goal is the same?

      • Atemu@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 hours ago

        That’s Nix, not NixOS.

        I also wouldn’t be too sure on that “explicit” part for Docker. It’s somewhat isolated, sure, but everything but explicit: you can download arbitrary data from wherever you like.

        • SavvyWolf@pawb.social
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 hours ago

          Unless it has changed recently, Docker is not intended to be a security layer as far as I know.