this post was submitted on 18 Mar 2025
22 points (100.0% liked)

Nix / NixOS

2052 readers
10 users here now

Main links

Videos

founded 2 years ago
MODERATORS
erlingur@programming.dev
ballmerpeaking@programming.dev
WhiteBlackGoose@programming.dev
22
NixOS containers vs. Docker containers (lemm.ee)
submitted 3 days ago by mlflexer@lemm.ee to c/nix@programming.dev
5 comments fedilink hide all child comments
 

I’ve recently discovered nixos containers and was wondering if there where any pros/cons of running them vs. Docker containers. Like if one needs to run a containerised service, would it be better to run it as a nixos container or a docker container in terms of resource consumption? And are there any limitations of each approach?

you are viewing a single comment's thread
view the rest of the comments
[–] Chewy7324@discuss.tchncs.de 5 points 3 days ago* (last edited 3 days ago) (2 children)

NixOS container is using systemd-nspawn/systemd container. Both are using Linux namespaces and cgroups.

A disadvantage of NixOS container is that it only supports rootful containers, i.e. root inside the container has the same privileges as root outside the container. This is also true for docker unless configured otherwise.

OCI containers (Docker, Podman) are often created by upstream themselves, which you might prefer.

I configure containers by using the podman backend (default) and virtualisation.oci-containers.conrainers, which supports rootless podman [1]. Imo rootless is the best and most secure way to run containers on NixOS.

Edit: I prefer NixOS packages if available and only use OCI (Docker) containers if not. The main reason being the simplified declarative configuration through NixOS options, which can also be used inside NixOS container.

[1] virtualisation.oci-containers.containers.<name>.podman.user

[–] beeng@discuss.tchncs.de 1 points 2 days ago

Damn, didn't know it was rootful only. Work is going nuts atm about non zero userId in containers.

There goes my idea about solving some of our packaging a distribution problems with nix build.

[–] Shareni@programming.dev 1 points 2 days ago

This is also true for docker unless configured otherwise

Just to make sure, it's the rootless Daemon?

Also, another option for OP; nixos base image docker container