- cross-posted to:
- nixos@infosec.pub
- cross-posted to:
- nixos@infosec.pub
Some folks on the internet were interested in how I had managed to ditch Docker for local development. This is a slightly overdue write up on how I typically do things now with Nix, Overmind and Just.
You might be interested in this article that compares nix and docker. It explains why docker builds are not considered reproducible:
and why nix builds are reproducible a lot of the time:
Containerization has other advantages though (security) and you can actually use nix’s reproducible builds in combination with (docker) containers.
That seems like an argument for maintaining a frozen repo of packages, not against containers. You can only have a truly fully-reproducible build environment if you setup your toolchain to keep copies of every piece of external software so that you can do hermetic builds.
I think this is a misguided way to workaround proper toolchain setup. Nix is pretty cool though.