Nix is a tool that takes a unique approach to package management and system configuration. Learn how to make reproducible, declarative and reliable systems.
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
Great thanks! So Fedora+Nix (maybe some hacky way to symlink it to /var/nix on every boot and it can run on Atomic too)+bubblejail (there is a COPR now for use in secureblue) could be a great setup!
Any info about namespaces? Hardened kernels block these for valid reasons. Flatpaks can use bubblewrap-suid, Podman is supposedly not compatible (not sure about that)
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
But building packages happens in sandbox
Great thanks! So Fedora+Nix (maybe some hacky way to symlink it to
/var/nixon every boot and it can run on Atomic too)+bubblejail (there is a COPR now for use in secureblue) could be a great setup!Any info about namespaces? Hardened kernels block these for valid reasons. Flatpaks can use bubblewrap-suid, Podman is supposedly not compatible (not sure about that)