• 1 Post
  • 1 Comment
Joined 1 year ago
cake
Cake day: July 5th, 2023

help-circle
  • Firstly, I don’t think Docker is intended to be used as a security layer. I could be wrong, but I think it’s relatively easy to escape the sandbox. Although that might be different nowadays.

    You are probably right. It’s just something I tell myself to sleep well at night.

    Anyway, I recently switched from Debian to NixOS for my server and it’s so much nicer. Being able to use a single language for configuring everything all in one place is so nice. If I want to try something new, I can just throw maybe 30 lines in a config and it’s there. If I don’t like it, then I can remove that config and it’s gone. Most services you’d want to run on a server are available in the package manager, and many have rather sensible defaults.

    So you are installing your services/programs on your system and not inside a container, which you declare in your config?