Firstly, I don’t think Docker is intended to be used as a security layer. I could be wrong, but I think it’s relatively easy to escape the sandbox. Although that might be different nowadays.
You are probably right. It’s just something I tell myself to sleep well at night.
Anyway, I recently switched from Debian to NixOS for my server and it’s so much nicer. Being able to use a single language for configuring everything all in one place is so nice. If I want to try something new, I can just throw maybe 30 lines in a config and it’s there. If I don’t like it, then I can remove that config and it’s gone. Most services you’d want to run on a server are available in the package manager, and many have rather sensible defaults.
So you are installing your services/programs on your system and not inside a container, which you declare in your config?
You are probably right. It’s just something I tell myself to sleep well at night.
So you are installing your services/programs on your system and not inside a container, which you declare in your config?