Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not really. No. You can easily checkout repo containing the Dockerfile, add a Dockerfile override, change most of the stuff while maintaining the original Dockerfile instact and the ability to use git to update it. Then you change one line in docker-compose.yaml (or override it if it's also hosted by the repo) and build the container locally. Can't imagine easier way to modify existing docker images, I do this a lot with my self-hosted services.


I'll be honest, that does not sound "easy".

It is straightforward, but so is the NixOS module system, and I could describe writing a custom module the same way you described custom Docker images.


It isn't the absolutely easiest process.

But it works on Ubuntu, it works on Debian, it works on Mac, it works on Windows, it works on a lot of things other than a Nix install.

And I have to know Docker for work anyhow. I don't have to know Nix for anything else.

You can't win on "it's net easier in Nix" than anywhere else, and a lot of us are pretty used to "it's just one line" and know exactly what that means when that one line isn't quite what we need or want. Maybe it easier after a rather large up-front investment into Nix, but I've got dozens of technologies asking me for large up-front investments.


It only works on Mac and windows as a VM.

Nix is for reproducibility. Nix and docker are orthogonal. You can create reproducible docker image via nix. You can run nix inside docker on systems that doesn’t allow you to create the nix store.


This is a familiarity problem. I've never used NixOS and all your posts telling me how simple it is sounds like super daunting challenges to me versus just updating a Dockerfile or a one liner in compose that I am already familiar with, I suspect its the inverse for you.


If that’s not easy I don’t know what is.


If it wasn't easy, I wouldn't be using it. I'm the laziest of programmers or users.


I find the granular nature of dependency sharing in NixOS to be really nice. In particular, I like systemd as my hypervisor. With systemd I can still isolate and lock down processes, but they can still, for example, share memory pages of `glibc`. It is certainly less "secure", and with Docker at least you're sharing the same kernel. It's also hard to share resources between Docker containers. Getting 4 Docker containers to use the same instance of Avahi, for example, requires explicit configuration.

Docker containers also don't have a "standard" for where to put binaries (outside of CMD/ENTRYPOINT), how to configure users/uids (many still run as root?), whether to put multiple services in one container or separate containers, where to put user data, etc. NixOS coordinates this centrally like any distro, assigning paths and UIDs and ports.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: