alt Hacker NewsI'm running NixOS on some of my hosts, but I still don't fully commit to configuring everything with nix, just the base system, and I prefer docker-compose for the actual services. I do it similarly with Debian hosts using cloud-init (nix is a lot better, though).
The reason is that I want to keep the services in a portable/distro-agnostic format and decoupled from the base system, so I'm not tied too much to a single distro and can manage them separately.
Replies
quag • today at 6:51 AM
How do you update the software in the containers when new versions come out or vulnerabilities are actively being exploited?
My understanding is that when using containers updating is an ordeal and you avoid the need my never exposing the services to the internet.
➕ show 2 replies
Ditto on having services expressed in more portable/cross distro containers. With NixOS in particular, I've found the best of both worlds by using podman quadlets via this flake in particular https://github.com/SEIAROTg/quadlet-nix