When showing Nix or NixOS to newcomers, the first instinct is often to run the NixOS Docker image on Docker or Podman. This week we’re having a look at how to do the same with systemd’s systemd-nspawn facility via the machinectl command. This has huge benefits to both trying out NixOS and also professionally using it like a sidecar VM, as we shall see. If you’re using Ubuntu, Debian, Fedora, Rocky Linux, or similar, jump right in!

In this tutorial-like article, we learned, how to quickly run a nearly full instance of NixOS on any GNU/Linux distribution that uses systemd (e.g. Ubuntu, Debian, Fedora, Rocky Linux, etc…).

This NixOS instance can be configured to our needs and also be run like a sidecar to our normal host system. systemd can treat it like a system service that boots up by default with the host system, using machinectl enable nixos.

  • jecxjo
    link
    fedilink
    English
    21 year ago

    Personally I’d like my container/vm/chroot handled by something detached from pid 1. I get that much of the overal systemd project is separate blocks of code but it’s the fact they are bound together that it becomes an issue. I would have loved for the systemd team yo first publish a set of APIs that all their components would us and allow the same integration while being completely different projects.

    • @[email protected]
      link
      fedilink
      21 year ago

      Yeah the preference is yours, at the end of the day, I don’t think it matters what tools you use as long as it works.

      Worth noting is that a process not managed by pid 1 isn’t really a thing you want generally. If you use systemd to start the docker daemon, which then starts your container, its still managed by pid 1 eventually. Perhaps you prefer the tooling and interface of docker more than machinectl, or maybe podman just isnt working for you, they’re all just tools to interact with kernel namespaces and cgroups. For doing a little dabbling in another distro, installing docker is pretty heavy vs what the article is talking about.

      • jecxjo
        link
        fedilink
        English
        11 year ago

        I don’t think it matters what tools you use as long as it works.

        That would be true if other systems and services depend on them. Would have been nice to come out with a standard and designed systemd around that standard. Then you pick the tool you want that follows the standard rather than be tied into systemd.

        Worth noting is that a process not managed by pid 1 isn’t really a thing you want generally

        I would disagree. A compromised Docker doesn’t mean i have access to things managed by PID1. The entire control model is based around moving your publicly available services further away from something with the highest level of access. Be it users or processes.