Tony Wasserka5d ago

💡 moment: You can replace #distrobox with a simple " #nix develop" for SDK and toolchain containers. Instant shell access to the OCI image without requiring Docker/Podman itself!

Why bother? It's easy to lose track of all the containers on your system. With Nix, an unused image is just one more artifact that automatically gets cleaned up when no longer needed.

How?
Read the juicy details below 🧵, or see https://gist.github.com/neobrain/71b2c17f037893db7464be1019b65dc1 for the full implementation :)

[1/5]

Replacing distrobox with a nix devShell

Replacing distrobox with a nix devShell. GitHub Gist: instantly share code, notes, and snippets.

Gist
Show threadTony Wasserka5d ago

Docker images are glorified tar files of a Linux filesystem tree - your tool executables are right there in a usr/bin subdirectory. You can chroot into this tree, but that requires root and prevents access to your other files :(

The trick: You can create a pseudo-sandbox with bubblewrap, the same tool powering Flatpak and the Steam Linux Runtime.

Your home folder is unchanged, but /usr is replaced with the container image's usr folder in the sandbox. Ideal for lightweight dev containers [2/5]

Show threadTony Wasserka5d ago

See also https://jvns.ca/blog/2022/06/28/some-notes-on-bubblewrap/ for a lengthier explanation.

It works great, but there is a downside: Manually downloading and extracting the container image, and then finding all the right bubblewrap flags is rather tedious. Particularly if you're juggling multiple such containers. [3/5]

Notes on running containers with bubblewrap

Notes on running containers with bubblewrap

Julia Evans
Show threadTony Wasserka5d ago

And that's where Nix comes in: Its dockerTools helper lets us easily fetch any container image, and we can write a cute helper script around bubblewrap that applies the default mounts.

The result: `nix develop` fetches the container image and drops you into an ephemeral shell. All the tools are available right away, without having to mess with shared mounts to access your project files.

No longer need the image? Just run `nix store gc` and its gone. [4/5]

Show threadTony Wasserka5d ago

In the gist linked above, only step 1 is needs to be changed for other container images to be used. The rest could quite easily be turned into a generic helper.

Add a little management interface on top and you end up with something quite close to distrobox :)

[5/5]

Show threadmid_kid

@neobrain It's been a hot minute since I did any development where I was interested in sharing a consistent dev environment with others (as opposed to just using what's already on my system), but nix (or something like it where different environments can share the same set of packages) always feels like the correct solution compared to docker.

Really interesting to combine it with bubblewrap, I don't think I've seen this before. Congrats!

Apr 10 at 3:19pmWeb
Show threadTony Wasserka5d ago

@mid_kid Agreed on the "correct solution compared to Docker" part!

Regarding sharing with others, honestly I benefit as much from Nix as anyone else :)

· No hunting down 3rd party package repos because distro X doesn't ship Y
· No looking up outdated build instructions when building from source
· No keeping track of leftover gigabytes of build folders
· Trivially apply patches to anything (yesterday I casually fixed a bug the settings app of my desktop environment with 5 lines of nix code!)