I experimented with several ways to run my services:
- “regular” systemd services (
services.glance = { ... };) - nix containers (
containers.glance = { ... };) - podman containers (
virtualisation.oci-containers.containers.glance = { ... })
and I must say I’m starting to appreciate the last option (the least nixos-y) more and more.
Specifically, I appreciate that:
- I just have to learn the app/container configuration, instead of also backwards-translating from their config into the various nixos options (of course the
.yamlor whatever configuration files are still generated from my nixos config, I just do that in a derivation instead on relying on a module doing it for me) - Services are sometimes outdated in nixpks (even in unstable - and juggling packages between stable and unstable is yet another complication)
- I feel like it’s more secure (very arguable and also of very little consequence since everything is on my homelab… it’s mainly for the warm fuzzies)
Do you guys use one of the options above? Something different?
You must log in or # to comment.
I lean on nixos modules first, but half the time it either doesnt exist or its too complicated at first glance. So I will manually create an oci-container configuration by referencing a docker compose on the projects site. For simple compose files this is easy. Sometimes its not easy, and I dont end up deploying it.
I’ve been wanting to find or build a method that lets me drop a compose alongside ny config and have nix load the yaml and build the oci-container configuration for me. That would be nice since Im familiar with compose syntax and it’s usually easier to write imo.
Plain old
docker composesince it seems to come with by far the fewest surprises and is most widely supported.Nearly every project of interest has a compose.yml available, which is hardly true for systemd services, nix services, or for podman/kubernetes.
I was using podman-compose briefly, but it is just different enough to break in unclear ways and I kept having to fight with it so I went back to docker docker to eliminate the headache.
This is the way. Docker (& compose) are not flawless, but they are predictable and useful enough for all my needs.
I currently have around 12 containers running on my server, all trough docker compose. Only thing I use nix for is providing tools & their configs. And also restic backups.
I guess I’m weird and use the NixOS options and packages? I just have Jellyfin and Kavita setup currently but I want more.
I use proxmox as my hypervisor with:
- TrueNAS VM
- Home Assistant OS VM
- Debian VM for MDAD and MASH, but I’m slowly moving things to Nix when I can.
- NixOS VM for everything else using compose2nix for services designed for docker and regular systemd services where it makes sense.
ansible-playbookeven if its just one target host. Services might get hosted as systemd or docker, or a raw binary, whatever’s appropriate. The absible docker module is extremely similar to docker-compose. It only gets messy if you have a complicated system of networks and dependencies.I use both 1 and 3, personally (although docker rather than podman). I normally prefer the nix way but it doesn’t support every service. I like that nix config is all in one place. In theory, so is docker-compose to am extent but there are usually exceptions and things can get complex. I also hate having to directly manage containers with minimal commandline tools.
But yeah the whole translate config routine in nix is kind of annoying, and I often need to experiment to get the options right if they aren’t documented.
My server runs Proxmox and I usually just run things as a systemd service each in its own virtual container
