Earlier this month I mentioned on Mastodon that I was replacing a Docker-based local development environment at my day job with a Nix-based one, orchestrated with overmind and a justfile. There was quite a lot of interest in particular in how overmind and just could be used to replace a container / compose-based local development. While I can’t share the details of the significantly more complex migration I did at my day job (yet!

Some folks on the internet were interested in how I had managed to ditch Docker for local development. This is a slightly overdue write up on how I typically do things now with Nix, Overmind and Just.

  • CodeBlooded@programming.devEnglish
    1·
    1 year ago

    Docker builds are not reproducible

    What makes you say that?

    My team relies on Docker because it is reproducible…

    • uthredii@programming.devEnglish
      0·
      1 year ago

      You might be interested in this article that compares nix and docker. It explains why docker builds are not considered reproducible:

      For example, a Dockerfile will run something like apt-get-update as one of the first steps. Resources are accessible over the network at build time, and these resources can change between docker build commands. There is no notion of immutability when it comes to source.

      and why nix builds are reproducible a lot of the time:

      Builds can be fully reproducible. Resources are only available over the network if a checksum is provided to identify what the resource is. All of a package’s build time dependencies can be captured through a Nix expression, so the same steps and inputs (down to libc, gcc, etc.) can be repeated.

      Containerization has other advantages though (security) and you can actually use nix’s reproducible builds in combination with (docker) containers.

      • nickwitha_k (he/him)@lemmy.sdf.orgEnglish
        1·
        1 year ago

        That seems like an argument for maintaining a frozen repo of packages, not against containers. You can only have a truly fully-reproducible build environment if you setup your toolchain to keep copies of every piece of external software so that you can do hermetic builds.

        I think this is a misguided way to workaround proper toolchain setup. Nix is pretty cool though.