You’re comparing apples to oranges. One is a declarative Linux system environment creation solution and the other a daemon that starts sub-system environments using Linux namespaces.
You could in theory use NixOS to define a system environment that you’d run inside of a docker container. It’s a bit harder to get systemd running inside of Docker which NixOS heavily relies on but that’s beside the point. Easier integrations exist for LXD and systemd-nspawn which actually fulfil an equivalent purpose to Docker. The single component that is most comparable to Docker in a typical NixOS deployment would arguably be its init process (systemd), though its use extends far beyond setting up the namespace (the root namespace in this case).
As I understand it, the problem that both Nix and Docker try to solve is “How do I bundle and run this application in such a way that its dependencies are explicitly specified and don’t interfere with anything installed on the host system”.
They have different approaches, but I think that goal is the same?
I also wouldn’t be too sure on that “explicit” part for Docker. It’s somewhat isolated, sure, but everything but explicit: you can download arbitrary data from wherever you like.
You’re comparing apples to oranges. One is a declarative Linux system environment creation solution and the other a daemon that starts sub-system environments using Linux namespaces.
You could in theory use NixOS to define a system environment that you’d run inside of a docker container. It’s a bit harder to get systemd running inside of Docker which NixOS heavily relies on but that’s beside the point. Easier integrations exist for LXD and systemd-nspawn which actually fulfil an equivalent purpose to Docker. The single component that is most comparable to Docker in a typical NixOS deployment would arguably be its init process (systemd), though its use extends far beyond setting up the namespace (the root namespace in this case).
As I understand it, the problem that both Nix and Docker try to solve is “How do I bundle and run this application in such a way that its dependencies are explicitly specified and don’t interfere with anything installed on the host system”.
They have different approaches, but I think that goal is the same?
No, containers further isolate the network and hardware interaction of the process etc
Unless it has changed recently, Docker is not intended to be a security layer as far as I know.
That’s Nix, not NixOS.
I also wouldn’t be too sure on that “explicit” part for Docker. It’s somewhat isolated, sure, but everything but explicit: you can download arbitrary data from wherever you like.