Application optimization reduces disk usage and reclaims space. 🙂
this post was submitted on 19 Jun 2025
62 points (94.3% liked)
Technology
39266 readers
328 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Alright, I want two apps that depend on two different version of python, but won't work on the other.
No warning, no notice, just one of the two fails to start. Thank you package manager
And that's why nix exists.
I tried it, ye. And although I like the concept, I can't say the implementation was to my liking
What didn't you like about it? I am just curious; I finally stepped out of using Debian for everything which I have been doing for approximately 200 years, and tried NixOS, and to me it is incredibly nice the way it solves a lot of these issues.
When I tried it it looked really cool. Up until it just.. didn't work. And then looking around I found a bunch of people giving me better snippets of scripts and it was not helpful
But given I just need docker and nothing more, I did not bother and looked further
Huh.
IDK man, my experience is that Nix solves the problem you originally talked about and a bunch of others, pretty effectively. Among other things if things "just... don't work" you can trivially roll back to an earlier working config, and see what changed between working and not-working, and so what would be a pretty grueling debugging process in some other environment becomes pretty easy to sort out.
But whatever. If for some reason Docker makes you more happy and not less, you're welcome to it and best of luck.
Perhaps it's improved over the last year, I can give it a shot. But yes, for my own packaged applications without shared dependencies, docker is handy. And that's exclusively what I run
I mean if it makes you happy, I won't tell you to do anything different. I think a certain amount of it is just prejudice against Docker on my part. Just in my experience NixOS is the best of both worlds: You can have a single coherent system if everything in that system can play nice with each other, and if not, then things can be containerized completely that way still works too. And then on top it has a couple of other nice features like rolling back configs easily, or source builds that get slotted in in-place as if they were standard packages (which is generally where I abandon Docker installs of things, because making changes to the source seems like it's going to be a big hassle).
I'm not trying to evangelize though, you should in all seriousness just do what you find to be effective.
Hold up, nix added containerization? How did I miss that? I will have another look now!
Also, you're right. For small quick scripts docker can be a hassle. Nowadays though I add building a docker image as part of my project's build/compilation process. The main reason I do this is so that I can work with whatever machine I happen to be on, then just copy paste the app to whatever machine I want it on. No extra config or even a look at the environment required. Just install docker and forget about the rest
update: installing docker on nixos (on a vm) with a nix package failed, not sure why. Perhaps some dependencies were no longer available?
update: nix is is available as a docker image. I'm running it now, we shall see how it goes
Nix is containerization. Here is firing up a temporary little container with a new python version and then throwing it away once I'm done with it (although you can also do this with more complicated setups, this is just showing doing it with one thing only):
The whole "system" you get when moving from Nix to NixOS is basically just a composition of a whole bunch of individual packages like python39 was, in one big container that is "the system." But you can also fire up temporary containers trivially for particular things. I have a couple of tools with source in
~/srcwhich, whenever I change the source,nix-os rebuildwill automatically fire up a little container to rebuild them in (with their build dependencies which don't have to be around cluttering up my main system). If it works, it'll deploy the completed product into my main system image for me, but if it doesn't then nothing will have changed (and either way it throws away the container it used to attempt the build in).Each config change spawns a new container for the main system OS image ("generation"), but you can roll back to one of the earlier generations (which are, from a functional perspective, still around) if you want or if you broke something.
And so on. It's very nice.
Aw, meh. From what I saw it's more like a jail, there's no imaging the containers
Yes because that is a wrong and clunky way to do it lol.
If you really wanted to, you could use dockerTools.BuildImage to create an "imaged" version of the container you made, or you could send around the flake.nix and flake.lock files exactly as someone would send around Dockerfiles. That stuff is usually just not necessary though, because it's replaced with just a better approach (for the average-end-user case where you don't need large numbers of Docker containers that you can deploy quickly at scale) that accomplishes the same thing.
I feel like I'm not going to convince you of this though. Have fun with Docker, I guess.
The issue is, nix builds are only guaranteed to be reproducible if the dependencies don't change. Which they shouldn't, but you can't trust the internet to be consistent. Things won't be there to be fetched forever.
Images do. And you can turn one into a container in seconds. I suppose it's a matter of preference. I like one a package to be independent
Dude, this is exactly why Nix is better. Docker builds are only guaranteed to be reproducible if the dependencies don't change. Which they will. The vast majority of real-world Dockerfiles do
pip install,wget, all kinds of basically unlimited nonsense to pull down their dependencies from anywhere on the internet.Nix builds, on the other hand, are forbidden from the internet, specifically to force them to declare dependencies explicitly and have it within a managed system. You can trust that the Nix repositories aren't going to change (or store them yourself, along with all the source that generated them and will actually produce the same binaries, if you're paranoid). You can send the flake.nix and flake.lock files and it will actually work to reproduce a basically byte-identical container on the receiver's end, which means you don't have to send multi-gigabyte "images" in order to be able to depend on the recipient actually being able to make use of it. This is what I was saying that the whole thing of needing "images" is a non-issue if your workflow isn't allowing arbitrary fuckery on an industrial scale whenever you are trying to spin up a new container.
I suspect that making a new container and populating it with something useful is so trivial on Nix, that you're missing the point of what is actually happening, whereas with Docker you can tell something big is happening because it's such a fandango when it happens. And so you assume Docker is "real" and Nix is "fake" or something.
Yes, me too, which is why an affinity for Docker is weird to me.
That, I do not. And storing the source and such for every dependency would be bigger than, and result in essentially the same thing as an image.
I think you're trying to achieve something different than what docker is for. Docker is like installing onto an empty computer then shipping the entire machine to the end user. You pretty much guarantee thing will work. (yes this is oversimplified)
Let's flip that around.
The insanity that would be downloading and storing everything you need, wrapping it all up into a massive tarball and then shipping it to anyone who wants to use the end product, and also by the way assuming that everything you need in order to rebuild it will always be available from every upstream source if you want to make any changes, is precisely what Docker does. And yes, it's silly to trust that everything it's referencing will always be available from whoever's providing it.
(Also, security)
Correct. Because it's not capable enough to make actually-reproducible builds.
My point is, you can do that imaging (in a couple of different ways) with Nix, if you really wanted to. No one does, because it would be insane when you have other more effective tools that can accomplish the exact same goal without needing to ship the entire machine to the end user. There are good use cases for Docker, making it easy to scale services up as was the original intent is a really good one. The way people commonly use it today, as a way to make reproducible environments for ease of one-off deployment, is not one. In my opinion.
I've been tempted into a "my favorite technology is better" pissing match, I guess. Anyway, Nix is better.
I might just start bundling my apps inside an environment setup with nix inside docker. A lot of them are similar to identical, So those docker images actually share a lot of layers under the hood.
My apps after compiling and packaging are usually around 50mb. That's 48mb of debian, which is entirely shared between all the images that I build. So the eventual size of my deployed applications isn't nearly as big as they seem from the size of the tarball being sent around. So for 10 apps, that's not 500mb, that's 68mb.
If anything, the docker hub and registry are a bit of a mess.