@kmicu can you expand on this? I've had people suggest using #Guix as a replacement for #Docker for doing containers on servers, so that let me to believe they're doing roughly the same thing. How about they different?

@strypey
we can use Guix/Nix to create/simulate containers, but then we use the same kernel features that enable containers.

The difference is that we can use Guix/Nix to accomplish much more stuff (also unrelated to containers). For example we can recreate *identical* environment from sources. You do not need to take my container image (maybe I put some malicious stuff in it?) instead you can take my description and build the same container from sources and images will be identical.

@strypey in typical Guix/Nix usage there is no container like isolation. I can install 5 different versions of Firefox 60 and run them at once. There’s no isolation like in case of Docker containers. Those Firefoxes can see and interact with my regular operating system. They can see each other.

I can, additionally, use namespaces, cgroups, etc to isolate/limit those Firefoxes, but that is not the case by default; that’s optional.

QubesOS is more similar to the idea from the presentation.

@kmicu OK, intriguing. So what's the advantage of #Guix having these properties? What use cases is it aimed at?

@strypey use cases are diverse from profound one like reproducible scientific research https://www.biorxiv.org/content/early/2018/04/21/298653
to trivial one like operating system rollbacks: something is broken after updating packages? Reboot, boot into previous system version and you can start working after wasting only seconds. That is not the case when a mutable package manager bricks your OS (apt-get, pacman, etc).

Guix(SD)/Nix(OS) is like git―it let us travel in time, but on the package manager / operating system level.

@kmicu recreating identical containers from recipes is also possible with #Docker. People just use pre-assembled containers to save time, for the same reason most people don't compile their own #Linux kernel ;)

@strypey could you give an example of such Docker recipe? I cannot create an identical/reproducible image based on https://github.com/docker-library/golang/blob/329b6672949337c4469351b2e8b8575459a75c7f/1.10/stretch/Dockerfile

Those RUN commands can result in a different image every time user runs the recipe.

How do you know that today’s Redis image on https://hub.docker.com/_/redis/ is the same as yesterday’s one?

@kmicu I got walked through generating #Docker images from scratch by a much more experienced sysadmin friend, a couple of years back. From what I remember, the name of each images was a hash of itself, like with #Git commits. Maybe we mean something different by identical/reproducible? I dunno, I'm far from even being a competent beginner in this field, which is why I'm asking dumb questions. Thanks for humouring me ;)

@strypey those are valid questions. I must admit it is difficult for me to offer some good analogy to explain the difference between Guix/Nix and containers/Flatpacks/Snaps/Appimages and I really want to avoid ‘container is like a bucket, Guix is like a git’ thing 😹

The fact that we can use Guix inside a container or we can use Guix to create a container does not help too.

Also I want to avoid math-talk about referential transparency, purity, functions. 🤷

@strypey a container let us create a lightweight virtual machine and when we are inside, everything is like in a regular OS.

Guix is a package manager that does not let us install two packages in the same place on disk unless those packages are bit-by-bit identical.

That’s accurate, but probably has even less sense 😹