| 15 Oct 2021 |
 David Arnold (blaggacao) | Why not? | 20:38:43 |
 @timdeh:matrix.org | unless you wanna start an effort to redefine all the existing NixOS modules from scratch using some other format, then a NixOS runtime is the only viable runtime 😆 | 20:40:02 |
| @timdeh:matrix.org | there is already the aforementioned OCI builder derivation for simple stuff | 20:40:24 |
| @timdeh:matrix.org | Although maybe Nix should advertise more how awesome it is at building these containers! Because I think it is probably the best container builder frontend to docker/OCI that exists atm. | 20:41:10 |
| David Arnold (blaggacao) | The category "NixOs runtime" is not really precise. It's more "artifact runtime". | 20:48:55 |
| David Arnold (blaggacao) | * The category "NixOs runtime" is not really precise: it's more "artifact runtime". | 20:49:10 |
| David Arnold (blaggacao) | NixOs containers are NixOS artifacts. | 20:49:26 |
| @timdeh:matrix.org | well yeah, I wasn't aiming for exact precision in this context 😛 | 20:49:42 |
| David Arnold (blaggacao) | But it's important to avoid the "Nixos-bias" 😆 | 20:50:05 |
| @timdeh:matrix.org | I reserve that brain exhausting exercise for when I actually enter the code editor 🙂 | 20:50:09 |
| David Arnold (blaggacao) | So the conclusion is NixosContainer artifacts have no reason to not be OCI compliant artifacts. | 20:50:43 |
| David Arnold (blaggacao) | (no evident [to me] reason) | 20:50:57 |
| @timdeh:matrix.org | In theory yes | 20:51:00 |
| @timdeh:matrix.org | But it's difficult enough at least that nobody has yet to bother trying | 20:51:20 |
| David Arnold (blaggacao) | Afaik oci-compliance is a tar that specifies a runnable entrypoint. | 20:51:39 |
| David Arnold (blaggacao) | (through a json manifest) | 20:51:55 |
| @timdeh:matrix.org | Yeah, I don't think the compliance part is the difficult part, its the "actually get systemd working" part that will be rough seas | 20:52:20 |
| David Arnold (blaggacao) | Why? If it's PID1? | 20:52:52 |
| @timdeh:matrix.org | unless we just go for inception and put an nspawn container inside an OCI container 😛 | 20:52:57 |
| @timdeh:matrix.org | Give it a try and you tell me | 20:53:07 |
| @timdeh:matrix.org | I mean, if nobody else does, I intend to try it someday as well | 20:53:33 |
| David Arnold (blaggacao) | Seems to work with appropriate privilidges. | 20:53:45 |
| David Arnold (blaggacao) | And redhat ses to have a wrapper that make it work without privilidges. | 20:54:10 |
| @timdeh:matrix.org | did you find some example already? | 20:54:33 |
| David Arnold (blaggacao) | Redacted or Malformed Event | 20:54:44 |
| David Arnold (blaggacao) | https://github.com/projectatomic/oci-systemd-hook | 20:54:46 |
| @timdeh:matrix.org | oh wow, I don't know how I didn't find that when I looked 😅 | 20:55:19 |
| David Arnold (blaggacao) | So it seems actually pretty feasible in practice. Which really presses the question why the nixos ecosystem seems incapable of embracing it. | 20:55:43 |
| @timdeh:matrix.org | It is at risk of being horribly outdated though it seems | 20:55:46 |
| David Arnold (blaggacao) | I think the only real answer is: bias | 20:55:54 |
