| 19 Jul 2025 |
 emily | * systemd can do all the bwrap sandboxing stuff itself | 20:33:40 |
 vog | It's not just about hardening. It's about providing lightweight containers. | 20:34:02 |
| vog | So I need process supervision inside the sandbox, not outside. | 20:34:43 |
| emily | right, NixOS modules are quite bad about being unnecessarily singleton | 20:35:00 |
| vog | The s6 tool do perform this job perfectly. | 20:35:03 |
| emily | we do have NixOS containers for that, but they are moderately heavyweight | 20:35:18 |
 Infinidoge 🏳️⚧️ | In reply to @emilazy:matrix.org
right, NixOS modules are quite bad about being unnecessarily singleton Entire reason behind nix-minecraft lmao | 20:35:30 |
