Re: Virtualisation alternatives for deploying a small number of services

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Fabio Natali <me@fabionatali.com>
To: Tomas Volf <~@wolfsden.cz>
Cc: help-guix@gnu.org
Subject: Re: Virtualisation alternatives for deploying a small number of services
Date: Thu, 23 May 2024 16:52:01 +0100	[thread overview]
Message-ID: <87zfsgttjy.fsf@fabionatali.com> (raw)
In-Reply-To: <Zk4ohuH5wb-DEEY9@ws>

On 2024-05-22, 19:16 +0200, Tomas Volf <~@wolfsden.cz> wrote:
> If your main goal is strong isolation and security, you probably might
> want to take a look at firecracker[0].  Downside is non-existent
> support in Guix, not even a package.

Hey Tomas,

Thanks for getting back to me!

You're right, Firecracker seems to perfectly address my objectives - but
yeah, the fact that there's no Guix support makes it a bit less
appealing. I guess I'm willing to accept some performance overhead in
exchange for QEMU's good level of integration. But thanks for suggesting
this as an option.

Looking at Firecracker brought another project to my attention,
MicroVM.nix⁰. If I'm not mistaken, it would look like the NixOS
equivalent of what I was looking for.

It'd be nice to create a 'least-authority-wrapper' variant that's
VM-based. If you like, keep me posted on your findings and feel free to
DM me if you want to brainstorm the idea together.

Cheers, Fabio.

⁰ https://github.com/astro/microvm.nix

     prev parent reply	other threads:[~2024-05-23 15:52 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-22 15:47 Virtualisation alternatives for deploying a small number of services Fabio Natali
2024-05-22 17:16 ` Tomas Volf
2024-05-23 15:52   ` Fabio Natali [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87zfsgttjy.fsf@fabionatali.com \
    --to=me@fabionatali.com \
    --cc=help-guix@gnu.org \
    --cc=~@wolfsden.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.