[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Virtualisation alternatives for deploying a small number of services
|
From: |
Fabio Natali |
|
Subject: |
Re: Virtualisation alternatives for deploying a small number of services |
|
Date: |
Thu, 23 May 2024 16:52:01 +0100 |
On 2024-05-22, 19:16 +0200, Tomas Volf <~@wolfsden.cz> wrote:
> If your main goal is strong isolation and security, you probably might
> want to take a look at firecracker[0]. Downside is non-existent
> support in Guix, not even a package.
Hey Tomas,
Thanks for getting back to me!
You're right, Firecracker seems to perfectly address my objectives - but
yeah, the fact that there's no Guix support makes it a bit less
appealing. I guess I'm willing to accept some performance overhead in
exchange for QEMU's good level of integration. But thanks for suggesting
this as an option.
Looking at Firecracker brought another project to my attention,
MicroVM.nix⁰. If I'm not mistaken, it would look like the NixOS
equivalent of what I was looking for.
It'd be nice to create a 'least-authority-wrapper' variant that's
VM-based. If you like, keep me posted on your findings and feel free to
DM me if you want to brainstorm the idea together.
Cheers, Fabio.
⁰ https://github.com/astro/microvm.nix