simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

Deprecate omnipresent docker #15

New issue
Closed
opened 2020-12-31 16:01:47 +01:00 by simon · 0 comments
simon commented 2020-12-31 16:01:47 +01:00
Owner
Copy link

Until recently, I have been extensively using docker (since I did not know Nix/NixOS). Now I migrated most of my previously docker-based workflow to nix (at least on my non-legacy hosts cough). There are some things still missing missing (see #14 for details)

Since having docker running and the current user in the docker group, this poses a security risk. Once #14 is closed, docker should be (at least partly) removed or locked down by removing the user from the docker group.

This should mostly be done to secure interactive systems (that run a gui, web browser etc.), docker on servers should be fine.

  • Remove user from docker group (done in a68b429a58)
  • Do not enable docker by default (done in 21a8f5a358)
  • Disable docker on systems where it is not needed (sayuri: 474cc7d0f7)
  • nunotaba still needs docker until my main server doesn’t use custom docker containers anymore
Until recently, I have been extensively using docker (since I did not know Nix/NixOS). Now I migrated most of my previously docker-based workflow to nix (at least on my non-legacy hosts *cough*). There are some things still missing missing (see #14 for details) Since having docker running and the current user in the `docker` group, this poses a security risk. Once #14 is closed, docker should be (at least partly) removed or locked down by removing the user from the `docker` group. This should mostly be done to secure interactive systems (that run a gui, web browser etc.), docker on servers should be fine. - [X] Remove user from docker group (done in a68b429a5820d8e390df8c2efdede47135f4bd8e) - [X] Do not enable docker by default (done in 21a8f5a358aeee1cbde5c4c4e675c7d02be32b2f) - [X] Disable docker on systems where it is not needed (sayuri: 474cc7d0f7cf31912c3e3df3604a387991fc33a0) - [X] nunotaba still needs docker until my main server doesn’t use custom docker containers anymore
simon added the
affects/security
 label 2020-12-31 16:01:55 +01:00
simon added a new dependency 2020-12-31 16:02:13 +01:00
#14 Migrate docker tools to Nix
simon added the
type
feature
 label 2021-01-31 22:31:55 +01:00
simon added a new dependency 2021-02-11 14:13:03 +01:00
#18 Add fuuko (server for most production services)
simon removed a dependency 2021-03-13 10:52:57 +01:00
#18 Add fuuko (server for most production services)
simon referenced this issue from a commit 2021-03-13 11:00:05 +01:00
nunotaba: Disable docker
simon closed this issue 2021-03-13 11:00:05 +01:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
koyomi
ci-runner
24.05
okarin2
hyper
catering
reuse
yuzuru2
renge2
23.11
nazuna
neomutt
sayuri-mesa-clover
upower
binfmt
ayu
restic-rest-server
No results found.
Labels
Clear labels   
affects/hardware

   
affects/legal

   
affects/reproducibility

   
affects/security

   
affects/style

   
affects/usability

   
blocked by/release 21.05

   
blocked by/release 21.11

   
blocked by/release 22.05

   
blocked by/testing needed

   
blocked by/testing needed/fuuko

   
blocked by/testing needed/sayuri

   
blocked by/upstream
  
resolution
deferred

  
resolution
permanent workaround

  
resolution
upstream wontfix

  
resolution
wontfix

  
type
bug

  
type
chore

  
type
feature

  
type
new machine

  
type
question

  
type
regression

  
type
tracking

No labels
affects/hardware
affects/legal
affects/reproducibility
affects/security
affects/style
affects/usability
blocked by/release 21.05
blocked by/release 21.11
blocked by/release 22.05
blocked by/testing needed
blocked by/testing needed/fuuko
blocked by/testing needed/sayuri
blocked by/upstream
resolution
deferred
resolution
permanent workaround
resolution
upstream wontfix
resolution
wontfix
type
bug
type
chore
type
feature
type
new machine
type
question
type
regression
type
tracking
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Depends on
#14 Migrate docker tools to Nix
simon/nixos-config
Reference: simon/nixos-config#15
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?