Deprecate omnipresent docker

simon commented

2020-12-31 16:01:47 +01:00

Owner

Until recently, I have been extensively using docker (since I did not know Nix/NixOS). Now I migrated most of my previously docker-based workflow to nix (at least on my non-legacy hosts cough). There are some things still missing missing (see #14 for details)

Since having docker running and the current user in the docker group, this poses a security risk. Once #14 is closed, docker should be (at least partly) removed or locked down by removing the user from the docker group.

This should mostly be done to secure interactive systems (that run a gui, web browser etc.), docker on servers should be fine.

Remove user from docker group (done in a68b429a58)
Do not enable docker by default (done in 21a8f5a358)
Disable docker on systems where it is not needed (sayuri: 474cc7d0f7)
nunotaba still needs docker until my main server doesn’t use custom docker containers anymore

Until recently, I have been extensively using docker (since I did not know Nix/NixOS). Now I migrated most of my previously docker-based workflow to nix (at least on my non-legacy hosts *cough*). There are some things still missing missing (see #14 for details) Since having docker running and the current user in the `docker` group, this poses a security risk. Once #14 is closed, docker should be (at least partly) removed or locked down by removing the user from the `docker` group. This should mostly be done to secure interactive systems (that run a gui, web browser etc.), docker on servers should be fine. - [X] Remove user from docker group (done in a68b429a5820d8e390df8c2efdede47135f4bd8e) - [X] Do not enable docker by default (done in 21a8f5a358aeee1cbde5c4c4e675c7d02be32b2f) - [X] Disable docker on systems where it is not needed (sayuri: 474cc7d0f7cf31912c3e3df3604a387991fc33a0) - [X] nunotaba still needs docker until my main server doesn’t use custom docker containers anymore