• 9488fcea02a9@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I’ve always used lxc and only recently tried docker.

    I really cant wrap my head around all the crazy shit docker alters on your network settings like rewriting a bunch of firewall rules without telling you

    Not sure if i was doing something wrong but that was my experience with docker

    • InvertedParallax
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Docker is spaghetti-ware, they try to control everything, which ironically makes me Isolate my dockers in a vm.

      • 9488fcea02a9@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Ok, i’m glad my solution to the problem (run docker in an lxc container) isn’t as harebrained as i thought

        Other people are doing the same

        • InvertedParallax
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Haven’t done that, but honestly I’m thinking that’s my next workflow.

      • jecxjo@midwest.social
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        That is kind of the expected setup. Either a vm or a dedicated system. You let docker do its thing and it should work.

        I run lxc because i want contained systems I control. That just means I have to do the work too.

        • InvertedParallax
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Same, I love lxc like I love jails, you craft beautiful systems that are isolated and clean.

          I wouldn’t make a disposable jail, but I make disposable lxcs, lxcs are like temporary distros for me.

          • jecxjo@midwest.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            There are scripts for making a jail around single apps but yeah I typically don’t use them that way. Lxc I very often install an app I want to test out and toss once I want to dedicate compile time to it.

            • InvertedParallax
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Yeah, I’d want a jail dockerfile system too, I just usually do them manually. Still, a way to run dockerfiles to build jails would be epic if you could make it work.

              I used gentoo for a decade, I just can’t afford the downtime if my workstation goes down, so it’s debian with lxc workspaces for a while, but gentoo actually runs well under lxc.

              Mostly every app expects its own distro, either debian or centos, few actually are agnostic, so getting them to run on gentoo was always more of a challenge than on raw debian/Ubuntu.

              • jecxjo@midwest.social
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                I’m actually the opposite. Run gentoo as my host and toss up a debian lxc if needed. Worst case scenario im running just the kernel and everything else from a container (actually how i typically run when rebuilding a system from start).

                I’ve never run into a situation where an app “couldn’t” run in Gentoo. It’s just that I’ve had cases where an app is build for a 8 year old LTS of debian with such old dependencies it wouldn’t be worth my time building them all when i can just pull up a container with that super old build. The nice thing is that all the vulnerabilities that old Debian had is now in a container and less of a target.

                I swear i must be lucky cuz i do often hear of gentpo fatigue but I’ve been running it since the project started and never had issues outside the things they legitimately broke.

                • InvertedParallax
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Back around, I want to say more than a decade ago, they changed some stuff in the portage tree and everything broke hard for me. Then I rebuilt and a few weeks later it broke again. This was when maintainers changed and they were pretty angry for some reason.

                  I bailed because I couldn’t build, I don’t remember all the details, it just seemed like they didn’t care, and I suddenly got really busy.

                  I’d like to go back, but debian with lxc children has been so good to me, by now there’s nothing else to really learn (though of course I hate systemd), I’m using the same system as on half my servers, then freebsd for the others.

                  I’ve been using gentoo lxc to put my toes back in the water, just upgraded my workstation to a monster, might switch back, I suppose the main thing stopping me is how well debian has treated me for the last while, even most ubuntu targeted software runs out of the box.

                  Also, I’m really terrified of changes that lead to build breaks, any time I have to rebuild is a problem, I need my main workstation to control everything, so it’s a place I’m willing to lose some customization for more stability nowadays.

                  Ironically my only major applications are basically konsole, Firefox, dolphin and python for the pyqt5 gui apps i wrote like a video player and some other stuff, though getting back into lutris would be nice too.

                  • jecxjo@midwest.social
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    1 year ago

                    I’ve been debating hoping off gentoo because my system is so old. Like a decade old. A majority of the stuff compiles fine but Firefox and LibreOffice I just use the binary builds via Flatpak. Its funny cuz i still remember the days where building the kernel took a few hours.

    • phx@lemmy.ca
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      This is the same issue I have. I much prefer to manage my own firewall policies and having to make those play nicely with Docker was a huge pain in the ass in most cases. I’d rather use snaps than Docker for stuff that requires a daemon and regular updates, and Snaps have plenty of issues as well