[acatton]

My issue with Nix is thatm like docker, it is a dumb CLI which communicate with a powerful daemon running as root.

I don't understand the concept/motivation behind it, everything that nix does should be able to be done in userland, like podman does, which I love.

[viraptor]

You can run nix without any daemon. https://nixos.org/manual/nix/stable/installation/single-user... It's not a requirement apart from multi-user environments.

[georgyo]

Indeed!

The daemon is not powerful at all, almost all the logic happens in the client.

The client does the parsing, job ordering, and tells the daemon exactly what to do.

The daemon, only required in multiuser environments, does only two things really.

- ensure that the /nix/store is protected as the daemon should be the only process able to _write_ to it. Everything can read from the nix store; no nix required at all.

- execute build commands in a sandbox. Providing isolation between multiple builds.

[burke]

The daemon is actually very dumb. It's just there to keep /nix/store permissions clean.

[hamandcheese]

Because the nix store is global per system, it would be unsafe to allow any user to write to the nix store in a multi-user system. So the daemon instead mediates writes to the store.

I'm not sure if there are other reasons.