A main reason people use containerisation is to work around the problem that different versions of libraries and binaries cannot coexist in classical Linux distributions. This problem does not exist in NixOS.
The services are declared as NixOS modules, which manifest as plain systemd services on the server.
A main reason people use containerisation is to work around the problem that different versions of libraries and binaries cannot coexist in classical Linux distributions. This problem does not exist in NixOS.
The services are declared as NixOS modules, which manifest as plain systemd services on the server.
Systemd has its own set of options for resource/security isolation, and some NixOS modules use them where possible, for example: https://github.com/NixOS/nixpkgs/blob/8d559672bedd54034b711d...