![](/static/66c60d9f/assets/icons/icon-96x96.png)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
Isn’t it enough to have a single offsite backup?
Isn’t it enough to have a single offsite backup?
Please demonstrate how the example I gave above can be done with common scripting tools, such it would mimic the declarative experience I described. I don’t think it is possible as you claim.
Can you please point to where I deflected any questions? I looked and could not find any instances of such.
I actually answered the question “why”, please refer to previous comments. It is also answered in the main post. But I will rephrase and summarize again here:
Distroless is not core to the idea. It’s only a nice to have. The main point is the composability, Declarative design, etc.
the base image is nodejs
Which has its own dockerfile. My proposed tool would allow using other images as base too, but that is not the problem it is solving.
copy your app
Well you’d have to have it compiled or built if that is required in your case. With my system, the build recipe would be a gentoo ebuild (shell-script-like) that you would just reference.
The example I gave is pretty simple, you’re right. Say in another case, you list the following packages:
nodejs, nginx, vpn-app(wireguard), some-system-monitoring-app, my-app
You could start with a nodejs base or an nginx base, and then write the steps to install the other. You’d also have to make sure to get all the deps if they have them.
You’re unlikely to find a ready image that has all what you want. But with my method, you can compose different ones however you like, rather than having to find an image that matches your exact use case.
I had a feeling nixos would have something, but I avoided it because it seemed more than a day’s worth of learning (and also its a bit opinionated). But I will revisit it one day!
Did not know about apko. I am not attached to distroless, just thought it was a nice to have. So apko might be a reason I don’t pursue this project anymore. Thanks for showing me!
Your comment is very insightful for other reasons too. Thanks a lot :)
The package manager would not be part of the container image. The package manager is only used to build it. The container image will only include the packages the user specifies.
combining portions of images as multi-stage builds
That’s something I am making use of for this, actually :)
What you’re describing not only already exists…
Can you please give an example of a tool that can build a container image by being given only a list of packages it needs to have?
My tool would be as simple as doing something like this:
build-container --packages nodejs-20.1.1, yarn-4.2.2, some-app-i-made-1.0.0
And I would have a container that only has nodejs binary, yarn, and my own app. no package manager or any utils.
Whats the risk? My uptime is pretty good and I host from home.
Why not host at home?
But it’s not self hostable.
Not self hostable and not secure by default.
Thanks for the link. But is this really unseen in FOSS? My understanding is some FOSS projects do this so that it is easy to make major decisions without having to bring every person that has ever contributed to the project, kinda like how ZFS is stuck with license issues because they can’t bring all contributors together to approve a license change.
Any examples of this? PRs that are good overall but not for corporate sponsor?
Would this work offline? Say a device only has access to LAN; no outside access. Can it still verify correctly?
I talked about this a bit in my post, but my issue with small step is it seems I have to maintain a web service and obtain my certs through API requests. I worry that this might be more hassle and setup than just generating the cert on a CLI for the two end points I have.
Am I over estimating the overhead here?
I should’ve linked it in my post, but unfortunately that’s the first guide I tried which gave me the issues I mentioned in first paragraph :(
Did it work for you?? Browser would not accept my certs even if I trust them locally.
Would that even work? Pointing my domain to a 192 IP address? I don’t see how that would work.
Looks great! I’m happy there’s a lot of depth here! Will report back when I go through it. Thanks a lot!
I’ve created one project that no one uses. I’ve found a lot of friction contributing to existing projects. There has to be:
Then I have to make sure to learn their code of conduct and do it exactly the way they want. Do they want testing? Do they want me to update the docs? So I have to get green light from maintainer to start? Etc.
That’s just a bandaid on capitalism’s issues. Urging people not to support the biggest actor will never work in the grand scheme of things, when said actor provides their best immediate interests.