I use podman using home-manager configs, I could run the services natively but currently I have a user for each service that runs the podman containers. This way each service is securely isolated from each other and the rest of the system.
Maybe if/when NixOS supports good selinux rules I’ll switch back to running it native.
=> More informations about this toot | View the thread | More toots from InnerScientist@lemmy.world
=> View foremanguy92_@lemmy.ml profile
text/geminiThis content has been proxied by September (3851b).