I’m thinking about ways to maintain a heathly separation between work and personal data/profiles and thought about a VM. I’m aware of nixos-rebuild build-vm as a way have a guest VM, but I’m unclear if the disk image for that VM is peristed and if there is anyway to manage a separate configurations and images for that. Maybe some other tool exists?
Perhaps it’s best to just use QEMU to set one up and use those management tools and run it like a separate comupter and install NixOS from scratch, but as there will be a lot of common software it would be nice if the nix-store was shared like with the build-vm technique.
Maybe I’d be better off just making a second user on my system. But if anyone has a setup that works well for them I wouldn’t mind hearing about it. Thanks.
As you’re keenly aware, users, containers, and virtual machines provide different levels of isolation. And with each increasing level of isolation it becomes more difficult to share common data
Only you can determine which level of isolation is ideal for your needs, but a way to approach the problem is to begin with the lowest level of isolation, which is merely to use a separate user account. In the event a given level of isolation proves to be insufficient, you can increase the level of isolation and try again. On NixOS it’s possible to create an additional level of pseudo-isolation by specifying which applications are made easily accessible (aka. installed) for each individual user; It’s akin to systemPackages but per user.
Regarding nixos-rebuild build-vm, yes the disk image is persisted.
If all you want is cleaner separation, perhaps a nixos-container would be more appropriate since you can manage them declaratively, directly from you configuration.nix.
I like the idea of a container as being less overhead than a VM, It should make the filesystem manageable, and the baked in declaritive nature is great.
The only thing I’m not sure about it running graphical applications. I don’t really have any experience with that as far as containers go. Some preliminary research indicates it may be as easy as sharing the wayland env vars and socket, though I’ll keep looking. Similar questions about sound, as these days lots of audio/video conferencing will be involved.
If either of you, or anyone else, have any experience with this I’d appreciate some insight, but I’m going to do some more research and experimentation.