+1 WIS

LLMs, NixOS and container sandboxes

TL;DR

A declarative container in a NixOS flake, with opencode in it. Opencode is a text-based chatbot thing that can directly edit your files, and it works without an IDE.

R

I use NixOS, because I like being able to reinstall any of the feeble machines around me when hardware inevitably fails (ie the whole of the configuration is in a git repo). There are other benefits to it (cf https://itsfoss.com/why-use-nixos/), plus those fluent in the Nix language can probably summon Cthulhu at will.

LLMs like to eat up all information they have access to, but they can be useful in certain situations. The obvious choice is to sandbox them into something, and there are many solutions, but this one's mine.

NixOS can create sweet container-based "VMs" trivially using another affront to sanity, systemd.

Here's how to use it

Add the flake below, build a new nixos setup, then:

sudo nixos-container start dumpster
ssh $(nixos-container show-ip dumpster)
opencode

More info

  1. To update the packages in the VM, update the host, then restart the VM. That's a bummer, yes.
  2. More info
    1. https://nixos.org/manual/nixos/stable/#ch-containers
    2. https://nixos.wiki/wiki/NixOS_Containers

The entire flake

{ config, pkgs, lib, ... }:

{
  boot.enableContainers = true;

  networking.nat = {
    enable = true;
    # Use "ve-*" when using nftables instead of iptables
    internalInterfaces = ["ve-+"];
    # externalInterface = "ens3";
    enableIPv6 = false;
  };

  # FIXME: disallow internal network access to container

  containers.dumpster = {
    autoStart = false;

    privateNetwork = true;
    hostAddress = "10.0.0.1";
    localAddress = "10.0.0.2";
#     hostAddress6 = "fc00::1";
#     localAddress6 = "fc00::2";

    config = { config, pkgs, ... }: {

      users.users.myuser = {
        isNormalUser = true;
        description = "Container Me";
        openssh.authorizedKeys.keys = [
         "ssh-rsa AAAA...."  ### your key here
         ];
      };

      services.openssh.enable = true;

      environment.systemPackages = with pkgs;
      [
        (python3.withPackages (pp: with pp; [httplib2 pillow systemd-python tqdm]))
        go
        go-protobuf
        gopls
        grpc-tools
        grpc_cli
        grpcurl
        nnn
        vim-full
        gcc
        file
        jq

        # 
        curl
        git
        openssl
        rsync
        screen
        wget

        #
        opencode
      ];

    networking = {
      firewall = {
        enable = true;
      #  allowedTCPPorts = [ 80 ];
      };
      # Use systemd-resolved inside the container
      # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
      useHostResolvConf = lib.mkForce false;
    };

    services.resolved.enable = true;

    # just in case, this pins down storage paths and such
    system.stateVersion = "25.11";

    };
  };
}