Hi! Question in the title.
I get that its super easy to setup. But its really worthwhile to have something that:
- runs everything as root (not many well built images with proper useranagement it seems)
- you cannot really know which stuff is in the images: you must trust who built it
- lots of mess in the system (mounts, fake networks, rules…)
I always host on bare metal when I can, but sometimes (immich, I look at you!) Seems almost impossible.
I get docker in a work environment, but on self hosted? Is it really worth while? I would like to hear your opinions fellow hosters.
1.) No one runs rooted docker in prod. Everything is run rootless.
2.) That’s just patently not true.
docker inspectis your friend. Also you can build your own containers trusting no-one.FROM Scratchhttps://hub.docker.com/_/scratch/3.) I think mess here is subjective. Docker folders makes way more sense than Snap mounts.
1 is just not true sorry. There’s loads of stuff that only work as root and people use them.