Problem Statement
OpenShell sandboxes currently require a streamlined, reproducible, and highly efficient mechanism for environment provisioning and software management. Traditional container/VM image building methods can lead to heavy images, slower boot times, and redundant storage allocation on the host machine.
Proposed Design
The proposal introduces an official NixOS module natively integrated with OpenShell to handle virtual machine (VM) and container sandbox orchestration.
Core Architecture
Host Asset Sharing via /nix/store: The sandbox leverages the existing host machine’s /nix/store directly rather than packaging dependencies inside a bulk image.
Storage & Pass-through Layer: Utilizing Virtio-blk and OverlayFS, the host’s /nix/store is safely mapped into the guest sandbox.
Instant-on Capabilities: When an OpenShell sandbox is initialized, it is born with a pre-defined bundle of immutable software ready to execute instantly from the shared store, optimizing both speed and disk footprint.
+-------------------------------------------------------------+
| HOST SYSTEM |
| +-----------------------------------------------------+ |
| | /nix/store | |
| +-----------------------------------------------------+ |
+------------------------------|------------------------------+
| (Virtio-blk / OverlayFS)
v
+-------------------------------------------------------------+
| OPENSHELL SANDBOX |
| +-----------------------------------------------------+ |
| | Mapped Immutable /nix/store | |
| +-----------------------------------------------------+ |
| | Instant App Execution (Python, Tooling, Agents) | |
| +-----------------------------------------------------+ |
+-------------------------------------------------------------+
Alternatives Considered
Standard Docker/OCI Images: Relying strictly on standard container images (e.g., Ubuntu/Alpine bases). While universal, this approach duplicates files across sandboxes, results in significantly larger storage overhead, and lacks the exact declarative reproducible state inherent to Nix.
Traditional Heavy VM Templates (QCOW2): Utilizing full disk images for MicroVMs. This guarantees isolation but lacks the "instant-born" efficiency and performance optimizations provided by mapping a host-level /nix/store via OverlayFS.
Agent Investigation
No response
Checklist
Problem Statement
OpenShell sandboxes currently require a streamlined, reproducible, and highly efficient mechanism for environment provisioning and software management. Traditional container/VM image building methods can lead to heavy images, slower boot times, and redundant storage allocation on the host machine.
Proposed Design
The proposal introduces an official NixOS module natively integrated with OpenShell to handle virtual machine (VM) and container sandbox orchestration.
Core Architecture
Host Asset Sharing via /nix/store: The sandbox leverages the existing host machine’s /nix/store directly rather than packaging dependencies inside a bulk image.
Storage & Pass-through Layer: Utilizing Virtio-blk and OverlayFS, the host’s /nix/store is safely mapped into the guest sandbox.
Instant-on Capabilities: When an OpenShell sandbox is initialized, it is born with a pre-defined bundle of immutable software ready to execute instantly from the shared store, optimizing both speed and disk footprint.
+-------------------------------------------------------------+
| HOST SYSTEM |
| +-----------------------------------------------------+ |
| | /nix/store | |
| +-----------------------------------------------------+ |
+------------------------------|------------------------------+
| (Virtio-blk / OverlayFS)
v
+-------------------------------------------------------------+
| OPENSHELL SANDBOX |
| +-----------------------------------------------------+ |
| | Mapped Immutable /nix/store | |
| +-----------------------------------------------------+ |
| | Instant App Execution (Python, Tooling, Agents) | |
| +-----------------------------------------------------+ |
+-------------------------------------------------------------+
Alternatives Considered
Standard Docker/OCI Images: Relying strictly on standard container images (e.g., Ubuntu/Alpine bases). While universal, this approach duplicates files across sandboxes, results in significantly larger storage overhead, and lacks the exact declarative reproducible state inherent to Nix.
Traditional Heavy VM Templates (QCOW2): Utilizing full disk images for MicroVMs. This guarantees isolation but lacks the "instant-born" efficiency and performance optimizations provided by mapping a host-level /nix/store via OverlayFS.
Agent Investigation
No response
Checklist