arcam

Crates.ioarcam
lib.rsarcam
version0.1.10
sourcesrc
created_at2024-09-06 16:05:34.332477
updated_at2024-10-04 13:46:48.644568
descriptionSandboxed development containers at your fingertips
homepage
repositoryhttps://github.com/sandorex/arcam
max_upload_size
id1366109
size652,052
Sandorex (sandorex)

documentation

README

arcam

Fast sandboxed development container manager using podman, minimal permissions by default choose balance between security and convenience

Demo GIF

NOTE: Version 0.1.X is considered alpha and may break compatability at any time

Experimental but all code since v0.1.1 was written inside arcam container

Originally named box

Features

  • Sandboxed ephemeral container by default (podman defaults with network turned on)
  • Pass through audio, wayland, ssh-agent easily on demand with flags or config
  • Customize your experience per language, even per project
  • Override dotfiles locally on demand, so you don't have to rebuild image to update dotfiles
  • Automatic passwordless sudo (or su if not installed)
  • Consistant development environment on any distro, especially useful on immutable distros like fedora atomic
  • Offline use, container initialization process does not require internet connection (image has to be downloaded of course)

Planned Features

These are features that are planned but the details are debatable

  • Provide support for devcontainer features
  • Docker support

Installation

You can download binary for latest release here

Alternatively you can install it from crates.io

cargo install arcam

You can also install straight from git

cargo install --git https://github.com/sandorex/arcam

Custom Container Image

Making a custom container image is same as for any other container, to take full advantage of box keep following things in mind:

  • Install sudo for nicer experience
  • Any executable files in /init.d will be executed on start of the container as the user, you can use sudo or su for root access
  • Put dotfiles in /etc/skel which will be copied to user home on start, note that it may be overriden at runtime using flags
  • All data inside the container (not counting mounts) will be deleted when container stops, to add caching or presistant data use a named volume

For examples you can take a look at my container with neovim and all LSPs preinstalled

Comparison to Other Tools

Toolbox / Distrobox

Both are great at their job, to provide a seamless integration with the host but not sandboxing

Box provides sandbox by default approach where you choose where to sacrifice sandboxing for convenience

Commit count: 113

cargo fmt