Nix application VMs: security through virtualization
Simple application VMs (hypervisor-based sandbox) based on Nix package manager.
Uses one read-only /nix directory for all appvms. So creating a new appvm (but not first) is just about one minute.
Search for applications
$ appvm search chromium
$ appvm start chromium $ # ... long wait for first time, because we need to collect a lot of packages
Synchronize remote repos for applications
$ appvm sync
You can customize local settings in ~/.config/appvm/nix/local.nix.
Default hotkey to release cursor: ctrl+alt.
$ ls appvm/chromium foo.tar.gz bar.tar.gz
$ appvm stop chromium
Add this command:
$ appvm autoballoon
to crontab like that:
$ crontab -l * * * * * /home/user/dev/go/bin/appvm autoballoon