Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/jollheef/appvm

isolation isolation-framework libvirt nix nixos security security-hardening virtualization

Last synced: 4 days ago
JSON representation

Nix-based app VMs

Host: GitHub
URL: https://github.com/jollheef/appvm
Owner: jollheef
License: gpl-3.0
Created: 2018-06-30T22:15:18.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2022-05-23T19:30:15.000Z (over 2 years ago)
Last Synced: 2025-01-22T23:09:09.722Z (12 days ago)
Topics: isolation, isolation-framework, libvirt, nix, nixos, security, security-hardening, virtualization
Language: Go
Homepage:
Size: 701 KB
Stars: 258
Watchers: 14
Forks: 18
Open Issues: 8
Metadata Files:
- Readme: README.md
- License: LICENSE

[![Documentation Status](https://readthedocs.org/projects/appvm/badge/?version=latest)](https://appvm.readthedocs.io/en/latest/?badge=latest)

# Nix application VMs: security through virtualization

Simple application VMs (hypervisor-based sandbox) based on Nix package manager.

Uses one **read-only** /nix directory for all appvms. So creating a new appvm (but not first) is just about one minute.

![appvm screenshot](https://gateway.ipfs.io/ipfs/QmetVp2LRwcy3baxuAjDgBPwv5ych5kRfXeULoNpQAFsaP)

## Installation

See [related documentation](https://appvm.readthedocs.io/en/latest/installation.html).

## Usage

### Search for applications

$ appvm search chromium

### Run application

$ appvm start chromium
$ # ... long wait for first time, because we need to collect a lot of packages

### Synchronize remote repos for applications

$ appvm sync

You can customize local settings in **~/.config/appvm/nix/local.nix**.

Default hotkey to release cursor: ctrl+alt.

### Shared directory

$ ls appvm/chromium
foo.tar.gz
bar.tar.gz

### Close VM

$ appvm stop chromium

### Automatic ballooning

Add this command:

$ appvm autoballoon

to crontab like that:

$ crontab -l
* * * * * /home/user/dev/go/bin/appvm autoballoon