Improve container docs somewhat (#472)

* Improve container docs somewhat

* compatibility

* Clarify this

README.md

@@ -175,6 +175,8 @@ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix
 
 In Docker/Podman containers or WSL2 instances where an init (like `systemd`) is not present, pass `--init none`.
 
+For containers (without an init):
+
 > **Warning**
 > When `--init none` is used, _only_ `root` or users who can elevate to `root` privileges can run Nix:
 >
@@ -182,48 +184,56 @@ In Docker/Podman containers or WSL2 instances where an init (like `systemd`) is
 > sudo -i nix run nixpkgs#hello
 > ```
 
-For Docker containers (without an init):
-
 ```dockerfile
 # Dockerfile
 FROM ubuntu:latest
 RUN apt update -y
 RUN apt install curl -y
-COPY nix-installer /nix-installer
+RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
-RUN /nix-installer install linux --init none --no-confirm
+  --extra-conf "sandbox = false" \
+  --init none \
+  --no-confirm
 ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
 RUN nix run nixpkgs#hello
 ```
 
-Podman containers require `sandbox = false` in your `Nix.conf`.
+```bash
-
+docker build -t ubuntu-with-nix .
-For podman containers without an init:
+docker run --rm -ti ubuntu-with-nix
-
+docker rmi ubuntu-with-nix
-```dockerfile
+# or
-# Dockerfile
+podman build -t ubuntu-with-nix .
-FROM ubuntu:latest
+podman run --rm -ti ubuntu-with-nix
-RUN apt update -y
+podman rmi ubuntu-with-nix
-RUN apt install curl -y
-COPY nix-installer /nix-installer
-RUN /nix-installer install linux --extra-conf "sandbox = false" --init none --no-confirm
-ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
-RUN nix run nixpkgs#hello
 ```
 
-For Podman containers with a systemd init:
+For containers with a systemd init:
 
 ```dockerfile
 # Dockerfile
 FROM ubuntu:latest
 RUN apt update -y
 RUN apt install curl systemd -y
-COPY nix-installer /nix-installer
+RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
-RUN /nix-installer install linux --extra-conf "sandbox = false" --no-start-daemon --no-confirm
+  --extra-conf "sandbox = false" \
+  --no-start-daemon \
+  --no-confirm
 ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
 RUN nix run nixpkgs#hello
-CMD [ "/usr/sbin/init" ]
+CMD [ "/bin/systemd" ]
 ```
 
+```bash
+podman build -t ubuntu-systemd-with-nix .
+IMAGE=$(podman create ubuntu-systemd-with-nix)
+CONTAINER=$(podman start $IMAGE)
+podman exec -ti $CONTAINER /bin/bash
+podman rm -f $CONTAINER
+podman rmi $IMAGE
+```
+
+On some container tools, such as `docker`, `sandbox = false` can be omitted. Omitting it will negatively impact compatibility with container tools like `podman`.
+
 ## In WSL2
 
 If [systemd is enabled](https://ubuntu.com/blog/ubuntu-wsl-enable-systemd) it's possible to install Nix as normal using the command at the top of this document:

flake.nix

@@ -148,7 +148,11 @@
               check.check-editorconfig
               check.check-semver
             ]
-            ++ lib.optionals (pkgs.stdenv.isDarwin) (with pkgs; [ libiconv ]);
+            ++ lib.optionals (pkgs.stdenv.isDarwin) (with pkgs; [ libiconv ])
+            ++ lib.optionals (pkgs.stdenv.isLinux) (with pkgs; [
+              podman
+              /* users are expected to have a system docker, too */
+            ]);
           };
         });