DigiNews

Summary

Nucleus is a minimal, security-hardened container runtime for Linux with Agent, Strict Agent, and Production modes, built around declarative Nix/NixOS configurations and reproducible rootfs. It uses strong isolation (namespaces, cgroups v2, pivot_root, capabilities, seccomp, Landlock) and policy-driven security (per-service seccomp, caps, Landlock) with optional gVisor integration. The project also provides multi-container topologies, a NixOS module, and tooling for rootfs and agent-toolchain rootfs, offering a Docker-like yet security-first alternative for SMBs and NixOS environments.