14 KiB
Nippels vs Packages: Understanding the Difference
TL;DR: Nippels are isolated app sandboxes (like Flatpak/AppImage). Regular nip packages are traditional package management (like apt/pacman). Both share the same storage for efficiency.
What are Nippels? 🏠
Nippels (NiP Cells) are lightweight, namespace-based application isolation environments for users.
Think of them as AppImage/Flatpak replacements but with:
- ⚡ Zero overhead (< 50ms startup, no memory bloat)
- 🔒 Perfect isolation (Linux kernel namespaces)
- 🎨 Perfect integration (themes, fonts, clipboard just work)
- 💾 Efficient storage (shared deduplication via CAS)
Why Nippels Exist
The Problem: You want to run untrusted apps, isolate your browser, or keep your gaming environment separate from your development tools—but containers are too heavy and Flatpak is bloated.
The Solution: Nippels give you lightweight isolation with zero performance penalty.
Perfect Use Cases for Nippels
🌐 Browsers in Their Own Cells
# Isolate Firefox from the rest of your system
nip cell create firefox-isolated --profile=strict
nip cell activate firefox-isolated
firefox # Runs in complete isolation
# Separate browser for work vs personal
nip cell create work-browser --profile=strict
nip cell create personal-browser --profile=standard
Why this is brilliant:
- Browser exploits can't access your files
- Work and personal browsing completely separated
- Each browser has its own cookies, cache, history
- Zero performance overhead
🎮 Gaming Environments
# Create isolated gaming environment
nip cell create gaming --profile=standard
nip cell activate gaming
# Install Steam, Discord, game tools
nip install --cell=gaming steam discord lutris
# Switch back to work
nip cell deactivate gaming
Why this makes sense:
- Keep game files separate from work files
- Prevent anti-cheat software from scanning your system
- Easy backup: just copy
~/.nip/cells/gaming/ - No performance impact on games
💻 Development Environments
# Python development environment
nip cell create python-dev --profile=standard
nip cell activate python-dev
nip install --cell=python-dev python poetry pytest
# Node.js development environment
nip cell create node-dev --profile=standard
nip cell activate node-dev
nip install --cell=node-dev nodejs npm yarn
# Rust development environment
nip cell create rust-dev --profile=standard
nip cell activate rust-dev
nip install --cell=rust-dev rustc cargo
Why developers love this:
- No dependency conflicts between projects
- Clean, isolated environments per project
- Instant switching between environments
- Portable: survives system reinstalls
🔒 Untrusted Applications
# Run untrusted app in strict isolation
nip cell create untrusted --profile=strict --network=none
nip cell activate untrusted
./suspicious-binary # Can't access network or your files
What are nip Packages? 📦
nip packages are traditional package management—installing software system-wide or per-user.
Think of them as apt/pacman/brew but with:
- 🔄 Reproducibility (build hashes, lockfiles)
- 🌍 Universal access (graft from AUR, Nix, PKGSRC)
- ⚛️ Atomic operations (rollback on failure)
- 💾 Efficient storage (content-addressable deduplication)
Perfect Use Cases for nip Packages
🛠️ System Utilities
# Install command-line tools system-wide
nip install vim htop curl wget git
# Available everywhere, no isolation needed
vim /etc/config
htop
🖥️ Server Software
# Install server stack
nip install nginx postgresql redis
# System-wide services
nip svc enable nginx
nip svc enable postgresql
👤 User Environments
# Create user environment for specific tools
nip env create devtools
nip install --env=devtools gcc gdb valgrind
# Activate when needed
nip env activate devtools
When to Use Which?
Use Nippels when you want:
✅ Isolated desktop applications (like Flatpak)
- Browsers (Firefox, Chrome, Brave)
- Communication apps (Discord, Slack, Teams)
- Media players (VLC, MPV)
- Office suites (LibreOffice)
✅ Portable environments that survive reinstalls
- Development environments
- Gaming setups
- Work vs personal separation
✅ Zero-overhead isolation for GUI apps
- Untrusted applications
- Security-sensitive apps
- Apps you want sandboxed
✅ Per-application sandboxing
- Each app gets its own filesystem view
- Controlled network access
- Isolated from other apps
✅ XDG directory enforcement
- Apps forced to use proper config locations
- No more
~/.app-namepollution - Clean, organized home directory
Use nip packages when you want:
✅ Traditional package management
- System-wide installations
- Command-line tools
- Development libraries
✅ System-wide installations
- Server software (nginx, postgresql)
- System utilities (vim, htop, curl)
- Shared libraries
✅ Command-line tools available globally
- Git, curl, wget, ssh
- Build tools (gcc, make, cmake)
- Scripting languages (python, node, ruby)
✅ Server software
- Web servers (nginx, apache)
- Databases (postgresql, mysql, redis)
- Message queues (rabbitmq, kafka)
✅ User environments for development
- Per-project tool collections
- Language-specific environments
- Temporary tool installations
Real-World Examples
Example 1: Web Developer Setup
# System-wide tools (nip packages)
nip install git vim curl docker
# Development environment (nip package user env)
nip env create webdev
nip install --env=webdev nodejs npm yarn typescript
# Isolated browser for testing (Nippel)
nip cell create test-browser --profile=standard
nip install --cell=test-browser firefox chromium
# Work browser (Nippel)
nip cell create work-browser --profile=strict
nip install --cell=work-browser firefox
Result:
- Git/vim available everywhere
- Node.js tools in isolated environment
- Test browsers in their own cells
- Work browser completely isolated
Example 2: Gaming + Streaming Setup
# System utilities (nip packages)
nip install htop nvidia-drivers
# Gaming environment (Nippel)
nip cell create gaming --profile=standard
nip install --cell=gaming steam lutris wine discord
# Streaming environment (Nippel)
nip cell create streaming --profile=standard
nip install --cell=streaming obs-studio
# Switch between them
nip cell activate gaming # Play games
nip cell activate streaming # Stream
Result:
- Gaming and streaming completely separated
- Easy to backup each environment
- No conflicts between tools
- Clean system
Example 3: Security-Conscious User
# System tools (nip packages)
nip install vim curl wget
# Personal browser (Nippel - standard isolation)
nip cell create personal-browser --profile=standard
nip install --cell=personal-browser firefox
# Banking browser (Nippel - strict isolation)
nip cell create banking --profile=strict --network=limited
nip install --cell=banking firefox
# Work browser (Nippel - strict isolation)
nip cell create work --profile=strict
nip install --cell=work chromium
Result:
- Banking browser can't access personal files
- Work browser completely isolated
- Each browser has separate cookies/cache
- Maximum security with zero overhead
The Architecture
┌─────────────────────────────────────────────────────────┐
│ NexusOS Ecosystem │
├─────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ nip packages │ │ Nippels │ │
│ │ (Traditional) │ │ (Isolated Apps) │ │
│ ├──────────────────┤ ├──────────────────┤ │
│ │ • System-wide │ │ • Per-app │ │
│ │ • User envs │ │ • Namespaces │ │
│ │ • CLI tools │ │ • GUI apps │ │
│ │ • Servers │ │ • Sandboxed │ │
│ └────────┬─────────┘ └────────┬─────────┘ │
│ │ │ │
│ └────────────┬───────────────┘ │
│ │ │
│ ┌───────▼────────┐ │
│ │ Shared CAS │ │
│ │ (Dedup) │ │
│ └────────────────┘ │
└─────────────────────────────────────────────────────────┘
Both use the same CAS backend for deduplication!
This means:
- If Firefox is in 3 different Nippels, files are stored only once
- If you have nginx as a package and in a Nippel, files are stored only once
- Efficient storage across all isolation boundaries
Performance Comparison
Nippels vs Alternatives
| Feature | Nippels | Flatpak | Docker | AppImage |
|---|---|---|---|---|
| Startup Time | < 50ms | ~500ms | ~1s | ~100ms |
| Memory Overhead | 0 MB | ~50 MB | ~100 MB | ~10 MB |
| Storage Efficiency | Excellent (CAS) | Poor | Poor | None |
| Desktop Integration | Perfect | Good | None | Poor |
| Isolation | Kernel namespaces | Bubblewrap | Full container | None |
| Portability | Excellent | Poor | Good | Excellent |
nip Packages vs Alternatives
| Feature | nip | apt/pacman | Nix | Flatpak |
|---|---|---|---|---|
| Reproducibility | ✅ Build hashes | ❌ | ✅ | ❌ |
| Rollback | ✅ Atomic | ❌ | ✅ | ✅ |
| External Sources | ✅ AUR/Nix/PKGSRC | ❌ | ❌ | ❌ |
| Speed | ⚡ Fast | ⚡ Fast | 🐌 Slow | 🐌 Slow |
| Storage | 💾 CAS dedup | ❌ | 💾 Nix store | ❌ |
Storage Locations
Nippels Storage
Portable Mode (Satellite/Workstation profiles):
~/.nip/cells/
├── firefox-isolated/
│ ├── Data/ # XDG_DATA_HOME
│ ├── Config/ # XDG_CONFIG_HOME
│ ├── Cache/ # XDG_CACHE_HOME
│ └── State/ # XDG_STATE_HOME
├── gaming/
└── work-browser/
System-Integrated Mode (Homestation/Server profiles):
~/.local/share/nippels/my-app/ # XDG_DATA_HOME
~/.config/nippels/my-app/ # XDG_CONFIG_HOME
~/.cache/nippels/my-app/ # XDG_CACHE_HOME
~/.local/state/nippels/my-app/ # XDG_STATE_HOME
nip Packages Storage
System-wide:
/Programs/
├── nginx/1.24.0/
├── postgresql/15.3/
└── vim/9.0/
User environments:
~/.nexus/envs/
├── devtools/Programs/
│ ├── gcc/13.2.0/
│ └── gdb/14.1/
└── webdev/Programs/
├── nodejs/20.0.0/
└── npm/10.0.0/
Quick Reference
Nippel Commands
# Create Nippel
nip cell create <name> [--profile=standard|strict|quantum]
# Activate Nippel
nip cell activate <name>
# Deactivate Nippel
nip cell deactivate <name>
# List Nippels
nip cell list
# Install to Nippel
nip install --cell=<name> <package>
# Remove Nippel
nip cell remove <name>
Package Commands
# Install system-wide (root)
nip install <package>
# Install to user environment
nip install --env=<name> <package>
# Create user environment
nip env create <name>
# Activate user environment
nip env activate <name>
# Graft from external source
nip graft aur <package>
nip graft nix <package>
FAQ
Q: Can I use both Nippels and packages together?
A: Absolutely! They're designed to work together. Use packages for system tools and Nippels for isolated apps.
Q: Do Nippels slow down my applications?
A: No! Nippels add < 10ms startup overhead and zero memory overhead. They're faster than Flatpak or Docker.
Q: Can I backup my Nippels?
A: Yes! In portable mode, just copy ~/.nip/cells/<name>/ and you're done. The entire environment is self-contained.
Q: Do Nippels work with all applications?
A: Yes! Any Linux application works. GUI apps get perfect desktop integration (themes, fonts, clipboard).
Q: Can I share files between Nippels?
A: By design, Nippels are isolated. But you can mount shared directories if needed (with appropriate permissions).
Q: Are Nippels secure?
A: Yes! They use Linux kernel namespaces for isolation. Strict mode provides strong security boundaries.
Q: How much disk space do Nippels use?
A: Very little! Files are deduplicated via CAS. If you have Firefox in 3 Nippels, files are stored only once.
Conclusion
Nippels and nip packages are complementary tools:
- Nippels = Isolated app sandboxes for GUI apps, gaming, browsers, untrusted code
- nip packages = Traditional package management for system tools, servers, CLI utilities
Both share the same efficient CAS storage, giving you the best of both worlds:
- 🔒 Security through isolation
- ⚡ Performance with zero overhead
- 💾 Efficiency through deduplication
- 🎯 Flexibility to choose the right tool for the job
Use Nippels for apps you want isolated. Use nip packages for everything else.
See Also:
Version: 1.0 Last Updated: November 19, 2025 Status: User Documentation