On the other hand, JSON can be parsed and written easily in all languages we might want to use, even in Bash using jq. And we need some code to setup the namespaces, but nsjail/firejail/bubblewrap are C code so in the long term there would be some rewrite, probably in Rust??? And having Nix preprocess arguments for Rust code sounds strange.
Not sure about this -- I think it's something we'll have to experiment with. Maybe structured configuration isn't necessary -- it's a pain to do in a CLI...
Sure, this is more of my ��last line of defense�� position. My preference is definitely ��nice CLI whenever possible, with a fallback to complex structure stuff when unavoidable, and this fallback can be used together with the ncie CLI for the rest of the options��
And whatever you do, Nix evaluation is always just another layer before running the actual code for setting up the isolated environments that still needs to interpret its arguments.
Also, I might want to use some binary cache, but when I am offline Nix builds wait for a long time for a reply from a binary cache. It's not so bad if I am intentionally building something and can pass an empty value for binary-caches via the command line, but doing it for each new command I execute sounds excessive.
Yes, this is true, although I consider it a Nix bug. I shouldn't have to remember to say --option substitute false for trivial offline rebuilds.
But there are cases where it would be hard for Nix to get right (the ��network won't become reachable�� part ��� the notion of triviality of the build is obviously hopeless even with manual declaration)