12 milliseconds. That's how long Nucleus takes to cold start a container. Docker needs around 500ms for the same job. That's not a typo — 12ms for a fully isolated Linux execution environment.
Nucleus isn't trying to be another Docker. The repo from sig-id is explicit: it's a security-hardened, Nix-native runtime built for production services and AI agent workloads. It uses cgroups, namespaces, pivot_root, seccomp, Landlock, and optional gVisor application kernel, all orchestrated through Nix closures instead of layer tarballs.
Three Modes That Actually Mean Something
Nucleus ships three operating modes: ephemeral agent sandboxes, strict agent mode with fail-closed isolation that doesn't need a full rootfs, and production mode for long-running NixOS services. Production mode includes egress policy enforcement, health checks, secrets mounting, sd_notify, journald integration, and systemd transient services. The whole service topology — runtime settings, mounted rootfs — is declared in NixOS and TOML, not assembled imperatively at deploy time.
Flake-based builds pin store paths and provide rootfs attestation. That means you can audit exactly what went into a container three months ago without digging through CI logs.
Benchmarks That Back Up the Claims
PostgreSQL 18 under Nucleus isolation runs within noise of bare metal. SELECT-only workload: 107,039 TPS on Nucleus with io_uring, versus 100,222 on bare metal. Latency: 0.074ms vs 0.080ms. Mixed read/write TPC-B: 1,757 TPS under Nucleus, 1,490 on bare metal. The author notes occasional wins over bare metal are benchmark noise, not a guaranteed speedup — but the point stands: isolation overhead is effectively zero.
Cold start measured at 12ms for Nucleus, 500ms for Docker. These numbers come from the native runtime with a bind-mounted host pgdata directory and --network host, measuring steady-state isolation cost rather than VM or gVisor emulation overhead.
Nix as the Foundation, Not an Afterthought
What makes Nucleus different from runc or gVisor is its deep Nix integration. nucleus.lib.mkRootfs builds minimal service closures. The NixOS module declares the runtime configuration. Container disk is tmpfs, pre-populated with agent context. There's compose-equivalent TOML with dependency DAG and reconciliation.
External security policies — seccomp profiles (JSON), capability policies (TOML), Landlock rules (TOML) — are SHA-256 pinned. A trace mode records syscalls and generates minimal allowlists with nucleus seccomp generate. That's the kind of tooling that makes security practical, not theoretical.
Nucleus also generates OCI bundle/config data for gVisor's runsc, wiring process identity, mounts, namespaces, seccomp, hooks, and cgroup paths. Detached mode runs containers as systemd transient services managed via nucleus stop / logs / attach.
When a runtime ships structured telemetry via OpenTelemetry, audit logs with context hashing, and kernel lockdown assertions, you know the authors have been stung by production incidents. Nucleus is built for teams who need reproducible, auditable, fast containers — and don't want to carry Docker's legacy runtime complexity.
Source: Show HN: Nucleus - A security-hardened, Nix-native container runtime
Domain: github.com
Comments load interactively on the live page.