Docker and Docker-Compose are DRY in spirit of "infrastructure as code" for Linux containers.
You specify your setup in Dockerfile
(in case of composition of multiple dockers also docker-compose.yml
).
However!
You can run all your apps in docker containers, therefore using docker as a desktop,
minimizing their surface/access to absolute minimum required for them to run!
therefore
- reducing attack surface
- keeping your system cleaner (if apps require dependencies, they are contained in docker container)
- DRY => Don't repeat Yourself => once you have configured docker setup on one machine, you can easily run app on other machines with docker
Warning!
Docker is not recommended as a security tool for process isolation, but it is easy to use and obviously provides some benefits.
Therefore, obviously using VMs (e.g. with Vagrant) or full solution like QubesOS is stronger setup, but using this docker setup is better then running apps without any isolation.
Learn more:
P.S. Above is similar to Snapcraft approach, that you may experience e.g. in Ubuntu.
P.P.S. "docker as a desktop" is technically incorrect play of words. "as a desktop" in sense of running all of your apps in docker, for such setup you usually want to use normal distro underneath. If you are interested in "docker on bare metal" => https://stackoverflow.com/q/20088835/544721 .