No daemons. No root. No surprises. One commit gives everyone on your team — and that Pi in the closet — an identical shell.
Heavyweight reproducibility with a featherweight footprint.
After the first run, lagoon shells open in milliseconds. No daemon. No container pull. Just your environment, immediately.
Network off unless you ask. Host filesystem invisible. Env variables wiped. Exit and leave absolutely zero trace.
A locked nixpkgs commit means the same command in 2027 gives you the same binary as today. No drift. Ever.
Live reload built in. lagoon watch monitors your project for changes and restarts your command automatically with a 300ms debounce.
Cryptographic safety. lagoon check fingerprints every nix store path to prove byte-for-byte that your environment remains unchanged. Reset baseline with --reset.
Cap sandbox memory via systemd-run (e.g., -m 512m). Ideal for shared machines and dense Pi clusters.
Built for Raspberry Pi 4/5. First run compiles from source on ARM — after that, cache hits make it instant.
"It works on my machine. And yours." One committed file, infinite identical shells — including that Pi in the closet.
Snapshot environments to .nar files with lagoon save and lagoon load. Deploy to air-gapped machines without a registry.
lagoon up starts all services in your [up] config, multiplexes their output with colored prefixes, and exposes them at real localhost ports. Ctrl+C stops all.
Ship your environment as a Docker image. lagoon docker > myimage.tar builds a layered OCI image — no daemon required. Load it anywhere with docker load.
Warm cache shell startup on a Raspberry Pi 4. Lower is better.
One file. Commit it. Everyone — your teammates, your CI, that Pi in the closet — runs the exact same environment.
The nixpkgs pin is bundled in the binary. You never touch it.
Find package names at search.nixos.org ↗
No file, network, or host env access unless you explicitly enable it. Exit the sandbox and leave zero trace.
Linux (arm64 or amd64), bubblewrap, nix. That's all you need.