opencode with superpowers. It can do everything in a container with docker and nix

TL;DR: A lightweight Docker image (~223MB) that combines Nix package manager with non-root isolation, enabling AI coding assistants like OpenCode and Claude Code to install any software safely without admin privileges or home directory leaks.

UPDATE: If you want a more light and mainstream approch you can use the official opencode alpine container with a few tweaks https://github.com/grigio/opencode-alpine-box

The Problem

AI coding assistants are revolutionary but have two critical limitations:

Security risks: They can accidentally access and leak sensitive data from your $HOME
Limited autonomy: They can't install software even when they know how, due to admin privilege requirements

The Solution

Docker-Nixuser provides perfect isolation and autonomy:

docker run -v ./data:/data --rm -ti ghcr.io/grigio/docker-nixuser:latest sh -c "cd /data && opencode"

This setup gives you:

Complete isolation: Only /data folder is accessible from host
Unlimited software installation: Full access to nixpkgs (60,000+ packages)
No persistence outside /data: Clean sandbox environment every run, useful for experiments
Non-root execution: Security best practices by default

Why Nix?

Unlike traditional package managers, Nix provides:

Declarative packages: No dependency conflicts
Reproducible environments: Same packages work everywhere
User-space installation: No root privileges needed
Massive repository: Larger than Arch AUR with better quality control

Quick Demo

# Pull and test
docker run --rm ghcr.io/grigio/docker-nixuser:latest sh -c 'whoami && nix profile add nixpkgs#hello && hello'

# Start coding with AI assistant
docker run -v $(pwd)/data:/data --rm -ti ghcr.io/grigio/docker-nixuser:latest sh -c "cd /data && opencode"

The Problem

The Solution

Why Nix?

Quick Demo

Links