Allow OCI images as apps

Summary
If we skip the requirement of the .deb package, we will have more apps.

Problem
I want an app that is not available for FB nor debian. I go read the docs on how to add a new app an it all looks good except one pain point: the debian package.
Don’t take it wrong! I’m not against the packaging format, but it’s certainly a problem. Nowadays you can read lots of docs can make lots of work to create a .deb for just Debian and friends, or you can just drop in a Dockerfile and have your app running everywhere. Lowering the barrier for packagers is as important as for and users!

Solution
Support and document how to add to plinth apps packaged as an OCI image. FB could use podman.io to execute them in a secure way, or the more known but less secure Docker.
Also support and document how to find community apps and how to install them.

Alternatives
snaps or flatpaks. I think that for server apps, the Dockerfile is more widespread, though.

If these “containers” were not to be a disguised form of corporate binary package format, they could easily work on any distribution like the universal Nix and Guix (see “GNU Guix in other GNU/Linux distros”) package managers.

The containment part of course, is just as well possible with a source code based approach, see e.g. https://guix.gnu.org/blog/tags/containers/

Even if you can run an OCI container image using either Docker or Podman.io how do you want to distribute it? Docker.hub is probably not an option.

Who is in charge for the maintenance of the image or app?

What about the storage space? FreedomBox Pioneer comes a ~30 GB SD Card.

How do you want to handle access to resources? Do you want to punch holes into the container just to get system access.

Nix looks nice. I don’t have any experience on it though. I thought of OCI images because that’s more common, and provides a good isolation out of the box.

Many server software supply official images supported upstream, and doing custom ones or distributing them is a piece of cake (if you don’t like docker hub, you have quay.io, github package registry and gitlab registry (which can be self hosted easily)).

It would let freedom box apps evolve at a faster or slower pace than debian.

Regarding storage, if official apps remain as .deb, it shouldn’t be a problem. Those being packaged as images would share lowest layers, so in many cases they wouldn’t increase required space so much.

Finally, I don’t understand about “handling access to resources”. With normal volume mounts and ports publishing you’d be done for most (if not all) cases.

Anyways… is it really possible to add a plinth app like this? If so, I don’t think documenting it would harm.