1. 62

    1. 21

      this couldn’t be better timed! i just started using gokrazy + tailscale + a reverse proxy running on a VPS to host https://j3s.sh! my plan is to get a “this van runs linux” bumper sticker, since my gokrazy machine is powered by my van ☺️

      edit: to expand on this a little, the reverse proxy (caddy) terminates http connections and routes them through a wireguard tunnel, which is connected to my gokrazy instance. this setup makes it really easy & seamless to move the gokrazy box around, since it requires no network configuration at all to function.

      i’ll make a blog post about this setup soon, it’s all still pretty in flux right now.

    2. 23

      This looks interesting. However, one weird nit. Recommends Tailscale as part of Setup. Why? Ah. Works at Tailscale

      1. 10

        I mean, it seems like a pretty vital part of how they have chosen to configure their network. Cards on the table, this is pretty similar to my setup (and I don’t work there), but I feel like it’s pretty easy to replace that one step with e.g. Nebula and end up in ideologically the same place

        1. 8

          I don’t mind it as long as people disclose commercial relationships up front.

          1. 5

            Why? Ah. Works at Tailscale

            Not really.

            Xe is a prolific blogger whose content gets linked to all the time and is always tinkering with Tailscale in crazy setups. They are so transparent that on the bottom of the linked article is a link to their salary history! This isn’t secretly promotion for Tailscale.

            1. 6

              I don’t think this is fair. That information should be in the beginning of the article, or right before first mention of tailscale. I doubt that most readers who got the link to that article from link aggregator will know where Xe works, nor will they end up reading other pages on theirs site.

            2. 3

              This isn’t secretly promotion for Tailscale.

              It definitely reads like one to me.

              1. 2

                coupled with the fact that there are now ads on xe’s site, the incentives are starting to feel weird.

                1. 2

                  I dunno - I really enjoy Xe’s blog and have learned a whole lot from it. I don’t mind if they happen to make some pennies sharing their thoughts with us.

      2. 2

        I was thinking the same.

        Luckily there’s also an alternative to using their service:


    3. 4

      Can one run other statically compiled tools, not written in go? As the text mentions busybox, I would assume so, but better to check.

      1. 10

        Yeah, but the golden path includes stuff written in Go because cross compilation is GOOS=linux GOARCH=arm64 go build. If I make my own linux implementation like Gokrazy, it’s gonna support cross compilation of C/C++ stuff with Zig.

      2. 5

        you can run containers, so even if you can’t run the static binaries directly, you could shove them in a FROM scratch container and be done with it.

        (i don’t know the answer to your actual question, sorry)

        1. 2

          Thanks for clarifying this. “Can you run containers in this?” is the specific thing I wanted to ask.

          1. 2

            it’s worth checking out the docs, stapelberg has done an amazing job with documentation.

    4. 2

      I want to set this up on my Raspberry Pi 4 that currently runs my DHCP via Pihole. Is there a good golang alternative for that?

      1. 3
        1. 1

          I used blocky for this and it works great. You could also run a container with pihole/adguard using podman.

          1. 1

            @simao do you have any recommendations on running Blocky? Curious if you have kind of ‘set and forget’ your settings or anything you’ve learned running it.

            1. 1

              Yes, usually with gokrazy you’d run gok add github.com/0xERR0R/blocky and then configure the gokrazy appliance, but for some reason that doesn’t work. I needed to:

              git clone git@github.com:0xERR0R/blocky
              gok add <path to cloned dir>

              Then configure blocky:

                  "Packages": [
                  "PackageConfig": {
                    "github.com/0xERR0R/blocky": {
                      "WaitForClock": true,
                      "CommandLineFlags": [
                      "ExtraFilePaths": {
                        "/etc/blocky.yaml": "blocky.config.yaml"

              and save your blocky config in blocky.config.yaml

              then update gokrazy and that’s it.

              I think I also tried adguard and if IIRC it also worked correctly without a container, it’s written in go as well.

        2. 1

          Thank you so much for sharing!

    5. 1

      Is it fair to say that a Linux “implementation” implements all the userland l, whereas a Linux distro simply assembles it from existing components?

      Another note: this approach is an interesting middle ground towards something like MirageOS, which entails a reimplementation of the whole stack, including the kernel. Are there other examples in other languages, beyond gokrazy in Go?

      1. 5

        There are Linux implementations where the entire userland is written in C.

        I’ll show myself out.

    6. 1

      This seems really cool, but how would you run a database on one of these? Are you pretty much stuck with SQLite? And if so, do you have to jump through extra hoops to use the CGo version (or do you need to use a pure-Go version)?

    7. 1

      https://github.com/u-root/u-root is a project a similar vein - a fully Go userland meant to be used either in an initrd or other ramdisk only environment, or as part of LinuxBoot (which replaces most of the functionality of a UEFI firmware after very early h/w init with linux), or the base for a BMC firmware

    8. 1

      I had no idea this thing existed, rad.

    9. 1

      Was kinda curious, how much stuff is usable with a kernel like this? I suppose the existence of Alpine Linux makes things more likely to be supported in there?