diff --git a/README.md b/README.md
index 228977c..a5d6964 100644
--- a/README.md
+++ b/README.md
@@ -179,6 +179,9 @@ easy installation.
imports = [ nix-snapshotter.homeModules.default ];
# (2) Add overlay.
+ #
+ # NOTE: If using NixOS & home-manager.useGlobalPkgs = true, then add
+ # the overlay at the NixOS level.
nixpkgs.overlays = [ nix-snapshotter.overlays.default ];
# (3) Enable service.
@@ -217,6 +220,9 @@ easy installation.
];
# (2) Add overlay.
+ #
+ # NOTE: If using NixOS & home-manager.useGlobalPkgs = true, then add
+ # the overlay at the NixOS level.
nixpkgs.overlays = [ nix-snapshotter.overlays.default ];
# (3) Enable service.
@@ -407,7 +413,27 @@ limit. This means all the container content is either already in your Nix store
or fetched from your Nix binary cache.
-2. What's the difference between this and [Nixery][nixery]?
+2. When should I choose the rootful (normal) vs rootless mode?
+
+
+Answer
+
+If you are running a production server, it's best to use the rootful version
+as rootless containers is still in its early stages in the container ecosystem.
+
+However, if you are running it for personal use, do try the rootless variant
+first. Although less mature, it is the more secure mode as the container
+runtime runs as an unprivileged user. It can mitigate potential
+container-breakout vulnerabilities, though its not a silver bullet.
+
+Typically, rootless mode is more complex to setup. But since it's already
+distributed as a NixOS / Home Manager module, it's simple as enabling the
+service.
+
+See https://rootlesscontaine.rs for more details.
+
+
+3. What's the difference between this and [Nixery][nixery]?
Answer
@@ -423,7 +449,7 @@ the progress.
-3. What's the difference between this and a nix-in-docker?
+4. What's the difference between this and a nix-in-docker?
Answer
@@ -439,7 +465,7 @@ the underlying packages from the same Nix store.
-4. What's the difference between this and [nix2container][nix2container]?
+5. What's the difference between this and [nix2container][nix2container]?
Answer