@blub previously I was using a bespoke, home-brew docker-compose config (with LDAP as the authentication back-end). Updates and adding new applications was manual, and somewhat brittle. So these things are way easier now.
I still wish @yunohost would offer the option of running each service in a separate docker container, for compartmentalization sake, but well. Can't win them all.
1. Very well-defined interfaces. Since when running in docker stuff is closed-by-default, volumes are not mounted by default, etc, one has to be explicit how/where ports are being opened or volumes made available to the code running in a container.
2. Easier to make it into a multi-host system. This gives you additional flexibility.
3. Docker is not a security tool, but it does improve it in certain ways.
This means you can have a container with your pretty sensitive Nextcloud stuff running separately from a container running your BitTorrent downloads (delicious, delicious distro ISOs!). The BitTorrent container has no direct access to the data of the Nextcloud container. Getting from BItTorrent container out to the host system requires additional exploits.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!