Also, how about the integration with docker? Is it really so painless as
it is advertised? If I’ve understood correctly, I could install the docker image with stackage packages already installed, and tell stack to use that image with docker, having the site compilation sandboxed. Is it feasible?
The compilation is sandboxed, but ~/.stack is still used for things like default configuration and the build plan cache, and <project>/.stack-work is still used for build artifacts. Otherwise, every build would have to start completely from scratch (since each stack build creates a new container).
If you need complete isolation from anything on the host OS, you’re better off running stack from within a Docker container you create yourself (using docker run). You can still use the images we publish https://hub.docker.com/u/fpco/, you just wouldn’t be using setting docker: true in your stack.yaml.