Hey all, I’m wondering about giving NixOS a try. It seems like it’s mostly marketed for development environments and CI, but I haven’t seen much of anything about it being used on production servers. Right now I manage Alma 8 servers with Salt, and bootstrap Salt with a modified version of the ISO. NixOS seems like it could help streamline how I do things. Does anyone use it and have thoughts one way or another?

  • Litanys@lem.cochrun.xyz
    link
    fedilink
    English
    arrow-up
    4
    ·
    2 years ago

    I love NixOS on the server! Run my non profit that way. It’s beautiful really, everything is declared and then you commit that to version control and it’s 100% reproducible. Just backup your data.

    I would add that you can still do containers like docker, if you really want I believe there is a way to declare your containers too. It’s really awesome what NixOS can do.

    • highspire@sopuli.xyzOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 years ago

      Sweet, thats’s a big deal for me as well. Nobody else wants to learn any kind of orchestration or anything, so I’ve been trying to get Salt to manage the containers I have, and it’s a bit of a pain. Having them configured the same way as the server would prevent some headache, I think!

      • 2xsaiko
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 years ago

        Note that unless you really need containers (such as the separate root fs), systemd services can provide pretty much all of container’s isolation. It’s opt-in but systemd-analyze security can tell you about potential things you can lock down. Some NixOS modules already do this by default.

        And together with NixOS’s excellent modules which are usually a lot better than the container experience, personally I don’t see the use case for containers on NixOS especially looking at the added complexity they bring with them.

        • highspire@sopuli.xyzOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 years ago

          Ah, good to know, thank you. I hadn’t really considered that if the whole environment is scripted out like it is, then I wouldn’t get as much benefit out of them as I do otherwise. Good tip!