NixOS in production?
Hey all, I'm wondering about giving NixOS a try. It seems like it's mostly marketed for development environments and CI, but I haven't seen much of anything about it being used on production servers. Right now I manage Alma 8 servers with Salt, and bootstrap Salt with a modified version of the ISO. NixOS seems like it could help streamline how I do things. Does anyone use it and have thoughts one way or another?
You are viewing a single comment
I love NixOS on the server! Run my non profit that way. It's beautiful really, everything is declared and then you commit that to version control and it's 100% reproducible. Just backup your data.
I would add that you can still do containers like docker, if you really want I believe there is a way to declare your containers too. It's really awesome what NixOS can do.
Sweet, thats's a big deal for me as well. Nobody else wants to learn any kind of orchestration or anything, so I've been trying to get Salt to manage the containers I have, and it's a bit of a pain. Having them configured the same way as the server would prevent some headache, I think!
Note that unless you really need containers (such as the separate root fs), systemd services can provide pretty much all of container's isolation. It's opt-in but
systemd-analyze securitycan tell you about potential things you can lock down. Some NixOS modules already do this by default.And together with NixOS's excellent modules which are usually a lot better than the container experience, personally I don't see the use case for containers on NixOS especially looking at the added complexity they bring with them.
Ah, good to know, thank you. I hadn't really considered that if the whole environment is scripted out like it is, then I wouldn't get as much benefit out of them as I do otherwise. Good tip!