Hey all, I’m wondering about giving NixOS a try. It seems like it’s mostly marketed for development environments and CI, but I haven’t seen much of anything about it being used on production servers. Right now I manage Alma 8 servers with Salt, and bootstrap Salt with a modified version of the ISO. NixOS seems like it could help streamline how I do things. Does anyone use it and have thoughts one way or another?

  • highspireOP
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Sweet, thats’s a big deal for me as well. Nobody else wants to learn any kind of orchestration or anything, so I’ve been trying to get Salt to manage the containers I have, and it’s a bit of a pain. Having them configured the same way as the server would prevent some headache, I think!

    • 2xsaiko@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Note that unless you really need containers (such as the separate root fs), systemd services can provide pretty much all of container’s isolation. It’s opt-in but systemd-analyze security can tell you about potential things you can lock down. Some NixOS modules already do this by default.

      And together with NixOS’s excellent modules which are usually a lot better than the container experience, personally I don’t see the use case for containers on NixOS especially looking at the added complexity they bring with them.

      • highspireOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Ah, good to know, thank you. I hadn’t really considered that if the whole environment is scripted out like it is, then I wouldn’t get as much benefit out of them as I do otherwise. Good tip!

    • Litanys@lem.cochrun.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Absolutely! Nix seems to like the approach of do it their way, unless you don’t want to. Then do it your way! Lol