Hey all, I’m wondering about giving NixOS a try. It seems like it’s mostly marketed for development environments and CI, but I haven’t seen much of anything about it being used on production servers. Right now I manage Alma 8 servers with Salt, and bootstrap Salt with a modified version of the ISO. NixOS seems like it could help streamline how I do things. Does anyone use it and have thoughts one way or another?

  • 2xsaiko@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Note that unless you really need containers (such as the separate root fs), systemd services can provide pretty much all of container’s isolation. It’s opt-in but systemd-analyze security can tell you about potential things you can lock down. Some NixOS modules already do this by default.

    And together with NixOS’s excellent modules which are usually a lot better than the container experience, personally I don’t see the use case for containers on NixOS especially looking at the added complexity they bring with them.

    • highspireOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Ah, good to know, thank you. I hadn’t really considered that if the whole environment is scripted out like it is, then I wouldn’t get as much benefit out of them as I do otherwise. Good tip!