1. 23
  1.  

  2. 3

    I don’t have any constructive commentary but I like the pridecat cameo here :D

    I installed NixOS the other day on a machine I rarely use, but I’ve yet to play around.

    1. 2

      I’m curious if you’ve tried morph. My current (crappy) workflow is to build the derivation locally, copy it to my server, and then switch with the new derivation. It sounds like this is what morph basically does. I do like your trick of creating a package override though! It took me a long time to figure out how to package and run my app.

      I was somewhat put off by nixops needing to store state when I only want to deploy my Kotlin server. If I wanted to provision actual infra I’d probably reach for terraform since it’s more widely used.

      1. 3

        I was somewhat put off by nixops needing to store state

        I used nixops before and carrying around state gets annoying pretty fast. I switch to morph a year ago and never looked back. It’s a simple model and works really well. Not a single issue so far (though my setup is pretty simple, just a handful of servers/desktops).

        1. 2

          Morph is on my list of things to try. I should really go and play with it.

          Terraform may be ideal for provisioning stuff, but good god I absolutely hate dealing with it from an operations standpoint. It just doesn’t scale well unless you have someone (or ideally a team of people) dedicated to unblocking people with it.

          1. 2

            Yeah I’ve witnessed (but fortunately not been involved with) some nasty terraform issues. That’s part of the reason why I’d prefer a stateless solution for deployment.

          2. 1
            1. 1

              Yes

              1. 1

                Yes that’s the one

            2. 1

              I never managed to get to like Nixops, mostly because of the state and the secrets handling. Back in the day it was not possible to deal with secrets, but now I see there is Nixops Keys (TIL). At the beginning we were keeping the state in a git repo, locked with git-crypt, but that really doesn’t scale well. Thus, we converged to a solution where we use terraform for all provisioning and a heavily modified version of https://github.com/tweag/terraform-nixos to deploy NixOS to the instances. Works like a charm, especially since the secrets are passed from terraform to NixOS in such a way they never hit /nix/store.

              1. 1

                My main issues with NixOS and NixOps are:

                • It’s very hard to get management buy-in on a solution that doesn’t have professional support.
                • Not having a easy setup for cloud environments (for example Azure isn’t supported to my knowledge).

                (I’m conscious that I’m not doing anything to help in those issues).