Points for something I’ve never tried.
Edit: Think I’ll just blast Bazzite on it. The recent Gnome scales well and it has nice performance tweaks.
Cheers
Points for something I’ve never tried.
Edit: Think I’ll just blast Bazzite on it. The recent Gnome scales well and it has nice performance tweaks.
Cheers
Oh, sweet!
In that case, I highly recommend taking a look at some more real-world examples. My original link is just something that makes self-hosting and small jobs more or less thoughtless for me.
Imagine all those config management tools built into your OS, and that’s NixOS in a nutshell. There’s obviously WAY more it can do if you look into creating your own derivations, or getting into the new-ish concept of Flakes.
Again, though,
nixopsis the thing that makes me continue to use it, besides just already knowing how to throw together a config in nix’s syntax. The nixops tool basically allows you to federate all your systems, tag them, group them, and do anything under the sun with each machine (or several in batches). It’s hard to get across in a simple text blurb.In my case (SaaS), imagine having 10 devs that all want their own dev environment that mirrors production within our VPN, then you need a beta and production environment for each client that licenses the app. Each environment has a couple databases, a few different APIs, some background scraper-type applications, and front-ends for everything. Some of that stuff can live on one machine, some needs to be alone and redundant. You can see how very quickly there’s a lot of machines to keep track of.
Now I need to update a couple config pieces to match a new feature in the app itself. Well, all I gotta do is sort out the config, then run a couple nixops command to push to all the dev environments. When ready, do the same for beta, then do it for prod when the fat lady sings.
Being all within one ecosystem, focused on security hardening, is what I really like about it. Hopefully that wasn’t too stream-of-consciousness for ya, lmao.
ETA: links, also note that nixops is undergoing some serious changes in the past year. NixOS itself also undergoes changes fairly regularly in syntax as vulnerabilities are addressed and improvements made.
Thank you for the note. I’m been cursing myself for not being able to provide my devs with something similar (they don’t complain but I know it will make their lives easier). I will start nix from scratch if I learn it but nixops definitely seems like it can help because terraform isn’t that great at the example you provided. Thanks.
Could you elaborate?
Some NixOS native packages and options change the defaults to be more security conscious rather than “easy to spin up.” Doing a basic nginx config in NixOS will be more secure than if you had installed it through debian’s apt or from source. Similar for ssh, you just don’t have to think as much about doing those few obvious config changes you always have to do when spinning up a new machine. Of course, there are some things you have to customize for yourself (like custom ports, paths, etc.), but they make it a little simpler by assuming you’re using NixOS in a production environment.
A couple of other links that you’ll end up referencing all the time if you get into NixOS:
The first link is the native package repo, and the second link are all the NixOS config parameters for each of those packages and the system in general.
Perfect. So when you do provide them with an efficiency boost when they never asked about it, you can be a rockstar and get a raise. Or keep it in your back pocket until they do complain and implement it then for a similar effect 😜