[Nix-dev] NixOps usage survey.

4levels 4levels at gmail.com
Wed Sep 7 12:22:15 CEST 2016 

Hi Aloïs,

we're using NixOps to deploy a "typical" php web application using Nginx /
Redis / MariaDB and the Symfony and Laravel/Lumen frameworks.  We're also
making use of the python package wkhtml2pdf to generate PDF documents from
HTML content.

All our credentials are deployed through the deployment.keys method,
preventing them from being stored anywhere on disk.  And git-crypt is used
to hide their contents in the repositories.

We've been pleasantly surprised that every single deploy has given
identical results on all (currently 12) servers in the various datacenter
locations of Vultr.

I'm having one NixOps VM running locally to deploy and test my other local
VM's (using kvm/qemu with libvirt on a debian host) and to update the
online NixOps orchestrating server (minimal Vultr machine) which in turn
deploys the 12 other Vultr machines.

We don't use the automated tools to initialize new machines (neither on
Vultr, or locally): every machine is manually installed with the
nixos-minimal iso image.  All we need to do is adding the proper ssh-keys
and the next deploy installs and configures everything else.  This usually
takes less than 10 minutes and is only needed once per server.

TL;DR;
NixOps has made our deploys ridiculously stable and performant!  And with
the extra tools nixops provide (eg. ssh-for-each) this makes it the best
decision we've ever made.  I can only recommend the Nixos / NixOps combo,
definitely worth investigating!


Kind regards,

Erik


On Tue, Sep 6, 2016 at 3:06 PM Игорь Пашев <pashev.igor at gmail.com> wrote:

> I'm using NixOps in production, EC2, Hetzner, VBox with no issues.
>
> Of course, commit NixOps state (JSON) in git with git-crypt. And this
> wrapper for NixOps:
>
> #!/usr/bin/env bash
>
> set -euo pipefail
>
> NIXPKGS=
> https://github.com/NixOS/nixpkgs-channels/archive/nixos-15.09.tar.gz
> NIXOPS=${NIXOPS:-nixops}
> export NIX_PATH=nixpkgs="$NIXPKGS":.
>
> usage () {
> cat <<USAGE
> Usage: $0 <nixops command> <realm/spec.nix> [nixops options]
> Examples:
>   $0 deploy realms/vbox.nix
>   $0 info realms/vbox.nix
>   $0 deploy realms/dumpoo.nix --build-only
>   $0 destroy realms/cats.nix --include slothcat
> USAGE
> }
>
> fatal () {
>   echo '** ERROR:' "$@" >&2
>   usage >&2
>   exit 1
> }
>
> if [ $# -lt 2 ]; then
>   fatal "missing agruments."
> fi
>
> CMD="$1"; shift
> REALM_NIX="$1"; shift
>
> case "$REALM_NIX" in
>   *realms/*.nix) REALM=$(basename "$REALM_NIX" .nix);;
>   *) fatal "invalid realm spec: $REALM_NIX";;
> esac
>
> cd "$(dirname "$0")"
>
> state="secrets/nixops-${REALM}.json"
> db=$(mktemp -u "secrets/tmp.${REALM}.XXXXXX.nixops")
>
> trap 'save' EXIT
>
> save() {
>   if [ -f "$db" ]; then
>     "$NIXOPS" export -s "${db}" > "${state}.tmp"
>     mv "${state}.tmp" "${state}"
>     rm -f "$db"*
>   fi
> }
>
> create() {
>   "$NIXOPS" create -s "$db" -d "$REALM" "<realms/${REALM}.nix>"
> }
>
> case "$CMD" in
>   create)
>     [ ! -f "$state" ] || fatal "\`$state' already exists."
>     create
>     ;;
>   *)
>     [ -f "$state" ] || fatal "\`$state' does not exists."
>     "$NIXOPS" import -s "${db}" < "$state"
>     "$NIXOPS" "$CMD" -s "$db" -d "$REALM" "$@"
>     ;;
> esac
>
>
>
> And makefile for development with vbox;
>
> REALM = cats
> override STATE = secrets/nixops-vbox-$(REALM).json
>
> build: $(STATE)
>     ./let deploy realms/vbox-$(REALM).nix --build-only
>
> destroy:
>     ./let $@ realms/vbox-$(REALM).nix --confirm
>
> info deploy check send-keys start stop reboot: $(STATE)
>     ./let $@ realms/vbox-$(REALM).nix
>
> $(STATE):
>     ./let create realms/vbox-$(REALM).nix
>
> 2016-09-05 19:01 GMT+03:00 Aloïs Cochard <alois.cochard at gmail.com>:
> > Hi all,
> >
> > We are experimenting with NixOps and we are having great success. We do
> plan
> > to use it for our development infrastructure, and it seems to be very
> > promising.
> >
> > In the light of applying the same technology on our production stack, I'm
> > curious to know how NixOps is used "for real"? Do you use it in
> production?
> >
> > Do you have some success story to share?
> >
> > Would love to know more about how it is used, the size of clusters, ...
> >
> > Thanks in advance!
> >
> > --
> > Λ\oïs
> > http://twitter.com/aloiscochard
> > http://github.com/aloiscochard
> >
> > _______________________________________________
> > nix-dev mailing list
> > nix-dev at lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
> >
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160907/18d141d5/attachment.html>

More information about the nix-dev mailing list