[Nix-dev] NixOps usage survey.

Tobias Pflug tobias.pflug at gmx.net
Mon Sep 12 11:05:16 CEST 2016 

If I may just jump in with a question: What I feel uneasy about is to just use some channel. Is that what everyone does? I usually pinpoint a specific commit so that i know that my deployments are actually deterministic about what nixpkgs set is being used.

Am I just being paranoid/impractical? Maybe it is even an anti-pattern since I obviously have to manually update then. 

Thanks in advance for any input :)

-Tobi

Sent from my iPhone

> On 06 Sep 2016, at 15:06, Игорь Пашев <pashev.igor at gmail.com> wrote:
> 
> I'm using NixOps in production, EC2, Hetzner, VBox with no issues.
> 
> Of course, commit NixOps state (JSON) in git with git-crypt. And this
> wrapper for NixOps:
> 
> #!/usr/bin/env bash
> 
> set -euo pipefail
> 
> NIXPKGS=https://github.com/NixOS/nixpkgs-channels/archive/nixos-15.09.tar.gz
> NIXOPS=${NIXOPS:-nixops}
> export NIX_PATH=nixpkgs="$NIXPKGS":.
> 
> usage () {
> cat <<USAGE
> Usage: $0 <nixops command> <realm/spec.nix> [nixops options]
> Examples:
>  $0 deploy realms/vbox.nix
>  $0 info realms/vbox.nix
>  $0 deploy realms/dumpoo.nix --build-only
>  $0 destroy realms/cats.nix --include slothcat
> USAGE
> }
> 
> fatal () {
>  echo '** ERROR:' "$@" >&2
>  usage >&2
>  exit 1
> }
> 
> if [ $# -lt 2 ]; then
>  fatal "missing agruments."
> fi
> 
> CMD="$1"; shift
> REALM_NIX="$1"; shift
> 
> case "$REALM_NIX" in
>  *realms/*.nix) REALM=$(basename "$REALM_NIX" .nix);;
>  *) fatal "invalid realm spec: $REALM_NIX";;
> esac
> 
> cd "$(dirname "$0")"
> 
> state="secrets/nixops-${REALM}.json"
> db=$(mktemp -u "secrets/tmp.${REALM}.XXXXXX.nixops")
> 
> trap 'save' EXIT
> 
> save() {
>  if [ -f "$db" ]; then
>    "$NIXOPS" export -s "${db}" > "${state}.tmp"
>    mv "${state}.tmp" "${state}"
>    rm -f "$db"*
>  fi
> }
> 
> create() {
>  "$NIXOPS" create -s "$db" -d "$REALM" "<realms/${REALM}.nix>"
> }
> 
> case "$CMD" in
>  create)
>    [ ! -f "$state" ] || fatal "\`$state' already exists."
>    create
>    ;;
>  *)
>    [ -f "$state" ] || fatal "\`$state' does not exists."
>    "$NIXOPS" import -s "${db}" < "$state"
>    "$NIXOPS" "$CMD" -s "$db" -d "$REALM" "$@"
>    ;;
> esac
> 
> 
> 
> And makefile for development with vbox;
> 
> REALM = cats
> override STATE = secrets/nixops-vbox-$(REALM).json
> 
> build: $(STATE)
>    ./let deploy realms/vbox-$(REALM).nix --build-only
> 
> destroy:
>    ./let $@ realms/vbox-$(REALM).nix --confirm
> 
> info deploy check send-keys start stop reboot: $(STATE)
>    ./let $@ realms/vbox-$(REALM).nix
> 
> $(STATE):
>    ./let create realms/vbox-$(REALM).nix
> 
> 2016-09-05 19:01 GMT+03:00 Aloïs Cochard <alois.cochard at gmail.com>:
>> Hi all,
>> 
>> We are experimenting with NixOps and we are having great success. We do plan
>> to use it for our development infrastructure, and it seems to be very
>> promising.
>> 
>> In the light of applying the same technology on our production stack, I'm
>> curious to know how NixOps is used "for real"? Do you use it in production?
>> 
>> Do you have some success story to share?
>> 
>> Would love to know more about how it is used, the size of clusters, ...
>> 
>> Thanks in advance!
>> 
>> --
>> Λ\oïs
>> http://twitter.com/aloiscochard
>> http://github.com/aloiscochard
>> 
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev

More information about the nix-dev mailing list