Hi Aloïs, we're using NixOps to deploy a "typical" php web application using Nginx / Redis / MariaDB and the Symfony and Laravel/Lumen frameworks. We're also making use of the python package wkhtml2pdf to generate PDF documents from HTML content.
All our credentials are deployed through the deployment.keys method, preventing them from being stored anywhere on disk. And git-crypt is used to hide their contents in the repositories. We've been pleasantly surprised that every single deploy has given identical results on all (currently 12) servers in the various datacenter locations of Vultr. I'm having one NixOps VM running locally to deploy and test my other local VM's (using kvm/qemu with libvirt on a debian host) and to update the online NixOps orchestrating server (minimal Vultr machine) which in turn deploys the 12 other Vultr machines. We don't use the automated tools to initialize new machines (neither on Vultr, or locally): every machine is manually installed with the nixos-minimal iso image. All we need to do is adding the proper ssh-keys and the next deploy installs and configures everything else. This usually takes less than 10 minutes and is only needed once per server. TL;DR; NixOps has made our deploys ridiculously stable and performant! And with the extra tools nixops provide (eg. ssh-for-each) this makes it the best decision we've ever made. I can only recommend the Nixos / NixOps combo, definitely worth investigating! Kind regards, Erik On Tue, Sep 6, 2016 at 3:06 PM Игорь Пашев <[email protected]> wrote: > I'm using NixOps in production, EC2, Hetzner, VBox with no issues. > > Of course, commit NixOps state (JSON) in git with git-crypt. And this > wrapper for NixOps: > > #!/usr/bin/env bash > > set -euo pipefail > > NIXPKGS= > https://github.com/NixOS/nixpkgs-channels/archive/nixos-15.09.tar.gz > NIXOPS=${NIXOPS:-nixops} > export NIX_PATH=nixpkgs="$NIXPKGS":. > > usage () { > cat <<USAGE > Usage: $0 <nixops command> <realm/spec.nix> [nixops options] > Examples: > $0 deploy realms/vbox.nix > $0 info realms/vbox.nix > $0 deploy realms/dumpoo.nix --build-only > $0 destroy realms/cats.nix --include slothcat > USAGE > } > > fatal () { > echo '** ERROR:' "$@" >&2 > usage >&2 > exit 1 > } > > if [ $# -lt 2 ]; then > fatal "missing agruments." > fi > > CMD="$1"; shift > REALM_NIX="$1"; shift > > case "$REALM_NIX" in > *realms/*.nix) REALM=$(basename "$REALM_NIX" .nix);; > *) fatal "invalid realm spec: $REALM_NIX";; > esac > > cd "$(dirname "$0")" > > state="secrets/nixops-${REALM}.json" > db=$(mktemp -u "secrets/tmp.${REALM}.XXXXXX.nixops") > > trap 'save' EXIT > > save() { > if [ -f "$db" ]; then > "$NIXOPS" export -s "${db}" > "${state}.tmp" > mv "${state}.tmp" "${state}" > rm -f "$db"* > fi > } > > create() { > "$NIXOPS" create -s "$db" -d "$REALM" "<realms/${REALM}.nix>" > } > > case "$CMD" in > create) > [ ! -f "$state" ] || fatal "\`$state' already exists." > create > ;; > *) > [ -f "$state" ] || fatal "\`$state' does not exists." > "$NIXOPS" import -s "${db}" < "$state" > "$NIXOPS" "$CMD" -s "$db" -d "$REALM" "$@" > ;; > esac > > > > And makefile for development with vbox; > > REALM = cats > override STATE = secrets/nixops-vbox-$(REALM).json > > build: $(STATE) > ./let deploy realms/vbox-$(REALM).nix --build-only > > destroy: > ./let $@ realms/vbox-$(REALM).nix --confirm > > info deploy check send-keys start stop reboot: $(STATE) > ./let $@ realms/vbox-$(REALM).nix > > $(STATE): > ./let create realms/vbox-$(REALM).nix > > 2016-09-05 19:01 GMT+03:00 Aloïs Cochard <[email protected]>: > > Hi all, > > > > We are experimenting with NixOps and we are having great success. We do > plan > > to use it for our development infrastructure, and it seems to be very > > promising. > > > > In the light of applying the same technology on our production stack, I'm > > curious to know how NixOps is used "for real"? Do you use it in > production? > > > > Do you have some success story to share? > > > > Would love to know more about how it is used, the size of clusters, ... > > > > Thanks in advance! > > > > -- > > Λ\oïs > > http://twitter.com/aloiscochard > > http://github.com/aloiscochard > > > > _______________________________________________ > > nix-dev mailing list > > [email protected] > > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
