[Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
Arnold Krille
arnold at arnoldarts.de
Tue Aug 9 20:40:40 CEST 2016
On Tue, 9 Aug 2016 18:06:50 +0100 Luca Bruno <lethalman88 at gmail.com>
wrote:
> So, there are few drawbacks with the read-only nginx config as it is.
> Of course, you can at any time run the nginx with an /etc/nginx
> config that you write imperatively, by creating a brand new systemd
> service and disregarding the existing one. After all nginx is quite a
> simple service to run.
>
> Problems with the current approach:
> 1. Doesn't allow for nginx reload, because the file path changes hence
> nginx needs to be restarted.
> 2. If you are auto-updating the nginx config and reloading it
> automatically after e.g. Consul health checking you are in trouble.
>
> With /etc/nginx you give up nix rollbacks, but you can do it manually
> with git which is faster than a nixos-rebuild.
>
> So if you are going to run production stuff and maximize
> availability, I'd suggest to go for imperative /etc/nginx.
>
> That applies to most of fully declarative services in nixos.
>
> An alternative would be to still be kind of declarative by creating a
> static /etc/nginx path which symlinks to the read-only config. It all
> depends if nginx follows symlinks or not.
> If it works, it's worth changing the nixos systemd definition of
> nginx for all with this approach.
> Still you will have troubles with 3rd orchestration software
> auto-updating the nginx config file.
When using Nixos to define my system, I want to use Nixos to define my
system. No other 'orchestration' software or (god forbid) any
user/admin should change that the imperative way. Only then can I use
nix the way its intended to have fully reproducible and revertable
states.
For me the question is not why the nginx.conf is not in /etc/nginx but
"why whould I want the nginx.conf in /etc/nginx at all when using
Nixos"?
- Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160809/2039c2b5/attachment-0001.sig>
More information about the nix-dev
mailing list