[Nix-dev] NixOps usage survey.

Mon Sep 5 21:10:45 CEST 2016

Hi Aloïs,

We use nixops at LumiGuide to deploy to our network of image analysis
servers that power our bicycle detection and guidance systems[1]. I
recently gave a talk[2] at ZuriHac and MuniHac that contained a few slides
on our usage of nixops.

A few machines in our network are at Hetzner ('hetzner' backend) and the
rest are real physical machines managed by ourselves ('none' backend).

Some tips:

1) nixops stores state so if in order for my colleagues to share that state
I commit the state.nixops file to revision control and pass it to every
nixops invocation with the `-s state.nixops` option.

2) Do make sure that when you commit your state.nixops file to revision
control you encrypt it because it contains private SSH keys! I'm using
git-crypt for that.

3) If you create your network using something like:

  nixops create -s state.nixops -d my-net \
    my-net.nix my-net-hardware.nix

it will have the problem that the path to the Nix expressions stored in the
state will be absolute:

  nixops info -s state.nixops | grep 'Nix expressions'
  Nix expressions: /home/bas.van.dijk/engineering/my-net/my-net.nix
/home/bas.van.dijk/engineering/my-net/my-net-hardware.nix

This will hurt when you share that state with your colleagues who will very
likely have their Nix expressions stored at a different path. To solve it
you want to make the paths relative to your NIX_PATH using something like:

  nixops create -s state.nixops -d my-net \
    '<rmy-net.nix>' '<my-net-hardware.nix>'

4) Note that I separate the logical configuration from the physical
configuration. This allows me to take the logical configuration and combine
it with a virtual hardware configuration which is useful for testing.

5) I use a Makefile that has targets for all the common nixops invocations.
The Makefile also sets some useful environment variables like:

  export NIX_PATH:=nixpkgs=$(shell nix-build --no-out-link
./nixpkgs.nix):lumi=$(shell pwd)

  export HETZNER_ROBOT_PASS=$(shell cat secrets/HETZNER_ROBOT_PASS)
  export HETZNER_ROBOT_USER=****

Note that 'lumi' points to the root of our LumiGuide repository. This
allows us to use <lumi/some-path> in Nix expressions where 'some-path' will
be relative to the repository.

I can recommend nixops very much!

Cheers,

Bas

[1]
https://bicycledutch.wordpress.com/2015/06/09/bicycle-parking-guidance-system-in-utrecht/
[2] https://www.youtube.com/watch?v=IKznN_TYjZk

On 5 September 2016 at 18:01, Aloïs Cochard <alois.cochard at gmail.com> wrote:

> Hi all,
>
> We are experimenting with NixOps and we are having great success. We do
> plan to use it for our development infrastructure, and it seems to be very
> promising.
>
> In the light of applying the same technology on our production stack, I'm
> curious to know how NixOps is used "for real"? Do you use it in production?
>
> Do you have some success story to share?
>
> Would love to know more about how it is used, the size of clusters, ...
>
> Thanks in advance!
>
> --
> *Λ\oïs*
> http://twitter.com/aloiscochard
> http://github.com/aloiscochard
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160905/abc77bb6/attachment-0001.html>