Hey all, I’m wondering about giving NixOS a try. It seems like it’s mostly marketed for development environments and CI, but I haven’t seen much of anything about it being used on production servers. Right now I manage Alma 8 servers with Salt, and bootstrap Salt with a modified version of the ISO. NixOS seems like it could help streamline how I do things. Does anyone use it and have thoughts one way or another?
Note that unless you really need containers (such as the separate root fs), systemd services can provide pretty much all of container’s isolation. It’s opt-in but
systemd-analyze securitycan tell you about potential things you can lock down. Some NixOS modules already do this by default.And together with NixOS’s excellent modules which are usually a lot better than the container experience, personally I don’t see the use case for containers on NixOS especially looking at the added complexity they bring with them.