NixOS
I'm not even going to pretend I completely understand NixOS as it's not a distro I have years of experience in or have contributed directly to. For me that would be Arch as I have contributed to that one.
All that said...I'm not crazy enough to run Arch on a server and after learning about the declarative native of NixOS I was definitely curious if it would simplify some of my deployment logic. Due to ram pricing going off the rails one of the servers is currently a bit under allocated from it's original deployment so while functional there wasn't a huge amount of give in the hardware. So...was finally time to combine some VMs.
My goal
Simplify my deployment logic. Ideally with a single file and with stable versions. For me this meant not loading in flakes. While I understand this is a major part of NixOS my goal here was simplicity of deployment. If I have to use a flake or it's not a well supported path we have Ubuntu Server isos and apt caches on the network so that does not address my needs.
Outcome
Honestly I just followed the documentation on NixOS. Samba, NFS, mysql, reverse proxies, ntp, and docker were all very simple to add from example available online in the official documentation. I did hit issues with something like for example I still do not have Kiwix (offline knowledge archive) in NixOS just because the configuration options available assume a library xml and I just want to do a wildcard on a folder (because I randomly upload files into this).
There are some things I can't really move because the company providing the software will likely never release a stable build for NixOS or I am concerned about the 3rd party stability from being repackaged.
It is really hard to complain though when adding a new domain\website to the network is a small block:
virtualHosts."git.friedmicro-lab.org" = {
locations."/" = {
proxyPass = "http://192.168.1.19:30011";
proxyWebsockets = true;
extraConfig =
"client_max_body_size 512M; " +
"proxy_set_header Host $host; " +
"proxy_set_header X-Real-IP $remote_addr; " +
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; " +
"proxy_set_header X-Forwarded-Proto $scheme; " +
"proxy_redirect http://192.168.1.19:30011 http://$host;" +
"proxy_set_header Connection $http_connection; " +
"proxy_set_header Upgrade $http_upgrade;";
};
};
Or for NTP:
services.ntp = {
enable = true;
servers = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
];
};
I actually have really good reasons for running an NTP server. I have multiple K8S nodes which do best with an internal NTP server. I also prefer having a NTP server as I have been burned by having NTP over the internet fail (I've actually been burned by it in virtualized environments professionally as well...wondering why a service was killed due to a healthcheck because the clock jumped). I also have issues with my VR setup due to NTP because when you need percise time to keep track of objects in a 3D space you really don't want to mess with that over the internet if you can. And let's just say I'm not a fan of the fact timekeeping is UDP so does not guarantee delivery in suboptimal environments.
You may have noticed that port range is within the NodePort range of k8s. This is because I use a reverse proxy due to the fact there are also VMs deployed on the network which have been forwarded to unusual ports due to the network isolation in place.
Above all...this does remove multiple VMs from play and keep them into a couple configuration files so very complaints here. Have actually some scripts to automate updating the nix configs whenever a new domain or service is added.