I have a couple websites I want to build, and I’d like to run them on NixOS.
I’ve been using NixOS on my home machine for a couple years and have really enjoyed it.
I don’t have a lot of experience with hosting, so I’m not sure what to look for or even which questions to ask, but the main things I’m looking to get out of the experience are:
learn more about hosting and devops
learn how to use NixOS in production
build maintainable sites
build with languages I enjoy (Haskell, Elixir, Nix, …)
I think I’d prefer something lightweight where you set stuff up (largely) from scratch, as opposed to a proprietary platform like AWS. I’ve dabbled in enough devops to whet my appetite and I’m more interested in learning how stuff works than in learning how to make AWS stuff work.
What should I look for when weighing my options? Or which options are good ones to investigate?
We use git-crypt to encrypt all the secrets so they are hidden from the git host (and the public in our case). And niv to bump the channel and other external dependencies.
The best part about it is that:
all the machine configuration is built before deploying so you have a pretty good guarantee that it will work.
it’s easy to share configuration between the machines. It feels great enabling an option and have it deployed everywhere.
you can use the same repo for your personal machine configuration as well.
In terms of hosts, it depends on your price sensitivity and what you want to do.
Digital Ocean and Vultr are reasonably cheap choices.
Hetzner is my preferred target because you get a real machine. It’s in Europe so depending on where you are the latency might make it more annoying to use.
Packet has great NixOS support. It’s more expensive but also provides non-virtualized hardware and has aarch64.
Depending on the type of services that you build. If it’s a static website then just use nginx or apache2 with certbot to get a free TLS certificate. Have the repo with a default.nix and then import it in your infra repo using niv^^. If you need to handle state, Digital Ocean offers managed SQL and S3 so you don’t have to worry about backups.
DevOps is a big topic so feel free to ask. NixOps doesn’t handle more advanced things like auto-scaling which are needed at scale but for personal deployments it’s the best.
Generally I agree, but I’ll mention that if you’re doing anything beyond basic apache httpd configuration then nixops doesn’t give you a convenient end to end solution. Unfortunately apache httpd configuration can’t be thoroughly checked ahead of time with nixops so while I use nixops to manage some ~20+ apache httpd severs I actually manage the virtual host configuration locally per machine (usually). If you make a tiny little syntax error in your apache config nixops will deploy it without checking and you’re going to have a short downtime on your production server. The regular Linux distro method of making a change to your virtual host configuration file, running httpd -t -f /etc/httpd/httpd.conf, then running systemctl reload httpd.service is how I’ve been managing apache in production environments. I still get some benefits of nixops for apache httpd in that major changes I can deploy across all servers (after testing on a non production server) which is nice, but individual virtual host configuration which changes frequently requires that I can quickly change and test configuration without fear of downtime.
I’ll note that I’m aware I can deploy to nixops targets without activating, run httpd -t -f configFile on the target sever, then activate if everything is ok… but that’s horrible compared to simply managing configuration locally for virtual hosts.
Also to answer about hosting I manage one server on a linode which works fine for me.
I run a NixOS machine on Linode, though it’s just for personal use.
For static website hosting, or for acting as a reverse proxy to other services, I’d also suggest Caddy. It’s got really simple configuration and HTTPS-by-default (using Let’s Encrypt). The NixOS support isn’t as good as nginx (no structured configuration, you have to write the config file in a multiline string literal instead) but that hasn’t been a problem for me.