How to manage cloud (Azure) NixOS servers/VMs?

I was able to make a NixOS server with @colemickens’s azure-new script (thanks a lot for putting this together!), but once on the server I was quickly out of my depth.

  • What is the best approach to manage the configurations of remote/cloud NixOS servers?
    (In my case, Azure, but I assume that NixOS images for other providers follow a similar pattern.)

  • How are configuration changes pushed to a server? Once a server is in production, there shouldn’t be much change in config, so are images re-built from scratch for each deployment? In case it’s still in development, this seems like a lot of overhead. I saw NixOps mentioned here and there but it doesn’t support Azure at the moment it seems, if I read correctly, I doesn’t push just the configuration.
    (Update: Just found out that there is also Disnix.)

I’m pretty sure this is written down somewhere so recommendations of online materials or pointing out section in the manuals would be deeply appreciated. (Read most of the Nix* manuals, but they are vast, and without the expertise I’m sure I glanced over crucial sections.)


For specifics, here are the troubles I got in (because of lack of experience in systems management, Nix expression language, etc.):

I wanted to add some services (e.g., services.freeswitch.enable), and opening /etc/nixos/configuration.nix immediately threw me off:
(nixpkgs/azure-config-user.nix at 19dfc1b01149e5d60860cd0f4b0f8abcb3faabbf · NixOS/nixpkgs · GitHub)

{ modulesPath, ... }:

{
  # To build the configuration or use nix-env, you need to run
  # either nixos-rebuild --upgrade or nix-channel --update
  # to fetch the nixos channel.

  # This configures everything but bootstrap services,
  # which only need to be run once and have already finished
  # if you are able to see this comment.
  imports = [ "${modulesPath}/virtualisation/azure-common.nix" ];
}

Didn’t figure out yet how to specify a package here with enviroment.systemPackages so I did

$ sudo nix-env -iA nixos.freeswitch
$ sudo nixos-rebuild switch

and then two things happened:

  1. Couldn’t connect to FreeSWITCH with its console (fs_cli), maybe because of some permission issues, and
  2. couldn’t edit anything as root once the config was rebuilt I was asked for my password that has never been set and no clue what the default is…

Update: I guess deployment.targetHost in NixOps is all I need to use manage any NixOS machine remotely (if I understood 3.1. Deploying to a NixOS machine correctly in the User’s Guide).

Hosted by Flying Circus.