Managing multiple NIxOS hosts - what is the current state of the art?

Hey there, I’m in the process of moving my home lab from multiple ubuntu machines running services in containers all managed with ansible, to NixOS machines. Basic setup is great so far, but I’m still at the ‘managing multiple configuration.nix files via git pulls’ stage, and I’d like to remotely declare the state of the cluster and run a command to build / switch to the new intended state.

What is the state of the art therefore of remote declarative management? I had a look at NixOps but the documentation isn’t great and it looks a little ‘old’? I stumbled across Morph and that seems to do something similar. Finally there is still ansible, as I can still run remote git pull and ‘nixos-rebuild switch’, but ansible is slow AF and I haven’t actually managed to make it work on NixOS target hosts yet as there is some python package issue…

So, what are folks using for this kind of setup?


Nixops is all but dead. There’s a whole range of other tools, though: GitHub - nix-community/awesome-nix: 😎 A curated list of the best resources in the Nix community [maintainer=@cyntheticfox]

For a homelab style thing I’d personally not actually use anything nearly as complicated as ansible or nixops though. Are you aware of nix-copy-closure and nixos-rebuild’s --target-host switch?

A simple flake with multiple configurations, and deploying them all with nixos-rebuild switch --target-host would be doable. Tools more like deploy-rs and colmena would probably be more than enough to make the workflow convenient.

Unless you have hundreds of machines to deploy, or security requirements that make you not want to collect all ssh keys on a single host, a push-style workflow seems perfectly appropriate.

Then just run all that through CI jobs for a full gitops workflow.


To anyone looking at this later, I managed to get what I wanted with this.

nixos-rebuild -I nixos-config=/my_abs_path/configuration.nix --build-host user@machine --target-host user@machine --fast --use-remote-sudo switch

specifying the build and target host was required as some of machines use different architectures.

1 Like