[flowless]

We're trying something similar - to provide a set of curated services with example deployments for cities or municipalities. We build on NixOS and use morph for deployment. Services include simple-nixos-mailserver, Redmine, Sympa, owncloud with LibreOffice Online and many more. If you're working on something similar or your're interested in helping with this cause feel free to contact me via email or IRC.

[nextos]

This is a really good idea. I love Nix and maintain a few packages there. I know govt deployments are really hard, and I've always thought Nix/NixOS/NixOps would be a killer combination. Hashed stateless configurations and easy rollbacks.

[cheez]

I think I know the answer but any reason why a maintained docker image isn't good enough?

[majewsky]

Not GP, but an advantage of a NixOS module is that it has a strongly-typed, explicit API for configuration options, whereas a Docker image would require documentation ala "set those 10 env vars" or "give a YAML config file that looks like this".

[hobofan]

And even apart from that, it's really hard to make deterministic build processes for docker images without something like Nix.

[pknopf]

I'd argue that you don't need that kind of determinism from docker images. It's nice, but we've been just fine without it.

[microtonal]

How does morph compare to nixops?

[flowless]

It doesn't maintain any state - NixOps uses SQLite database which makes it cumbersome to share with other devs.

Morph can't create machines for you - it doesn't have any backends except for SSH. It means fewer dependencies but you need to create targets manually or with something like Terraform. I've only used 'libvirt' and 'none' backends with NixOps and even wrote a 'dumb' backend that unlike 'none' backend wouldn't generate and store SSH keys in state but respects .ssh/config.

One feature of morph is really nice - declarative health checks that are run after the deployment automatically or can be triggered manually.

I also find it easier to explain to not-that-technical people as it basically requires one or two commands.

For the reference: https://github.com/DBCDK/morph

[microtonal]

It doesn't maintain any state - NixOps uses SQLite database which makes it cumbersome to share with other devs.

Oh, that's really a nice feature! I use NixOps for managing some personal hosts and one work VM, but the local state is annoying.

[adamtulinius]

Avoiding local state is the primary reason we wrote morph, and the reason morph doesn't support provisioning hosts on AWS/GCE/.. is that we host everything in house. That makes morph simpler in many ways. :-)

(also, we're hiring, if anybody interested in nix near Copenhagen is reading this)