[elikoga]

It's been great for me!

The company I work for right now uses NixOS for all* Bare-Metal Hosts and VMs that run atop them. Personally I run my Home-Lab/Personal-Computing-Setup all on NixOS.

You have to consider that Nix is a language (turing complete, for describing build-processes) and treat it that way too. It has a similiar, if not harder, learning curve to other languages. Especially since most people are usually not exposed to concepts such as lazy evaluation, functional programming, etc.

[niz4ts]

How do you folks manage NixOS from a security/compliance perspective? I'm currently considering NixOS for a few test services in my company, and security/compliance is the biggest obstacle. Have you had to develop your own tooling for this?

To expand on it further: NixOS has modules and packages that come straight from Nixpkgs, and there are concerns with supply chain attacks because of that. How does your company solve this?