NixOS as a server

NixOS is well-suited for server deployments, offering declarative, reproducible system configurations and atomic system upgrades and rollbacks. This page provides an overview of configuring, deploying, and maintaining NixOS systems in server environments.

Initial setup

Refer to the NixOS Installation Guide for detailed installation instructions.

For setting up NixOS in the cloud, refer to the NixOS friendly hosters.

For guidance on defining and maintaining your system configuration, consult NixOS system configuration.

NixOS infrastructure tools

Deployment orchestration

• nixos-anywhere - Install NixOS everywhere via SSH

• Colmena - A simple, stateless NixOS deployment tool modeled after NixOps and morph, written in Rust

• Morph - NixOS deployment tool

• Clan - Peer-to-peer computer management framework for NixOS

• Krops - Lightweight toolkit to deploy NixOS systems

• deploy-rs - A simple, multi-profile Nix-flake deploy tool

• NixOps - Native NixOS deployment tool for cloud and virtual infrastructure (not currently recommended)

Binary cache and CI

See the main pages, Binary Cache and Continuous Integration (CI).

• Cachix - Share binaries between CI, development and deployment environments

• Attic - Self-hostable Nix Binary Cache server backed by an S3-compatible storage provider

• Hydra - Tool for continuous integration testing and software release

Secrets management

• Agenix - commandline tool for managing secrets in your Nix configuration
• sops-nix - Atomic, declarative, and reproducible secret provisioning for NixOS based on sops

Refer to Comparison of secret managing schemes for additional tools and in-depth comparisions

Common server configurations

Web servers

• Nginx - Web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
• Apache Httpd - Free and open-source cross-platform web server
• Caddy - Extensible, cross-platform, open-source web server written in Go

File sharing and storage

• NFS - Unix-based network file sharing
• Samba - Windows-compatible file and printer sharing

Backup and replication

• ZFS - With native snapshots and replication
• Syncthing - Decentralized file synchronization application
• Restic - Fast and secure backup program
• Borg backup - Deduplicating incremental backup program for local and remote data
• Rclone - Command-line program that synchronizes files and directories between different cloud storage services

VPN and networking

• WireGuard - Fast, modern, secure VPN tunnel

• OpenVPN - Flexible VPN implementation for secure networking

• Firewall - NixOS has an integrated firewall based on iptables or nftables

• SSH - secure remote administration.

See Also

• NixOS friendly hosters - Guides on setting up NixOS with various cloud providers

• NixOS Installation Guide

• NixOS as a desktop - Desktop counterpart to this article

• NixOS system configuration