I have been running NixOS on my dev machines for a year and absolutely love the reproducibility. Thinking about deploying it on our small production fleet (5 servers).
Anyone running NixOS in prod? What are the gotchas? Particularly interested in secret management and deployment workflows.
Running NixOS on 12 prod servers for 2 years. Secret management with agenix works great. The biggest gotcha is onboarding new team members - Nix has a steep learning curve.
We use NixOS with deploy-rs for our staging environment. Rollbacks are instant and that alone is worth it. Not brave enough for prod yet though.
Check out colmena for fleet management. Way better than nixops in my experience. Also look into sops-nix for secrets.
Tried it, went back to Ansible + Debian. NixOS is amazing for dev machines but the debugging experience when something goes wrong in prod is painful.