api.schemers.org server woes
Lassi Kortela 25 Jun 2019 16:41 UTC
I've spent a lot of time looking into Guix/Nix, the state of different
Linux distributions and BSDs, and the situation is quite confusing at
the moment. It's probably best not to use Guix/Nix for a production
server right now due to stability concerns. The next best thing is to
use a "classic" distro with Ansible for management.
Most distros don't have a rolling-release model, and release upgrades
are usually difficult enough that it's easier to wipe and reinstall the
machine. Also, service supervisors are a frequently changing landscape
(most distros have systemd now, but some of the simpler ones have the
classic OpenRC or a daemontools derivative (runit / s6).
With all this in mind, I think the least problematic alternative is to
have a fully automated configuration done in Ansible, with no manual
stuff and no precious files stored on the server. So the server would
only store staging/production daemons and static files straight from a
Git repo. All the source data for the API would be sourced from other
places, so that the server is only a cache. Development would happen on
everyone's personal computer, from which we would "git push staging
master". A Git hook on the server can compile the new Scheme code and
restart the server. Logs can be backed up with rsync into some safer
place for storage.
The result would basically be our own custom version of Heroku. (There
are some pre-made open source Heroku clones, such as Dokku, but the ones
I found use containers which brings its own complications - it's easier
just to have a separate Linux user account for each service, with Linux
protections in place so UIDs cannot see each other's processes, etc.)