— nix, nixos, ansible — 1 min read
Today I formally part ways with Ansible. Well, not really. Ansible is so pervasive within the configuration management space that there is no avoiding it. So, I will be seeing you (Ansible) professionally only. For my own personal configuration management needs, I am embracing Nix.
Yes, I have been taking Nix pills, and if you are thinking that it has affected my decision making, you are not wrong. One of those very said Pills states, "in the Nix world all existing self-containment and orchestration tools are deprecated", who could walk away unaffected? After all, that is one bold statement, and I will be putting it to the test in the next couple of weeks.
First impressions lead me to believe they are putting their money where their mouth is! For example, below is a simple configuration to install a clean OS, create a user, set the user's default editor to VIM.
1{ config, pkgs, ... }:23let4 hostName = "HAL9000";5in {6 imports = [7 # Include the results of the hardware scan.8 ./hardware-configuration.nix9 ];1011 # Set localization and tty options12 i18n.defaultLocale = "en_US.UTF-8";13 console = {14 font = "Lat2-Terminus16";15 keyMap = "us";16 };1718 # Set the timezone19 time.timeZone = "America/Edmonton";2021 networking = {22 inherit hostName;23 networkmanager.enable = true;24 };2526 programs.zsh.enable = true;27 programs.vim.defaultEditor = true;2829 users = {30 # Shell is set to zsh for all users as default.31 defaultUserShell = pkgs.zsh;3233 users.hurricanehrndz = {34 isNormalUser = true;35 home = "/home/hurricanehrndz";36 description = "Carlos Benito Hernandez";37 extraGroups = [ "wheel" "networkmanager" "audio" ];38 shell = pkgs.zsh;3940 # Public ssh-keys that are authorized for the user. Fetched from homepage41 # and github profile.42 openssh.authorizedKeys.keyFiles = [43 (builtins.fetchurl { url = "https://github.com/hurricanehrndz.keys"; })44 ];45 };46 };47}The Nix language's declarative nature makes the above configuration very legible, even for those unfamiliar with it. The sheer fact that so much can be accomplished with a mere 48 lines of code is beautiful and so captivating. In contrast, achieving a similar outcome with Ansible becomes an ordeal.
One could try to find a role within the Ansible-Galaxy store that accomplishes something similar. More than likely, you will be left to your own devices. You will either write a Playbook, develop a custom role, or perhaps write your own module. The latter will not help Ansible evolve but rather increase complexity and the uncontrollable growth of Ansible itself.
This unmanageable expansion can already be witnessed as modules that use to be considered a core part of Ansible have been increasingly migrated to community repositories. In contrast, the simplicity in Nix offers a reprieve.
I can only surmise this simplicity is born from its functional design. Nix is a functional language at heart, so complexity is created from the composition of simple functions rather than the never-ending extension of the software. So, as Brain Beckman said, it seems "the way to control complexity is from compositionality".
Stay tuned, as I go deeper into Nix and NixOS in the upcoming weeks.